Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting happilii and other browser redirects


  • This topic is locked This topic is locked
19 replies to this topic

#1 funktastic

funktastic

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 05 April 2012 - 09:51 AM

So as of recently I've been getting a lot of browser redirects and its kind of frustrating. I've run Avira, Spybot, Malwarebytes, SAS, GooredFix, tdsskiller, rkill, and FixTDSS to no avail. I'm still getting redirects.

Can someone please help me remove them? Attached is my HJT log for starters.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:39 AM, on 4/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Users\Monil\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Users\Monil\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Monil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Monil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Monil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Monil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Monil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Monil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Monil\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11128 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 05 April 2012 - 11:53 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 funktastic

funktastic
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 06 April 2012 - 01:28 PM

DDS log


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Monil at 14:21:35 on 2012-04-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4060.2118 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Users\Monil\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Windows\explorer.exe
C:\Users\Monil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Monil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Monil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Monil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Monil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Monil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Monil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Monil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [<NO NAME>]
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Monil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Monil\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.10.200
TCP: Interfaces\{2291A1E8-3191-4DC2-A6DD-3F95E826E6A2} : DhcpNameServer = 192.168.10.200
TCP: Interfaces\{4DDB51F5-B7A1-4A5F-ABC9-C4AF2DD1AEC3} : DhcpNameServer = 192.168.10.200
TCP: Interfaces\{4DDB51F5-B7A1-4A5F-ABC9-C4AF2DD1AEC3}\0435D61627476496 : DhcpNameServer = 10.216.0.1
TCP: Interfaces\{4DDB51F5-B7A1-4A5F-ABC9-C4AF2DD1AEC3}\171717 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4DDB51F5-B7A1-4A5F-ABC9-C4AF2DD1AEC3}\24F696E676F60284F6473707F647 : DhcpNameServer = 66.103.80.4 66.103.64.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [(Default)]
mRun-x64: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Monil\AppData\Roaming\Mozilla\Firefox\Profiles\tuw1xx91.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Monil\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Monil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Monil\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Dokan;Dokan;\??\C:\Windows\system32\drivers\dokan.sys --> C:\Windows\system32\drivers\dokan.sys [?]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-06 18:15:20 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC62DDF4-531D-4F01-9621-80467A514AB3}\mpengine.dll
2012-04-05 14:05:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 02:40:01 -------- d-----w- C:\Users\Monil\AppData\Roaming\poclbm
2012-04-04 02:25:28 -------- d-----w- C:\Program Files (x86)\Common Files\AMD
2012-04-04 02:22:08 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-04-04 02:20:00 -------- d-----w- C:\Program Files\ATI Technologies
2012-04-04 02:19:58 -------- d-----w- C:\Program Files\ATI
2012-04-04 02:16:37 -------- d-----w- C:\AMD
2012-04-03 04:05:15 -------- d-----w- C:\Users\Monil\AppData\Roaming\Bitcoin
2012-04-03 04:05:00 -------- d-----w- C:\Program Files (x86)\Bitcoin
2012-04-03 01:59:42 -------- d-----w- C:\Program Files\iPod
2012-04-03 01:59:41 -------- d-----w- C:\Program Files\iTunes
2012-03-16 12:56:42 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-14 15:55:46 -------- d-----w- C:\Users\Monil\AppData\Local\{36D502E0-0D62-497B-A0BD-CCB734781BC1}
2012-03-14 15:55:23 -------- d-----w- C:\Users\Monil\AppData\Local\{C45C914F-59DC-4829-BA6D-DF64EE3E43AF}
2012-03-14 07:04:13 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:04:12 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:04:12 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 02:53:57 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 02:53:55 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 02:53:55 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 02:53:44 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 02:53:44 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 02:53:44 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 02:53:21 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 02:53:21 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 02:53:20 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 02:53:20 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 01:29:35 -------- d-----w- C:\Windows\en
2012-03-14 01:14:00 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2012-03-14 01:14:00 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-03-14 01:14:00 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2012-03-14 01:14:00 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-03-14 01:13:45 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b36481271cd017f02\DSETUP.dll
2012-03-14 01:13:45 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b36481271cd017f02\DXSETUP.exe
2012-03-14 01:13:45 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b36481271cd017f02\dsetup32.dll
2012-03-14 01:13:34 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-03-14 01:13:34 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-03-14 01:13:19 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a34adead1cd017f01\DSETUP.dll
2012-03-14 01:13:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a34adead1cd017f01\DXSETUP.exe
2012-03-14 01:13:19 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a34adead1cd017f01\dsetup32.dll
2012-03-14 01:11:54 -------- d-----w- C:\Users\Monil\AppData\Local\Windows Live
2012-03-14 01:11:52 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-03-09 21:14:32 -------- d-----w- C:\Users\Monil\.swt
.
==================== Find3M ====================
.
2012-03-06 16:24:41 38624 ----a-w- C:\Windows\System32\drivers\tap0901.sys
2012-03-05 16:51:33 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-21 21:16:30 794906 ----a-w- C:\Windows\unins000.exe
2012-01-10 08:39:23 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-01-10 08:39:22 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-01-09 03:49:17 2829 ----a-w- C:\Windows\War3Unin.pif
2012-01-09 03:49:16 139264 ----a-w- C:\Windows\War3Unin.exe
2012-01-09 03:33:59 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-01-09 01:00:58 0 ----a-w- C:\Windows\ativpsrm.bin
2012-01-09 00:34:58 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 14:23:29.65 ===============



Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 1/8/2012 5:37:52 PM
System Uptime: 4/6/2012 6:21:51 AM (8 hours ago)
.
Motherboard: Hewlett-Packard | | 30DC
Processor: Intel® Core™2 Duo CPU T9600 @ 2.80GHz | Intel® Genuine processor | 2801/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 229 GiB total, 55.1 GiB free.
D: is FIXED (FAT32) - 3 GiB total, 3.115 GiB free.
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30DC103C&REV_14\4&1B4D66AC&0&4AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30DC103C&REV_14\4&1B4D66AC&0&4AF0
Service:
.
==== System Restore Points ===================
.
RP57: 4/2/2012 5:55:12 PM - Windows Defender Checkpoint
RP58: 4/3/2012 7:53:37 AM - Windows Update
RP59: 4/6/2012 2:14:53 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Adobe Story
Adobe Widget Browser
Alarm Clock v1.0
AMD APP KernelAnalyzer
AMD APP Profiler 2.4
AMD APP SDK Samples
Apple Application Support
Apple Software Update
Audacity 1.3.14 (Unicode)
Avira Free Antivirus
Bitcoin
CamStudio OSS Desktop Recorder
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Digsby
DivX Setup
Dokan Library 0.6.0
Dropbox
File Splitter and Joiner (FFSJ v3.3)
FileZilla Client 3.5.3
G-Recorder (remove only)
Google Calendar Sync
Google Chrome
Google Talk Plugin
HP Webcam Application
Java Auto Updater
Java™ 6 Update 30
K-Lite Codec Pack 8.1.0 (Full)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 10.0.2 (x86 en-US)
Mozilla Thunderbird 11.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MultiSkypeLauncher (remove only)
PDF Settings CS5
PS_AIO_06_C4700_SW_Min
PxMergeModule
QuickTime
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype™ 5.8
spotflux client
Spybot - Search & Destroy
Toolbox
Unlocker 1.9.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.1
Warcraft III
Warcraft III: All Products
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
4/6/2012 1:45:49 PM, Error: atikmdag [43029] - Display is not active
4/5/2012 3:38:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/5/2012 10:08:06 AM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the Windows Search service to connect.
4/5/2012 10:08:06 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/5/2012 10:07:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/5/2012 10:07:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/5/2012 10:07:36 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/5/2012 10:07:36 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
4/5/2012 10:07:01 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
4/5/2012 10:06:05 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 1:33:45 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 1:33:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/5/2012 1:33:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/5/2012 1:33:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/5/2012 1:33:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/5/2012 1:33:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr discache SASDIFSV SASKUTIL spldr Wanarpv6
.
==== End Of File ===========================


Thanks

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 06 April 2012 - 03:11 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 funktastic

funktastic
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 06 April 2012 - 03:29 PM

Here is the log. I was having problems up until I ran combofix but I haven't been using my browser that much today so I'm not sure if I/you fixed the issue.

ComboFix 12-04-06.03 - Monil 04/06/2012 16:14:58.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4060.2236 [GMT -4:00]
Running from: c:\users\Monil\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Monil\AppData\Roaming\FFSJ
c:\users\Monil\AppData\Roaming\FFSJ\FFSJ.cfg
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 20:21 . 2012-04-06 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 19:52 . 2012-04-06 19:52 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC62DDF4-531D-4F01-9621-80467A514AB3}\offreg.dll
2012-04-06 19:43 . 2012-04-06 19:43 -------- d-----w- c:\users\Monil\AppData\Roaming\GMATPrep
2012-04-06 19:42 . 2012-04-06 19:43 -------- d-----w- c:\program files (x86)\GMATPrep2012
2012-04-06 19:42 . 2012-04-05 04:50 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe
2012-04-06 18:15 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC62DDF4-531D-4F01-9621-80467A514AB3}\mpengine.dll
2012-04-05 14:05 . 2012-04-05 14:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 02:40 . 2012-04-04 02:40 -------- d-----w- c:\users\Monil\AppData\Roaming\poclbm
2012-04-04 02:25 . 2012-04-04 02:25 -------- d-----w- c:\program files (x86)\Common Files\AMD
2012-04-04 02:22 . 2012-04-04 02:25 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-04 02:20 . 2012-04-04 02:20 -------- d-----w- c:\program files\ATI Technologies
2012-04-04 02:19 . 2012-04-04 02:19 -------- d-----w- c:\program files\ATI
2012-04-04 02:16 . 2012-04-04 02:16 -------- d-----w- C:\AMD
2012-04-03 04:05 . 2012-04-04 18:11 -------- d-----w- c:\users\Monil\AppData\Roaming\Bitcoin
2012-04-03 04:05 . 2012-04-04 02:16 -------- d-----w- c:\program files (x86)\Bitcoin
2012-04-03 01:59 . 2012-04-03 01:59 -------- d-----w- c:\program files\iPod
2012-04-03 01:59 . 2012-04-03 02:00 -------- d-----w- c:\program files\iTunes
2012-03-26 14:39 . 2012-03-26 14:39 -------- d-----w- c:\program files (x86)\Google
2012-03-22 20:56 . 2012-03-22 20:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-16 12:56 . 2012-04-03 02:00 -------- d-----w- c:\program files (x86)\iTunes
2012-03-14 07:04 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:04 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:04 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 02:53 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 02:53 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 02:53 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 02:53 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 02:53 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 02:53 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 02:53 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 02:53 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 02:53 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 02:53 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 01:29 . 2012-03-14 01:29 -------- d-----w- c:\windows\en
2012-03-14 01:16 . 2012-03-14 01:21 -------- d-----w- c:\program files (x86)\Windows Live
2012-03-14 01:14 . 2009-09-04 21:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2012-03-14 01:14 . 2009-09-04 21:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2012-03-14 01:14 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-03-14 01:14 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-03-14 01:13 . 2006-11-29 17:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-03-14 01:13 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-03-14 01:11 . 2012-03-14 15:56 -------- d-----w- c:\users\Monil\AppData\Local\Windows Live
2012-03-14 01:11 . 2012-03-14 01:11 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-03-13 21:08 . 2012-04-03 01:57 -------- d-----w- c:\users\Monil\AppData\Roaming\Media Player Classic
2012-03-09 21:14 . 2012-03-09 21:14 -------- d-----w- c:\users\Monil\.swt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 01:15 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-06 16:24 . 2012-03-06 16:24 38624 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-03-05 16:51 . 2012-01-09 00:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 13:18 . 2012-01-08 22:54 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 16:03 . 2012-01-09 03:34 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-25 14:02 . 2012-01-25 14:02 18432 ----a-w- c:\users\Public\CreateShortcut.exe
2012-01-21 21:16 . 2012-01-21 21:16 794906 ----a-w- c:\windows\unins000.exe
2012-01-10 08:39 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-10 08:39 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-09 18:05 . 2012-01-09 18:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-09 18:05 . 2012-01-09 18:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-09 18:05 . 2012-01-09 18:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-09 18:05 . 2012-01-09 18:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-09 18:05 . 2012-01-09 18:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-09 18:05 . 2012-01-09 18:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-09 18:05 . 2012-01-09 18:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-09 18:05 . 2012-01-09 18:05 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-09 18:05 . 2012-01-09 18:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-09 18:05 . 2012-01-09 18:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-09 18:05 . 2012-01-09 18:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-09 18:05 . 2012-01-09 18:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-09 18:05 . 2012-01-09 18:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-09 18:05 . 2012-01-09 18:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-09 18:05 . 2012-01-09 18:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-09 18:05 . 2012-01-09 18:05 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-09 18:05 . 2012-01-09 18:05 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-09 18:05 . 2012-01-09 18:05 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-09 18:05 . 2012-01-09 18:05 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-09 18:05 . 2012-01-09 18:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-09 18:05 . 2012-01-09 18:05 448512 ----a-w- c:\windows\system32\html.iec
2012-01-09 18:05 . 2012-01-09 18:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-09 18:05 . 2012-01-09 18:05 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-09 18:05 . 2012-01-09 18:05 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-09 18:05 . 2012-01-09 18:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-09 18:05 . 2012-01-09 18:05 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-09 18:05 . 2012-01-09 18:05 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-09 18:05 . 2012-01-09 18:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-09 18:05 . 2012-01-09 18:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-09 18:05 . 2012-01-09 18:05 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-09 18:05 . 2012-01-09 18:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-09 18:05 . 2012-01-09 18:05 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-09 18:05 . 2012-01-09 18:05 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-09 18:05 . 2012-01-09 18:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-09 03:49 . 2012-01-09 03:39 2829 ----a-w- c:\windows\War3Unin.pif
2012-01-09 03:49 . 2012-01-09 03:39 139264 ----a-w- c:\windows\War3Unin.exe
2012-01-09 03:33 . 2012-01-09 03:33 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-09 00:34 . 2012-01-09 00:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Monil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Monil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Monil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Monil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Monil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Monil\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismcx64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 54968202
*NewlyCreated* - 66478566
*Deregistered* - 54968202
*Deregistered* - 66478566
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822291122-2945104656-2876293651-1001Core.job
- c:\users\Monil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 00:22]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822291122-2945104656-2876293651-1001UA.job
- c:\users\Monil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 00:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Monil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Monil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Monil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Monil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.200
FF - ProfilePath - c:\users\Monil\AppData\Roaming\Mozilla\Firefox\Profiles\tuw1xx91.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-54968202.sys
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-06 16:24:19
ComboFix-quarantined-files.txt 2012-04-06 20:24
.
Pre-Run: 58,871,017,472 bytes free
Post-Run: 58,573,815,808 bytes free
.
- - End Of File - - 636A654F1AEB24860AEFF651E8353617

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 06 April 2012 - 03:43 PM

Hello

I want you to check for the redirects very good - even check all the browsers that are installed on the computer and let me know which ones are redirecting


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 funktastic

funktastic
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 08 April 2012 - 11:31 AM

aswmrb log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-08 05:24:36
-----------------------------
05:24:36.548 OS Version: Windows x64 6.1.7601 Service Pack 1
05:24:36.548 Number of processors: 2 586 0x1706
05:24:36.558 ComputerName: MONIL-PC UserName: Monil
05:24:38.651 Initialize success
05:24:44.252 AVAST engine defs: 12040701
05:24:49.228 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
05:24:49.228 Disk 0 Vendor: TOSHIBA_MK3256GSY LH013C Size: 305245MB BusType: 11
05:24:49.260 Disk 0 MBR read successfully
05:24:49.260 Disk 0 MBR scan
05:24:49.291 Disk 0 Windows 7 default MBR code
05:24:49.338 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 234716 MB offset 2048
05:24:49.384 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 3199 MB offset 480700416
05:24:49.431 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 558 MB offset 487251968
05:24:49.494 Disk 0 scanning C:\Windows\system32\drivers
05:25:15.998 Service scanning
05:25:55.186 Modules scanning
05:25:55.202 Disk 0 trace - called modules:
05:25:55.233 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
05:25:55.732 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ca6060]
05:25:55.732 3 CLASSPNP.SYS[fffff88001ba143f] -> nt!IofCallDriver -> [0xfffffa8004ca55d0]
05:25:55.748 5 hpdskflt.sys[fffff88001b48189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b34060]
05:25:57.604 AVAST engine scan C:\
07:50:15.871 Scan finished successfully
12:02:51.379 Disk 0 MBR has been saved successfully to "C:\Users\Monil\Desktop\MBR.dat"
12:02:51.379 The log file has been saved successfully to "C:\Users\Monil\Desktop\aswMBR.txt"

TDSS Report


12:28:52.0801 0632 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
12:28:53.0064 0632 ============================================================
12:28:53.0064 0632 Current date / time: 2012/04/08 12:28:53.0064
12:28:53.0064 0632 SystemInfo:
12:28:53.0064 0632
12:28:53.0065 0632 OS Version: 6.1.7601 ServicePack: 1.0
12:28:53.0065 0632 Product type: Workstation
12:28:53.0065 0632 ComputerName: MONIL-PC
12:28:53.0065 0632 UserName: Monil
12:28:53.0065 0632 Windows directory: C:\Windows
12:28:53.0065 0632 System windows directory: C:\Windows
12:28:53.0065 0632 Running under WOW64
12:28:53.0065 0632 Processor architecture: Intel x64
12:28:53.0065 0632 Number of processors: 2
12:28:53.0065 0632 Page size: 0x1000
12:28:53.0065 0632 Boot type: Normal boot
12:28:53.0065 0632 ============================================================
12:28:54.0915 0632 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:28:54.0921 0632 \Device\Harddisk0\DR0:
12:28:54.0921 0632 MBR used
12:28:54.0921 0632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1CA6E000
12:28:54.0921 0632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1CA6E800, BlocksNum 0x63F800
12:28:54.0921 0632 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D0AE000, BlocksNum 0x117170
12:28:55.0208 0632 Initialize success
12:28:55.0208 0632 ============================================================
12:29:03.0301 4684 ============================================================
12:29:03.0301 4684 Scan started
12:29:03.0301 4684 Mode: Manual;
12:29:03.0301 4684 ============================================================
12:29:06.0763 4684 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:29:06.0763 4684 !SASCORE - ok
12:29:06.0935 4684 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:29:06.0935 4684 1394ohci - ok
12:29:06.0967 4684 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
12:29:06.0969 4684 Accelerometer - ok
12:29:06.0990 4684 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:29:06.0994 4684 ACPI - ok
12:29:07.0010 4684 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:29:07.0011 4684 AcpiPmi - ok
12:29:07.0103 4684 ADIHdAudAddService (560649e6a9c11f6124f97310ef387c45) C:\Windows\system32\drivers\ADIHdAud.sys
12:29:07.0110 4684 ADIHdAudAddService - ok
12:29:07.0192 4684 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:29:07.0195 4684 AdobeARMservice - ok
12:29:07.0224 4684 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:29:07.0231 4684 adp94xx - ok
12:29:07.0345 4684 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:29:07.0354 4684 adpahci - ok
12:29:07.0380 4684 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:29:07.0386 4684 adpu320 - ok
12:29:07.0459 4684 AEADIFilters (3bdb13c79cc8c06e2f8182595903ed69) C:\Windows\system32\AEADISRV.EXE
12:29:07.0475 4684 AEADIFilters - ok
12:29:07.0529 4684 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:29:07.0541 4684 AeLookupSvc - ok
12:29:07.0621 4684 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:29:07.0633 4684 AFD - ok
12:29:07.0753 4684 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
12:29:07.0767 4684 AgereSoftModem - ok
12:29:07.0966 4684 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:29:07.0967 4684 agp440 - ok
12:29:08.0062 4684 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:29:08.0065 4684 ALG - ok
12:29:08.0094 4684 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:29:08.0096 4684 aliide - ok
12:29:08.0396 4684 AMD External Events Utility (d696f317bd465a602566f8e1dcce15f7) C:\Windows\system32\atiesrxx.exe
12:29:08.0402 4684 AMD External Events Utility - ok
12:29:08.0613 4684 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:29:08.0614 4684 amdide - ok
12:29:08.0656 4684 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:29:08.0658 4684 AmdK8 - ok
12:29:08.0692 4684 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:29:08.0694 4684 AmdPPM - ok
12:29:08.0712 4684 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:29:08.0714 4684 amdsata - ok
12:29:08.0743 4684 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:29:08.0746 4684 amdsbs - ok
12:29:08.0805 4684 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:29:08.0806 4684 amdxata - ok
12:29:08.0942 4684 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:29:08.0944 4684 AntiVirSchedulerService - ok
12:29:08.0965 4684 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:29:08.0966 4684 AntiVirService - ok
12:29:09.0140 4684 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:29:09.0141 4684 AppID - ok
12:29:09.0236 4684 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:29:09.0238 4684 AppIDSvc - ok
12:29:09.0323 4684 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:29:09.0336 4684 Appinfo - ok
12:29:09.0584 4684 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:29:09.0585 4684 Apple Mobile Device - ok
12:29:09.0861 4684 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:29:09.0920 4684 AppMgmt - ok
12:29:10.0059 4684 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:29:10.0061 4684 arc - ok
12:29:10.0146 4684 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:29:10.0148 4684 arcsas - ok
12:29:10.0287 4684 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:29:10.0289 4684 AsyncMac - ok
12:29:10.0345 4684 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:29:10.0346 4684 atapi - ok
12:29:11.0043 4684 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
12:29:11.0187 4684 atikmdag - ok
12:29:11.0876 4684 ATSwpWDF (ea512f43f4a28d18b52cafe8c93984fb) C:\Windows\system32\Drivers\ATSwpWDF.sys
12:29:11.0891 4684 ATSwpWDF - ok
12:29:12.0038 4684 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:29:12.0045 4684 AudioEndpointBuilder - ok
12:29:12.0113 4684 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:29:12.0119 4684 AudioSrv - ok
12:29:12.0462 4684 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
12:29:12.0465 4684 avgntflt - ok
12:29:12.0522 4684 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
12:29:12.0527 4684 avipbb - ok
12:29:12.0823 4684 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
12:29:12.0824 4684 avkmgr - ok
12:29:12.0956 4684 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:29:12.0976 4684 AxInstSV - ok
12:29:13.0772 4684 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:29:13.0772 4684 b06bdrv - ok
12:29:13.0802 4684 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:29:13.0812 4684 b57nd60a - ok
12:29:14.0112 4684 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:29:14.0112 4684 BDESVC - ok
12:29:14.0252 4684 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:29:14.0252 4684 Beep - ok
12:29:14.0559 4684 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:29:14.0571 4684 BFE - ok
12:29:14.0949 4684 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:29:15.0039 4684 BITS - ok
12:29:15.0122 4684 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:29:15.0123 4684 blbdrive - ok
12:29:15.0274 4684 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:29:15.0277 4684 Bonjour Service - ok
12:29:15.0599 4684 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:29:15.0601 4684 bowser - ok
12:29:15.0672 4684 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:29:15.0673 4684 BrFiltLo - ok
12:29:15.0698 4684 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:29:15.0700 4684 BrFiltUp - ok
12:29:15.0851 4684 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:29:15.0853 4684 BridgeMP - ok
12:29:15.0959 4684 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:29:15.0960 4684 Browser - ok
12:29:16.0080 4684 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:29:16.0083 4684 Brserid - ok
12:29:16.0107 4684 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:29:16.0109 4684 BrSerWdm - ok
12:29:16.0155 4684 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:29:16.0157 4684 BrUsbMdm - ok
12:29:16.0255 4684 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:29:16.0257 4684 BrUsbSer - ok
12:29:16.0298 4684 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:29:16.0300 4684 BthEnum - ok
12:29:16.0391 4684 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:29:16.0393 4684 BTHMODEM - ok
12:29:16.0679 4684 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:29:16.0681 4684 BthPan - ok
12:29:17.0405 4684 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:29:17.0449 4684 BTHPORT - ok
12:29:17.0564 4684 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:29:17.0574 4684 bthserv - ok
12:29:17.0627 4684 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:29:17.0629 4684 BTHUSB - ok
12:29:17.0650 4684 catchme - ok
12:29:17.0786 4684 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:29:17.0788 4684 cdfs - ok
12:29:17.0825 4684 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:29:17.0827 4684 cdrom - ok
12:29:17.0868 4684 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:29:17.0869 4684 CertPropSvc - ok
12:29:17.0937 4684 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:29:17.0938 4684 circlass - ok
12:29:18.0070 4684 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:29:18.0074 4684 CLFS - ok
12:29:18.0255 4684 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:29:18.0281 4684 clr_optimization_v2.0.50727_32 - ok
12:29:18.0375 4684 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:29:18.0397 4684 clr_optimization_v2.0.50727_64 - ok
12:29:18.0466 4684 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:29:18.0470 4684 clr_optimization_v4.0.30319_32 - ok
12:29:18.0516 4684 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:29:18.0518 4684 clr_optimization_v4.0.30319_64 - ok
12:29:18.0688 4684 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:29:18.0690 4684 CmBatt - ok
12:29:18.0752 4684 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:29:18.0754 4684 cmdide - ok
12:29:18.0801 4684 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:29:18.0805 4684 CNG - ok
12:29:18.0829 4684 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:29:18.0830 4684 Compbatt - ok
12:29:18.0885 4684 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:29:18.0886 4684 CompositeBus - ok
12:29:18.0893 4684 COMSysApp - ok
12:29:18.0983 4684 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:29:18.0985 4684 crcdisk - ok
12:29:19.0084 4684 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:29:19.0128 4684 CryptSvc - ok
12:29:19.0215 4684 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:29:19.0220 4684 CSC - ok
12:29:19.0308 4684 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:29:19.0325 4684 CscService - ok
12:29:19.0455 4684 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:29:19.0463 4684 DcomLaunch - ok
12:29:19.0525 4684 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:29:19.0528 4684 defragsvc - ok
12:29:19.0615 4684 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:29:19.0616 4684 DfsC - ok
12:29:19.0664 4684 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:29:19.0666 4684 Dhcp - ok
12:29:19.0753 4684 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:29:19.0754 4684 discache - ok
12:29:19.0917 4684 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:29:19.0920 4684 Disk - ok
12:29:19.0990 4684 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:29:19.0995 4684 Dnscache - ok
12:29:20.0257 4684 Dokan (fa122bc1451b1b35b7814fbe1acf1924) C:\Windows\system32\drivers\dokan.sys
12:29:20.0260 4684 Dokan - ok
12:29:20.0348 4684 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:29:20.0366 4684 dot3svc - ok
12:29:20.0543 4684 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:29:20.0547 4684 Dot4 - ok
12:29:20.0621 4684 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:29:20.0622 4684 Dot4Print - ok
12:29:20.0674 4684 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:29:20.0675 4684 dot4usb - ok
12:29:20.0706 4684 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:29:20.0708 4684 DPS - ok
12:29:20.0793 4684 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:29:20.0794 4684 drmkaud - ok
12:29:20.0837 4684 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:29:20.0840 4684 dtsoftbus01 - ok
12:29:21.0064 4684 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:29:21.0075 4684 DXGKrnl - ok
12:29:21.0214 4684 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
12:29:21.0219 4684 e1yexpress - ok
12:29:21.0304 4684 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:29:21.0305 4684 EapHost - ok
12:29:21.0688 4684 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:29:21.0720 4684 ebdrv - ok
12:29:21.0774 4684 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:29:21.0782 4684 EFS - ok
12:29:21.0920 4684 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:29:21.0957 4684 ehRecvr - ok
12:29:22.0021 4684 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:29:22.0051 4684 ehSched - ok
12:29:22.0221 4684 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:29:22.0229 4684 elxstor - ok
12:29:22.0287 4684 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:29:22.0288 4684 ErrDev - ok
12:29:22.0676 4684 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:29:22.0686 4684 EventSystem - ok
12:29:22.0892 4684 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:29:22.0895 4684 exfat - ok
12:29:22.0914 4684 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:29:22.0917 4684 fastfat - ok
12:29:23.0031 4684 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:29:23.0040 4684 Fax - ok
12:29:23.0088 4684 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:29:23.0090 4684 fdc - ok
12:29:23.0140 4684 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:29:23.0149 4684 fdPHost - ok
12:29:23.0249 4684 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:29:23.0252 4684 FDResPub - ok
12:29:23.0369 4684 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:29:23.0370 4684 FileInfo - ok
12:29:23.0393 4684 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:29:23.0395 4684 Filetrace - ok
12:29:23.0449 4684 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:29:23.0450 4684 flpydisk - ok
12:29:23.0510 4684 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:29:23.0516 4684 FltMgr - ok
12:29:23.0664 4684 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:29:23.0729 4684 FontCache - ok
12:29:23.0904 4684 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:29:23.0913 4684 FontCache3.0.0.0 - ok
12:29:24.0182 4684 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:29:24.0185 4684 FsDepends - ok
12:29:24.0233 4684 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:29:24.0235 4684 Fs_Rec - ok
12:29:24.0301 4684 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:29:24.0305 4684 fvevol - ok
12:29:24.0389 4684 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:29:24.0390 4684 gagp30kx - ok
12:29:24.0507 4684 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:29:24.0510 4684 GEARAspiWDM - ok
12:29:24.0603 4684 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:29:24.0619 4684 gpsvc - ok
12:29:24.0797 4684 HBtnKey (93c3c66d38b0bc08a04f0b28055bc9ac) C:\Windows\system32\DRIVERS\cpqbttn.sys
12:29:24.0851 4684 HBtnKey - ok
12:29:25.0191 4684 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:29:25.0193 4684 hcw85cir - ok
12:29:25.0278 4684 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:29:25.0282 4684 HdAudAddService - ok
12:29:25.0294 4684 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:29:25.0295 4684 HDAudBus - ok
12:29:25.0318 4684 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:29:25.0320 4684 HidBatt - ok
12:29:25.0347 4684 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:29:25.0349 4684 HidBth - ok
12:29:25.0378 4684 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:29:25.0380 4684 HidIr - ok
12:29:25.0542 4684 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:29:25.0564 4684 hidserv - ok
12:29:25.0658 4684 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:29:25.0658 4684 HidUsb - ok
12:29:25.0689 4684 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:29:25.0720 4684 hkmsvc - ok
12:29:25.0783 4684 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:29:25.0783 4684 HomeGroupListener - ok
12:29:25.0875 4684 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:29:25.0879 4684 HomeGroupProvider - ok
12:29:25.0918 4684 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
12:29:25.0919 4684 hpdskflt - ok
12:29:25.0971 4684 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:29:25.0974 4684 HpSAMD - ok
12:29:26.0166 4684 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:29:26.0186 4684 HPSLPSVC - ok
12:29:26.0277 4684 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
12:29:26.0301 4684 hpsrv - ok
12:29:26.0618 4684 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:29:26.0635 4684 HTTP - ok
12:29:26.0749 4684 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:29:26.0750 4684 hwpolicy - ok
12:29:26.0791 4684 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:29:26.0793 4684 i8042prt - ok
12:29:26.0937 4684 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:29:26.0947 4684 iaStorV - ok
12:29:27.0203 4684 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:29:27.0348 4684 idsvc - ok
12:29:27.0559 4684 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:29:27.0561 4684 iirsp - ok
12:29:27.0653 4684 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:29:27.0697 4684 IKEEXT - ok
12:29:27.0752 4684 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:29:27.0753 4684 intelide - ok
12:29:27.0786 4684 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:29:27.0787 4684 intelppm - ok
12:29:27.0945 4684 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:29:27.0976 4684 IPBusEnum - ok
12:29:28.0095 4684 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:29:28.0097 4684 IpFilterDriver - ok
12:29:28.0137 4684 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:29:28.0161 4684 iphlpsvc - ok
12:29:28.0230 4684 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:29:28.0232 4684 IPMIDRV - ok
12:29:28.0293 4684 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:29:28.0296 4684 IPNAT - ok
12:29:28.0482 4684 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:29:28.0490 4684 iPod Service - ok
12:29:28.0752 4684 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:29:28.0754 4684 IRENUM - ok
12:29:28.0797 4684 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:29:28.0798 4684 isapnp - ok
12:29:28.0856 4684 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:29:28.0861 4684 iScsiPrt - ok
12:29:28.0890 4684 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:29:28.0892 4684 kbdclass - ok
12:29:28.0948 4684 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:29:28.0949 4684 kbdhid - ok
12:29:29.0042 4684 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:29:29.0044 4684 KeyIso - ok
12:29:29.0159 4684 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:29:29.0161 4684 KSecDD - ok
12:29:29.0200 4684 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:29:29.0202 4684 KSecPkg - ok
12:29:29.0250 4684 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:29:29.0251 4684 ksthunk - ok
12:29:29.0361 4684 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:29:29.0413 4684 KtmRm - ok
12:29:29.0548 4684 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:29:29.0556 4684 LanmanServer - ok
12:29:29.0592 4684 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:29:29.0615 4684 LanmanWorkstation - ok
12:29:29.0715 4684 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:29:29.0716 4684 lltdio - ok
12:29:29.0820 4684 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:29:29.0844 4684 lltdsvc - ok
12:29:29.0925 4684 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:29:29.0926 4684 lmhosts - ok
12:29:30.0015 4684 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:29:30.0017 4684 LSI_FC - ok
12:29:30.0044 4684 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:29:30.0046 4684 LSI_SAS - ok
12:29:30.0168 4684 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:29:30.0170 4684 LSI_SAS2 - ok
12:29:30.0194 4684 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:29:30.0195 4684 LSI_SCSI - ok
12:29:30.0218 4684 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:29:30.0220 4684 luafv - ok
12:29:30.0310 4684 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\Windows\system32\DRIVERS\lv302a64.sys
12:29:30.0311 4684 lvpepf64 - ok
12:29:30.0529 4684 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\Windows\system32\DRIVERS\lvrs64.sys
12:29:30.0536 4684 LVRS64 - ok
12:29:30.0827 4684 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
12:29:30.0829 4684 LVUSBS64 - ok
12:29:30.0859 4684 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:29:30.0875 4684 Mcx2Svc - ok
12:29:30.0935 4684 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:29:30.0936 4684 megasas - ok
12:29:30.0974 4684 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:29:30.0978 4684 MegaSR - ok
12:29:31.0090 4684 Microsoft SharePoint Workspace Audit Service - ok
12:29:31.0313 4684 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:29:31.0314 4684 MMCSS - ok
12:29:31.0391 4684 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:29:31.0391 4684 Modem - ok
12:29:31.0430 4684 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:29:31.0430 4684 monitor - ok
12:29:31.0477 4684 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:29:31.0478 4684 mouclass - ok
12:29:31.0789 4684 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:29:31.0790 4684 mouhid - ok
12:29:31.0848 4684 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:29:31.0849 4684 mountmgr - ok
12:29:31.0932 4684 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:29:31.0934 4684 mpio - ok
12:29:32.0030 4684 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:29:32.0032 4684 mpsdrv - ok
12:29:32.0098 4684 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:29:32.0115 4684 MpsSvc - ok
12:29:32.0330 4684 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:29:32.0333 4684 MRxDAV - ok
12:29:32.0499 4684 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:29:32.0504 4684 mrxsmb - ok
12:29:32.0564 4684 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:29:32.0571 4684 mrxsmb10 - ok
12:29:32.0634 4684 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:29:32.0638 4684 mrxsmb20 - ok
12:29:32.0727 4684 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:29:32.0729 4684 msahci - ok
12:29:32.0885 4684 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:29:32.0890 4684 msdsm - ok
12:29:32.0958 4684 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:29:32.0977 4684 MSDTC - ok
12:29:33.0078 4684 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:29:33.0080 4684 Msfs - ok
12:29:33.0161 4684 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:29:33.0161 4684 mshidkmdf - ok
12:29:33.0201 4684 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:29:33.0201 4684 msisadrv - ok
12:29:33.0321 4684 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:29:33.0341 4684 MSiSCSI - ok
12:29:33.0351 4684 msiserver - ok
12:29:33.0391 4684 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:29:33.0391 4684 MSKSSRV - ok
12:29:33.0411 4684 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:29:33.0421 4684 MSPCLOCK - ok
12:29:33.0731 4684 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:29:33.0731 4684 MSPQM - ok
12:29:33.0831 4684 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:29:33.0831 4684 MsRPC - ok
12:29:33.0991 4684 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:29:33.0991 4684 mssmbios - ok
12:29:34.0051 4684 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:29:34.0051 4684 MSTEE - ok
12:29:34.0081 4684 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:29:34.0081 4684 MTConfig - ok
12:29:34.0191 4684 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:29:34.0191 4684 Mup - ok
12:29:34.0251 4684 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:29:34.0261 4684 napagent - ok
12:29:34.0421 4684 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:29:34.0431 4684 NativeWifiP - ok
12:29:34.0491 4684 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:29:34.0501 4684 NDIS - ok
12:29:34.0622 4684 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:29:34.0622 4684 NdisCap - ok
12:29:34.0672 4684 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:29:34.0682 4684 NdisTapi - ok
12:29:35.0112 4684 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:29:35.0142 4684 Ndisuio - ok
12:29:35.0355 4684 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:29:35.0358 4684 NdisWan - ok
12:29:35.0380 4684 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:29:35.0381 4684 NDProxy - ok
12:29:35.0398 4684 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:29:35.0399 4684 NetBIOS - ok
12:29:35.0442 4684 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:29:35.0445 4684 NetBT - ok
12:29:35.0509 4684 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:29:35.0510 4684 Netlogon - ok
12:29:35.0611 4684 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:29:35.0616 4684 Netman - ok
12:29:35.0728 4684 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:29:35.0734 4684 netprofm - ok
12:29:36.0014 4684 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:29:36.0022 4684 NetTcpPortSharing - ok
12:29:36.0605 4684 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
12:29:36.0732 4684 NETw5s64 - ok
12:29:37.0498 4684 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
12:29:37.0553 4684 netw5v64 - ok
12:29:37.0728 4684 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:29:37.0738 4684 nfrd960 - ok
12:29:37.0768 4684 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:29:37.0778 4684 NlaSvc - ok
12:29:37.0988 4684 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe
12:29:37.0988 4684 nlsX86cc - ok
12:29:38.0558 4684 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:29:38.0558 4684 Npfs - ok
12:29:38.0673 4684 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:29:38.0675 4684 nsi - ok
12:29:38.0832 4684 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:29:38.0835 4684 nsiproxy - ok
12:29:38.0996 4684 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:29:39.0038 4684 Ntfs - ok
12:29:39.0097 4684 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:29:39.0099 4684 Null - ok
12:29:39.0133 4684 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:29:39.0137 4684 nvraid - ok
12:29:39.0173 4684 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:29:39.0175 4684 nvstor - ok
12:29:39.0208 4684 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:29:39.0210 4684 nv_agp - ok
12:29:39.0270 4684 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:29:39.0271 4684 ohci1394 - ok
12:29:39.0362 4684 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:29:39.0364 4684 ose - ok
12:29:39.0922 4684 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:29:39.0969 4684 osppsvc - ok
12:29:40.0164 4684 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:29:40.0167 4684 p2pimsvc - ok
12:29:40.0224 4684 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:29:40.0228 4684 p2psvc - ok
12:29:40.0296 4684 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:29:40.0297 4684 Parport - ok
12:29:40.0374 4684 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:29:40.0375 4684 partmgr - ok
12:29:40.0408 4684 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:29:40.0411 4684 PcaSvc - ok
12:29:40.0491 4684 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:29:40.0496 4684 pci - ok
12:29:40.0532 4684 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:29:40.0534 4684 pciide - ok
12:29:40.0562 4684 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:29:40.0565 4684 pcmcia - ok
12:29:40.0591 4684 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:29:40.0593 4684 pcw - ok
12:29:40.0639 4684 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:29:40.0647 4684 PEAUTH - ok
12:29:41.0000 4684 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:29:41.0020 4684 PeerDistSvc - ok
12:29:41.0173 4684 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:29:41.0175 4684 PerfHost - ok
12:29:41.0515 4684 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS
12:29:41.0541 4684 PID_PEPI - ok
12:29:41.0725 4684 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:29:41.0746 4684 pla - ok
12:29:41.0807 4684 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:29:41.0816 4684 PlugPlay - ok
12:29:41.0858 4684 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:29:41.0871 4684 PNRPAutoReg - ok
12:29:41.0906 4684 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:29:41.0911 4684 PNRPsvc - ok
12:29:41.0966 4684 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:29:41.0981 4684 PolicyAgent - ok
12:29:42.0044 4684 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:29:42.0055 4684 Power - ok
12:29:42.0211 4684 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:29:42.0211 4684 PptpMiniport - ok
12:29:42.0261 4684 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:29:42.0261 4684 Processor - ok
12:29:42.0311 4684 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:29:42.0321 4684 ProfSvc - ok
12:29:42.0361 4684 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:29:42.0361 4684 ProtectedStorage - ok
12:29:42.0561 4684 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:29:42.0561 4684 Psched - ok
12:29:42.0691 4684 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:29:42.0701 4684 PxHlpa64 - ok
12:29:42.0861 4684 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:29:42.0881 4684 ql2300 - ok
12:29:42.0991 4684 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:29:43.0001 4684 ql40xx - ok
12:29:43.0051 4684 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:29:43.0051 4684 QWAVE - ok
12:29:43.0091 4684 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:29:43.0091 4684 QWAVEdrv - ok
12:29:43.0121 4684 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:29:43.0121 4684 RasAcd - ok
12:29:43.0676 4684 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:29:43.0680 4684 RasAgileVpn - ok
12:29:43.0810 4684 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:29:43.0818 4684 RasAuto - ok
12:29:43.0858 4684 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:29:43.0860 4684 Rasl2tp - ok
12:29:43.0943 4684 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:29:43.0948 4684 RasMan - ok
12:29:44.0010 4684 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:29:44.0012 4684 RasPppoe - ok
12:29:44.0028 4684 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:29:44.0029 4684 RasSstp - ok
12:29:44.0051 4684 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:29:44.0054 4684 rdbss - ok
12:29:44.0071 4684 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:29:44.0072 4684 rdpbus - ok
12:29:44.0169 4684 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:29:44.0170 4684 RDPCDD - ok
12:29:44.0228 4684 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:29:44.0231 4684 RDPDR - ok
12:29:44.0268 4684 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:29:44.0269 4684 RDPENCDD - ok
12:29:44.0318 4684 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:29:44.0319 4684 RDPREFMP - ok
12:29:44.0375 4684 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:29:44.0442 4684 RDPWD - ok
12:29:44.0565 4684 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:29:44.0567 4684 rdyboost - ok
12:29:44.0632 4684 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:29:44.0637 4684 RemoteAccess - ok
12:29:44.0847 4684 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:29:44.0928 4684 RemoteRegistry - ok
12:29:45.0136 4684 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:29:45.0138 4684 RFCOMM - ok
12:29:45.0199 4684 RICOH SmartCard Reader (b416fa425949575a730260cc7aed8136) C:\Windows\system32\DRIVERS\rismcx64.sys
12:29:45.0201 4684 RICOH SmartCard Reader - ok
12:29:45.0245 4684 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:29:45.0246 4684 RimUsb - ok
12:29:45.0372 4684 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:29:45.0375 4684 RpcEptMapper - ok
12:29:45.0441 4684 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:29:45.0443 4684 RpcLocator - ok
12:29:45.0525 4684 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:29:45.0531 4684 RpcSs - ok
12:29:45.0607 4684 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:29:45.0609 4684 rspndr - ok
12:29:45.0656 4684 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:29:45.0658 4684 s3cap - ok
12:29:45.0852 4684 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:29:45.0854 4684 SamSs - ok
12:29:45.0963 4684 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:29:45.0964 4684 SASDIFSV - ok
12:29:46.0004 4684 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:29:46.0005 4684 SASKUTIL - ok
12:29:46.0101 4684 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:29:46.0104 4684 sbp2port - ok
12:29:46.0422 4684 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
12:29:46.0432 4684 SBSDWSCService - ok
12:29:46.0561 4684 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:29:46.0564 4684 SCardSvr - ok
12:29:46.0589 4684 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:29:46.0590 4684 scfilter - ok
12:29:46.0718 4684 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:29:46.0734 4684 Schedule - ok
12:29:46.0780 4684 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:29:46.0781 4684 SCPolicySvc - ok
12:29:46.0840 4684 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
12:29:46.0842 4684 sdbus - ok
12:29:46.0907 4684 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:29:46.0917 4684 SDRSVC - ok
12:29:46.0962 4684 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:29:46.0964 4684 secdrv - ok
12:29:46.0988 4684 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:29:46.0994 4684 seclogon - ok
12:29:47.0143 4684 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:29:47.0144 4684 SENS - ok
12:29:47.0187 4684 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:29:47.0189 4684 SensrSvc - ok
12:29:47.0214 4684 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:29:47.0215 4684 Serenum - ok
12:29:47.0240 4684 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:29:47.0242 4684 Serial - ok
12:29:47.0265 4684 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:29:47.0266 4684 sermouse - ok
12:29:47.0306 4684 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:29:47.0309 4684 SessionEnv - ok
12:29:47.0397 4684 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:29:47.0398 4684 sffdisk - ok
12:29:47.0440 4684 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:29:47.0441 4684 sffp_mmc - ok
12:29:47.0453 4684 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:29:47.0455 4684 sffp_sd - ok
12:29:47.0501 4684 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:29:47.0502 4684 sfloppy - ok
12:29:47.0554 4684 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:29:47.0562 4684 SharedAccess - ok
12:29:47.0731 4684 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:29:47.0734 4684 ShellHWDetection - ok
12:29:47.0753 4684 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:29:47.0754 4684 SiSRaid2 - ok
12:29:47.0777 4684 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:29:47.0779 4684 SiSRaid4 - ok
12:29:47.0867 4684 SkypeUpdate (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:29:47.0869 4684 SkypeUpdate - ok
12:29:47.0938 4684 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:29:47.0938 4684 Smb - ok
12:29:48.0029 4684 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:29:48.0034 4684 SNMPTRAP - ok
12:29:48.0124 4684 SNP2UVC (84de101b4fa40cd28b84637924c060ce) C:\Windows\system32\DRIVERS\snp2uvc.sys
12:29:48.0142 4684 SNP2UVC - ok
12:29:48.0249 4684 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:29:48.0250 4684 spldr - ok
12:29:48.0306 4684 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:29:48.0318 4684 Spooler - ok
12:29:48.0541 4684 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:29:48.0575 4684 sppsvc - ok
12:29:48.0629 4684 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:29:48.0631 4684 sppuinotify - ok
12:29:48.0983 4684 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:29:48.0987 4684 srv - ok
12:29:49.0035 4684 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:29:49.0040 4684 srv2 - ok
12:29:49.0087 4684 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:29:49.0089 4684 srvnet - ok
12:29:49.0205 4684 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:29:49.0213 4684 SSDPSRV - ok
12:29:49.0333 4684 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:29:49.0335 4684 SstpSvc - ok
12:29:49.0397 4684 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:29:49.0399 4684 stexstor - ok
12:29:49.0519 4684 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:29:49.0531 4684 stisvc - ok
12:29:49.0636 4684 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:29:49.0636 4684 storflt - ok
12:29:49.0835 4684 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
12:29:49.0840 4684 StorSvc - ok
12:29:49.0882 4684 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:29:49.0883 4684 storvsc - ok
12:29:49.0921 4684 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:29:49.0922 4684 swenum - ok
12:29:49.0986 4684 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:29:49.0996 4684 swprv - ok
12:29:50.0300 4684 SynTP (d268d2a0db2a2bbe963e688d0b039267) C:\Windows\system32\DRIVERS\SynTP.sys
12:29:50.0316 4684 SynTP - ok
12:29:50.0584 4684 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:29:50.0602 4684 SysMain - ok
12:29:50.0682 4684 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:29:50.0688 4684 TabletInputService - ok
12:29:50.0786 4684 tap0901 (a8d3f11bc8f37c3d7d026c3e1219b5ac) C:\Windows\system32\DRIVERS\tap0901.sys
12:29:50.0787 4684 tap0901 - ok
12:29:50.0943 4684 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:29:50.0948 4684 TapiSrv - ok
12:29:50.0996 4684 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:29:50.0998 4684 TBS - ok
12:29:51.0208 4684 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:29:51.0227 4684 Tcpip - ok
12:29:51.0324 4684 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:29:51.0333 4684 TCPIP6 - ok
12:29:51.0512 4684 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:29:51.0514 4684 tcpipreg - ok
12:29:51.0574 4684 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:29:51.0576 4684 TDPIPE - ok
12:29:51.0643 4684 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:29:51.0645 4684 TDTCP - ok
12:29:51.0751 4684 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:29:51.0753 4684 tdx - ok
12:29:51.0834 4684 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:29:51.0836 4684 TermDD - ok
12:29:51.0985 4684 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:29:51.0999 4684 TermService - ok
12:29:52.0050 4684 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:29:52.0056 4684 Themes - ok
12:29:52.0092 4684 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:29:52.0092 4684 THREADORDER - ok
12:29:52.0163 4684 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
12:29:52.0164 4684 TPM - ok
12:29:52.0211 4684 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:29:52.0213 4684 TrkWks - ok
12:29:52.0297 4684 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:29:52.0300 4684 TrustedInstaller - ok
12:29:52.0408 4684 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:29:52.0409 4684 tssecsrv - ok
12:29:52.0807 4684 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:29:52.0808 4684 TsUsbFlt - ok
12:29:52.0834 4684 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:29:52.0836 4684 tunnel - ok
12:29:52.0873 4684 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:29:52.0875 4684 uagp35 - ok
12:29:52.0929 4684 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:29:52.0934 4684 udfs - ok
12:29:52.0984 4684 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:29:52.0989 4684 UI0Detect - ok
12:29:53.0033 4684 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:29:53.0035 4684 uliagpkx - ok
12:29:53.0140 4684 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:29:53.0141 4684 umbus - ok
12:29:53.0225 4684 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:29:53.0227 4684 UmPass - ok
12:29:53.0300 4684 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:29:53.0310 4684 UmRdpService - ok
12:29:53.0346 4684 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:29:53.0362 4684 upnphost - ok
12:29:53.0437 4684 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:29:53.0439 4684 usbaudio - ok
12:29:53.0465 4684 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:29:53.0466 4684 usbccgp - ok
12:29:53.0509 4684 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:29:53.0511 4684 usbcir - ok
12:29:53.0543 4684 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:29:53.0544 4684 usbehci - ok
12:29:53.0579 4684 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:29:53.0584 4684 usbhub - ok
12:29:53.0605 4684 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:29:53.0606 4684 usbohci - ok
12:29:53.0706 4684 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:29:53.0708 4684 usbprint - ok
12:29:53.0800 4684 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:29:53.0802 4684 usbscan - ok
12:29:53.0899 4684 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:29:53.0901 4684 USBSTOR - ok
12:29:53.0957 4684 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:29:53.0958 4684 usbuhci - ok
12:29:54.0005 4684 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:29:54.0009 4684 usbvideo - ok
12:29:54.0161 4684 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:29:54.0302 4684 UxSms - ok
12:29:54.0670 4684 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:29:54.0671 4684 VaultSvc - ok
12:29:55.0143 4684 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:29:55.0239 4684 vdrvroot - ok
12:29:55.0643 4684 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:29:55.0720 4684 vds - ok
12:29:55.0758 4684 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:29:55.0759 4684 vga - ok
12:29:55.0791 4684 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:29:55.0792 4684 VgaSave - ok
12:29:55.0830 4684 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:29:55.0863 4684 vhdmp - ok
12:29:56.0310 4684 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:29:56.0311 4684 viaide - ok
12:29:56.0357 4684 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:29:56.0361 4684 vmbus - ok
12:29:56.0414 4684 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:29:56.0415 4684 VMBusHID - ok
12:29:56.0437 4684 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:29:56.0439 4684 volmgr - ok
12:29:56.0538 4684 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:29:56.0546 4684 volmgrx - ok
12:29:56.0625 4684 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:29:56.0637 4684 volsnap - ok
12:29:56.0904 4684 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:29:56.0913 4684 vsmraid - ok
12:29:57.0417 4684 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:29:57.0440 4684 VSS - ok
12:29:57.0590 4684 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:29:57.0592 4684 vwifibus - ok
12:29:57.0619 4684 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:29:57.0621 4684 vwififlt - ok
12:29:57.0674 4684 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:29:57.0680 4684 W32Time - ok
12:29:57.0713 4684 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:29:57.0715 4684 WacomPen - ok
12:29:57.0752 4684 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:57.0755 4684 WANARP - ok
12:29:57.0759 4684 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:57.0761 4684 Wanarpv6 - ok
12:29:57.0915 4684 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:29:57.0946 4684 WatAdminSvc - ok
12:29:58.0167 4684 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:29:58.0187 4684 wbengine - ok
12:29:58.0272 4684 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:29:58.0280 4684 WbioSrvc - ok
12:29:58.0323 4684 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:29:58.0335 4684 wcncsvc - ok
12:29:58.0366 4684 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:29:58.0369 4684 WcsPlugInService - ok
12:29:58.0418 4684 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:29:58.0419 4684 Wd - ok
12:29:58.0451 4684 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:29:58.0457 4684 Wdf01000 - ok
12:29:58.0472 4684 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:29:58.0474 4684 WdiServiceHost - ok
12:29:58.0477 4684 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:29:58.0479 4684 WdiSystemHost - ok
12:29:58.0628 4684 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:29:58.0641 4684 WebClient - ok
12:29:58.0671 4684 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:29:58.0682 4684 Wecsvc - ok
12:29:58.0752 4684 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:29:58.0756 4684 wercplsupport - ok
12:29:58.0793 4684 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:29:58.0799 4684 WerSvc - ok
12:29:58.0844 4684 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:29:58.0845 4684 WfpLwf - ok
12:29:58.0862 4684 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:29:58.0863 4684 WIMMount - ok
12:29:58.0905 4684 WinDefend - ok
12:29:58.0918 4684 WinHttpAutoProxySvc - ok
12:29:59.0008 4684 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:29:59.0017 4684 Winmgmt - ok
12:29:59.0101 4684 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:29:59.0132 4684 WinRM - ok
12:29:59.0269 4684 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:29:59.0281 4684 Wlansvc - ok
12:29:59.0427 4684 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:29:59.0453 4684 wlidsvc - ok
12:29:59.0512 4684 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:29:59.0514 4684 WmiAcpi - ok
12:29:59.0665 4684 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:29:59.0666 4684 wmiApSrv - ok
12:29:59.0716 4684 WMPNetworkSvc - ok
12:29:59.0761 4684 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:29:59.0765 4684 WPCSvc - ok
12:29:59.0788 4684 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:29:59.0794 4684 WPDBusEnum - ok
12:29:59.0841 4684 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:29:59.0842 4684 ws2ifsl - ok
12:29:59.0867 4684 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:29:59.0873 4684 wscsvc - ok
12:29:59.0879 4684 WSearch - ok
12:29:59.0968 4684 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:29:59.0997 4684 wuauserv - ok
12:30:00.0079 4684 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:30:00.0083 4684 WudfPf - ok
12:30:00.0179 4684 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:30:00.0185 4684 WUDFRd - ok
12:30:00.0222 4684 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:30:00.0231 4684 wudfsvc - ok
12:30:00.0273 4684 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:30:00.0285 4684 WwanSvc - ok
12:30:00.0314 4684 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:30:00.0355 4684 \Device\Harddisk0\DR0 - ok
12:30:00.0385 4684 Boot (0x1200) (363e9492852fd877ec7a10c9442e3eb0) \Device\Harddisk0\DR0\Partition0
12:30:00.0388 4684 \Device\Harddisk0\DR0\Partition0 - ok
12:30:00.0424 4684 Boot (0x1200) (344677ea909d49b7ed3a293661951f98) \Device\Harddisk0\DR0\Partition1
12:30:00.0425 4684 \Device\Harddisk0\DR0\Partition1 - ok
12:30:00.0436 4684 Boot (0x1200) (6797fd3a8219f0c8c2933c8ed9112205) \Device\Harddisk0\DR0\Partition2
12:30:00.0438 4684 \Device\Harddisk0\DR0\Partition2 - ok
12:30:00.0439 4684 ============================================================
12:30:00.0439 4684 Scan finished
12:30:00.0439 4684 ============================================================
12:30:00.0457 1464 Detected object count: 0
12:30:00.0457 1464 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 08 April 2012 - 12:12 PM

Which browsers are redirecting?



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 funktastic

funktastic
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 08 April 2012 - 12:15 PM

I believe just chrome and firefox

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 08 April 2012 - 12:16 PM

I want you to uninstall them and if asked about user data or settings then remove that also.


reinstall them and then recheck for the redirections
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 11 April 2012 - 05:38 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 funktastic

funktastic
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 12 April 2012 - 07:15 PM

apologies...everything looks fine after much testing. thanks!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 12 April 2012 - 08:48 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 15 April 2012 - 12:00 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 funktastic

funktastic
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 April 2012 - 04:52 PM

apologies...its all good thanks again for all your help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users