Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google and Bing links being redirected


  • This topic is locked This topic is locked
20 replies to this topic

#1 patnagel

patnagel

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 03 April 2012 - 08:32 PM

My Google and Bing search result links are being hijacked although yahoo does not seem to be affected. When trying to check my windows firewall settings, it says "Windows Firewall is not using the recomended settings to protect your computer". When I click on the "Use recomended settings" button, I get error code 0x80070424. MBAM does not detect anything in quick or full scan.

Thank you for your help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Patrick Nagel at 18:28:49 on 2012-04-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.4988 [GMT -7:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Windows\system32\conhost.exe
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\Patrick Nagel\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Patrick Nagel\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\Patrick Nagel\AppData\Local\Facebook\Messenger\2.0.4447.0\FacebookMessenger.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Asus\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\Asus\Wireless Console 3\WimaxConsole.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
mDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Patrick Nagel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\Patrick Nagel\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PlayNC Launcher]
uRun: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\Patrick Nagel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\PATRIC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Patrick Nagel\AppData\Local\Facebook\Messenger\2.0.4447.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
TCP: DhcpNameServer = 204.117.214.10 199.2.252.10
TCP: Interfaces\{22F4D4C8-26E9-4814-BD5A-012F12228A30} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5345AE20-4604-427F-B043-187DF0F62E80} : DhcpNameServer = 204.117.214.10 199.2.252.10
TCP: Interfaces\{F09B7973-6BE4-4AE6-BCC0-AC031A35CAFF} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{F09B7973-6BE4-4AE6-BCC0-AC031A35CAFF}\35869735861627B6D27657563747 : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Patrick Nagel\AppData\Roaming\Mozilla\Firefox\Profiles\fiy4341p.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Patrick Nagel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\Asus\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\Asus\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-1 408576]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-3-6 8704]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-3-20 2152152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-13 2348352]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-26 241488]
R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-27 2655768]
R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-1 911872]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-3-27 17152]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-28 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-2-27 267480]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-2-27 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-2-27 79360]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-28 136176]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\system32\DRIVERS\S3XXx64.sys --> C:\Windows\system32\DRIVERS\S3XXx64.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-02 17:43:36 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-04-02 17:28:13 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-04-02 17:28:13 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-02 17:27:24 -------- d-----w- C:\ProgramData\PC Tools
2012-04-02 17:27:23 -------- d-----w- C:\Users\Patrick Nagel\AppData\Roaming\TestApp
2012-04-02 00:34:53 -------- d-----w- C:\Program Files\iPod
2012-04-02 00:34:52 -------- d-----w- C:\Program Files\iTunes
2012-04-02 00:34:52 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-30 22:23:22 388096 ----a-r- C:\Users\Patrick Nagel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-30 22:23:22 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-03-30 22:20:49 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-29 04:17:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 00:11:36 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-29 00:03:59 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-03-27 23:51:53 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-03-27 23:38:31 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-03-27 23:38:29 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-03-26 05:12:57 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-26 05:11:46 -------- d-----we C:\Windows\system64
2012-03-23 20:04:29 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FED75529-D0BA-4A26-927F-9B0EFD64A2BA}\mpengine.dll
2012-03-20 00:08:05 -------- d-----w- C:\Users\Patrick Nagel\AppData\Local\{22DC20D8-9FAA-419E-A6D2-4C9A7BF0C0D4}
2012-03-20 00:07:53 -------- d-----w- C:\Users\Patrick Nagel\AppData\Local\{46375E1F-3677-486D-AF6F-7EECEEEA8C36}
2012-03-14 23:41:56 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 23:41:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 23:41:56 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 23:39:13 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-03-14 03:43:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 03:43:30 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 03:43:30 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 22:36:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 22:36:30 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 22:36:30 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 22:36:29 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 22:36:29 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 22:36:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 22:36:29 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-08 00:00:50 -------- d-----w- C:\Users\Patrick Nagel\AppData\Local\Chromium
2012-03-07 02:14:22 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-03-07 02:14:16 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
.
==================== Find3M ====================
.
2012-03-14 23:45:08 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-29 20:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-16 14:52:01 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-17 12:46:01 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-01-17 12:45:56 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-01-17 12:45:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 18:29:19.62 ===============

Attached Files


Edited by patnagel, 03 April 2012 - 08:33 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:00 PM

Posted 04 April 2012 - 05:10 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 patnagel

patnagel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 04 April 2012 - 05:35 PM

It seems to be running well at the moment. I am now able to change the windows firewall settings.

ComboFix 12-04-04.02 - Patrick Nagel 04/04/2012 6:33.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5352 [GMT -7:00]
Running from: c:\users\Patrick Nagel\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Patrick Nagel\AppData\Local\assembly\tmp
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 13:40 . 2012-04-04 13:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 17:43 . 2012-04-03 13:37 -------- d-----w- c:\program files (x86)\PC Tools
2012-04-02 17:28 . 2012-04-03 13:37 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-04-02 17:28 . 2012-02-24 17:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-04-02 17:27 . 2012-04-02 17:52 -------- d-----w- c:\programdata\PC Tools
2012-04-02 17:27 . 2012-04-02 17:27 -------- d-----w- c:\users\Patrick Nagel\AppData\Roaming\TestApp
2012-04-02 00:34 . 2012-04-02 00:34 -------- d-----w- c:\program files\iPod
2012-04-02 00:34 . 2012-04-02 00:35 -------- d-----w- c:\program files\iTunes
2012-04-02 00:34 . 2012-04-02 00:35 -------- d-----w- c:\program files (x86)\iTunes
2012-03-30 22:23 . 2012-03-30 22:23 388096 ----a-r- c:\users\Patrick Nagel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-30 22:23 . 2012-03-30 22:23 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-30 22:21 . 2012-03-30 22:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-30 22:20 . 2012-03-30 22:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 03:28 . 2012-03-30 03:28 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-29 04:17 . 2012-03-29 04:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 00:11 . 2012-03-29 00:11 -------- d-----w- c:\program files (x86)\ESET
2012-03-29 00:03 . 2012-03-27 23:51 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-27 23:51 . 2012-03-27 23:51 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-27 23:38 . 2012-03-20 20:41 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-27 23:38 . 2012-03-27 23:38 -------- d-----w- c:\programdata\Lavasoft
2012-03-27 23:38 . 2012-03-27 23:38 -------- d-----w- c:\program files (x86)\Lavasoft
2012-03-26 05:12 . 2012-04-04 13:42 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-23 20:04 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FED75529-D0BA-4A26-927F-9B0EFD64A2BA}\mpengine.dll
2012-03-14 23:41 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 23:41 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 23:41 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 23:39 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-03-14 03:43 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 03:43 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 03:43 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 23:27 . 2012-03-13 23:27 -------- d-----w- c:\users\UpdatusUser
2012-03-13 22:36 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 22:36 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 22:36 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 22:36 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 22:36 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 22:36 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 22:36 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-08 00:00 . 2012-03-08 00:00 -------- d-----w- c:\users\Patrick Nagel\AppData\Local\Chromium
2012-03-07 02:14 . 2012-03-08 00:00 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-03-07 02:14 . 2012-03-07 02:14 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 23:45 . 2011-02-27 10:10 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-03-01 00:02 . 2011-09-30 21:34 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2011-09-30 21:34 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-04-03 12:05 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2011-04-03 12:05 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-04-03 12:05 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-01 00:02 . 2010-10-29 07:54 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2010-10-29 07:54 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2010-10-29 07:54 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-29 21:00 . 2011-03-17 09:03 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2011-03-17 09:03 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2011-03-17 09:03 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2011-03-17 09:02 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2011-03-17 09:02 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2010-10-29 12:38 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:26 . 2012-02-29 20:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-23 16:18 . 2011-04-03 03:11 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 14:52 . 2011-06-18 21:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\Patrick Nagel\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-28 39408]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2012-02-16 38704]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-25 740216]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Facebook Update"="c:\users\Patrick Nagel\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-25 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-02-27 3058304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Patrick Nagel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Patrick Nagel\AppData\Local\Facebook\Messenger\2.0.4447.0\FacebookMessenger.exe [2012-3-5 203776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-02-27 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-27 79360]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-03-27 2152152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-17 134928]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-03-27 17152]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3796907751-3652176346-3460481017-1000Core.job
- c:\users\Patrick Nagel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-25 21:44]
.
2012-04-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3796907751-3652176346-3460481017-1000UA.job
- c:\users\Patrick Nagel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-25 21:44]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 22:26]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 22:26]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796907751-3652176346-3460481017-1000Core.job
- c:\users\Patrick Nagel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-15 21:53]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796907751-3652176346-3460481017-1000UA.job
- c:\users\Patrick Nagel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-15 21:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2011-09-29 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2011-09-29 489512]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF32334.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
iaimtv4
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 204.117.214.10 199.2.252.10
FF - ProfilePath - c:\users\Patrick Nagel\AppData\Roaming\Mozilla\Firefox\Profiles\fiy4341p.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
SafeBoot-37475737.sys
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-ESN Sonar-0.70.0 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
.
**************************************************************************
.
Completion time: 2012-04-04 06:49:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 13:49
.
Pre-Run: 416,798,650,368 bytes free
Post-Run: 416,787,656,704 bytes free
.
- - End Of File - - 5EBE37AD98418DAB3174BC1C1ADA94C3

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:00 PM

Posted 04 April 2012 - 05:39 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 patnagel

patnagel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 05 April 2012 - 02:19 AM

TDSKILLER found 1 threat. System restart was required. Upon restart, windows failed to load multiple times. Ran windows startup repair and received the message "windows cannot repair this computer automatically. I went to system restore under advanced options and there does not seem to be any restore points. I seem to remember one being created in an earlier step.

Wondering if something like this will work:

http://www.sevenforums.com/tutorials/139576-startup-repair-infinite-loop-recovery.html

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:00 PM

Posted 05 April 2012 - 02:27 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 patnagel

patnagel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 05 April 2012 - 10:56 PM

I do not have access to another computer until tomorrow. Will post logs as soon as I can.

Thank you again for your help.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:00 PM

Posted 05 April 2012 - 10:59 PM

no problem I will be around tomorrow


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 patnagel

patnagel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 07 April 2012 - 05:11 PM

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 07-04-2012 15:07:50
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [196648 2011-09-28] (ActivIdentity)
HKLM\...\Run: [] [x]
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [489512 2011-09-28] (ActivIdentity)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [37888 2010-11-19] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe [3058304 2011-02-27] (ASUS)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Patrick Nagel\...\Run: [MusicManager] "C:\Users\Patrick Nagel\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13324288 2012-03-20] (Google Inc.)
HKU\Patrick Nagel\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-28] (Google Inc.)
HKU\Patrick Nagel\...\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized [38704 2012-02-16] (NCSoft)
HKU\Patrick Nagel\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [740216 2012-02-25] (BitTorrent, Inc.)
HKU\Patrick Nagel\...\Run: [Facebook Update] "C:\Users\Patrick Nagel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-02-25] (Facebook Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 DMAgent; "C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe" [408576 2010-09-01] (Red Bend Ltd.)
2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-02-20] (Hi-Rez Studios)
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2012-03-27] (Lavasoft Limited)
3 npggsvc; C:\Windows\SysWow64\GameMon.des -service [4323256 2011-03-28] (INCA Internet Co., Ltd.)
2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-02-29] (Skype Technologies)
2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)
2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] ()
2 WiMAXAppSrv; "C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe" [911872 2010-09-01] (Intel® Corporation)
3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
2 iaimtv4; C:\Windows\System32\moufiltr.dll [x]

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
3 bpenum; C:\Windows\System32\Drivers\bpenum.sys [71168 2010-05-16] (Intel Corporation)
3 bpmp; C:\Windows\System32\Drivers\bpmp.sys [175104 2010-05-16] (Intel Corporation)
3 bpusb; C:\Windows\System32\Drivers\bpusb.sys [81920 2010-05-16] (Intel Corporation)
3 FLxHCIc; C:\Windows\System32\Drivers\FLxHCIc.sys [210944 2010-11-19] (Fresco Logic)
3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [49664 2010-11-19] (Fresco Logic)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2012-03-27] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2012-03-20] (Lavasoft AB)
3 MBfilt; C:\Windows\System32\drivers\MBfilt64.sys [32344 2009-11-17] (Creative Technology Ltd.)
3 NETwNs64; C:\Windows\System32\Drivers\NETwNs64.sys [8153088 2010-10-18] (Intel Corporation)
3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [290920 2010-08-03] (Realtek Semiconductor Corp.)
3 S3XXx64; C:\Windows\System32\Drivers\S3XXx64.sys [70016 2011-09-07] (SCM Microsystems Inc.)
3 swmsflt; C:\Windows\System32\Drivers\swmsflt.sys [47104 2009-10-20] ()
3 SWNC5E00; C:\Windows\System32\Drivers\SWNC5E00.sys [285696 2009-08-04] (Sierra Wireless Inc.)
2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()
3 dump_wmimmc; \??\C:\Program Files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: iaimtv4

============ One Month Created Files and Folders ==============

2012-04-05 16:06 - 2012-04-05 16:07 - 0000000 ____D C:\Windows\System32\config\mybackup
2012-04-04 22:50 - 2012-04-04 22:52 - 0135424 ____A C:\TDSSKiller.2.7.25.0_04.04.2012_23.50.13_log.txt
2012-04-04 22:50 - 2012-04-04 22:51 - 4731392 ____A (AVAST Software) C:\Users\Patrick Nagel\Desktop\aswMBR.exe
2012-04-04 22:49 - 2012-04-04 22:50 - 2072112 ____A (Kaspersky Lab ZAO) C:\Users\Patrick Nagel\Desktop\tdsskiller.exe
2012-04-04 20:29 - 2012-04-04 20:29 - 0139088 ____A C:\Users\Patrick Nagel\Desktop\384511_2512150716960_1048890019_32152671_1246868437_n.jpg
2012-04-04 20:27 - 2012-04-04 20:34 - 0083052 ____A C:\Users\Patrick Nagel\Desktop\381588_2512147996892_1048890019_32152660_1428944229_n.jpg
2012-04-04 20:27 - 2012-04-04 20:27 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Local\{AF85712C-CB70-4E01-BE9A-7DBC9B1274C4}
2012-04-04 05:49 - 2012-04-04 05:49 - 0023592 ____A C:\ComboFix.txt
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-04 05:32 - 2012-04-04 05:49 - 0000000 ____D C:\Qoobox
2012-04-04 05:32 - 2012-04-04 05:48 - 0000000 ____D C:\Windows\ERDNT
2012-04-04 05:32 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-04 05:32 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-04 05:32 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-04 05:32 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-04 05:32 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-04 05:32 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-04 05:32 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-04 05:32 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-04 05:30 - 2012-04-04 05:31 - 4456875 ____R (Swearware) C:\Users\Patrick Nagel\Desktop\ComboFix.exe
2012-04-03 17:30 - 2012-04-03 17:30 - 0007027 ____A C:\Users\Patrick Nagel\Desktop\Attach.txt
2012-04-03 17:16 - 2012-04-03 17:16 - 0607260 ____R (Swearware) C:\Users\Patrick Nagel\Desktop\dds.scr
2012-04-02 09:43 - 2012-04-03 05:37 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-04-02 09:28 - 2012-04-02 09:28 - 2067532 ____A C:\Windows\System32\Drivers\Cat.DB
2012-04-02 09:28 - 2012-02-24 09:36 - 0230952 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-04-02 09:27 - 2012-04-02 09:52 - 0000000 ____D C:\Users\All Users\PC Tools
2012-04-02 09:27 - 2012-04-02 09:52 - 0000000 ____D C:\ProgramData\PC Tools
2012-04-02 09:27 - 2012-04-02 09:27 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Roaming\TestApp
2012-04-01 16:35 - 2012-04-01 16:35 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-01 16:34 - 2012-04-01 16:35 - 0000000 ____D C:\Program Files\iTunes
2012-04-01 16:34 - 2012-04-01 16:35 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-01 16:34 - 2012-04-01 16:34 - 0000000 ____D C:\Program Files\iPod
2012-03-31 09:15 - 2012-03-31 09:16 - 0528646 ____A C:\Users\Patrick Nagel\Desktop\IMG_1009.JPG
2012-03-31 09:15 - 2012-03-31 09:14 - 0500576 ____N C:\Users\Patrick Nagel\Desktop\IMG_1007.JPG
2012-03-31 09:15 - 2012-03-31 09:14 - 0497281 ____N C:\Users\Patrick Nagel\Desktop\IMG_1008.JPG
2012-03-30 14:42 - 2012-03-30 14:42 - 16148280 ____A (Microsoft Corporation) C:\Users\Patrick Nagel\Downloads\windows-kb890830-x64-v4.6.exe
2012-03-30 14:41 - 2012-03-30 14:41 - 15524152 ____A (Microsoft Corporation) C:\Users\Patrick Nagel\Downloads\windows-kb890830-v4.6.exe
2012-03-30 14:41 - 2012-03-04 15:23 - 54215544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-03-30 14:23 - 2012-03-30 14:23 - 1402880 ____A C:\Users\Patrick Nagel\Downloads\HijackThis.msi
2012-03-30 14:23 - 2012-03-30 14:23 - 0003011 ____A C:\Users\Patrick Nagel\Desktop\HiJackThis.lnk
2012-03-30 14:23 - 2012-03-30 14:23 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-03-30 14:20 - 2012-03-30 14:20 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-03-30 14:20 - 2012-03-30 14:20 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-30 14:20 - 2012-03-30 14:20 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-30 14:20 - 2012-03-30 14:20 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-03-28 20:17 - 2012-04-04 22:50 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-28 20:16 - 2012-03-28 20:17 - 0133630 ____A C:\TDSSKiller.2.7.23.0_28.03.2012_21.16.14_log.txt
2012-03-28 20:14 - 2012-03-28 20:14 - 0071398 ____A (jpshortstuff) C:\Users\Patrick Nagel\Downloads\GooredFix.exe
2012-03-28 20:07 - 2012-04-07 14:04 - 0005320 ____A C:\aaw7boot.log
2012-03-28 19:39 - 2012-03-28 19:40 - 0000376 ____A C:\Users\Patrick Nagel\tracert.txt
2012-03-28 16:11 - 2012-03-28 16:11 - 0000000 ____D C:\Program Files (x86)\ESET
2012-03-28 16:03 - 2012-03-27 15:51 - 0016432 ____A C:\Windows\System32\lsdelete.exe
2012-03-27 16:04 - 2012-03-27 16:04 - 0460190 ____A C:\Users\Patrick Nagel\Documents\TaxReturn.pdf
2012-03-27 15:51 - 2012-03-27 15:51 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-03-27 15:38 - 2012-03-30 15:38 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-03-27 15:38 - 2012-03-30 15:38 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-03-27 15:38 - 2012-03-27 15:38 - 0001062 ____A C:\Users\Public\Desktop\Ad-Aware.lnk
2012-03-27 15:38 - 2012-03-27 15:38 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-03-27 15:38 - 2012-03-27 15:38 - 0000000 ____D C:\ProgramData\Lavasoft
2012-03-27 15:38 - 2012-03-27 15:38 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2012-03-27 15:38 - 2012-03-20 12:41 - 0069376 ____A (Lavasoft AB) C:\Windows\System32\Drivers\Lbd.sys
2012-03-25 21:12 - 2012-04-04 05:42 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-19 16:08 - 2012-03-19 16:08 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Local\{22DC20D8-9FAA-419E-A6D2-4C9A7BF0C0D4}
2012-03-19 16:07 - 2012-03-19 16:08 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Local\{46375E1F-3677-486D-AF6F-7EECEEEA8C36}
2012-03-14 15:41 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-14 15:41 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-14 15:41 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-14 15:39 - 2009-09-04 16:29 - 1892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-03-13 21:35 - 2012-03-13 21:36 - 0000000 ____D C:\Users\Patrick Nagel\Desktop\Fitness
2012-03-13 19:43 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 19:43 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 19:43 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 18:47 - 2012-03-13 18:48 - 0195780 ____A C:\Users\Patrick Nagel\Downloads\55818603-Horsemen-Training-Program-i-1.pdf
2012-03-13 15:27 - 2012-03-13 15:27 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\Templates
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 ____D C:\users\UpdatusUser
2012-03-13 15:27 - 2011-04-14 22:35 - 0000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2012-03-13 15:27 - 2011-02-27 02:19 - 0000829 ____A C:\Users\UpdatusUser\Start Menu\Programs\Startup\Best Buy pc app.lnk
2012-03-13 15:27 - 2011-02-27 02:19 - 0000829 ____A C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
2012-03-13 15:27 - 2009-07-13 23:44 - 0000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Media Center Programs
2012-03-13 15:25 - 2012-02-29 16:02 - 8008000 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-03-13 15:25 - 2012-02-29 16:02 - 5892928 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-03-13 15:25 - 2012-02-29 16:02 - 2872640 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-03-13 15:25 - 2012-02-29 16:02 - 2672448 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-03-13 15:25 - 2012-02-29 16:02 - 25543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-03-13 15:25 - 2012-02-29 16:02 - 25222976 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-03-13 15:25 - 2012-02-29 16:02 - 2517312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-03-13 15:25 - 2012-02-29 16:02 - 2437440 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-03-13 15:25 - 2012-02-29 16:02 - 19444544 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-03-13 15:25 - 2012-02-29 16:02 - 17543488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-03-13 15:25 - 2012-02-29 16:02 - 13626688 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-03-13 15:25 - 2012-02-29 16:02 - 0068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-03-13 15:25 - 2012-02-29 16:02 - 0061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-03-13 15:25 - 2012-01-17 04:46 - 0031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-03-13 15:25 - 2012-01-17 04:45 - 1451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-03-13 15:25 - 2012-01-17 04:45 - 0188224 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-03-13 14:56 - 2012-03-13 15:24 - 212446672 ____A (NVIDIA Corporation) C:\Users\Patrick Nagel\Downloads\296.10-notebook-win7-winvista-64bit-international-whql.exe
2012-03-13 14:36 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 14:36 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 14:36 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 14:36 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 14:36 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 14:36 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 14:36 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


============ 3 Months Modified Files and Folders =============

2012-04-07 15:08 - 2012-04-07 15:07 - 0000000 ____D C:\FRST
2012-04-07 14:04 - 2012-03-28 20:07 - 0005320 ____A C:\aaw7boot.log
2012-04-07 14:04 - 2011-04-03 08:22 - 2129526784 __ASH C:\hiberfil.sys
2012-04-05 16:07 - 2012-04-05 16:06 - 0000000 ____D C:\Windows\System32\config\mybackup
2012-04-05 15:40 - 2011-11-14 18:47 - 1033442 ____A C:\Windows\ntbtlog.txt
2012-04-05 15:34 - 2011-02-27 01:41 - 0137864 ____A C:\Windows\PFRO.log
2012-04-05 06:34 - 2011-02-27 02:14 - 0003446 ____A C:\Windows\AsRecoveryHD.log
2012-04-05 06:34 - 2009-07-28 21:20 - 0000000 ____D C:\Windows\Log
2012-04-05 06:33 - 2011-02-27 02:13 - 0229834 ____A C:\Windows\AsFac.log
2012-04-04 22:52 - 2012-04-04 22:50 - 0135424 ____A C:\TDSSKiller.2.7.25.0_04.04.2012_23.50.13_log.txt
2012-04-04 22:52 - 2011-02-27 01:17 - 1976616 ____A C:\Windows\WindowsUpdate.log
2012-04-04 22:51 - 2012-04-04 22:50 - 4731392 ____A (AVAST Software) C:\Users\Patrick Nagel\Desktop\aswMBR.exe
2012-04-04 22:50 - 2012-04-04 22:49 - 2072112 ____A (Kaspersky Lab ZAO) C:\Users\Patrick Nagel\Desktop\tdsskiller.exe
2012-04-04 22:50 - 2012-03-28 20:17 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-04 22:11 - 2011-11-15 13:53 - 0000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796907751-3652176346-3460481017-1000UA.job
2012-04-04 21:58 - 2011-07-28 14:26 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-04 21:49 - 2012-02-25 13:44 - 0000960 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3796907751-3652176346-3460481017-1000UA.job
2012-04-04 20:34 - 2012-04-04 20:27 - 0083052 ____A C:\Users\Patrick Nagel\Desktop\381588_2512147996892_1048890019_32152660_1428944229_n.jpg
2012-04-04 20:29 - 2012-04-04 20:29 - 0139088 ____A C:\Users\Patrick Nagel\Desktop\384511_2512150716960_1048890019_32152671_1246868437_n.jpg
2012-04-04 20:27 - 2012-04-04 20:27 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Local\{AF85712C-CB70-4E01-BE9A-7DBC9B1274C4}
2012-04-04 20:10 - 2011-04-02 18:13 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-04 17:11 - 2011-11-15 13:53 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796907751-3652176346-3460481017-1000Core.job
2012-04-04 16:48 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-04 16:48 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-04 14:41 - 2011-10-17 05:45 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Roaming\uTorrent
2012-04-04 14:36 - 2012-02-25 13:44 - 0000938 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3796907751-3652176346-3460481017-1000Core.job
2012-04-04 14:36 - 2011-07-28 14:26 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-04 14:30 - 2009-07-13 21:13 - 0727538 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-04 05:49 - 2012-04-04 05:49 - 0023592 ____A C:\ComboFix.txt
2012-04-04 05:49 - 2012-04-04 05:32 - 0000000 ____D C:\Qoobox
2012-04-04 05:49 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-04-04 05:49 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-04 05:48 - 2012-04-04 05:32 - 0000000 ____D C:\Windows\ERDNT
2012-04-04 05:43 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-04 05:42 - 2012-03-25 21:12 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-04 05:42 - 2011-02-27 02:05 - 0000050 ____A C:\Windows\System32\SupplicantTest.log
2012-04-04 05:42 - 2011-02-27 01:57 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-04 05:42 - 2011-02-27 01:57 - 0000000 ____D C:\ProgramData\NVIDIA
2012-04-04 05:42 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-04 05:42 - 2009-07-13 20:51 - 0069589 ____A C:\Windows\setupact.log
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-04 05:41 - 2012-04-04 05:41 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-04 05:41 - 2009-07-13 18:34 - 62390272 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-04 05:41 - 2009-07-13 18:34 - 22282240 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-04 05:41 - 2009-07-13 18:34 - 1048576 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-04 05:41 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-04 05:41 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-04-04 05:31 - 2012-04-04 05:30 - 4456875 ____R (Swearware) C:\Users\Patrick Nagel\Desktop\ComboFix.exe
2012-04-03 19:07 - 2011-04-02 18:47 - 0000000 ____D C:\Program Files (x86)\RIFT Game
2012-04-03 17:30 - 2012-04-03 17:30 - 0007027 ____A C:\Users\Patrick Nagel\Desktop\Attach.txt
2012-04-03 17:16 - 2012-04-03 17:16 - 0607260 ____R (Swearware) C:\Users\Patrick Nagel\Desktop\dds.scr
2012-04-03 05:37 - 2012-04-02 09:43 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-04-02 09:52 - 2012-04-02 09:27 - 0000000 ____D C:\Users\All Users\PC Tools
2012-04-02 09:52 - 2012-04-02 09:27 - 0000000 ____D C:\ProgramData\PC Tools
2012-04-02 09:28 - 2012-04-02 09:28 - 2067532 ____A C:\Windows\System32\Drivers\Cat.DB
2012-04-02 09:27 - 2012-04-02 09:27 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Roaming\TestApp
2012-04-01 16:35 - 2012-04-01 16:35 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-01 16:35 - 2012-04-01 16:34 - 0000000 ____D C:\Program Files\iTunes
2012-04-01 16:35 - 2012-04-01 16:34 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-01 16:34 - 2012-04-01 16:34 - 0000000 ____D C:\Program Files\iPod
2012-03-31 09:16 - 2012-03-31 09:15 - 0528646 ____A C:\Users\Patrick Nagel\Desktop\IMG_1009.JPG
2012-03-31 09:14 - 2012-03-31 09:15 - 0500576 ____N C:\Users\Patrick Nagel\Desktop\IMG_1007.JPG
2012-03-31 09:14 - 2012-03-31 09:15 - 0497281 ____N C:\Users\Patrick Nagel\Desktop\IMG_1008.JPG
2012-03-30 15:38 - 2012-03-27 15:38 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-03-30 15:38 - 2012-03-27 15:38 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-03-30 14:42 - 2012-03-30 14:42 - 16148280 ____A (Microsoft Corporation) C:\Users\Patrick Nagel\Downloads\windows-kb890830-x64-v4.6.exe
2012-03-30 14:41 - 2012-03-30 14:41 - 15524152 ____A (Microsoft Corporation) C:\Users\Patrick Nagel\Downloads\windows-kb890830-v4.6.exe
2012-03-30 14:23 - 2012-03-30 14:23 - 1402880 ____A C:\Users\Patrick Nagel\Downloads\HijackThis.msi
2012-03-30 14:23 - 2012-03-30 14:23 - 0003011 ____A C:\Users\Patrick Nagel\Desktop\HiJackThis.lnk
2012-03-30 14:23 - 2012-03-30 14:23 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-03-30 14:20 - 2012-03-30 14:20 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-03-30 14:20 - 2012-03-30 14:20 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-30 14:20 - 2012-03-30 14:20 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-30 14:20 - 2012-03-30 14:20 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-03-29 20:43 - 2011-04-02 19:25 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Roaming\Skype
2012-03-29 19:28 - 2011-07-01 19:02 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-03-29 19:28 - 2011-04-02 19:25 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-29 19:28 - 2011-04-02 19:25 - 0000000 ____D C:\Users\All Users\Skype
2012-03-29 19:28 - 2011-04-02 19:25 - 0000000 ____D C:\ProgramData\Skype
2012-03-29 17:47 - 2011-04-19 22:00 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Local\PMB Files
2012-03-29 17:47 - 2011-04-19 21:47 - 0000000 ____D C:\Users\All Users\PMB Files
2012-03-29 17:47 - 2011-04-19 21:47 - 0000000 ____D C:\ProgramData\PMB Files
2012-03-28 20:42 - 2011-04-03 06:27 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Local\Deployment
2012-03-28 20:17 - 2012-03-28 20:16 - 0133630 ____A C:\TDSSKiller.2.7.23.0_28.03.2012_21.16.14_log.txt
2012-03-28 20:14 - 2012-03-28 20:14 - 0071398 ____A (jpshortstuff) C:\Users\Patrick Nagel\Downloads\GooredFix.exe
2012-03-28 19:40 - 2012-03-28 19:39 - 0000376 ____A C:\Users\Patrick Nagel\tracert.txt
2012-03-28 19:39 - 2011-04-03 06:24 - 0000000 ____D C:\users\Patrick Nagel
2012-03-28 16:11 - 2012-03-28 16:11 - 0000000 ____D C:\Program Files (x86)\ESET
2012-03-28 16:11 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-03-27 16:04 - 2012-03-27 16:04 - 0460190 ____A C:\Users\Patrick Nagel\Documents\TaxReturn.pdf
2012-03-27 15:51 - 2012-03-28 16:03 - 0016432 ____A C:\Windows\System32\lsdelete.exe
2012-03-27 15:51 - 2012-03-27 15:51 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-03-27 15:38 - 2012-03-27 15:38 - 0001062 ____A C:\Users\Public\Desktop\Ad-Aware.lnk
2012-03-27 15:38 - 2012-03-27 15:38 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-03-27 15:38 - 2012-03-27 15:38 - 0000000 ____D C:\ProgramData\Lavasoft
2012-03-27 15:38 - 2012-03-27 15:38 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2012-03-24 19:44 - 2011-02-27 01:30 - 0285669 ____A C:\Windows\DirectX.log
2012-03-20 12:41 - 2012-03-27 15:38 - 0069376 ____A (Lavasoft AB) C:\Windows\System32\Drivers\Lbd.sys
2012-03-19 16:08 - 2012-03-19 16:08 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Local\{22DC20D8-9FAA-419E-A6D2-4C9A7BF0C0D4}
2012-03-19 16:08 - 2012-03-19 16:07 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Local\{46375E1F-3677-486D-AF6F-7EECEEEA8C36}
2012-03-19 16:08 - 2011-05-19 06:47 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Local\Windows Live
2012-03-14 15:45 - 2011-02-27 02:10 - 0045056 ____A C:\Windows\System32\acovcnt.exe
2012-03-14 15:44 - 2009-07-13 21:08 - 0032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-14 15:44 - 2009-07-13 20:45 - 0276216 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 15:42 - 2011-04-14 22:28 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Roaming\SoftGrid Client
2012-03-13 21:36 - 2012-03-13 21:35 - 0000000 ____D C:\Users\Patrick Nagel\Desktop\Fitness
2012-03-13 18:48 - 2012-03-13 18:47 - 0195780 ____A C:\Users\Patrick Nagel\Downloads\55818603-Horsemen-Training-Program-i-1.pdf
2012-03-13 15:27 - 2012-03-13 15:27 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\Templates
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2012-03-13 15:27 - 2012-03-13 15:27 - 0000000 ____D C:\users\UpdatusUser
2012-03-13 15:27 - 2011-04-03 04:04 - 0000000 ____D C:\NVIDIA
2012-03-13 15:27 - 2011-02-27 01:57 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-13 15:27 - 2011-02-27 01:56 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-03-13 15:24 - 2012-03-13 14:56 - 212446672 ____A (NVIDIA Corporation) C:\Users\Patrick Nagel\Downloads\296.10-notebook-win7-winvista-64bit-international-whql.exe
2012-03-07 16:00 - 2012-03-07 16:00 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Local\Chromium
2012-03-07 16:00 - 2012-03-06 18:14 - 0000000 ____D C:\Users\All Users\Hi-Rez Studios
2012-03-07 16:00 - 2012-03-06 18:14 - 0000000 ____D C:\ProgramData\Hi-Rez Studios
2012-03-07 16:00 - 2011-05-30 18:49 - 0000000 ____D C:\Users\Patrick Nagel\Documents\My Games
2012-03-06 18:14 - 2012-03-06 18:14 - 0002030 ____A C:\Users\Public\Desktop\Tribes Ascend Open Beta.lnk
2012-03-06 18:14 - 2012-03-06 18:14 - 0000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2012-03-06 18:14 - 2011-02-27 01:24 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-06 18:13 - 2012-03-06 18:10 - 13229352 ____A (Hi-Rez Studios) C:\Users\Patrick Nagel\Downloads\InstallHiRezGamesEnglish.exe
2012-03-05 16:50 - 2012-02-25 13:44 - 0001355 ____A C:\Users\Patrick Nagel\Start Menu\Programs\Startup\Facebook Messenger.lnk
2012-03-05 16:50 - 2012-02-25 13:44 - 0001355 ____A C:\Users\Patrick Nagel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
2012-03-04 16:19 - 2011-04-02 18:33 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-04 15:23 - 2012-03-30 14:41 - 54215544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-03-01 09:32 - 2012-03-01 09:31 - 0919456 ____A C:\Windows\Minidump\030112-36020-01.dmp
2012-03-01 09:32 - 2011-04-03 06:27 - 0057952 ____A C:\Users\Patrick Nagel\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-01 09:31 - 2011-10-17 05:45 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-03-01 09:31 - 2011-04-22 18:28 - 785751618 ____A C:\Windows\MEMORY.DMP
2012-03-01 09:31 - 2011-04-22 18:28 - 0000000 ____D C:\Windows\Minidump
2012-02-29 16:02 - 2012-03-13 15:25 - 8008000 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-02-29 16:02 - 2012-03-13 15:25 - 5892928 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-02-29 16:02 - 2012-03-13 15:25 - 2872640 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-02-29 16:02 - 2012-03-13 15:25 - 2672448 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-02-29 16:02 - 2012-03-13 15:25 - 25543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-02-29 16:02 - 2012-03-13 15:25 - 25222976 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-02-29 16:02 - 2012-03-13 15:25 - 2517312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-02-29 16:02 - 2012-03-13 15:25 - 2437440 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-02-29 16:02 - 2012-03-13 15:25 - 19444544 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-02-29 16:02 - 2012-03-13 15:25 - 17543488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-02-29 16:02 - 2012-03-13 15:25 - 13626688 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-02-29 16:02 - 2012-03-13 15:25 - 0068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-29 16:02 - 2012-03-13 15:25 - 0061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-02-29 16:02 - 2011-09-30 13:34 - 1737536 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-02-29 16:02 - 2011-09-30 13:34 - 1466176 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-02-29 16:02 - 2011-04-03 04:05 - 7713088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-02-29 16:02 - 2011-04-03 04:05 - 2301248 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-02-29 16:02 - 2011-04-03 04:05 - 17642816 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-02-29 16:02 - 2010-10-28 23:54 - 9717568 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-02-29 16:02 - 2010-10-28 23:54 - 2660160 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-02-29 16:02 - 2010-10-28 23:54 - 15009600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-02-29 16:02 - 2010-10-28 23:54 - 0011770 ____A C:\Windows\System32\nvinfo.pb
2012-02-29 13:00 - 2011-03-17 01:03 - 6074176 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-02-29 13:00 - 2011-03-17 01:03 - 3089728 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-02-29 12:59 - 2011-03-17 01:03 - 0118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-02-29 12:59 - 2011-03-17 01:02 - 2561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-02-29 12:59 - 2011-03-17 01:02 - 0889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-02-29 12:59 - 2010-10-29 04:38 - 0063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-02-29 12:26 - 2012-02-29 12:26 - 0416064 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-02-28 21:29 - 2012-02-28 21:29 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf
2012-02-28 21:29 - 2012-02-28 21:29 - 0000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-02-28 18:30 - 2011-08-13 20:00 - 0000000 ____D C:\Users\Patrick Nagel\riotsGamesLogs
2012-02-25 13:44 - 2012-02-25 13:44 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Local\Facebook
2012-02-24 12:24 - 2011-04-17 17:59 - 0000000 ___HD C:\Users\Patrick Nagel\Desktop\Ni HAO MA
2012-02-24 09:36 - 2012-04-02 09:28 - 0230952 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-02-23 08:18 - 2011-04-02 19:11 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-20 21:58 - 2012-02-20 21:58 - 0911024 ____A C:\Windows\Minidump\022012-17456-01.dmp
2012-02-16 22:38 - 2012-03-13 14:36 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 14:36 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 14:36 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 14:36 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 06:52 - 2011-06-18 13:32 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-16 06:51 - 2011-04-03 06:25 - 0000174 ___SH C:\Users\Patrick Nagel\Start Menu\Programs\Startup\desktop.ini
2012-02-16 06:51 - 2011-04-03 06:25 - 0000174 ___SH C:\Users\Patrick Nagel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 03:21 - 2011-02-27 01:30 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 03:03 - 2011-04-14 22:27 - 0744234 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-16 03:03 - 2011-04-14 22:27 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-15 23:05 - 2012-02-15 22:53 - 200776520 ____A (NVIDIA Corporation) C:\Users\Patrick Nagel\Downloads\285.62-notebook-win7-winvista-64bit-international-whql.exe
2012-02-13 21:36 - 2012-02-13 21:36 - 0738704 ____A C:\Windows\Minidump\021312-13681-01.dmp
2012-02-12 10:29 - 2011-10-22 23:04 - 0000000 ____D C:\Users\Patrick Nagel\Desktop\jb4
2012-02-12 10:23 - 2011-04-02 18:52 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Local\Microsoft Games
2012-02-09 22:36 - 2012-03-13 19:43 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 19:43 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-02 20:34 - 2012-03-13 19:43 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 20:05 - 2012-02-02 20:05 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Roaming\redsn0w
2012-02-01 22:40 - 2012-02-01 22:40 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-01 22:40 - 2011-11-15 13:47 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-01 15:16 - 2012-02-01 15:16 - 2021556 ____A C:\Users\Patrick Nagel\Desktop\Navy IP Community Brochure 17 MAY 11 Approved.pdf
2012-01-24 22:38 - 2012-03-13 14:36 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-13 14:36 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-13 14:36 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-23 17:50 - 2011-04-02 19:06 - 0000000 ____D C:\Users\Patrick Nagel\AppData\Roaming\RIFT
2012-01-17 04:46 - 2012-03-13 15:25 - 0031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-01-17 04:45 - 2012-03-13 15:25 - 1451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-01-17 04:45 - 2012-03-13 15:25 - 0188224 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-01-11 15:38 - 2012-01-11 15:37 - 0950760 ____A C:\Windows\Minidump\011112-15662-01.dmp

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8169.17 MB
Available physical RAM: 7415.54 MB
Total Pagefile: 8167.32 MB
Available Pagefile: 7397.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:677.15 GB) (Free:387.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: () (Removable) (Total:0.24 GB) (Free:0.22 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 244 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 21 GB 31 KB
Partition 2 Primary 677 GB 21 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 677 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 243 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT Removable 243 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-30 17:09

======================= End Of Log ==========================

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:00 PM

Posted 07 April 2012 - 09:08 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 iaimtv4; C:\Windows\System32\moufiltr.dll [x]
C:\Windows\System32\moufiltr.dll
NETSVC: iaimtv4


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 patnagel

patnagel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 08 April 2012 - 09:38 PM

Windows is now able to boot. Seems to be running normally.

Thank you!

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-07 21:12:29 R:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
iaimtv4 service deleted successfully.
C:\Windows\System32\moufiltr.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs iaimtv4 Deleted successfully.

==== End of Fixlog ====

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:00 PM

Posted 08 April 2012 - 09:58 PM

I would like you to run TDSSKiller and aswMBR now (same problem will not happen again)


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 patnagel

patnagel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 09 April 2012 - 07:12 PM

Definitely looking better!

17:07:56.0449 7652 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
17:07:56.0462 7652 ============================================================
17:07:56.0462 7652 Current date / time: 2012/04/09 17:07:56.0462
17:07:56.0462 7652 SystemInfo:
17:07:56.0462 7652
17:07:56.0462 7652 OS Version: 6.1.7601 ServicePack: 1.0
17:07:56.0462 7652 Product type: Workstation
17:07:56.0462 7652 ComputerName: PATRICKNAGEL-PC
17:07:56.0462 7652 UserName: Patrick Nagel
17:07:56.0462 7652 Windows directory: C:\Windows
17:07:56.0462 7652 System windows directory: C:\Windows
17:07:56.0462 7652 Running under WOW64
17:07:56.0462 7652 Processor architecture: Intel x64
17:07:56.0462 7652 Number of processors: 8
17:07:56.0462 7652 Page size: 0x1000
17:07:56.0462 7652 Boot type: Normal boot
17:07:56.0462 7652 ============================================================
17:07:57.0406 7652 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:07:57.0417 7652 Drive \Device\Harddisk1\DR2 - Size: 0x79280000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:07:57.0419 7652 \Device\Harddisk0\DR0:
17:07:57.0419 7652 MBR used
17:07:57.0419 7652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B8, BlocksNum 0x54A4C638
17:07:57.0419 7652 \Device\Harddisk1\DR2:
17:07:57.0422 7652 MBR used
17:07:57.0422 7652 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x3C8907
17:07:57.0462 7652 Initialize success
17:07:57.0462 7652 ============================================================
17:07:59.0127 7696 ============================================================
17:07:59.0127 7696 Scan started
17:07:59.0127 7696 Mode: Manual;
17:07:59.0127 7696 ============================================================
17:08:03.0832 7696 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:08:03.0837 7696 1394ohci - ok
17:08:04.0042 7696 ac.sharedstore (5e8efeb338deb1f485420b090fe6c85e) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
17:08:04.0048 7696 ac.sharedstore - ok
17:08:04.0288 7696 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:08:04.0294 7696 ACPI - ok
17:08:04.0431 7696 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:08:04.0438 7696 AcpiPmi - ok
17:08:04.0734 7696 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:08:04.0742 7696 AdobeARMservice - ok
17:08:05.0003 7696 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:08:05.0009 7696 adp94xx - ok
17:08:05.0157 7696 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:08:05.0162 7696 adpahci - ok
17:08:05.0239 7696 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:08:05.0252 7696 adpu320 - ok
17:08:05.0321 7696 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:08:05.0323 7696 AeLookupSvc - ok
17:08:05.0482 7696 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:08:05.0498 7696 AFD - ok
17:08:05.0714 7696 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:08:05.0719 7696 agp440 - ok
17:08:05.0824 7696 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:08:05.0827 7696 ALG - ok
17:08:05.0901 7696 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:08:05.0903 7696 aliide - ok
17:08:06.0008 7696 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:08:06.0009 7696 amdide - ok
17:08:06.0087 7696 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:08:06.0094 7696 AmdK8 - ok
17:08:06.0144 7696 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:08:06.0149 7696 AmdPPM - ok
17:08:06.0216 7696 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:08:06.0219 7696 amdsata - ok
17:08:06.0296 7696 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:08:06.0308 7696 amdsbs - ok
17:08:06.0409 7696 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:08:06.0411 7696 amdxata - ok
17:08:06.0536 7696 Amsp (e8494519bcb9e3b1b72e5604993a76e3) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
17:08:06.0539 7696 Amsp - ok
17:08:06.0712 7696 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:08:06.0714 7696 AppID - ok
17:08:06.0776 7696 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:08:06.0777 7696 AppIDSvc - ok
17:08:06.0916 7696 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:08:06.0922 7696 Appinfo - ok
17:08:07.0187 7696 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:08:07.0193 7696 Apple Mobile Device - ok
17:08:07.0419 7696 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:08:07.0423 7696 arc - ok
17:08:07.0481 7696 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:08:07.0484 7696 arcsas - ok
17:08:07.0613 7696 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
17:08:07.0616 7696 ASLDRService - ok
17:08:07.0647 7696 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
17:08:07.0654 7696 ASMMAP64 - ok
17:08:07.0719 7696 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:08:07.0723 7696 AsyncMac - ok
17:08:07.0851 7696 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:08:07.0858 7696 atapi - ok
17:08:08.0131 7696 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
17:08:08.0156 7696 athr - ok
17:08:08.0241 7696 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
17:08:08.0243 7696 ATKGFNEXSrv - ok
17:08:08.0317 7696 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
17:08:08.0322 7696 ATKWMIACPIIO - ok
17:08:08.0641 7696 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:08:08.0675 7696 AudioEndpointBuilder - ok
17:08:08.0687 7696 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:08:08.0691 7696 AudioSrv - ok
17:08:08.0862 7696 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:08:08.0865 7696 AxInstSV - ok
17:08:09.0133 7696 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:08:09.0158 7696 b06bdrv - ok
17:08:09.0335 7696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:08:09.0338 7696 b57nd60a - ok
17:08:09.0460 7696 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:08:09.0463 7696 BDESVC - ok
17:08:09.0507 7696 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:08:09.0510 7696 Beep - ok
17:08:09.0567 7696 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:08:09.0668 7696 BITS - ok
17:08:09.0745 7696 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:08:09.0747 7696 blbdrive - ok
17:08:09.0941 7696 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:08:09.0948 7696 Bonjour Service - ok
17:08:10.0003 7696 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:08:10.0010 7696 bowser - ok
17:08:10.0098 7696 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys
17:08:10.0101 7696 bpenum - ok
17:08:10.0232 7696 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\Windows\system32\DRIVERS\bpmp.sys
17:08:10.0238 7696 bpmp - ok
17:08:10.0257 7696 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\Windows\system32\Drivers\bpusb.sys
17:08:10.0260 7696 bpusb - ok
17:08:10.0333 7696 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:08:10.0335 7696 BrFiltLo - ok
17:08:10.0372 7696 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:08:10.0380 7696 BrFiltUp - ok
17:08:10.0475 7696 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:08:10.0478 7696 Browser - ok
17:08:10.0511 7696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:08:10.0515 7696 Brserid - ok
17:08:10.0542 7696 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:08:10.0543 7696 BrSerWdm - ok
17:08:10.0590 7696 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:08:10.0595 7696 BrUsbMdm - ok
17:08:10.0618 7696 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:08:10.0625 7696 BrUsbSer - ok
17:08:10.0647 7696 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:08:10.0652 7696 BTHMODEM - ok
17:08:10.0710 7696 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:08:10.0712 7696 bthserv - ok
17:08:10.0752 7696 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:08:10.0753 7696 cdfs - ok
17:08:10.0820 7696 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:08:10.0822 7696 cdrom - ok
17:08:10.0870 7696 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:08:10.0872 7696 CertPropSvc - ok
17:08:10.0883 7696 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:08:10.0885 7696 circlass - ok
17:08:10.0975 7696 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:08:10.0998 7696 CLFS - ok
17:08:11.0082 7696 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:08:11.0088 7696 clr_optimization_v2.0.50727_32 - ok
17:08:11.0160 7696 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:08:11.0165 7696 clr_optimization_v2.0.50727_64 - ok
17:08:11.0298 7696 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:08:11.0451 7696 clr_optimization_v4.0.30319_32 - ok
17:08:11.0490 7696 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:08:11.0493 7696 clr_optimization_v4.0.30319_64 - ok
17:08:11.0560 7696 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:08:11.0562 7696 CmBatt - ok
17:08:11.0601 7696 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:08:11.0603 7696 cmdide - ok
17:08:11.0700 7696 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:08:11.0707 7696 CNG - ok
17:08:11.0766 7696 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:08:11.0767 7696 Compbatt - ok
17:08:11.0817 7696 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:08:11.0820 7696 CompositeBus - ok
17:08:11.0840 7696 COMSysApp - ok
17:08:11.0861 7696 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:08:11.0863 7696 crcdisk - ok
17:08:11.0970 7696 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
17:08:11.0972 7696 Creative ALchemy AL6 Licensing Service - ok
17:08:11.0997 7696 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:08:12.0000 7696 Creative Audio Engine Licensing Service - ok
17:08:12.0070 7696 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:08:12.0072 7696 CryptSvc - ok
17:08:12.0235 7696 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:08:12.0245 7696 cvhsvc - ok
17:08:12.0376 7696 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
17:08:12.0378 7696 dc3d - ok
17:08:12.0446 7696 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:08:12.0455 7696 DcomLaunch - ok
17:08:12.0482 7696 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:08:12.0487 7696 defragsvc - ok
17:08:12.0525 7696 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:08:12.0527 7696 DfsC - ok
17:08:12.0585 7696 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:08:12.0590 7696 Dhcp - ok
17:08:12.0633 7696 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:08:12.0635 7696 discache - ok
17:08:12.0705 7696 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:08:12.0706 7696 Disk - ok
17:08:12.0943 7696 DMAgent (c4aebbeb530706b45b7916161a1f525d) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
17:08:12.0986 7696 DMAgent - ok
17:08:13.0046 7696 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:08:13.0050 7696 Dnscache - ok
17:08:13.0136 7696 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:08:13.0140 7696 dot3svc - ok
17:08:13.0211 7696 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:08:13.0221 7696 DPS - ok
17:08:13.0266 7696 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:08:13.0267 7696 drmkaud - ok
17:08:13.0497 7696 dump_wmimmc - ok
17:08:13.0943 7696 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:08:13.0977 7696 DXGKrnl - ok
17:08:14.0025 7696 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:08:14.0027 7696 EapHost - ok
17:08:14.0128 7696 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:08:14.0195 7696 ebdrv - ok
17:08:14.0243 7696 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:08:14.0251 7696 EFS - ok
17:08:14.0387 7696 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:08:14.0406 7696 ehRecvr - ok
17:08:14.0428 7696 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:08:14.0432 7696 ehSched - ok
17:08:14.0567 7696 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:08:14.0575 7696 elxstor - ok
17:08:14.0615 7696 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:08:14.0623 7696 ErrDev - ok
17:08:14.0763 7696 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:08:14.0817 7696 EventSystem - ok
17:08:14.0835 7696 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:08:14.0838 7696 exfat - ok
17:08:14.0856 7696 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:08:14.0860 7696 fastfat - ok
17:08:15.0100 7696 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:08:15.0108 7696 Fax - ok
17:08:15.0123 7696 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:08:15.0125 7696 fdc - ok
17:08:15.0176 7696 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:08:15.0177 7696 fdPHost - ok
17:08:15.0193 7696 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:08:15.0196 7696 FDResPub - ok
17:08:15.0210 7696 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:08:15.0211 7696 FileInfo - ok
17:08:15.0223 7696 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:08:15.0225 7696 Filetrace - ok
17:08:15.0242 7696 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:08:15.0245 7696 flpydisk - ok
17:08:15.0291 7696 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:08:15.0296 7696 FltMgr - ok
17:08:15.0343 7696 FLxHCIc (d0adbcf2a5316d23ef67dfaa02d5d544) C:\Windows\system32\DRIVERS\FLxHCIc.sys
17:08:15.0347 7696 FLxHCIc - ok
17:08:15.0410 7696 FLxHCIh (f9b6db9727ad2f14ecf84e43eb5279f7) C:\Windows\system32\DRIVERS\FLxHCIh.sys
17:08:15.0412 7696 FLxHCIh - ok
17:08:15.0443 7696 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:08:15.0457 7696 FontCache - ok
17:08:15.0523 7696 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:08:15.0526 7696 FontCache3.0.0.0 - ok
17:08:15.0552 7696 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:08:15.0553 7696 FsDepends - ok
17:08:15.0605 7696 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
17:08:15.0607 7696 fssfltr - ok
17:08:15.0743 7696 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:08:15.0785 7696 fsssvc - ok
17:08:15.0841 7696 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:08:15.0843 7696 Fs_Rec - ok
17:08:15.0905 7696 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:08:15.0908 7696 fvevol - ok
17:08:15.0958 7696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:08:15.0961 7696 gagp30kx - ok
17:08:15.0983 7696 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:08:15.0986 7696 GEARAspiWDM - ok
17:08:16.0032 7696 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:08:16.0042 7696 gpsvc - ok
17:08:16.0215 7696 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:08:16.0216 7696 gupdate - ok
17:08:16.0243 7696 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:08:16.0245 7696 gupdatem - ok
17:08:16.0292 7696 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:08:16.0293 7696 gusvc - ok
17:08:16.0537 7696 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:08:16.0540 7696 hcw85cir - ok
17:08:16.0653 7696 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:08:16.0657 7696 HdAudAddService - ok
17:08:16.0726 7696 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:08:16.0730 7696 HDAudBus - ok
17:08:16.0785 7696 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:08:16.0786 7696 HidBatt - ok
17:08:16.0807 7696 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:08:16.0810 7696 HidBth - ok
17:08:16.0847 7696 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:08:16.0853 7696 HidIr - ok
17:08:16.0907 7696 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:08:16.0917 7696 hidserv - ok
17:08:16.0981 7696 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:08:16.0982 7696 HidUsb - ok
17:08:17.0063 7696 HiPatchService (5a457c3d00c1c701230a12aa1580114d) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
17:08:17.0066 7696 HiPatchService - ok
17:08:17.0110 7696 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:08:17.0112 7696 hkmsvc - ok
17:08:17.0176 7696 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:08:17.0181 7696 HomeGroupListener - ok
17:08:17.0237 7696 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:08:17.0242 7696 HomeGroupProvider - ok
17:08:17.0295 7696 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:08:17.0297 7696 HpSAMD - ok
17:08:17.0365 7696 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:08:17.0383 7696 HTTP - ok
17:08:17.0423 7696 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:08:17.0423 7696 hwpolicy - ok
17:08:17.0488 7696 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:08:17.0491 7696 i8042prt - ok
17:08:17.0526 7696 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
17:08:17.0528 7696 iaStor - ok
17:08:17.0572 7696 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:08:17.0580 7696 iaStorV - ok
17:08:17.0767 7696 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:08:17.0791 7696 idsvc - ok
17:08:17.0863 7696 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:08:17.0866 7696 iirsp - ok
17:08:17.0923 7696 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:08:17.0998 7696 IKEEXT - ok
17:08:18.0289 7696 IntcAzAudAddService (bd9d02f706fcaf28d89f5435f18a4a04) C:\Windows\system32\drivers\RTKVHD64.sys
17:08:18.0328 7696 IntcAzAudAddService - ok
17:08:18.0589 7696 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:08:18.0598 7696 intelide - ok
17:08:18.0653 7696 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:08:18.0662 7696 intelppm - ok
17:08:18.0774 7696 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:08:18.0777 7696 IPBusEnum - ok
17:08:18.0827 7696 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:08:18.0828 7696 IpFilterDriver - ok
17:08:18.0894 7696 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:08:18.0897 7696 IPMIDRV - ok
17:08:18.0942 7696 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:08:18.0944 7696 IPNAT - ok
17:08:19.0102 7696 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:08:19.0126 7696 iPod Service - ok
17:08:19.0158 7696 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:08:19.0159 7696 IRENUM - ok
17:08:19.0207 7696 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:08:19.0209 7696 isapnp - ok
17:08:19.0347 7696 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:08:19.0351 7696 iScsiPrt - ok
17:08:19.0383 7696 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:08:19.0386 7696 kbdclass - ok
17:08:19.0424 7696 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:08:19.0427 7696 kbdhid - ok
17:08:19.0473 7696 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
17:08:19.0476 7696 kbfiltr - ok
17:08:19.0514 7696 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:19.0514 7696 KeyIso - ok
17:08:19.0574 7696 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:08:19.0577 7696 KSecDD - ok
17:08:19.0624 7696 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:08:19.0629 7696 KSecPkg - ok
17:08:19.0656 7696 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:08:19.0658 7696 ksthunk - ok
17:08:19.0852 7696 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:08:19.0857 7696 KtmRm - ok
17:08:19.0998 7696 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:08:20.0002 7696 LanmanServer - ok
17:08:20.0068 7696 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:08:20.0072 7696 LanmanWorkstation - ok
17:08:20.0428 7696 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
17:08:20.0597 7696 Lavasoft Ad-Aware Service - ok
17:08:20.0666 7696 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
17:08:20.0667 7696 Lavasoft Kernexplorer - ok
17:08:20.0748 7696 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
17:08:20.0749 7696 Lbd - ok
17:08:20.0838 7696 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:08:20.0841 7696 lltdio - ok
17:08:20.0942 7696 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:08:20.0946 7696 lltdsvc - ok
17:08:20.0981 7696 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:08:20.0983 7696 lmhosts - ok
17:08:21.0108 7696 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:08:21.0114 7696 LMS - ok
17:08:21.0163 7696 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:08:21.0166 7696 LSI_FC - ok
17:08:21.0196 7696 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:08:21.0199 7696 LSI_SAS - ok
17:08:21.0224 7696 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:08:21.0227 7696 LSI_SAS2 - ok
17:08:21.0257 7696 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:08:21.0259 7696 LSI_SCSI - ok
17:08:21.0303 7696 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:08:21.0304 7696 luafv - ok
17:08:21.0381 7696 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
17:08:21.0383 7696 MBfilt - ok
17:08:21.0444 7696 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:08:21.0447 7696 Mcx2Svc - ok
17:08:21.0476 7696 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:08:21.0484 7696 megasas - ok
17:08:21.0542 7696 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:08:21.0547 7696 MegaSR - ok
17:08:21.0604 7696 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:08:21.0607 7696 MEIx64 - ok
17:08:21.0658 7696 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:08:21.0661 7696 MMCSS - ok
17:08:21.0686 7696 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:08:21.0689 7696 Modem - ok
17:08:21.0736 7696 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:08:21.0736 7696 monitor - ok
17:08:21.0843 7696 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:08:21.0846 7696 mouclass - ok
17:08:21.0873 7696 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:08:21.0874 7696 mouhid - ok
17:08:21.0912 7696 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:08:21.0914 7696 mountmgr - ok
17:08:21.0954 7696 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:08:21.0959 7696 mpio - ok
17:08:22.0001 7696 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:08:22.0003 7696 mpsdrv - ok
17:08:22.0041 7696 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:08:22.0046 7696 MRxDAV - ok
17:08:22.0083 7696 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:08:22.0087 7696 mrxsmb - ok
17:08:22.0116 7696 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:08:22.0123 7696 mrxsmb10 - ok
17:08:22.0141 7696 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:08:22.0144 7696 mrxsmb20 - ok
17:08:22.0181 7696 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:08:22.0182 7696 msahci - ok
17:08:22.0226 7696 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:08:22.0229 7696 msdsm - ok
17:08:22.0257 7696 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:08:22.0262 7696 MSDTC - ok
17:08:22.0292 7696 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:08:22.0294 7696 Msfs - ok
17:08:22.0332 7696 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:08:22.0333 7696 mshidkmdf - ok
17:08:22.0347 7696 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:08:22.0349 7696 msisadrv - ok
17:08:22.0376 7696 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:08:22.0379 7696 MSiSCSI - ok
17:08:22.0402 7696 msiserver - ok
17:08:22.0437 7696 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:08:22.0439 7696 MSKSSRV - ok
17:08:22.0456 7696 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:08:22.0457 7696 MSPCLOCK - ok
17:08:22.0469 7696 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:08:22.0471 7696 MSPQM - ok
17:08:22.0554 7696 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:08:22.0558 7696 MsRPC - ok
17:08:22.0643 7696 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:08:22.0646 7696 mssmbios - ok
17:08:22.0658 7696 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:08:22.0661 7696 MSTEE - ok
17:08:22.0743 7696 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:08:22.0746 7696 MTConfig - ok
17:08:22.0764 7696 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:08:22.0768 7696 Mup - ok
17:08:22.0886 7696 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:08:22.0892 7696 napagent - ok
17:08:22.0948 7696 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:08:22.0954 7696 NativeWifiP - ok
17:08:23.0069 7696 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:08:23.0087 7696 NDIS - ok
17:08:23.0109 7696 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:08:23.0112 7696 NdisCap - ok
17:08:23.0148 7696 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:08:23.0151 7696 NdisTapi - ok
17:08:23.0196 7696 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:08:23.0199 7696 Ndisuio - ok
17:08:23.0268 7696 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:08:23.0271 7696 NdisWan - ok
17:08:23.0333 7696 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:08:23.0337 7696 NDProxy - ok
17:08:23.0376 7696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:08:23.0379 7696 NetBIOS - ok
17:08:23.0422 7696 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:08:23.0426 7696 NetBT - ok
17:08:23.0458 7696 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:23.0459 7696 Netlogon - ok
17:08:23.0516 7696 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:08:23.0522 7696 Netman - ok
17:08:23.0552 7696 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:08:23.0558 7696 netprofm - ok
17:08:23.0611 7696 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:08:23.0614 7696 NetTcpPortSharing - ok
17:08:24.0708 7696 NETwNs64 (9aa75919d0a5f33bea0df7b9db09b755) C:\Windows\system32\DRIVERS\NETwNs64.sys
17:08:24.0833 7696 NETwNs64 - ok
17:08:24.0941 7696 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:08:24.0945 7696 nfrd960 - ok
17:08:25.0002 7696 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:08:25.0007 7696 NlaSvc - ok
17:08:25.0028 7696 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:08:25.0030 7696 Npfs - ok
17:08:25.0070 7696 npggsvc - ok
17:08:25.0100 7696 NPPTNT2 - ok
17:08:25.0130 7696 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:08:25.0132 7696 nsi - ok
17:08:25.0145 7696 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:08:25.0146 7696 nsiproxy - ok
17:08:25.0778 7696 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:08:25.0895 7696 Ntfs - ok
17:08:26.0261 7696 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:08:26.0267 7696 Null - ok
17:08:26.0335 7696 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
17:08:26.0340 7696 NVHDA - ok
17:08:27.0082 7696 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:08:27.0298 7696 nvlddmkm - ok
17:08:27.0468 7696 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:08:27.0472 7696 nvraid - ok
17:08:27.0521 7696 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:08:27.0526 7696 nvstor - ok
17:08:27.0586 7696 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
17:08:27.0597 7696 nvsvc - ok
17:08:27.0891 7696 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:08:27.0933 7696 nvUpdatusService - ok
17:08:28.0051 7696 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:08:28.0053 7696 nv_agp - ok
17:08:28.0088 7696 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:08:28.0091 7696 ohci1394 - ok
17:08:28.0177 7696 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:08:28.0182 7696 ose - ok
17:08:29.0078 7696 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:08:29.0178 7696 osppsvc - ok
17:08:29.0322 7696 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:08:29.0327 7696 p2pimsvc - ok
17:08:29.0371 7696 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:08:29.0376 7696 p2psvc - ok
17:08:29.0403 7696 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:08:29.0407 7696 Parport - ok
17:08:29.0447 7696 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:08:29.0449 7696 partmgr - ok
17:08:29.0468 7696 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:08:29.0473 7696 PcaSvc - ok
17:08:29.0516 7696 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:08:29.0521 7696 pci - ok
17:08:29.0556 7696 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:08:29.0558 7696 pciide - ok
17:08:29.0588 7696 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:08:29.0593 7696 pcmcia - ok
17:08:29.0608 7696 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:08:29.0611 7696 pcw - ok
17:08:29.0633 7696 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:08:29.0642 7696 PEAUTH - ok
17:08:29.0711 7696 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:08:29.0779 7696 PerfHost - ok
17:08:29.0942 7696 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:08:29.0977 7696 pla - ok
17:08:30.0038 7696 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:08:30.0044 7696 PlugPlay - ok
17:08:30.0071 7696 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:08:30.0073 7696 PNRPAutoReg - ok
17:08:30.0093 7696 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:08:30.0096 7696 PNRPsvc - ok
17:08:30.0156 7696 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
17:08:30.0162 7696 Point64 - ok
17:08:30.0219 7696 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:08:30.0228 7696 PolicyAgent - ok
17:08:30.0286 7696 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:08:30.0291 7696 Power - ok
17:08:30.0343 7696 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:08:30.0347 7696 PptpMiniport - ok
17:08:30.0393 7696 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:08:30.0394 7696 Processor - ok
17:08:30.0437 7696 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:08:30.0442 7696 ProfSvc - ok
17:08:30.0476 7696 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:30.0476 7696 ProtectedStorage - ok
17:08:30.0519 7696 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:08:30.0523 7696 Psched - ok
17:08:30.0574 7696 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:08:30.0577 7696 PxHlpa64 - ok
17:08:30.0616 7696 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:08:30.0641 7696 ql2300 - ok
17:08:30.0656 7696 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:08:30.0658 7696 ql40xx - ok
17:08:30.0686 7696 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:08:30.0692 7696 QWAVE - ok
17:08:30.0712 7696 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:08:30.0714 7696 QWAVEdrv - ok
17:08:30.0729 7696 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:08:30.0732 7696 RasAcd - ok
17:08:30.0781 7696 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:08:30.0784 7696 RasAgileVpn - ok
17:08:30.0824 7696 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:08:30.0828 7696 RasAuto - ok
17:08:30.0891 7696 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:08:30.0894 7696 Rasl2tp - ok
17:08:30.0942 7696 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:08:30.0948 7696 RasMan - ok
17:08:30.0981 7696 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:08:30.0984 7696 RasPppoe - ok
17:08:31.0032 7696 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:08:31.0034 7696 RasSstp - ok
17:08:31.0081 7696 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:08:31.0084 7696 rdbss - ok
17:08:31.0099 7696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:08:31.0101 7696 rdpbus - ok
17:08:31.0139 7696 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:08:31.0139 7696 RDPCDD - ok
17:08:31.0156 7696 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:08:31.0172 7696 RDPENCDD - ok
17:08:31.0186 7696 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:08:31.0187 7696 RDPREFMP - ok
17:08:31.0231 7696 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:08:31.0236 7696 RDPWD - ok
17:08:31.0273 7696 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:08:31.0277 7696 rdyboost - ok
17:08:31.0323 7696 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:08:31.0326 7696 RemoteAccess - ok
17:08:31.0351 7696 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:08:31.0356 7696 RemoteRegistry - ok
17:08:31.0372 7696 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:08:31.0374 7696 RpcEptMapper - ok
17:08:31.0403 7696 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:08:31.0406 7696 RpcLocator - ok
17:08:31.0552 7696 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:08:31.0556 7696 RpcSs - ok
17:08:31.0632 7696 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:08:31.0634 7696 rspndr - ok
17:08:31.0789 7696 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
17:08:31.0791 7696 RSUSBVSTOR - ok
17:08:31.0819 7696 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:08:31.0826 7696 RTL8167 - ok
17:08:31.0876 7696 S3XXx64 (4f55bc63dca859a6dedc1106e0062135) C:\Windows\system32\DRIVERS\S3XXx64.sys
17:08:31.0878 7696 S3XXx64 - ok
17:08:31.0932 7696 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:31.0933 7696 SamSs - ok
17:08:32.0002 7696 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:08:32.0006 7696 sbp2port - ok
17:08:32.0029 7696 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:08:32.0034 7696 SCardSvr - ok
17:08:32.0077 7696 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:08:32.0079 7696 scfilter - ok
17:08:32.0253 7696 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:08:32.0287 7696 Schedule - ok
17:08:32.0347 7696 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:08:32.0347 7696 SCPolicySvc - ok
17:08:32.0406 7696 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:08:32.0418 7696 SDRSVC - ok
17:08:32.0522 7696 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:08:32.0524 7696 secdrv - ok
17:08:32.0567 7696 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:08:32.0571 7696 seclogon - ok
17:08:32.0613 7696 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:08:32.0617 7696 SENS - ok
17:08:32.0633 7696 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:08:32.0637 7696 SensrSvc - ok
17:08:32.0679 7696 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:08:32.0682 7696 Serenum - ok
17:08:32.0699 7696 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:08:32.0702 7696 Serial - ok
17:08:32.0753 7696 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:08:32.0756 7696 sermouse - ok
17:08:32.0804 7696 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:08:32.0808 7696 SessionEnv - ok
17:08:32.0853 7696 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:08:32.0856 7696 sffdisk - ok
17:08:32.0873 7696 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:08:32.0874 7696 sffp_mmc - ok
17:08:32.0888 7696 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:08:32.0889 7696 sffp_sd - ok
17:08:32.0904 7696 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:08:32.0907 7696 sfloppy - ok
17:08:33.0012 7696 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:08:33.0024 7696 Sftfs - ok
17:08:33.0126 7696 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:08:33.0133 7696 sftlist - ok
17:08:33.0158 7696 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:08:33.0162 7696 Sftplay - ok
17:08:33.0179 7696 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:08:33.0181 7696 Sftredir - ok
17:08:33.0194 7696 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:08:33.0197 7696 Sftvol - ok
17:08:33.0213 7696 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:08:33.0218 7696 sftvsa - ok
17:08:33.0282 7696 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:08:33.0288 7696 SharedAccess - ok
17:08:33.0331 7696 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:08:33.0337 7696 ShellHWDetection - ok
17:08:33.0411 7696 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
17:08:33.0413 7696 SiSGbeLH - ok
17:08:33.0448 7696 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:08:33.0451 7696 SiSRaid2 - ok
17:08:33.0467 7696 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:08:33.0469 7696 SiSRaid4 - ok
17:08:33.0536 7696 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:08:33.0539 7696 SkypeUpdate - ok
17:08:33.0582 7696 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:08:33.0586 7696 Smb - ok
17:08:33.0636 7696 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:08:33.0639 7696 SNMPTRAP - ok
17:08:33.0657 7696 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:08:33.0659 7696 spldr - ok
17:08:33.0759 7696 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:08:33.0777 7696 Spooler - ok
17:08:33.0969 7696 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:08:34.0019 7696 sppsvc - ok
17:08:34.0072 7696 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:08:34.0074 7696 sppuinotify - ok
17:08:34.0148 7696 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:08:34.0153 7696 srv - ok
17:08:34.0199 7696 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:08:34.0206 7696 srv2 - ok
17:08:34.0225 7696 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:08:34.0229 7696 srvnet - ok
17:08:34.0272 7696 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:08:34.0277 7696 SSDPSRV - ok
17:08:34.0293 7696 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:08:34.0295 7696 SstpSvc - ok
17:08:34.0364 7696 Steam Client Service - ok
17:08:34.0482 7696 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:08:34.0487 7696 Stereo Service - ok
17:08:34.0522 7696 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:08:34.0524 7696 stexstor - ok
17:08:34.0587 7696 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:08:34.0628 7696 stisvc - ok
17:08:34.0687 7696 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:08:34.0693 7696 swenum - ok
17:08:34.0754 7696 swmsflt (7e6fa3ad57467b3af471c3e1041e350c) C:\Windows\system32\DRIVERS\swmsflt.sys
17:08:34.0757 7696 swmsflt - ok
17:08:34.0812 7696 SWMX00 (a8e9e76cc2f342f205273702969c84c9) C:\Windows\system32\DRIVERS\swmx00.sys
17:08:34.0817 7696 SWMX00 - ok
17:08:34.0860 7696 SWNC5E00 (b053610bb36d9bd1bff7102727427600) C:\Windows\system32\DRIVERS\SWNC5E00.sys
17:08:34.0865 7696 SWNC5E00 - ok
17:08:35.0033 7696 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:08:35.0040 7696 swprv - ok
17:08:35.0310 7696 SynTP (bc642d540aedf9a253c74d10c848ebd2) C:\Windows\system32\DRIVERS\SynTP.sys
17:08:35.0328 7696 SynTP - ok
17:08:35.0484 7696 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:08:35.0518 7696 SysMain - ok
17:08:35.0570 7696 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:08:35.0573 7696 TabletInputService - ok
17:08:35.0597 7696 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:08:35.0604 7696 TapiSrv - ok
17:08:35.0628 7696 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:08:35.0630 7696 TBS - ok
17:08:36.0179 7696 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:08:36.0229 7696 Tcpip - ok
17:08:36.0317 7696 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:08:36.0327 7696 TCPIP6 - ok
17:08:36.0397 7696 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:08:36.0403 7696 tcpipreg - ok
17:08:36.0464 7696 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:08:36.0467 7696 TDPIPE - ok
17:08:36.0504 7696 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:08:36.0507 7696 TDTCP - ok
17:08:36.0557 7696 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:08:36.0559 7696 tdx - ok
17:08:36.0602 7696 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:08:36.0604 7696 TermDD - ok
17:08:36.0822 7696 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:08:36.0864 7696 TermService - ok
17:08:36.0887 7696 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:08:36.0890 7696 Themes - ok
17:08:36.0918 7696 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:08:36.0919 7696 THREADORDER - ok
17:08:37.0025 7696 TiMiniService (69d76ce06bb629b69165c81d83a4b03e) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
17:08:37.0030 7696 TiMiniService - ok
17:08:37.0097 7696 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
17:08:37.0100 7696 tmactmon - ok
17:08:37.0112 7696 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
17:08:37.0114 7696 tmcomm - ok
17:08:37.0133 7696 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
17:08:37.0135 7696 tmevtmgr - ok
17:08:37.0162 7696 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
17:08:37.0165 7696 tmtdi - ok
17:08:37.0192 7696 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:08:37.0195 7696 TrkWks - ok
17:08:37.0325 7696 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:08:37.0329 7696 TrustedInstaller - ok
17:08:37.0369 7696 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:08:37.0372 7696 tssecsrv - ok
17:08:37.0430 7696 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:08:37.0433 7696 TsUsbFlt - ok
17:08:37.0492 7696 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:08:37.0494 7696 tunnel - ok
17:08:37.0525 7696 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
17:08:37.0527 7696 TurboB - ok
17:08:37.0653 7696 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:08:37.0662 7696 TurboBoost - ok
17:08:37.0728 7696 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:08:37.0730 7696 uagp35 - ok
17:08:37.0773 7696 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:08:37.0778 7696 udfs - ok
17:08:37.0800 7696 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:08:37.0804 7696 UI0Detect - ok
17:08:37.0828 7696 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:08:37.0830 7696 uliagpkx - ok
17:08:37.0882 7696 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:08:37.0884 7696 umbus - ok
17:08:37.0942 7696 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:08:37.0944 7696 UmPass - ok
17:08:38.0618 7696 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:08:38.0683 7696 UNS - ok
17:08:38.0734 7696 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:08:38.0740 7696 upnphost - ok
17:08:38.0773 7696 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:08:38.0775 7696 USBAAPL64 - ok
17:08:38.0812 7696 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:08:38.0814 7696 usbccgp - ok
17:08:38.0849 7696 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:08:38.0853 7696 usbcir - ok
17:08:38.0868 7696 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:08:38.0870 7696 usbehci - ok
17:08:38.0910 7696 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:08:38.0917 7696 usbhub - ok
17:08:38.0930 7696 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:08:38.0932 7696 usbohci - ok
17:08:38.0963 7696 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:08:38.0965 7696 usbprint - ok
17:08:38.0985 7696 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:08:38.0988 7696 USBSTOR - ok
17:08:39.0008 7696 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:08:39.0010 7696 usbuhci - ok
17:08:39.0059 7696 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:08:39.0064 7696 usbvideo - ok
17:08:39.0084 7696 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:08:39.0087 7696 UxSms - ok
17:08:39.0122 7696 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:39.0123 7696 VaultSvc - ok
17:08:39.0157 7696 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:08:39.0159 7696 vdrvroot - ok
17:08:39.0242 7696 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:08:39.0289 7696 vds - ok
17:08:39.0312 7696 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:08:39.0314 7696 vga - ok
17:08:39.0334 7696 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:08:39.0337 7696 VgaSave - ok
17:08:39.0433 7696 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:08:39.0437 7696 vhdmp - ok
17:08:39.0495 7696 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:08:39.0497 7696 viaide - ok
17:08:39.0539 7696 VideAceWindowsService (0adf410187b71c9b855721c8d59cec7a) C:\ExpressGateUtil\VAWinService.exe
17:08:39.0542 7696 VideAceWindowsService - ok
17:08:39.0584 7696 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:08:39.0588 7696 volmgr - ok
17:08:39.0630 7696 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:08:39.0635 7696 volmgrx - ok
17:08:39.0675 7696 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:08:39.0680 7696 volsnap - ok
17:08:39.0740 7696 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:08:39.0744 7696 vsmraid - ok
17:08:39.0834 7696 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:08:39.0854 7696 VSS - ok
17:08:39.0870 7696 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:08:39.0873 7696 vwifibus - ok
17:08:39.0890 7696 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:08:39.0893 7696 vwififlt - ok
17:08:39.0920 7696 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:08:39.0927 7696 W32Time - ok
17:08:39.0943 7696 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:08:39.0945 7696 WacomPen - ok
17:08:40.0000 7696 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:08:40.0004 7696 WANARP - ok
17:08:40.0018 7696 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:08:40.0018 7696 Wanarpv6 - ok
17:08:40.0412 7696 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:08:40.0462 7696 WatAdminSvc - ok
17:08:40.0525 7696 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:08:40.0562 7696 wbengine - ok
17:08:40.0588 7696 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:08:40.0593 7696 WbioSrvc - ok
17:08:40.0732 7696 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:08:40.0738 7696 wcncsvc - ok
17:08:40.0780 7696 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:08:40.0783 7696 WcsPlugInService - ok
17:08:40.0809 7696 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:08:40.0812 7696 Wd - ok
17:08:40.0859 7696 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
17:08:40.0862 7696 WDC_SAM - ok
17:08:40.0917 7696 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:08:40.0925 7696 Wdf01000 - ok
17:08:40.0943 7696 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:08:40.0947 7696 WdiServiceHost - ok
17:08:40.0950 7696 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:08:40.0952 7696 WdiSystemHost - ok
17:08:41.0024 7696 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:08:41.0028 7696 WebClient - ok
17:08:41.0077 7696 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:08:41.0083 7696 Wecsvc - ok
17:08:41.0099 7696 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:08:41.0103 7696 wercplsupport - ok
17:08:41.0141 7696 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:08:41.0144 7696 WerSvc - ok
17:08:41.0236 7696 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:08:41.0238 7696 WfpLwf - ok
17:08:41.0454 7696 WiMAXAppSrv (f3c522691316a24328a7b58b0a86028d) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
17:08:41.0477 7696 WiMAXAppSrv - ok
17:08:41.0601 7696 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
17:08:41.0604 7696 WimFltr - ok
17:08:41.0649 7696 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:08:41.0652 7696 WIMMount - ok
17:08:41.0654 7696 WinHttpAutoProxySvc - ok
17:08:41.0703 7696 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:08:41.0707 7696 Winmgmt - ok
17:08:41.0953 7696 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:08:41.0984 7696 WinRM - ok
17:08:42.0084 7696 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:08:42.0091 7696 WinUsb - ok
17:08:42.0123 7696 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:08:42.0136 7696 Wlansvc - ok
17:08:42.0233 7696 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:08:42.0238 7696 wlcrasvc - ok
17:08:42.0342 7696 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:08:42.0384 7696 wlidsvc - ok
17:08:42.0499 7696 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:08:42.0502 7696 WmiAcpi - ok
17:08:42.0561 7696 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:08:42.0568 7696 wmiApSrv - ok
17:08:42.0642 7696 WMPNetworkSvc - ok
17:08:42.0678 7696 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:08:42.0684 7696 WPCSvc - ok
17:08:42.0728 7696 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:08:42.0736 7696 WPDBusEnum - ok
17:08:42.0773 7696 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:08:42.0777 7696 ws2ifsl - ok
17:08:42.0793 7696 WSearch - ok
17:08:43.0017 7696 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:08:43.0097 7696 wuauserv - ok
17:08:43.0183 7696 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:08:43.0187 7696 WudfPf - ok
17:08:43.0233 7696 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:08:43.0239 7696 WUDFRd - ok
17:08:43.0287 7696 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:08:43.0293 7696 wudfsvc - ok
17:08:43.0329 7696 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:08:43.0372 7696 WwanSvc - ok
17:08:43.0431 7696 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:08:43.0503 7696 \Device\Harddisk0\DR0 - ok
17:08:43.0512 7696 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
17:08:43.0572 7696 \Device\Harddisk1\DR2 - ok
17:08:43.0586 7696 Boot (0x1200) (1c4e8905a4e12c8717f4c3f5cd99ae14) \Device\Harddisk0\DR0\Partition0
17:08:43.0587 7696 \Device\Harddisk0\DR0\Partition0 - ok
17:08:43.0591 7696 Boot (0x1200) (034a8d42cb112b27f6de4892c4222b56) \Device\Harddisk1\DR2\Partition0
17:08:43.0593 7696 \Device\Harddisk1\DR2\Partition0 - ok
17:08:43.0594 7696 ============================================================
17:08:43.0594 7696 Scan finished
17:08:43.0594 7696 ============================================================
17:08:43.0599 7688 Detected object count: 0
17:08:43.0599 7688 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 17:09:20
-----------------------------
17:09:20.910 OS Version: Windows x64 6.1.7601 Service Pack 1
17:09:20.910 Number of processors: 8 586 0x2A07
17:09:20.911 ComputerName: PATRICKNAGEL-PC UserName: Patrick Nagel
17:09:26.052 Initialize success
17:09:48.715 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:09:48.720 Disk 0 Vendor: ST975042 0002 Size: 715404MB BusType: 3
17:09:48.725 Disk 1 \Device\Harddisk1\DR2 -> \Device\000000a2
17:09:48.729 Disk 1 Vendor: Size: 715404MB BusType: 0
17:09:48.750 Disk 0 MBR read successfully
17:09:48.755 Disk 0 MBR scan
17:09:48.760 Disk 0 Windows 7 default MBR code
17:09:48.766 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 22003 MB offset 63
17:09:48.781 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 693400 MB offset 45062328
17:09:48.874 Disk 0 scanning C:\Windows\system32\drivers
17:10:08.620 Service scanning
17:10:36.879 Modules scanning
17:10:36.897 Disk 0 trace - called modules:
17:10:36.924 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
17:10:37.279 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077da790]
17:10:37.291 3 CLASSPNP.SYS[fffff88001bce43f] -> nt!IofCallDriver -> [0xfffffa80071fe560]
17:10:37.301 5 ACPI.sys[fffff88000d7e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007257050]
17:10:37.311 Scan finished successfully
17:10:48.849 Disk 0 MBR has been saved successfully to "C:\Users\Patrick Nagel\Desktop\MBR.dat"
17:10:48.854 The log file has been saved successfully to "C:\Users\Patrick Nagel\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:00 PM

Posted 09 April 2012 - 07:48 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::

File::
c:\windows\system32\dds_trash_log.cmd

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 patnagel

patnagel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 09 April 2012 - 08:39 PM

No problems at all running the script. No links getting hijacked and web pages seem to load faster as well.

Thank You for all your help!

ComboFix 12-04-04.02 - Patrick Nagel 04/09/2012 18:26:02.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6307 [GMT -7:00]
Running from: c:\users\Patrick Nagel\Desktop\ComboFix.exe
Command switches used :: c:\users\Patrick Nagel\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Patrick Nagel\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 01:30 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A597A1D7-D693-4F25-B86A-DBA78082CC4A}\mpengine.dll
2012-04-10 01:27 . 2012-04-10 01:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 23:07 . 2012-04-07 23:08 -------- d-----w- C:\FRST
2012-04-02 17:43 . 2012-04-03 13:37 -------- d-----w- c:\program files (x86)\PC Tools
2012-04-02 17:28 . 2012-04-03 13:37 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-04-02 17:28 . 2012-02-24 17:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-04-02 17:27 . 2012-04-02 17:52 -------- d-----w- c:\programdata\PC Tools
2012-04-02 17:27 . 2012-04-02 17:27 -------- d-----w- c:\users\Patrick Nagel\AppData\Roaming\TestApp
2012-04-02 00:34 . 2012-04-02 00:34 -------- d-----w- c:\program files\iPod
2012-04-02 00:34 . 2012-04-02 00:35 -------- d-----w- c:\program files\iTunes
2012-04-02 00:34 . 2012-04-02 00:35 -------- d-----w- c:\program files (x86)\iTunes
2012-03-30 22:23 . 2012-03-30 22:23 388096 ----a-r- c:\users\Patrick Nagel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-30 22:23 . 2012-03-30 22:23 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-30 22:21 . 2012-03-30 22:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-30 22:20 . 2012-03-30 22:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 03:28 . 2012-03-30 03:28 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-29 04:17 . 2012-04-05 06:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 00:11 . 2012-03-29 00:11 -------- d-----w- c:\program files (x86)\ESET
2012-03-29 00:03 . 2012-03-27 23:51 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-27 23:51 . 2012-03-27 23:51 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-27 23:38 . 2012-03-20 20:41 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-27 23:38 . 2012-03-27 23:38 -------- d-----w- c:\programdata\Lavasoft
2012-03-27 23:38 . 2012-03-27 23:38 -------- d-----w- c:\program files (x86)\Lavasoft
2012-03-26 05:12 . 2012-04-04 13:42 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-14 23:41 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 23:41 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 23:41 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 23:39 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-03-14 03:43 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 03:43 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 03:43 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 23:27 . 2012-03-13 23:27 -------- d-----w- c:\users\UpdatusUser
2012-03-13 22:36 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 22:36 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 22:36 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 22:36 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 22:36 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 22:36 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 22:36 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-10 01:30 . 2011-02-27 10:10 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-03-01 00:02 . 2011-09-30 21:34 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2011-09-30 21:34 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-04-03 12:05 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2011-04-03 12:05 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-04-03 12:05 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-01 00:02 . 2010-10-29 07:54 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2010-10-29 07:54 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2010-10-29 07:54 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-29 21:00 . 2011-03-17 09:03 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2011-03-17 09:03 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2011-03-17 09:03 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2011-03-17 09:02 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2011-03-17 09:02 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2010-10-29 12:38 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:26 . 2012-02-29 20:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-23 16:18 . 2011-04-03 03:11 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 14:52 . 2011-06-18 21:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\Patrick Nagel\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-28 39408]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2012-04-08 38704]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-25 740216]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Facebook Update"="c:\users\Patrick Nagel\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-25 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-02-27 3058304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Patrick Nagel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Patrick Nagel\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-02-27 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-27 79360]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-04-05 8704]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-03-27 2152152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-17 134928]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-03-27 17152]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3796907751-3652176346-3460481017-1000Core.job
- c:\users\Patrick Nagel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-25 21:44]
.
2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3796907751-3652176346-3460481017-1000UA.job
- c:\users\Patrick Nagel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-25 21:44]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 22:26]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 22:26]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796907751-3652176346-3460481017-1000Core.job
- c:\users\Patrick Nagel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-15 21:53]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796907751-3652176346-3460481017-1000UA.job
- c:\users\Patrick Nagel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-15 21:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2011-09-29 196648]
"(Default)"="" [BU]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2011-09-29 489512]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 204.117.214.10 199.2.252.10
FF - ProfilePath - c:\users\Patrick Nagel\AppData\Roaming\Mozilla\Firefox\Profiles\fiy4341p.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-09 18:35:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-10 01:35
ComboFix2.txt 2012-04-04 13:49
.
Pre-Run: 416,309,915,648 bytes free
Post-Run: 416,482,164,736 bytes free
.
- - End Of File - - 56B2F090CAB58493BDF23F348574D1D6




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users