Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Redirection Virus, possible rootkit


  • This topic is locked This topic is locked
15 replies to this topic

#1 p0ndo

p0ndo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 05 April 2012 - 03:16 PM

Hey guys,

Scanned with Malwarebytes, avast!, still experiencing search engine redirection, worried about other possible threats, identity theft, etc.

I disabled my antivirus prior to using dds, it's usually always on.

Thanks in advance for any help provided!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Nick at 13:58:22 on 2012-04-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12265.9487 [GMT -4:00]
.
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Winstep\Nexus.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\mDesktop\mDesktop.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\AsScrPro.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Winstep\WsxService.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [MusicManager] "C:\Users\Nick\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe autostart
uRun: [F.lux] "C:\Users\Nick\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [mDesktop] "C:\Program Files (x86)\mDesktop\mDesktop.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
dRun: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe\Adobe\wmgaaaizl.dll",DllRegisterServer
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex
StartupFolder: C:\Users\Nick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 208.67.220.220 206.64.198.20
TCP: Interfaces\{66830D15-DA7D-4829-A1B0-A372A43E78B3} : DhcpNameServer = 192.168.1.1 8.8.8.8
TCP: Interfaces\{783529A1-9F29-4C94-9076-C54EDD91866F} : DhcpNameServer = 208.67.220.220 206.64.198.20
TCP: Interfaces\{A34759CB-31B1-49E8-9DE3-397B9747CDBB} : NameServer = 205.242.187.234,8.8.4.4
TCP: Interfaces\{A34759CB-31B1-49E8-9DE3-397B9747CDBB} : DhcpNameServer = 208.67.220.220 206.64.198.20
TCP: Interfaces\{A34759CB-31B1-49E8-9DE3-397B9747CDBB}\054616E456470284F6473507F647 : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{A34759CB-31B1-49E8-9DE3-397B9747CDBB}\2375942554938333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A34759CB-31B1-49E8-9DE3-397B9747CDBB}\24C61636B60224561627 : DhcpNameServer = 192.168.1.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{A34759CB-31B1-49E8-9DE3-397B9747CDBB}\5473673356E63337 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{A34759CB-31B1-49E8-9DE3-397B9747CDBB}\66167602E6564777F627B6 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun-x64: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\8ina8sdj.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 AsusUacSvc;Asus process privilege adjust service;C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2011-8-24 113840]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-2 44768]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-4-2 134920]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-2 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-24 2655768]
R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-3-25 91464]
R2 Winstep Xtreme Service;Winstep Xtreme Service;C:\Program Files (x86)\Winstep\WsxService --> C:\Program Files (x86)\Winstep\WsxService [?]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-1-30 17152]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;C:\Windows\system32\DRIVERS\fspad_win764.sys --> C:\Windows\system32\DRIVERS\fspad_win764.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\SysWOW64\adbcnsl.exe [2012-2-19 690474]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-2 135664]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-24 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-24 79360]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-1-21 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-1-21 8456]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-2 135664]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USB_FPRd;FingerPrinterReader;C:\Windows\system32\Drivers\UT_FPRd.sys --> C:\Windows\system32\Drivers\UT_FPRd.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-04 01:56:41 98816 ----a-w- C:\Windows\sed.exe
2012-04-04 01:56:41 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-04 01:56:41 256000 ----a-w- C:\Windows\PEV.exe
2012-04-04 01:56:41 208896 ----a-w- C:\Windows\MBR.exe
2012-04-04 01:03:51 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5DBCEA1-A01F-4CCE-B39D-BE357A354D2B}\offreg.dll
2012-04-03 18:42:10 380 ----a-w- C:\Users\Nick\AppData\Roaming\sp_data.sys
2012-04-03 18:39:34 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-04-03 18:39:10 -------- d-----w- C:\Program Files\Fresco Logic
2012-04-03 18:37:43 196224 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll
2012-04-03 18:37:40 -------- d-----w- C:\ProgramData\P4G
2012-04-03 18:36:01 2603864 ----a-w- C:\Windows\System32\WavesGUILib.dll
2012-04-03 07:37:02 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5DBCEA1-A01F-4CCE-B39D-BE357A354D2B}\mpengine.dll
2012-04-02 13:20:21 141144 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-04-02 13:19:51 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-04-02 13:19:51 258904 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-04-02 13:19:50 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-04-02 13:19:50 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-04-02 13:19:50 28504 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-04-02 13:19:32 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2012-04-02 13:19:14 41184 ----a-w- C:\Windows\avastSS.scr
2012-04-02 13:19:02 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-02 13:19:02 -------- d-----w- C:\Program Files\AVAST Software
2012-04-02 13:05:43 -------- d-----w- C:\Users\Nick\AppData\Roaming\mIRC
2012-04-02 13:05:43 -------- d-----w- C:\Program Files (x86)\mIRC
2012-03-20 23:29:45 -------- d-----w- C:\Users\Nick\AppData\Roaming\Broad Intelligence
2012-03-20 23:29:41 -------- d-----w- C:\Program Files\MediaCoder
2012-03-20 22:43:34 -------- d-----w- C:\Users\Nick\AppData\Roaming\HandBrake
2012-03-20 22:37:20 -------- d-----w- C:\Program Files\Handbrake
2012-03-20 22:32:26 8107 ----a-w- C:\Windows\w7dsd.reg
2012-03-20 22:32:26 8089 ----a-w- C:\Windows\w7dse.reg
2012-03-20 22:32:26 275360 ----a-w- C:\Windows\System32\DreamScene.dll
2012-03-19 15:42:11 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 15:42:11 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 06:14:07 -------- d-----w- C:\Users\Nick\AppData\Local\{DF373DA9-1A6A-45BB-A960-9F6D537E5437}
2012-03-16 06:05:21 -------- d-----w- C:\Users\Nick\AppData\Local\Windows Live
2012-03-16 06:04:34 -------- d-----w- C:\Users\Nick\AppData\Local\{CF034B92-B5BD-430A-9DA0-E33D11E13627}
2012-03-16 06:04:34 -------- d-----w- C:\Users\Nick\AppData\Local\{7771BE80-D707-4C44-83CE-ACF55C0E4DD6}
2012-03-15 07:02:50 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 07:02:49 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:02:49 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 00:08:56 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 00:08:56 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 00:08:56 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 00:08:02 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 00:08:02 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 00:08:02 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 00:08:02 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 00:08:02 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 00:08:02 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 00:08:02 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 08:17:25 -------- d-----r- C:\Users\Nick\Backup
2012-03-12 15:17:26 -------- d-----w- C:\Program Files\iTunes
2012-03-12 15:17:26 -------- d-----w- C:\Program Files\iPod
2012-03-12 15:17:26 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-11 15:33:19 -------- d-----w- C:\DRIVERS
2012-03-10 18:18:28 -------- d-----w- C:\Users\Nick\AppData\Roaming\MMFApplications
2012-03-08 15:46:19 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-03-08 15:46:01 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-03-08 15:45:47 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-03-08 15:45:43 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
==================== Find3M ====================
.
2012-04-02 15:07:54 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-21 10:18:25 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-21 10:16:41 384 ----a-w- C:\Windows\SysWow64\checkOS.bat
2012-02-19 04:50:50 690474 ----a-w- C:\Windows\SysWow64\adbcnsl.exe
2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-06 22:41:14 4740456 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2012-02-06 18:45:00 2528832 ----a-w- C:\Windows\System32\FMAPO64.dll
2012-02-06 14:55:14 3846248 ----a-w- C:\Windows\System32\RtkAPO64.dll
2012-02-03 21:37:22 626264 ----a-w- C:\Windows\System32\MBTHX64.dll
2012-02-03 21:37:18 561752 ----a-w- C:\Windows\SysWow64\MBTHX32.dll
2012-02-02 17:45:57 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2012-02-02 17:45:55 2851840 ----a-w- C:\Windows\System32\themeui.dll
2012-02-02 17:45:53 44544 ----a-w- C:\Windows\System32\themeservice.dll
2012-01-31 21:32:16 2652264 ----a-w- C:\Windows\System32\RtPgEx64.dll
2012-01-30 18:32:16 17152 ----a-w- C:\Windows\SysWow64\drivers\AiCharger.sys
2012-01-30 18:32:16 17152 ----a-w- C:\Windows\System32\drivers\AiCharger.sys
2012-01-10 18:48:16 958296 ----a-w- C:\Windows\System32\MaxxAudioAPOShell64.dll
2012-01-10 08:44:58 65024 ----a-w- C:\Windows\System32\drivers\FLxHCIh.sys
2012-01-10 08:44:58 219648 ----a-w- C:\Windows\System32\drivers\FLxHCIc.sys
2012-01-10 08:44:58 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
.
============= FINISH: 13:58:39.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 p0ndo

p0ndo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 05 April 2012 - 03:22 PM

I should add that I've already run Combofix, since I felt that I "knew what I was doing," trying to autofix the registry after I checked out a few solutions provided on the site. No improvement at all. I apologize if this complicates anything for you guys.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 07 April 2012 - 05:12 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 p0ndo

p0ndo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 07 April 2012 - 02:27 PM

Hey Gringo, Thanks for the assistance. I had no problems following your instructions.

I am still experiencing all the symptoms of the problem. My search engine links are still being redirected. I went to google, ran a a search for "earth" and the first few links I clicked were fine, but after clicking 2 or 3 I found myself at this url: http://63.209.69.107/search/web/earth/a10/46938-10090/v5

Below is the Combofix log you requested.

ComboFix 12-04-03.02 - Nick 04/07/2012 14:46:59.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12265.8648 [GMT -4:00]
Running from: c:\users\Nick\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nick\AppData\Roaming\mIRC\logs\status.log
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\Adobe\wmgaaaizl.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 18:52 . 2012-04-07 18:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-07 18:52 . 2012-04-07 18:52 -------- d-----w- c:\users\Mcx1-NICK-PC\AppData\Local\temp
2012-04-07 18:52 . 2012-04-07 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 07:56 . 2012-04-06 07:56 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B632DB31-A316-4285-9468-AC1C9D6F048C}\offreg.dll
2012-04-06 07:55 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B632DB31-A316-4285-9468-AC1C9D6F048C}\mpengine.dll
2012-04-06 00:11 . 2012-04-06 17:40 -------- d-----r- c:\users\Nick\Apps
2012-04-03 18:42 . 2012-04-06 14:13 380 ----a-w- c:\users\Nick\AppData\Roaming\sp_data.sys
2012-04-03 18:39 . 2012-04-03 18:39 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-04-03 18:39 . 2012-04-03 18:39 -------- d-----w- c:\program files\Fresco Logic
2012-04-03 18:37 . 2010-08-03 19:30 196224 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll
2012-04-03 18:37 . 2012-04-03 18:37 -------- d-----w- c:\programdata\P4G
2012-04-03 18:36 . 2011-12-18 21:58 2603864 ----a-w- c:\windows\system32\WavesGUILib.dll
2012-04-02 13:20 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-02 13:20 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-02 13:20 . 2012-03-06 23:04 141144 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-04-02 13:19 . 2012-03-06 23:03 258904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-04-02 13:19 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-02 13:19 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-02 13:19 . 2012-03-06 23:02 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-04-02 13:19 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-02 13:19 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-02 13:19 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-02 13:19 . 2012-02-23 14:54 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-04-02 13:19 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-02 13:19 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-02 13:19 . 2012-04-02 13:19 -------- d-----w- c:\programdata\AVAST Software
2012-04-02 13:19 . 2012-04-02 13:19 -------- d-----w- c:\program files\AVAST Software
2012-04-02 13:05 . 2012-04-06 17:36 -------- d-----w- c:\users\Nick\AppData\Roaming\mIRC
2012-04-02 13:05 . 2012-04-02 13:05 -------- d-----w- c:\program files (x86)\mIRC
2012-03-20 23:29 . 2012-03-20 23:29 -------- d-----w- c:\users\Nick\AppData\Roaming\Broad Intelligence
2012-03-20 23:29 . 2012-03-20 23:30 -------- d-----w- c:\program files\MediaCoder
2012-03-20 22:43 . 2012-03-20 22:48 -------- d-----w- c:\users\Nick\AppData\Roaming\HandBrake
2012-03-20 22:37 . 2012-03-20 22:37 -------- d-----w- c:\program files\Handbrake
2012-03-20 22:32 . 2012-03-20 23:05 8107 ----a-w- c:\windows\w7dsd.reg
2012-03-20 22:32 . 2012-03-20 23:05 8089 ----a-w- c:\windows\w7dse.reg
2012-03-20 22:32 . 2012-03-20 22:32 275360 ----a-w- c:\windows\system32\DreamScene.dll
2012-03-19 15:42 . 2012-03-19 15:42 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 15:42 . 2012-03-19 15:42 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 06:05 . 2012-03-16 06:14 -------- d-----w- c:\users\Nick\AppData\Local\Windows Live
2012-03-15 07:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 07:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:02 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 00:08 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 00:08 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 00:08 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 00:08 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 00:08 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 00:08 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 00:08 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 00:08 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 00:08 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 00:08 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 08:17 . 2012-04-03 19:32 -------- d-----r- c:\users\Nick\Backup
2012-03-12 15:17 . 2012-03-12 15:17 -------- d-----w- c:\program files\iTunes
2012-03-12 15:17 . 2012-03-12 15:17 -------- d-----w- c:\program files (x86)\iTunes
2012-03-12 15:17 . 2012-03-12 15:17 -------- d-----w- c:\program files\iPod
2012-03-11 15:33 . 2012-03-11 15:33 -------- d-----w- C:\DRIVERS
2012-03-10 18:18 . 2012-03-10 18:18 -------- d-----w- c:\users\Nick\AppData\Roaming\MMFApplications
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 15:07 . 2011-08-24 08:48 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2012-03-28 16:26 . 2012-02-13 21:21 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-03-28 16:25 . 2012-02-13 21:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-28 16:25 . 2012-02-13 21:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-08 15:46 . 2012-03-08 15:46 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-03-08 15:46 . 2012-03-08 15:46 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-03-08 15:45 . 2012-03-08 15:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-03-08 15:45 . 2012-03-08 15:45 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-23 13:18 . 2011-12-23 08:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 10:18 . 2012-01-13 16:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-21 10:16 . 2012-02-21 10:16 384 ----a-w- c:\windows\SysWow64\checkOS.bat
2012-02-19 04:50 . 2012-02-19 04:50 690474 ----a-w- c:\windows\SysWow64\adbcnsl.exe
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-13 21:21 . 2012-02-13 21:21 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-02 17:45 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-02-02 17:45 . 2011-02-18 19:49 2851840 ----a-w- c:\windows\system32\themeui.dll
2012-02-02 17:45 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2012-01-30 18:32 . 2012-01-30 18:32 17152 ----a-w- c:\windows\SysWow64\drivers\AiCharger.sys
2012-01-30 18:32 . 2011-08-24 08:46 17152 ----a-w- c:\windows\system32\drivers\AiCharger.sys
2012-01-10 08:44 . 2012-01-10 08:44 65024 ----a-w- c:\windows\system32\drivers\FLxHCIh.sys
2012-01-10 08:44 . 2012-01-10 08:44 219648 ----a-w- c:\windows\system32\drivers\FLxHCIc.sys
2012-01-10 08:44 . 2012-01-10 08:44 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[-] 2011-02-25 . 23065EC18C5A5076A2DC5D8A86582FBA . 2388992 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-04-04_02.03.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-06 00:33 . 2012-04-06 00:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040520120406\index.dat
+ 2012-03-12 03:03 . 2012-04-06 00:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-12 03:03 . 2012-04-03 19:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-07-14 05:10 . 2012-04-06 00:34 48532 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-23 08:08 . 2012-04-06 00:34 7938 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1822004252-3849424344-3602154807-1000_UserData.bin
- 2012-04-03 18:41 . 2012-04-03 18:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-06 00:31 . 2012-04-06 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-06 00:31 . 2012-04-06 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-03 18:41 . 2012-04-03 18:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-12 03:03 . 2012-04-03 18:42 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-12 03:03 . 2012-04-06 00:33 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-04-04 01:46 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-07 18:38 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-07 18:38 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-04 01:46 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-25 02:20 . 2012-04-06 14:13 365668 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-01-01 01:10 . 2012-04-05 20:02 265450 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-04-02 14:19 635590 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 14:16 635590 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 14:16 110274 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-02 14:19 110274 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-03 18:40 474764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-06 00:31 474764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-04-04 01:46 2621440 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-07 18:38 2621440 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-24 08:47 . 2012-04-03 18:40 1327688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-24 08:47 . 2012-04-06 00:31 1327688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-29 20:52 . 2012-04-06 00:31 1236496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-02-29 20:52 . 2012-04-03 18:40 1236496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-04-02 22:38 . 2012-04-02 22:38 8006656 c:\windows\Installer\485ac70.msi
+ 2011-12-23 08:02 . 2012-04-06 00:31 30521820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1822004252-3849424344-3602154807-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-23 1242448]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-04 740216]
"MusicManager"="c:\users\Nick\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288]
"Nexus"="c:\program files (x86)\Winstep\Nexus.exe" [2012-03-28 16957056]
"F.lux"="c:\users\Nick\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"mDesktop"="c:\program files (x86)\mDesktop\mDesktop.exe" [2011-10-20 305270]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-08-24 3058304]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-04-08 45448]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-06 102568]
"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2012-01-15 48128]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Update"="c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\Adobe\wmgaaaizl.dll" [2012-04-03 558592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2011-04-02 232912]
.
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-2 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\SysWOW64\adbcnsl.exe [2012-02-19 690474]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-08-24 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-24 79360]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USB_FPRd;FingerPrinterReader;c:\windows\system32\Drivers\UT_FPRd.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2010-07-27 113840]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-03-26 91464]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-01-30 17152]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822004252-3849424344-3602154807-1000Core.job
- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05 01:24]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822004252-3849424344-3602154807-1000UA.job
- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05 01:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.67.220.220 206.64.198.20
TCP: Interfaces\{A34759CB-31B1-49E8-9DE3-397B9747CDBB}: NameServer = 205.242.187.234,8.8.4.4
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\8ina8sdj.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,38,12,aa,f5,03,
89,33,40,ba,0e,f9,17,52,ec,1a,81,c5,32
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ca,51,49,7a,f1,05,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-07 14:53:44
ComboFix-quarantined-files.txt 2012-04-07 18:53
ComboFix2.txt 2012-04-04 02:04
.
Pre-Run: 87,582,097,408 bytes free
Post-Run: 87,542,181,888 bytes free
.
- - End Of File - - 5706392E3879FDCEB79844CEFBCCCFF4

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 07 April 2012 - 05:54 PM

Hello


I would like you to check which browsers are redirecting and check all that are installed on the computer


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 p0ndo

p0ndo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 April 2012 - 12:24 PM

Ok, so I ran tdsskiller and aswmbr, logs are below. I'm still experiencing the same symptoms. The redirects seem to happen whenever I open a new session, after clicking a link on my first search, and sporadically after that.

Additionally, I've begun receiving strange adverts on my phone via text, which has me worried that my machine's been compromised.

Thank you for your continuing assistance.




01:27:36.0740 7868 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
01:27:36.0993 7868 ============================================================
01:27:36.0993 7868 Current date / time: 2012/04/08 01:27:36.0993
01:27:36.0993 7868 SystemInfo:
01:27:36.0993 7868
01:27:36.0993 7868 OS Version: 6.1.7601 ServicePack: 1.0
01:27:36.0993 7868 Product type: Workstation
01:27:36.0993 7868 ComputerName: NICK-PC
01:27:36.0993 7868 UserName: Nick
01:27:36.0993 7868 Windows directory: C:\Windows
01:27:36.0993 7868 System windows directory: C:\Windows
01:27:36.0993 7868 Running under WOW64
01:27:36.0993 7868 Processor architecture: Intel x64
01:27:36.0993 7868 Number of processors: 8
01:27:36.0993 7868 Page size: 0x1000
01:27:36.0993 7868 Boot type: Normal boot
01:27:36.0993 7868 ============================================================
01:27:37.0316 7868 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:27:37.0320 7868 \Device\Harddisk0\DR0:
01:27:37.0321 7868 MBR used
01:27:37.0321 7868 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x37184441
01:27:37.0346 7868 Initialize success
01:27:37.0346 7868 ============================================================
01:27:39.0780 6060 ============================================================
01:27:39.0780 6060 Scan started
01:27:39.0780 6060 Mode: Manual;
01:27:39.0780 6060 ============================================================
01:27:40.0373 6060 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:27:40.0374 6060 1394ohci - ok
01:27:40.0403 6060 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:27:40.0405 6060 ACPI - ok
01:27:40.0423 6060 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:27:40.0424 6060 AcpiPmi - ok
01:27:40.0482 6060 Adobe Licensing Console (5204c43d66c95c89db0ff54f08a0a85b) C:\Windows\SysWOW64\adbcnsl.exe
01:27:40.0486 6060 Adobe Licensing Console - ok
01:27:40.0515 6060 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
01:27:40.0517 6060 adp94xx - ok
01:27:40.0533 6060 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
01:27:40.0534 6060 adpahci - ok
01:27:40.0551 6060 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
01:27:40.0552 6060 adpu320 - ok
01:27:40.0576 6060 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:27:40.0577 6060 AeLookupSvc - ok
01:27:40.0616 6060 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:27:40.0619 6060 AFD - ok
01:27:40.0662 6060 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
01:27:40.0668 6060 AgereSoftModem - ok
01:27:40.0689 6060 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:27:40.0689 6060 agp440 - ok
01:27:40.0734 6060 AiCharger (16f6f6b7903b913ab41ab848c8bb5658) C:\Windows\system32\DRIVERS\AiCharger.sys
01:27:40.0734 6060 AiCharger - ok
01:27:40.0762 6060 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:27:40.0763 6060 ALG - ok
01:27:40.0796 6060 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:27:40.0796 6060 aliide - ok
01:27:40.0823 6060 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:27:40.0823 6060 amdide - ok
01:27:40.0851 6060 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
01:27:40.0852 6060 AmdK8 - ok
01:27:40.0860 6060 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
01:27:40.0860 6060 AmdPPM - ok
01:27:40.0893 6060 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:27:40.0893 6060 amdsata - ok
01:27:40.0926 6060 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
01:27:40.0930 6060 amdsbs - ok
01:27:40.0950 6060 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:27:40.0951 6060 amdxata - ok
01:27:40.0979 6060 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:27:40.0981 6060 AppID - ok
01:27:41.0004 6060 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:27:41.0006 6060 AppIDSvc - ok
01:27:41.0020 6060 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:27:41.0021 6060 Appinfo - ok
01:27:41.0144 6060 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:27:41.0147 6060 Apple Mobile Device - ok
01:27:41.0216 6060 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
01:27:41.0218 6060 arc - ok
01:27:41.0245 6060 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
01:27:41.0247 6060 arcsas - ok
01:27:41.0326 6060 ASLDRService (a3626c6d3f2dc95497f3f61842d7fd89) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
01:27:41.0329 6060 ASLDRService - ok
01:27:41.0351 6060 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
01:27:41.0353 6060 ASMMAP64 - ok
01:27:41.0388 6060 AsusUacSvc (b6ef28ecee73b624d56df30ad562ae8d) C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
01:27:41.0391 6060 AsusUacSvc - ok
01:27:41.0465 6060 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
01:27:41.0467 6060 aswFsBlk - ok
01:27:41.0513 6060 aswFW (ffe56ac75a257141561daf42c3f7d16b) C:\Windows\system32\drivers\aswFW.sys
01:27:41.0516 6060 aswFW - ok
01:27:41.0561 6060 aswKbd (316271cc32fdfffcdb30677684906d5e) C:\Windows\system32\drivers\aswKbd.sys
01:27:41.0563 6060 aswKbd - ok
01:27:41.0603 6060 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
01:27:41.0604 6060 aswMonFlt - ok
01:27:41.0649 6060 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
01:27:41.0651 6060 aswNdis - ok
01:27:41.0684 6060 aswNdis2 (36dbcb80e0af1dc228f495faf00a4bc8) C:\Windows\system32\drivers\aswNdis2.sys
01:27:41.0689 6060 aswNdis2 - ok
01:27:41.0721 6060 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
01:27:41.0723 6060 aswRdr - ok
01:27:41.0781 6060 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
01:27:41.0793 6060 aswSnx - ok
01:27:41.0824 6060 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
01:27:41.0829 6060 aswSP - ok
01:27:41.0894 6060 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
01:27:41.0896 6060 aswTdi - ok
01:27:41.0941 6060 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:27:41.0942 6060 AsyncMac - ok
01:27:41.0981 6060 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:27:41.0983 6060 atapi - ok
01:27:42.0011 6060 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
01:27:42.0013 6060 AthBTPort - ok
01:27:42.0065 6060 Atheros Bt&Wlan Coex Agent (4c4a576818ea028257c624ae36ff7a03) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
01:27:42.0068 6060 Atheros Bt&Wlan Coex Agent - ok
01:27:42.0081 6060 AtherosSvc (21753130331188c4b474e1d3b396e629) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
01:27:42.0083 6060 AtherosSvc - ok
01:27:42.0162 6060 athr (b4174564ad5834a1680610572477878c) C:\Windows\system32\DRIVERS\athrx.sys
01:27:42.0183 6060 athr - ok
01:27:42.0224 6060 ATKGFNEXSrv (dbc598e47e7a382e60e2a4745d41fef9) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
01:27:42.0226 6060 ATKGFNEXSrv - ok
01:27:42.0267 6060 ATKWMIACPIIO_ (41ceaffcf3550785e59e3ec9bee8d97a) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
01:27:42.0268 6060 ATKWMIACPIIO_ - ok
01:27:42.0323 6060 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:27:42.0343 6060 AudioEndpointBuilder - ok
01:27:42.0362 6060 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:27:42.0372 6060 AudioSrv - ok
01:27:42.0401 6060 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
01:27:42.0402 6060 avast! Antivirus - ok
01:27:42.0454 6060 avast! Firewall (7d465549dfb0eca6601e9609c72cd20a) C:\Program Files\AVAST Software\Avast\afwServ.exe
01:27:42.0457 6060 avast! Firewall - ok
01:27:42.0483 6060 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:27:42.0486 6060 AxInstSV - ok
01:27:42.0541 6060 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
01:27:42.0549 6060 b06bdrv - ok
01:27:42.0570 6060 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:27:42.0572 6060 b57nd60a - ok
01:27:42.0592 6060 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:27:42.0594 6060 BDESVC - ok
01:27:42.0607 6060 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:27:42.0608 6060 Beep - ok
01:27:42.0656 6060 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:27:42.0676 6060 BFE - ok
01:27:42.0720 6060 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
01:27:42.0735 6060 BITS - ok
01:27:42.0760 6060 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:27:42.0761 6060 blbdrive - ok
01:27:42.0820 6060 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
01:27:42.0828 6060 Bonjour Service - ok
01:27:42.0868 6060 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:27:42.0871 6060 bowser - ok
01:27:42.0889 6060 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
01:27:42.0890 6060 BrFiltLo - ok
01:27:42.0909 6060 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
01:27:42.0910 6060 BrFiltUp - ok
01:27:42.0921 6060 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:27:42.0923 6060 Bridge - ok
01:27:42.0950 6060 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:27:42.0952 6060 BridgeMP - ok
01:27:42.0975 6060 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:27:42.0978 6060 Browser - ok
01:27:43.0001 6060 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:27:43.0005 6060 Brserid - ok
01:27:43.0020 6060 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:27:43.0022 6060 BrSerWdm - ok
01:27:43.0041 6060 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:27:43.0042 6060 BrUsbMdm - ok
01:27:43.0059 6060 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:27:43.0060 6060 BrUsbSer - ok
01:27:43.0120 6060 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
01:27:43.0124 6060 BTATH_A2DP - ok
01:27:43.0159 6060 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
01:27:43.0160 6060 BTATH_BUS - ok
01:27:43.0173 6060 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
01:27:43.0176 6060 BTATH_HCRP - ok
01:27:43.0192 6060 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
01:27:43.0193 6060 BTATH_LWFLT - ok
01:27:43.0206 6060 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
01:27:43.0209 6060 BTATH_RCP - ok
01:27:43.0261 6060 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys
01:27:43.0265 6060 BtFilter - ok
01:27:43.0302 6060 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
01:27:43.0304 6060 BthEnum - ok
01:27:43.0330 6060 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
01:27:43.0332 6060 BTHMODEM - ok
01:27:43.0350 6060 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
01:27:43.0353 6060 BthPan - ok
01:27:43.0378 6060 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
01:27:43.0385 6060 BTHPORT - ok
01:27:43.0414 6060 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:27:43.0417 6060 bthserv - ok
01:27:43.0438 6060 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
01:27:43.0439 6060 BTHUSB - ok
01:27:43.0451 6060 catchme - ok
01:27:43.0473 6060 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:27:43.0475 6060 cdfs - ok
01:27:43.0510 6060 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:27:43.0513 6060 cdrom - ok
01:27:43.0543 6060 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:27:43.0545 6060 CertPropSvc - ok
01:27:43.0567 6060 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
01:27:43.0568 6060 circlass - ok
01:27:43.0592 6060 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:27:43.0597 6060 CLFS - ok
01:27:43.0641 6060 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:27:43.0644 6060 clr_optimization_v2.0.50727_32 - ok
01:27:43.0689 6060 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:27:43.0692 6060 clr_optimization_v2.0.50727_64 - ok
01:27:43.0742 6060 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:27:43.0744 6060 clr_optimization_v4.0.30319_32 - ok
01:27:43.0774 6060 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:27:43.0777 6060 clr_optimization_v4.0.30319_64 - ok
01:27:43.0824 6060 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:27:43.0825 6060 CmBatt - ok
01:27:43.0844 6060 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:27:43.0845 6060 cmdide - ok
01:27:43.0888 6060 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:27:43.0894 6060 CNG - ok
01:27:43.0916 6060 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
01:27:43.0917 6060 Compbatt - ok
01:27:43.0950 6060 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
01:27:43.0952 6060 CompositeBus - ok
01:27:43.0968 6060 COMSysApp - ok
01:27:43.0983 6060 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
01:27:43.0985 6060 crcdisk - ok
01:27:44.0038 6060 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
01:27:44.0041 6060 Creative ALchemy AL6 Licensing Service - ok
01:27:44.0055 6060 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
01:27:44.0057 6060 Creative Audio Engine Licensing Service - ok
01:27:44.0085 6060 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
01:27:44.0089 6060 CryptSvc - ok
01:27:44.0161 6060 CrystalSysInfo (5228b7a738dc90a06ae4f4a7412cb1e9) C:\Program Files\MediaCoder\SysInfoX64.sys
01:27:44.0162 6060 CrystalSysInfo - ok
01:27:44.0205 6060 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:27:44.0221 6060 DcomLaunch - ok
01:27:44.0250 6060 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:27:44.0257 6060 defragsvc - ok
01:27:44.0306 6060 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:27:44.0309 6060 DfsC - ok
01:27:44.0347 6060 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:27:44.0354 6060 Dhcp - ok
01:27:44.0376 6060 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:27:44.0377 6060 discache - ok
01:27:44.0409 6060 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
01:27:44.0411 6060 Disk - ok
01:27:44.0444 6060 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:27:44.0450 6060 Dnscache - ok
01:27:44.0475 6060 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:27:44.0481 6060 dot3svc - ok
01:27:44.0515 6060 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:27:44.0520 6060 DPS - ok
01:27:44.0546 6060 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:27:44.0547 6060 drmkaud - ok
01:27:44.0582 6060 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:27:44.0596 6060 DXGKrnl - ok
01:27:44.0620 6060 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:27:44.0625 6060 EapHost - ok
01:27:44.0721 6060 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
01:27:44.0744 6060 ebdrv - ok
01:27:44.0780 6060 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:27:44.0781 6060 EFS - ok
01:27:44.0824 6060 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:27:44.0835 6060 ehRecvr - ok
01:27:44.0874 6060 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:27:44.0877 6060 ehSched - ok
01:27:44.0921 6060 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
01:27:44.0928 6060 elxstor - ok
01:27:44.0959 6060 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
01:27:44.0961 6060 epmntdrv - ok
01:27:44.0976 6060 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:27:44.0977 6060 ErrDev - ok
01:27:45.0035 6060 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
01:27:45.0038 6060 EuGdiDrv - ok
01:27:45.0063 6060 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:27:45.0070 6060 EventSystem - ok
01:27:45.0089 6060 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:27:45.0091 6060 exfat - ok
01:27:45.0113 6060 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:27:45.0115 6060 fastfat - ok
01:27:45.0135 6060 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:27:45.0142 6060 Fax - ok
01:27:45.0163 6060 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
01:27:45.0164 6060 fdc - ok
01:27:45.0182 6060 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:27:45.0184 6060 fdPHost - ok
01:27:45.0200 6060 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:27:45.0203 6060 FDResPub - ok
01:27:45.0221 6060 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:27:45.0222 6060 FileInfo - ok
01:27:45.0239 6060 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:27:45.0240 6060 Filetrace - ok
01:27:45.0258 6060 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
01:27:45.0259 6060 flpydisk - ok
01:27:45.0290 6060 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:27:45.0292 6060 FltMgr - ok
01:27:45.0334 6060 FLxHCIc (bfda4d45d7c3e278d46f5bb0e5348c56) C:\Windows\system32\DRIVERS\FLxHCIc.sys
01:27:45.0336 6060 FLxHCIc - ok
01:27:45.0352 6060 FLxHCIh (7dab83e54f868806d919384ac3def762) C:\Windows\system32\DRIVERS\FLxHCIh.sys
01:27:45.0353 6060 FLxHCIh - ok
01:27:45.0385 6060 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:27:45.0396 6060 FontCache - ok
01:27:45.0463 6060 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:27:45.0465 6060 FontCache3.0.0.0 - ok
01:27:45.0486 6060 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:27:45.0488 6060 FsDepends - ok
01:27:45.0520 6060 fspad_win764 (3dfa8d4e50d608f8f732014614c84dd2) C:\Windows\system32\DRIVERS\fspad_win764.sys
01:27:45.0522 6060 fspad_win764 - ok
01:27:45.0560 6060 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
01:27:45.0561 6060 fssfltr - ok
01:27:45.0684 6060 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
01:27:45.0703 6060 fsssvc - ok
01:27:45.0724 6060 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
01:27:45.0725 6060 Fs_Rec - ok
01:27:45.0748 6060 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:27:45.0750 6060 fvevol - ok
01:27:45.0779 6060 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
01:27:45.0780 6060 gagp30kx - ok
01:27:45.0807 6060 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:27:45.0808 6060 GEARAspiWDM - ok
01:27:45.0846 6060 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:27:45.0856 6060 gpsvc - ok
01:27:45.0895 6060 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:27:45.0897 6060 gupdate - ok
01:27:45.0919 6060 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:27:45.0920 6060 gupdatem - ok
01:27:45.0933 6060 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:27:45.0934 6060 hcw85cir - ok
01:27:45.0967 6060 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:27:45.0970 6060 HdAudAddService - ok
01:27:46.0000 6060 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:27:46.0002 6060 HDAudBus - ok
01:27:46.0018 6060 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
01:27:46.0019 6060 HidBatt - ok
01:27:46.0031 6060 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
01:27:46.0032 6060 HidBth - ok
01:27:46.0048 6060 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
01:27:46.0049 6060 HidIr - ok
01:27:46.0072 6060 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
01:27:46.0074 6060 hidserv - ok
01:27:46.0098 6060 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:27:46.0099 6060 HidUsb - ok
01:27:46.0117 6060 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:27:46.0119 6060 hkmsvc - ok
01:27:46.0143 6060 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:27:46.0147 6060 HomeGroupListener - ok
01:27:46.0173 6060 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:27:46.0178 6060 HomeGroupProvider - ok
01:27:46.0192 6060 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:27:46.0193 6060 HpSAMD - ok
01:27:46.0228 6060 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:27:46.0235 6060 HTTP - ok
01:27:46.0251 6060 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:27:46.0252 6060 hwpolicy - ok
01:27:46.0274 6060 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
01:27:46.0275 6060 i8042prt - ok
01:27:46.0306 6060 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
01:27:46.0310 6060 iaStor - ok
01:27:46.0335 6060 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:27:46.0339 6060 iaStorV - ok
01:27:46.0401 6060 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:27:46.0408 6060 idsvc - ok
01:27:46.0432 6060 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
01:27:46.0433 6060 iirsp - ok
01:27:46.0468 6060 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:27:46.0477 6060 IKEEXT - ok
01:27:46.0616 6060 IntcAzAudAddService (602788bf364d43e5878aa1b4f85c232b) C:\Windows\system32\drivers\RTKVHD64.sys
01:27:46.0649 6060 IntcAzAudAddService - ok
01:27:46.0680 6060 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:27:46.0681 6060 intelide - ok
01:27:46.0708 6060 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:27:46.0710 6060 intelppm - ok
01:27:46.0741 6060 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:27:46.0747 6060 IPBusEnum - ok
01:27:46.0766 6060 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:27:46.0769 6060 IpFilterDriver - ok
01:27:46.0803 6060 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:27:46.0814 6060 iphlpsvc - ok
01:27:46.0861 6060 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:27:46.0863 6060 IPMIDRV - ok
01:27:46.0881 6060 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:27:46.0884 6060 IPNAT - ok
01:27:46.0957 6060 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
01:27:46.0970 6060 iPod Service - ok
01:27:47.0004 6060 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:27:47.0006 6060 IRENUM - ok
01:27:47.0029 6060 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:27:47.0031 6060 isapnp - ok
01:27:47.0058 6060 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:27:47.0063 6060 iScsiPrt - ok
01:27:47.0103 6060 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:27:47.0104 6060 kbdclass - ok
01:27:47.0130 6060 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
01:27:47.0131 6060 kbdhid - ok
01:27:47.0168 6060 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
01:27:47.0169 6060 kbfiltr - ok
01:27:47.0188 6060 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:27:47.0191 6060 KeyIso - ok
01:27:47.0227 6060 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:27:47.0228 6060 KSecDD - ok
01:27:47.0244 6060 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:27:47.0246 6060 KSecPkg - ok
01:27:47.0265 6060 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:27:47.0266 6060 ksthunk - ok
01:27:47.0302 6060 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:27:47.0309 6060 KtmRm - ok
01:27:47.0338 6060 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
01:27:47.0339 6060 L1C - ok
01:27:47.0363 6060 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
01:27:47.0370 6060 LanmanServer - ok
01:27:47.0401 6060 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:27:47.0408 6060 LanmanWorkstation - ok
01:27:47.0444 6060 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:27:47.0446 6060 lltdio - ok
01:27:47.0484 6060 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:27:47.0490 6060 lltdsvc - ok
01:27:47.0504 6060 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:27:47.0508 6060 lmhosts - ok
01:27:47.0578 6060 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
01:27:47.0583 6060 LMS - ok
01:27:47.0622 6060 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
01:27:47.0624 6060 LSI_FC - ok
01:27:47.0641 6060 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
01:27:47.0643 6060 LSI_SAS - ok
01:27:47.0659 6060 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
01:27:47.0661 6060 LSI_SAS2 - ok
01:27:47.0679 6060 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
01:27:47.0681 6060 LSI_SCSI - ok
01:27:47.0720 6060 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:27:47.0723 6060 luafv - ok
01:27:47.0751 6060 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
01:27:47.0753 6060 ManyCam - ok
01:27:47.0795 6060 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
01:27:47.0796 6060 MBfilt - ok
01:27:47.0821 6060 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:27:47.0826 6060 Mcx2Svc - ok
01:27:47.0848 6060 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
01:27:47.0849 6060 megasas - ok
01:27:47.0872 6060 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
01:27:47.0876 6060 MegaSR - ok
01:27:47.0895 6060 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
01:27:47.0897 6060 MEIx64 - ok
01:27:47.0963 6060 Microsoft SharePoint Workspace Audit Service - ok
01:27:47.0995 6060 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:27:48.0002 6060 MMCSS - ok
01:27:48.0020 6060 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:27:48.0022 6060 Modem - ok
01:27:48.0048 6060 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:27:48.0050 6060 monitor - ok
01:27:48.0076 6060 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:27:48.0078 6060 mouclass - ok
01:27:48.0095 6060 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:27:48.0097 6060 mouhid - ok
01:27:48.0119 6060 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:27:48.0122 6060 mountmgr - ok
01:27:48.0147 6060 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:27:48.0150 6060 mpio - ok
01:27:48.0167 6060 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:27:48.0170 6060 mpsdrv - ok
01:27:48.0198 6060 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
01:27:48.0217 6060 MpsSvc - ok
01:27:48.0238 6060 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:27:48.0240 6060 MRxDAV - ok
01:27:48.0274 6060 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:27:48.0276 6060 mrxsmb - ok
01:27:48.0295 6060 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:27:48.0299 6060 mrxsmb10 - ok
01:27:48.0317 6060 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:27:48.0319 6060 mrxsmb20 - ok
01:27:48.0337 6060 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:27:48.0338 6060 msahci - ok
01:27:48.0355 6060 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:27:48.0357 6060 msdsm - ok
01:27:48.0381 6060 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:27:48.0385 6060 MSDTC - ok
01:27:48.0420 6060 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:27:48.0421 6060 Msfs - ok
01:27:48.0440 6060 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:27:48.0441 6060 mshidkmdf - ok
01:27:48.0458 6060 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:27:48.0459 6060 msisadrv - ok
01:27:48.0495 6060 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:27:48.0499 6060 MSiSCSI - ok
01:27:48.0506 6060 msiserver - ok
01:27:48.0538 6060 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:27:48.0539 6060 MSKSSRV - ok
01:27:48.0587 6060 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:27:48.0589 6060 MSPCLOCK - ok
01:27:48.0605 6060 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:27:48.0607 6060 MSPQM - ok
01:27:48.0631 6060 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:27:48.0636 6060 MsRPC - ok
01:27:48.0674 6060 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
01:27:48.0676 6060 mssmbios - ok
01:27:48.0700 6060 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:27:48.0702 6060 MSTEE - ok
01:27:48.0722 6060 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
01:27:48.0724 6060 MTConfig - ok
01:27:48.0780 6060 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:27:48.0782 6060 Mup - ok
01:27:48.0816 6060 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:27:48.0826 6060 napagent - ok
01:27:48.0869 6060 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:27:48.0873 6060 NativeWifiP - ok
01:27:48.0926 6060 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
01:27:48.0937 6060 NDIS - ok
01:27:48.0986 6060 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:27:48.0988 6060 NdisCap - ok
01:27:49.0052 6060 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:27:49.0054 6060 NdisTapi - ok
01:27:49.0071 6060 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:27:49.0073 6060 Ndisuio - ok
01:27:49.0091 6060 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:27:49.0094 6060 NdisWan - ok
01:27:49.0130 6060 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:27:49.0132 6060 NDProxy - ok
01:27:49.0159 6060 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
01:27:49.0161 6060 Netaapl - ok
01:27:49.0185 6060 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:27:49.0187 6060 NetBIOS - ok
01:27:49.0205 6060 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:27:49.0209 6060 NetBT - ok
01:27:49.0229 6060 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:27:49.0234 6060 Netlogon - ok
01:27:49.0301 6060 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:27:49.0312 6060 Netman - ok
01:27:49.0366 6060 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:27:49.0388 6060 netprofm - ok
01:27:49.0505 6060 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:27:49.0508 6060 NetTcpPortSharing - ok
01:27:49.0645 6060 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
01:27:49.0673 6060 netw5v64 - ok
01:27:49.0756 6060 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
01:27:49.0758 6060 nfrd960 - ok
01:27:49.0793 6060 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:27:49.0807 6060 NlaSvc - ok
01:27:49.0829 6060 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:27:49.0832 6060 Npfs - ok
01:27:49.0862 6060 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:27:49.0869 6060 nsi - ok
01:27:49.0895 6060 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:27:49.0897 6060 nsiproxy - ok
01:27:49.0976 6060 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:27:49.0995 6060 Ntfs - ok
01:27:50.0029 6060 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:27:50.0030 6060 Null - ok
01:27:50.0058 6060 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
01:27:50.0060 6060 NVHDA - ok
01:27:50.0284 6060 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:27:50.0341 6060 nvlddmkm - ok
01:27:50.0376 6060 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:27:50.0377 6060 nvraid - ok
01:27:50.0400 6060 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:27:50.0402 6060 nvstor - ok
01:27:50.0478 6060 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
01:27:50.0495 6060 nvsvc - ok
01:27:50.0621 6060 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
01:27:50.0637 6060 nvUpdatusService - ok
01:27:50.0655 6060 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:27:50.0656 6060 nv_agp - ok
01:27:50.0670 6060 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:27:50.0671 6060 ohci1394 - ok
01:27:50.0730 6060 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:27:50.0733 6060 ose - ok
01:27:50.0893 6060 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:27:50.0920 6060 osppsvc - ok
01:27:50.0988 6060 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:27:50.0999 6060 p2pimsvc - ok
01:27:51.0024 6060 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:27:51.0033 6060 p2psvc - ok
01:27:51.0070 6060 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
01:27:51.0072 6060 Parport - ok
01:27:51.0096 6060 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
01:27:51.0098 6060 partmgr - ok
01:27:51.0113 6060 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:27:51.0120 6060 PcaSvc - ok
01:27:51.0139 6060 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:27:51.0142 6060 pci - ok
01:27:51.0161 6060 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:27:51.0162 6060 pciide - ok
01:27:51.0183 6060 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
01:27:51.0187 6060 pcmcia - ok
01:27:51.0203 6060 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:27:51.0205 6060 pcw - ok
01:27:51.0233 6060 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:27:51.0241 6060 PEAUTH - ok
01:27:51.0280 6060 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:27:51.0284 6060 PerfHost - ok
01:27:51.0331 6060 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:27:51.0344 6060 pla - ok
01:27:51.0432 6060 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:27:51.0453 6060 PlugPlay - ok
01:27:51.0470 6060 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:27:51.0475 6060 PNRPAutoReg - ok
01:27:51.0503 6060 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:27:51.0510 6060 PNRPsvc - ok
01:27:51.0546 6060 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:27:51.0554 6060 PolicyAgent - ok
01:27:51.0579 6060 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:27:51.0586 6060 Power - ok
01:27:51.0606 6060 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:27:51.0608 6060 PptpMiniport - ok
01:27:51.0627 6060 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
01:27:51.0628 6060 Processor - ok
01:27:51.0655 6060 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
01:27:51.0659 6060 ProfSvc - ok
01:27:51.0679 6060 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:27:51.0681 6060 ProtectedStorage - ok
01:27:51.0712 6060 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:27:51.0713 6060 Psched - ok
01:27:51.0773 6060 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
01:27:51.0794 6060 ql2300 - ok
01:27:51.0819 6060 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
01:27:51.0821 6060 ql40xx - ok
01:27:51.0846 6060 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:27:51.0852 6060 QWAVE - ok
01:27:51.0869 6060 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:27:51.0871 6060 QWAVEdrv - ok
01:27:51.0892 6060 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:27:51.0894 6060 RasAcd - ok
01:27:51.0912 6060 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:27:51.0914 6060 RasAgileVpn - ok
01:27:51.0930 6060 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:27:51.0935 6060 RasAuto - ok
01:27:51.0946 6060 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:27:51.0948 6060 Rasl2tp - ok
01:27:51.0968 6060 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:27:51.0975 6060 RasMan - ok
01:27:51.0990 6060 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:27:51.0992 6060 RasPppoe - ok
01:27:52.0007 6060 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:27:52.0009 6060 RasSstp - ok
01:27:52.0026 6060 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:27:52.0030 6060 rdbss - ok
01:27:52.0050 6060 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
01:27:52.0051 6060 rdpbus - ok
01:27:52.0073 6060 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:27:52.0074 6060 RDPCDD - ok
01:27:52.0090 6060 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:27:52.0092 6060 RDPENCDD - ok
01:27:52.0110 6060 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:27:52.0112 6060 RDPREFMP - ok
01:27:52.0166 6060 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
01:27:52.0171 6060 RDPWD - ok
01:27:52.0196 6060 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:27:52.0199 6060 rdyboost - ok
01:27:52.0225 6060 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:27:52.0229 6060 RemoteAccess - ok
01:27:52.0244 6060 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:27:52.0250 6060 RemoteRegistry - ok
01:27:52.0272 6060 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
01:27:52.0275 6060 RFCOMM - ok
01:27:52.0307 6060 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:27:52.0313 6060 RpcEptMapper - ok
01:27:52.0336 6060 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:27:52.0340 6060 RpcLocator - ok
01:27:52.0360 6060 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:27:52.0371 6060 RpcSs - ok
01:27:52.0389 6060 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:27:52.0391 6060 rspndr - ok
01:27:52.0427 6060 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
01:27:52.0431 6060 RSUSBVSTOR - ok
01:27:52.0468 6060 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
01:27:52.0474 6060 RTL8167 - ok
01:27:52.0496 6060 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:27:52.0499 6060 SamSs - ok
01:27:52.0516 6060 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:27:52.0518 6060 sbp2port - ok
01:27:52.0537 6060 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:27:52.0544 6060 SCardSvr - ok
01:27:52.0591 6060 SCDEmu (3ac948640421e3891a49aa83c6b77b7a) C:\Windows\system32\drivers\SCDEmu.sys
01:27:52.0593 6060 SCDEmu - ok
01:27:52.0603 6060 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:27:52.0605 6060 scfilter - ok
01:27:52.0648 6060 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:27:52.0663 6060 Schedule - ok
01:27:52.0692 6060 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:27:52.0695 6060 SCPolicySvc - ok
01:27:52.0729 6060 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
01:27:52.0733 6060 sdbus - ok
01:27:52.0757 6060 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:27:52.0767 6060 SDRSVC - ok
01:27:52.0792 6060 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:27:52.0794 6060 secdrv - ok
01:27:52.0811 6060 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:27:52.0819 6060 seclogon - ok
01:27:52.0831 6060 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
01:27:52.0840 6060 SENS - ok
01:27:52.0867 6060 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:27:52.0876 6060 SensrSvc - ok
01:27:52.0903 6060 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
01:27:52.0906 6060 Serenum - ok
01:27:52.0923 6060 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
01:27:52.0926 6060 Serial - ok
01:27:52.0945 6060 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
01:27:52.0947 6060 sermouse - ok
01:27:52.0979 6060 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:27:52.0988 6060 SessionEnv - ok
01:27:53.0010 6060 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:27:53.0012 6060 sffdisk - ok
01:27:53.0032 6060 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:27:53.0034 6060 sffp_mmc - ok
01:27:53.0052 6060 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:27:53.0054 6060 sffp_sd - ok
01:27:53.0071 6060 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
01:27:53.0074 6060 sfloppy - ok
01:27:53.0115 6060 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:27:53.0125 6060 SharedAccess - ok
01:27:53.0154 6060 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:27:53.0163 6060 ShellHWDetection - ok
01:27:53.0182 6060 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
01:27:53.0183 6060 SiSGbeLH - ok
01:27:53.0225 6060 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
01:27:53.0227 6060 SiSRaid2 - ok
01:27:53.0241 6060 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
01:27:53.0242 6060 SiSRaid4 - ok
01:27:53.0253 6060 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:27:53.0255 6060 Smb - ok
01:27:53.0292 6060 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:27:53.0297 6060 SNMPTRAP - ok
01:27:53.0342 6060 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
01:27:53.0346 6060 speedfan - ok
01:27:53.0360 6060 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:27:53.0361 6060 spldr - ok
01:27:53.0390 6060 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:27:53.0400 6060 Spooler - ok
01:27:53.0502 6060 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:27:53.0535 6060 sppsvc - ok
01:27:53.0551 6060 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:27:53.0555 6060 sppuinotify - ok
01:27:53.0584 6060 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:27:53.0588 6060 srv - ok
01:27:53.0607 6060 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:27:53.0611 6060 srv2 - ok
01:27:53.0625 6060 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:27:53.0627 6060 srvnet - ok
01:27:53.0651 6060 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:27:53.0657 6060 SSDPSRV - ok
01:27:53.0674 6060 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:27:53.0679 6060 SstpSvc - ok
01:27:53.0751 6060 Steam Client Service - ok
01:27:53.0822 6060 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:27:53.0828 6060 Stereo Service - ok
01:27:53.0855 6060 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
01:27:53.0857 6060 stexstor - ok
01:27:53.0898 6060 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:27:53.0932 6060 stisvc - ok
01:27:53.0959 6060 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
01:27:53.0961 6060 swenum - ok
01:27:54.0019 6060 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
01:27:54.0027 6060 SwitchBoard - ok
01:27:54.0055 6060 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:27:54.0063 6060 swprv - ok
01:27:54.0103 6060 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:27:54.0123 6060 SysMain - ok
01:27:54.0135 6060 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:27:54.0138 6060 TabletInputService - ok
01:27:54.0153 6060 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:27:54.0157 6060 TapiSrv - ok
01:27:54.0171 6060 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:27:54.0174 6060 TBS - ok
01:27:54.0243 6060 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
01:27:54.0259 6060 Tcpip - ok
01:27:54.0306 6060 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
01:27:54.0318 6060 TCPIP6 - ok
01:27:54.0341 6060 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:27:54.0342 6060 tcpipreg - ok
01:27:54.0367 6060 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:27:54.0368 6060 TDPIPE - ok
01:27:54.0407 6060 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:27:54.0409 6060 TDTCP - ok
01:27:54.0438 6060 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:27:54.0441 6060 tdx - ok
01:27:54.0454 6060 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
01:27:54.0456 6060 TermDD - ok
01:27:54.0487 6060 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:27:54.0499 6060 TermService - ok
01:27:54.0524 6060 Themes (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll
01:27:54.0531 6060 Themes - ok
01:27:54.0561 6060 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:27:54.0565 6060 THREADORDER - ok
01:27:54.0586 6060 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:27:54.0593 6060 TrkWks - ok
01:27:54.0628 6060 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:27:54.0631 6060 TrustedInstaller - ok
01:27:54.0649 6060 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:27:54.0651 6060 tssecsrv - ok
01:27:54.0675 6060 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:27:54.0676 6060 TsUsbFlt - ok
01:27:54.0696 6060 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
01:27:54.0697 6060 TsUsbGD - ok
01:27:54.0717 6060 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:27:54.0719 6060 tunnel - ok
01:27:54.0752 6060 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
01:27:54.0754 6060 TurboB - ok
01:27:54.0851 6060 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
01:27:54.0855 6060 TurboBoost - ok
01:27:54.0874 6060 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
01:27:54.0877 6060 uagp35 - ok
01:27:54.0908 6060 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:27:54.0912 6060 udfs - ok
01:27:54.0942 6060 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:27:54.0948 6060 UI0Detect - ok
01:27:54.0978 6060 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:27:54.0980 6060 uliagpkx - ok
01:27:55.0004 6060 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
01:27:55.0005 6060 umbus - ok
01:27:55.0027 6060 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:27:55.0028 6060 UmPass - ok
01:27:55.0131 6060 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
01:27:55.0153 6060 UNS - ok
01:27:55.0175 6060 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:27:55.0179 6060 upnphost - ok
01:27:55.0210 6060 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
01:27:55.0213 6060 USBAAPL64 - ok
01:27:55.0234 6060 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:27:55.0237 6060 usbccgp - ok
01:27:55.0257 6060 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:27:55.0259 6060 usbcir - ok
01:27:55.0279 6060 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
01:27:55.0280 6060 usbehci - ok
01:27:55.0304 6060 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:27:55.0307 6060 usbhub - ok
01:27:55.0330 6060 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
01:27:55.0331 6060 usbohci - ok
01:27:55.0361 6060 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:27:55.0362 6060 usbprint - ok
01:27:55.0385 6060 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:27:55.0387 6060 usbscan - ok
01:27:55.0405 6060 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:27:55.0407 6060 USBSTOR - ok
01:27:55.0417 6060 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
01:27:55.0418 6060 usbuhci - ok
01:27:55.0440 6060 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
01:27:55.0443 6060 usbvideo - ok
01:27:55.0484 6060 USB_FPRd (2c0d1299093c9756be55e44edc5f1399) C:\Windows\system32\Drivers\UT_FPRd.sys
01:27:55.0487 6060 USB_FPRd - ok
01:27:55.0513 6060 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:27:55.0523 6060 UxSms - ok
01:27:55.0545 6060 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:27:55.0549 6060 VaultSvc - ok
01:27:55.0567 6060 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:27:55.0569 6060 vdrvroot - ok
01:27:55.0586 6060 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:27:55.0598 6060 vds - ok
01:27:55.0621 6060 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:27:55.0623 6060 vga - ok
01:27:55.0643 6060 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:27:55.0645 6060 VgaSave - ok
01:27:55.0665 6060 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:27:55.0668 6060 vhdmp - ok
01:27:55.0696 6060 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:27:55.0698 6060 viaide - ok
01:27:55.0727 6060 VideAceWindowsService (c37ce43fb54066ffb540729c6e6e194e) C:\ExpressGateUtil\VAWinService.exe
01:27:55.0729 6060 VideAceWindowsService - ok
01:27:55.0748 6060 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:27:55.0750 6060 volmgr - ok
01:27:55.0776 6060 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:27:55.0781 6060 volmgrx - ok
01:27:55.0828 6060 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:27:55.0832 6060 volsnap - ok
01:27:55.0865 6060 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
01:27:55.0868 6060 vsmraid - ok
01:27:55.0916 6060 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:27:55.0933 6060 VSS - ok
01:27:55.0948 6060 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
01:27:55.0949 6060 vwifibus - ok
01:27:55.0966 6060 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:27:55.0967 6060 vwififlt - ok
01:27:55.0978 6060 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:27:55.0982 6060 W32Time - ok
01:27:56.0002 6060 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
01:27:56.0003 6060 WacomPen - ok
01:27:56.0022 6060 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:27:56.0025 6060 WANARP - ok
01:27:56.0032 6060 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:27:56.0035 6060 Wanarpv6 - ok
01:27:56.0116 6060 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
01:27:56.0131 6060 WatAdminSvc - ok
01:27:56.0182 6060 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:27:56.0203 6060 wbengine - ok
01:27:56.0217 6060 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:27:56.0223 6060 WbioSrvc - ok
01:27:56.0234 6060 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:27:56.0241 6060 wcncsvc - ok
01:27:56.0254 6060 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:27:56.0259 6060 WcsPlugInService - ok
01:27:56.0277 6060 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
01:27:56.0278 6060 Wd - ok
01:27:56.0302 6060 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:27:56.0305 6060 Wdf01000 - ok
01:27:56.0320 6060 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:27:56.0323 6060 WdiServiceHost - ok
01:27:56.0326 6060 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:27:56.0329 6060 WdiSystemHost - ok
01:27:56.0344 6060 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:27:56.0347 6060 WebClient - ok
01:27:56.0367 6060 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:27:56.0371 6060 Wecsvc - ok
01:27:56.0389 6060 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:27:56.0392 6060 wercplsupport - ok
01:27:56.0415 6060 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:27:56.0419 6060 WerSvc - ok
01:27:56.0439 6060 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:27:56.0440 6060 WfpLwf - ok
01:27:56.0471 6060 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
01:27:56.0473 6060 WimFltr - ok
01:27:56.0492 6060 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:27:56.0493 6060 WIMMount - ok
01:27:56.0554 6060 WinDefend - ok
01:27:56.0560 6060 WinHttpAutoProxySvc - ok
01:27:56.0609 6060 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:27:56.0614 6060 Winmgmt - ok
01:27:56.0659 6060 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:27:56.0678 6060 WinRM - ok
01:27:56.0704 6060 Winstep Xtreme Service - ok
01:27:56.0737 6060 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
01:27:56.0738 6060 WinUsb - ok
01:27:56.0772 6060 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:27:56.0781 6060 Wlansvc - ok
01:27:56.0842 6060 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:27:56.0844 6060 wlcrasvc - ok
01:27:56.0956 6060 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:27:56.0984 6060 wlidsvc - ok
01:27:57.0006 6060 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:27:57.0007 6060 WmiAcpi - ok
01:27:57.0062 6060 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:27:57.0067 6060 wmiApSrv - ok
01:27:57.0135 6060 WMPNetworkSvc - ok
01:27:57.0163 6060 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:27:57.0171 6060 WPCSvc - ok
01:27:57.0192 6060 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:27:57.0201 6060 WPDBusEnum - ok
01:27:57.0220 6060 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:27:57.0222 6060 ws2ifsl - ok
01:27:57.0240 6060 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
01:27:57.0248 6060 wscsvc - ok
01:27:57.0257 6060 WSearch - ok
01:27:57.0310 6060 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
01:27:57.0332 6060 wuauserv - ok
01:27:57.0350 6060 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:27:57.0352 6060 WudfPf - ok
01:27:57.0378 6060 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:27:57.0380 6060 WUDFRd - ok
01:27:57.0418 6060 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:27:57.0423 6060 wudfsvc - ok
01:27:57.0442 6060 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:27:57.0448 6060 WwanSvc - ok
01:27:57.0524 6060 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
01:27:57.0527 6060 xusb21 - ok
01:27:57.0583 6060 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:27:57.0652 6060 \Device\Harddisk0\DR0 - ok
01:27:57.0658 6060 Boot (0x1200) (e17f15c956449a917836a5298ab85b2f) \Device\Harddisk0\DR0\Partition0
01:27:57.0660 6060 \Device\Harddisk0\DR0\Partition0 - ok
01:27:57.0661 6060 ============================================================
01:27:57.0661 6060 Scan finished
01:27:57.0661 6060 ============================================================
01:27:57.0681 6704 Detected object count: 0
01:27:57.0681 6704 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-08 01:30:04
-----------------------------
01:30:04.650 OS Version: Windows x64 6.1.7601 Service Pack 1
01:30:04.650 Number of processors: 8 586 0x2A07
01:30:04.651 ComputerName: NICK-PC UserName: Nick
01:30:06.497 Initialize success
01:30:06.526 AVAST engine defs: 12040701
01:30:14.527 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:30:14.532 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
01:30:14.590 Disk 0 MBR read successfully
01:30:14.596 Disk 0 MBR scan
01:30:14.604 Disk 0 Windows 7 default MBR code
01:30:14.610 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
01:30:14.632 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 451336 MB offset 52430848
01:30:14.648 Disk 0 scanning C:\Windows\system32\drivers
01:30:20.051 Service scanning
01:30:31.743 Modules scanning
01:30:31.760 Disk 0 trace - called modules:
01:30:31.821 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
01:30:31.831 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a4bb060]
01:30:31.843 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa800a1fae40]
01:30:31.853 5 ACPI.sys[fffff88000f4a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a200050]
01:30:33.335 AVAST engine scan C:\Windows
01:30:36.440 AVAST engine scan C:\Windows\system32
01:32:04.088 AVAST engine scan C:\Windows\system32\drivers
01:32:10.886 AVAST engine scan C:\Users\Nick
01:39:42.999 AVAST engine scan C:\ProgramData
01:40:29.413 Scan finished successfully
02:26:38.401 Disk 0 MBR has been saved successfully to "C:\Users\Nick\Desktop\MBR.dat"
02:26:38.407 The log file has been saved successfully to "C:\Users\Nick\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 08 April 2012 - 12:29 PM

Hello


I would like you to check which browsers are redirecting and check all that are installed on the computer




what did you find out


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 p0ndo

p0ndo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 April 2012 - 12:44 PM

I've been able to replicate the problem in primary browser, Mozilla Firefox 11.0 and my secondary browser Google Chrome 18.0.1025.151. I don't really use Internet Explorer 9 at all. I checked all addons and extensions for every browser thoroughly and found nothing that I haven't installed myself from a legitimate source as far as I can tell at least.

#9 p0ndo

p0ndo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 April 2012 - 12:46 PM

I'm currently trying to replicate the problem by doing searches in IE, however, it does not surface for a few hours sometimes, other times it's been incessant (like when I was doing a 40 page lab write up)

#10 p0ndo

p0ndo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 April 2012 - 12:49 PM

I would also add that more often than not, happli.com is the redirect.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 08 April 2012 - 02:29 PM

Hello


I want you to uninstall firefox and chrome and when asked about user data or settings to delete them also

you may keep the bookmarks but the extensions need to be removed - when we are complete you can re-download them again from clean sources

reinstall both of them and let me know about the redirects

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 p0ndo

p0ndo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 10 April 2012 - 04:43 PM

Hey Gringo,

I believe my problem has been resolved.

I followed your instructions and removed all browsers, without luck. I was pointed towards rkill by a few forum posts and a friend of mine. I was on the verge of just harvesting my important files, scanning them for viruses and reinstalling Windows, so I went with it and ran it. It killed rundll32.exe, I have the log I believe, if you're interested in seeing it. I then ran an avast full scan and it came up positive for 2 trojans. I proceeded with another boot time scan, which detected a couple more files.

All has been well since then. It seems that I have my solution, and that's all that really matters.

Thanks for your help!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 10 April 2012 - 06:26 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 13 April 2012 - 03:59 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 16 April 2012 - 12:29 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users