Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects to random sites


  • This topic is locked This topic is locked
21 replies to this topic

#1 prowe77

prowe77

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 06 April 2012 - 09:34 AM

Hello - When I search on google using either Firefox or IE, the results redirect me to seemingly random sites. I've tried disabling any add-ons that I think are running, scanned my computer a bunch with MSSE, but none of that helped. My friends have tried their magic (malwarebytes scans, avast scans, even combofix I guess) - but they don't seem to have the fu you guys do. Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by amlive at 3:09:57 on 2012-04-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2371 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Users\amlive\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.25.1
TCP: Interfaces\{11CEBE68-0F2A-4D85-A572-A9F918F733EF} : DhcpNameServer = 192.168.1.1 184.16.4.22
TCP: Interfaces\{11CEBE68-0F2A-4D85-A572-A9F918F733EF}\341444356454D2E40223E243 : DhcpNameServer = 192.168.2.2
TCP: Interfaces\{11CEBE68-0F2A-4D85-A572-A9F918F733EF}\D41445340277962756C6563737 : DhcpNameServer = 10.39.0.113 10.39.0.114 10.39.0.110
TCP: Interfaces\{11CEBE68-0F2A-4D85-A572-A9F918F733EF}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{16AC9EE8-6BFD-4FAD-9FB6-FB9F4992ACFB} : DhcpNameServer = 192.168.25.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\amlive\AppData\Roaming\Mozilla\Firefox\Profiles\dpzrswdv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.questbasic.com/?tmp=nemo_results_removelink&prt=QstbscWD4&keywords=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\amlive\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\amlive\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Users\amlive\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\amlive\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-5-7 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9cf8e985c5662;Google Update Service (gupdate1c9cf8e985c5662);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-7 133104]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 253600]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-7 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\system32\DRIVERS\S3XXx64.sys --> C:\Windows\system32\DRIVERS\S3XXx64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-5-7 110376]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-04-06 08:07:06 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E538326-7BDD-4290-B125-9771E7004481}\offreg.dll
2012-04-06 07:30:38 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E538326-7BDD-4290-B125-9771E7004481}\mpengine.dll
2012-04-06 06:25:33 -------- d-----w- C:\ComboFix
2012-04-05 02:02:58 -------- d-----w- C:\Users\amlive\AppData\Roaming\TeamViewer
2012-04-03 15:31:31 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-02 22:56:10 -------- d-----w- C:\Users\amlive\AppData\Roaming\Synaptics
2012-04-02 22:52:51 -------- d-----w- C:\ProgramData\Synaptics
2012-04-02 22:52:51 -------- d-----w- C:\Program Files (x86)\Synaptics
2012-04-02 22:52:32 66856 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll
2012-04-01 17:36:54 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-31 19:31:12 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{038FB397-F7D6-45CB-901A-807505A67884}\gapaengine.dll
2012-03-31 19:16:03 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-31 19:15:52 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-03-31 19:11:13 -------- d-----w- C:\Windows\Intuit
2012-03-31 19:02:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8AEEDE82-E5EF-41E8-9EF9-63D039F27A5E}\offreg.dll
2012-03-31 15:18:45 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8AEEDE82-E5EF-41E8-9EF9-63D039F27A5E}\mpengine.dll
2012-03-31 13:48:50 98816 ----a-w- C:\Windows\sed.exe
2012-03-31 13:48:50 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-31 13:48:50 256000 ----a-w- C:\Windows\PEV.exe
2012-03-31 13:48:50 208896 ----a-w- C:\Windows\MBR.exe
2012-03-31 13:40:03 97208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-03-29 23:34:29 -------- d-----w- C:\Users\amlive\AppData\Roaming\Malwarebytes
2012-03-29 23:34:16 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-29 23:34:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-24 04:54:02 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-24 04:54:02 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-24 04:18:33 -------- d-----w- C:\Windows\System32\SPReview
2012-03-24 04:10:59 322048 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2012-03-24 04:09:59 84992 ----a-w- C:\Windows\System32\dot3api.dll
2012-03-24 04:08:59 905216 ----a-w- C:\Windows\SysWow64\mmsys.cpl
2012-03-24 04:07:59 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-03-24 04:05:54 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2012-03-24 04:05:54 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2012-03-24 04:05:50 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-03-24 04:05:50 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-03-24 04:04:16 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-03-24 04:04:16 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2012-03-24 04:04:16 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2012-03-24 04:04:06 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2012-03-24 04:04:01 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2012-03-24 04:03:36 422912 ----a-w- C:\Windows\System32\drvstore.dll
2012-03-24 04:03:36 399872 ----a-w- C:\Windows\System32\dpx.dll
2012-03-24 02:56:04 -------- d-----w- C:\Program Files (x86)\windows-7-themes.com
2012-03-24 02:24:32 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-24 02:23:52 -------- d-----w- C:\Windows\PCHEALTH
2012-03-24 02:21:42 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-03-24 02:20:58 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-03-24 01:08:17 -------- d-----w- C:\ProgramData\IObit
2012-03-24 01:08:05 -------- d-----w- C:\Users\amlive\AppData\Roaming\IObit
2012-03-24 01:07:51 -------- d-----w- C:\Program Files (x86)\IObit
2012-03-24 01:00:37 31784856 ----a-w- C:\asc-setup.exe
2012-03-19 00:36:07 -------- d-----w- C:\Users\amlive\AppData\Local\Programs
2012-03-18 23:47:48 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 23:47:48 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 13:28:02 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 13:28:00 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:27:59 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 13:04:39 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 13:03:12 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 13:03:11 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 13:01:11 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 13:01:11 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 13:01:10 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 13:01:10 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 13:01:01 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-07 14:09:48 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
.
==================== Find3M ====================
.
2012-04-03 15:31:31 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-24 04:29:37 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-03-24 04:29:37 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 3:17:53.80 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 07 April 2012 - 05:07 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 prowe77

prowe77
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 07 April 2012 - 11:40 AM

Thanks Gringo - Here's the combofix log. I didn't run in to any problems running it, but the behavior doesn't seem any different - Google search results are still redirecting from Firefox at least - I did not try IE. Thanks again for helping!

ComboFix 12-04-05.09 - amlive 07-Apr-12 10:27:42.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2602 [GMT -5:00]
Running from: c:\users\amlive\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 15:57 . 2012-04-07 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 15:23 . 2012-03-14 01:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D85A511-9226-44E3-A89A-CF6C7C4EF36C}\mpengine.dll
2012-04-06 19:38 . 2012-04-06 19:38 -------- d-----w- c:\program files (x86)\TeamViewer
2012-04-06 04:40 . 2012-04-06 07:25 -------- d-----w- C:\Qoobox-2
2012-04-05 02:02 . 2012-04-05 02:02 -------- d-----w- c:\users\amlive\AppData\Roaming\TeamViewer
2012-04-03 15:31 . 2012-04-03 15:31 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-02 22:56 . 2012-04-02 22:56 -------- d-----w- c:\users\amlive\AppData\Roaming\Synaptics
2012-04-02 22:52 . 2012-04-02 22:52 -------- d-----w- c:\programdata\Synaptics
2012-04-02 22:52 . 2012-04-02 22:52 -------- d-----w- c:\program files (x86)\Synaptics
2012-04-02 22:52 . 2011-04-01 00:29 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2012-04-01 17:36 . 2012-03-14 01:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-31 19:31 . 2012-03-31 19:25 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{038FB397-F7D6-45CB-901A-807505A67884}\gapaengine.dll
2012-03-31 19:16 . 2012-03-31 19:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-31 19:15 . 2012-03-31 19:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-31 19:11 . 2012-03-31 19:11 -------- d-----w- c:\windows\Intuit
2012-03-31 19:02 . 2012-03-31 19:02 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AEEDE82-E5EF-41E8-9EF9-63D039F27A5E}\offreg.dll
2012-03-31 15:18 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AEEDE82-E5EF-41E8-9EF9-63D039F27A5E}\mpengine.dll
2012-03-31 13:40 . 2012-03-13 04:39 97208 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-03-29 23:34 . 2012-03-29 23:34 -------- d-----w- c:\users\amlive\AppData\Roaming\Malwarebytes
2012-03-29 23:34 . 2012-03-29 23:34 -------- d-----w- c:\programdata\Malwarebytes
2012-03-29 23:34 . 2012-04-06 04:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 04:54 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-24 04:54 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-24 04:18 . 2012-03-24 04:18 -------- d-----w- c:\windows\system32\SPReview
2012-03-24 04:10 . 2010-11-20 13:27 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-03-24 04:09 . 2010-11-20 13:29 345600 ----a-w- c:\windows\system32\fveapi.dll
2012-03-24 04:08 . 2010-11-20 13:33 171392 ----a-w- c:\windows\system32\drivers\scsiport.sys
2012-03-24 04:07 . 2010-11-20 13:27 39424 ----a-w- c:\windows\system32\Spool\prtprocs\x64\winprint.dll
2012-03-24 04:06 . 2010-11-20 13:27 21504 ----a-w- c:\windows\system32\TRAPI.dll
2012-03-24 04:05 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2012-03-24 04:05 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2012-03-24 04:05 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-03-24 04:05 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-03-24 04:04 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-03-24 04:04 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-03-24 04:04 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2012-03-24 04:04 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2012-03-24 04:04 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2012-03-24 04:03 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2012-03-24 04:03 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-03-24 02:56 . 2012-03-24 02:56 -------- d-----w- c:\program files (x86)\windows-7-themes.com
2012-03-24 02:24 . 2012-03-24 02:24 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-03-24 02:23 . 2012-03-24 02:23 -------- d-----w- c:\windows\PCHEALTH
2012-03-24 02:23 . 2012-03-24 02:23 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-03-24 02:21 . 2012-03-24 02:21 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-03-24 02:20 . 2012-03-24 02:20 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-03-24 02:19 . 2012-03-24 02:19 -------- d-----r- C:\MSOCache
2012-03-24 01:08 . 2012-03-24 01:08 -------- d-----w- c:\programdata\IObit
2012-03-24 01:08 . 2012-03-31 18:50 -------- d-----w- c:\users\amlive\AppData\Roaming\IObit
2012-03-24 01:07 . 2012-03-24 01:07 -------- d-----w- c:\program files (x86)\IObit
2012-03-24 01:00 . 2012-03-24 01:04 31784856 ----a-w- C:\asc-setup.exe
2012-03-19 00:36 . 2012-03-19 00:36 -------- d-----w- c:\users\amlive\AppData\Local\Programs
2012-03-18 23:47 . 2012-03-13 04:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 23:47 . 2012-03-13 04:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-14 13:28 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:28 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:27 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 13:04 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:03 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:03 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 13:01 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:01 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 13:01 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 13:01 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 13:01 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 15:31 . 2012-01-13 13:28 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-24 04:29 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-24 04:29 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-07 14:09 . 2012-03-07 14:09 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-06 23:15 . 2010-06-29 13:18 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2009-12-22 00:26 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-01-31 12:44 . 2009-12-22 00:46 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-14 17:15 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\setup\disabledrunkeys]
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c9cf8e985c5662;Google Update Service (gupdate1c9cf8e985c5662);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-08 133104]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R3 50930040;50930040; [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 253600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-08 133104]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswFsBlk
*Deregistered* - aswRdr
*Deregistered* - aswSP
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:31]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-08 03:39]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-08 03:39]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3310979162-2329505881-3252644822-1000Core.job
- c:\users\amlive\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-24 01:11]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3310979162-2329505881-3252644822-1000UA.job
- c:\users\amlive\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-24 01:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\amlive\AppData\Roaming\Mozilla\Firefox\Profiles\dpzrswdv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.questbasic.com/?tmp=nemo_results_removelink&prt=QstbscWD4&keywords=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-04-07 11:21:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 16:21
ComboFix2.txt 2012-04-06 07:24
.
Pre-Run: 250,003,226,624 bytes free
Post-Run: 249,832,292,352 bytes free
.
- - End Of File - - F983A02F94BFC372061C2EBF472C7C55

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 07 April 2012 - 11:54 AM

Hello


Uninstall firefox and if asked about user data or settings I want that removed also, Reinstall firefox and see if it still redirects

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 prowe77

prowe77
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 07 April 2012 - 01:07 PM

Hi Gringo -
I uninstalled Firefox w/ all its data, then before re-installing I tried a google search in IE and was re-directed by the results... so I didn't bother re-installing Firefox... let me know if that's a faux-pas.

Next, I downloaded both tdskiller and aswMBR. I tried running tdskiller first, but when I double-clicked it from the desktop, the windows wait cursor showed up for a bit, but nothing else... didn't see anything new in the taskmanager's process list either. So I tried aswMBR next and the same thing happend. I tried both a couple times after that with a reboot in between with the same results. Tell me if I'm being an idiot. What next?

Thanks again!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 07 April 2012 - 05:55 PM

They are different browsers - reinstall firefox and check firefox I will deal with ie soon



I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo


gringo

Edited by gringo_pr, 07 April 2012 - 05:55 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 prowe77

prowe77
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 07 April 2012 - 06:14 PM

I reinstalled Firefox - but it still redirects from Google search results.

I Downloaded and ran fixTDSS, it said ***Infected MBR detected, so I clicked "Repair", and it said "Repair succeeded".

I rebooted and ran tdskiller - below is the report. Do you still want me to run aswMBR? Thanks!

18:08:11.0964 3816 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
18:08:12.0386 3816 ============================================================
18:08:12.0386 3816 Current date / time: 2012/04/07 18:08:12.0386
18:08:12.0386 3816 SystemInfo:
18:08:12.0386 3816
18:08:12.0386 3816 OS Version: 6.1.7601 ServicePack: 1.0
18:08:12.0386 3816 Product type: Workstation
18:08:12.0386 3816 ComputerName: PROWE
18:08:12.0386 3816 UserName: amlive
18:08:12.0386 3816 Windows directory: C:\Windows
18:08:12.0386 3816 System windows directory: C:\Windows
18:08:12.0386 3816 Running under WOW64
18:08:12.0386 3816 Processor architecture: Intel x64
18:08:12.0386 3816 Number of processors: 2
18:08:12.0386 3816 Page size: 0x1000
18:08:12.0386 3816 Boot type: Normal boot
18:08:12.0386 3816 ============================================================
18:08:13.0649 3816 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:08:13.0665 3816 \Device\Harddisk0\DR0:
18:08:13.0665 3816 MBR used
18:08:13.0665 3816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x145A800, BlocksNum 0x23FCF2B0
18:08:13.0727 3816 Initialize success
18:08:13.0727 3816 ============================================================
18:08:38.0765 3960 ============================================================
18:08:38.0765 3960 Scan started
18:08:38.0765 3960 Mode: Manual;
18:08:38.0765 3960 ============================================================
18:08:39.0186 3960 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:08:39.0186 3960 1394ohci - ok
18:08:39.0327 3960 50930040 - ok
18:08:39.0405 3960 ac.sharedstore (5e8efeb338deb1f485420b090fe6c85e) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
18:08:39.0405 3960 ac.sharedstore - ok
18:08:39.0498 3960 ACDaemon (fee588cdf60f2b541b5a3e803fa938a1) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:08:39.0498 3960 ACDaemon - ok
18:08:39.0654 3960 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:08:39.0654 3960 ACPI - ok
18:08:39.0779 3960 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:08:39.0779 3960 AcpiPmi - ok
18:08:39.0920 3960 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:08:39.0920 3960 AdobeFlashPlayerUpdateSvc - ok
18:08:40.0076 3960 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:08:40.0091 3960 adp94xx - ok
18:08:40.0216 3960 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:08:40.0216 3960 adpahci - ok
18:08:40.0356 3960 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:08:40.0356 3960 adpu320 - ok
18:08:40.0450 3960 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:08:40.0450 3960 AeLookupSvc - ok
18:08:40.0575 3960 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:08:40.0590 3960 AFD - ok
18:08:40.0715 3960 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:08:40.0715 3960 agp440 - ok
18:08:40.0809 3960 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:08:40.0809 3960 ALG - ok
18:08:40.0934 3960 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:08:40.0934 3960 aliide - ok
18:08:41.0043 3960 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:08:41.0043 3960 amdide - ok
18:08:41.0168 3960 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:08:41.0168 3960 AmdK8 - ok
18:08:41.0277 3960 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:08:41.0277 3960 AmdPPM - ok
18:08:41.0402 3960 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:08:41.0402 3960 amdsata - ok
18:08:41.0511 3960 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:08:41.0511 3960 amdsbs - ok
18:08:41.0620 3960 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:08:41.0620 3960 amdxata - ok
18:08:41.0745 3960 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:08:41.0745 3960 AppID - ok
18:08:41.0854 3960 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:08:41.0854 3960 AppIDSvc - ok
18:08:41.0963 3960 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:08:41.0963 3960 Appinfo - ok
18:08:42.0104 3960 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:08:42.0104 3960 arc - ok
18:08:42.0228 3960 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:08:42.0228 3960 arcsas - ok
18:08:42.0338 3960 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
18:08:42.0338 3960 ArcSoftKsUFilter - ok
18:08:42.0447 3960 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:08:42.0447 3960 AsyncMac - ok
18:08:42.0572 3960 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:08:42.0572 3960 atapi - ok
18:08:42.0712 3960 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
18:08:42.0759 3960 athr - ok
18:08:42.0884 3960 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:08:42.0899 3960 AudioEndpointBuilder - ok
18:08:42.0915 3960 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:08:42.0915 3960 AudioSrv - ok
18:08:43.0024 3960 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:08:43.0024 3960 AxInstSV - ok
18:08:43.0086 3960 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:08:43.0102 3960 b06bdrv - ok
18:08:43.0227 3960 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:08:43.0242 3960 b57nd60a - ok
18:08:43.0352 3960 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:08:43.0352 3960 BDESVC - ok
18:08:43.0398 3960 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:08:43.0398 3960 Beep - ok
18:08:43.0492 3960 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:08:43.0523 3960 BFE - ok
18:08:43.0664 3960 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:08:43.0695 3960 BITS - ok
18:08:43.0820 3960 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:08:43.0820 3960 blbdrive - ok
18:08:43.0913 3960 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:08:43.0913 3960 bowser - ok
18:08:44.0022 3960 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:08:44.0022 3960 BrFiltLo - ok
18:08:44.0100 3960 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:08:44.0100 3960 BrFiltUp - ok
18:08:44.0241 3960 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:08:44.0241 3960 BridgeMP - ok
18:08:44.0366 3960 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:08:44.0366 3960 Browser - ok
18:08:44.0428 3960 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:08:44.0444 3960 Brserid - ok
18:08:44.0522 3960 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:08:44.0537 3960 BrSerWdm - ok
18:08:44.0553 3960 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:08:44.0553 3960 BrUsbMdm - ok
18:08:44.0693 3960 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:08:44.0693 3960 BrUsbSer - ok
18:08:44.0771 3960 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:08:44.0771 3960 BTHMODEM - ok
18:08:44.0896 3960 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:08:44.0896 3960 bthserv - ok
18:08:45.0036 3960 catchme - ok
18:08:45.0161 3960 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
18:08:45.0177 3960 CAXHWAZL - ok
18:08:45.0286 3960 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:08:45.0286 3960 cdfs - ok
18:08:45.0364 3960 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:08:45.0380 3960 cdrom - ok
18:08:45.0489 3960 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:08:45.0489 3960 CertPropSvc - ok
18:08:45.0551 3960 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:08:45.0551 3960 circlass - ok
18:08:45.0676 3960 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:08:45.0676 3960 CLFS - ok
18:08:45.0754 3960 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:08:45.0770 3960 clr_optimization_v2.0.50727_32 - ok
18:08:45.0926 3960 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:08:45.0926 3960 clr_optimization_v2.0.50727_64 - ok
18:08:46.0004 3960 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:08:46.0004 3960 clr_optimization_v4.0.30319_32 - ok
18:08:46.0144 3960 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:08:46.0144 3960 clr_optimization_v4.0.30319_64 - ok
18:08:46.0269 3960 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:08:46.0269 3960 CmBatt - ok
18:08:46.0347 3960 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:08:46.0347 3960 cmdide - ok
18:08:46.0472 3960 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:08:46.0487 3960 CNG - ok
18:08:46.0612 3960 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:08:46.0612 3960 Compbatt - ok
18:08:46.0690 3960 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:08:46.0690 3960 CompositeBus - ok
18:08:46.0768 3960 COMSysApp - ok
18:08:46.0830 3960 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:08:46.0830 3960 crcdisk - ok
18:08:46.0971 3960 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:08:46.0971 3960 CryptSvc - ok
18:08:47.0033 3960 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:08:47.0064 3960 DcomLaunch - ok
18:08:47.0189 3960 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:08:47.0189 3960 defragsvc - ok
18:08:47.0267 3960 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:08:47.0267 3960 DfsC - ok
18:08:47.0345 3960 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:08:47.0345 3960 Dhcp - ok
18:08:47.0423 3960 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:08:47.0423 3960 discache - ok
18:08:47.0486 3960 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:08:47.0486 3960 Disk - ok
18:08:47.0532 3960 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:08:47.0548 3960 Dnscache - ok
18:08:47.0657 3960 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:08:47.0657 3960 dot3svc - ok
18:08:47.0720 3960 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
18:08:47.0720 3960 Dot4 - ok
18:08:47.0829 3960 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
18:08:47.0844 3960 Dot4Print - ok
18:08:47.0954 3960 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
18:08:47.0954 3960 dot4usb - ok
18:08:48.0047 3960 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:08:48.0047 3960 DPS - ok
18:08:48.0110 3960 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:08:48.0110 3960 drmkaud - ok
18:08:48.0203 3960 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:08:48.0219 3960 DXGKrnl - ok
18:08:48.0281 3960 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:08:48.0281 3960 EapHost - ok
18:08:48.0437 3960 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:08:48.0531 3960 ebdrv - ok
18:08:48.0656 3960 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:08:48.0656 3960 EFS - ok
18:08:48.0734 3960 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:08:48.0749 3960 ehRecvr - ok
18:08:48.0780 3960 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:08:48.0780 3960 ehSched - ok
18:08:48.0890 3960 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:08:48.0905 3960 elxstor - ok
18:08:48.0999 3960 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:08:48.0999 3960 ErrDev - ok
18:08:49.0061 3960 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:08:49.0077 3960 EventSystem - ok
18:08:49.0170 3960 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:08:49.0170 3960 exfat - ok
18:08:49.0217 3960 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:08:49.0217 3960 fastfat - ok
18:08:49.0280 3960 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:08:49.0295 3960 Fax - ok
18:08:49.0373 3960 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:08:49.0373 3960 fdc - ok
18:08:49.0420 3960 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:08:49.0420 3960 fdPHost - ok
18:08:49.0436 3960 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:08:49.0436 3960 FDResPub - ok
18:08:49.0467 3960 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:08:49.0467 3960 FileInfo - ok
18:08:49.0498 3960 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:08:49.0498 3960 Filetrace - ok
18:08:49.0514 3960 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:08:49.0529 3960 flpydisk - ok
18:08:49.0560 3960 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:08:49.0560 3960 FltMgr - ok
18:08:49.0623 3960 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:08:49.0670 3960 FontCache - ok
18:08:49.0826 3960 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:08:49.0826 3960 FontCache3.0.0.0 - ok
18:08:49.0919 3960 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:08:49.0935 3960 FsDepends - ok
18:08:49.0950 3960 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:08:49.0950 3960 Fs_Rec - ok
18:08:49.0997 3960 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:08:49.0997 3960 fvevol - ok
18:08:50.0044 3960 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:08:50.0044 3960 gagp30kx - ok
18:08:50.0091 3960 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:08:50.0122 3960 gpsvc - ok
18:08:50.0216 3960 gupdate1c9cf8e985c5662 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:08:50.0216 3960 gupdate1c9cf8e985c5662 - ok
18:08:50.0231 3960 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:08:50.0231 3960 gupdatem - ok
18:08:50.0356 3960 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:08:50.0356 3960 hcw85cir - ok
18:08:50.0403 3960 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:08:50.0403 3960 HDAudBus - ok
18:08:50.0434 3960 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:08:50.0434 3960 HidBatt - ok
18:08:50.0465 3960 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:08:50.0465 3960 HidBth - ok
18:08:50.0496 3960 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:08:50.0496 3960 HidIr - ok
18:08:50.0528 3960 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:08:50.0528 3960 hidserv - ok
18:08:50.0559 3960 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:08:50.0559 3960 HidUsb - ok
18:08:50.0606 3960 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:08:50.0606 3960 hkmsvc - ok
18:08:50.0652 3960 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:08:50.0668 3960 HomeGroupListener - ok
18:08:50.0699 3960 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:08:50.0715 3960 HomeGroupProvider - ok
18:08:50.0808 3960 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:08:50.0840 3960 hpqcxs08 - ok
18:08:50.0871 3960 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:08:50.0886 3960 hpqddsvc - ok
18:08:50.0980 3960 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:08:50.0980 3960 HpSAMD - ok
18:08:51.0089 3960 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:08:51.0167 3960 HPSLPSVC - ok
18:08:51.0339 3960 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
18:08:51.0386 3960 HSF_DPV - ok
18:08:51.0464 3960 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:08:51.0479 3960 HTTP - ok
18:08:51.0526 3960 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:08:51.0526 3960 hwpolicy - ok
18:08:51.0557 3960 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:08:51.0557 3960 i8042prt - ok
18:08:51.0620 3960 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
18:08:51.0620 3960 iaStor - ok
18:08:51.0666 3960 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:08:51.0666 3960 iaStorV - ok
18:08:51.0822 3960 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:08:51.0869 3960 idsvc - ok
18:08:52.0150 3960 igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:08:52.0353 3960 igfx - ok
18:08:52.0415 3960 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:08:52.0415 3960 iirsp - ok
18:08:52.0493 3960 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:08:52.0524 3960 IKEEXT - ok
18:08:52.0618 3960 IntcAzAudAddService (18f7691b18d4a93559d2a998ab2142bd) C:\Windows\system32\drivers\RTKVHD64.sys
18:08:52.0665 3960 IntcAzAudAddService - ok
18:08:52.0712 3960 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:08:52.0712 3960 intelide - ok
18:08:52.0758 3960 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:08:52.0758 3960 intelppm - ok
18:08:52.0899 3960 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
18:08:52.0899 3960 IntuitUpdateService - ok
18:08:52.0961 3960 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
18:08:52.0961 3960 IntuitUpdateServiceV4 - ok
18:08:53.0070 3960 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:08:53.0070 3960 IPBusEnum - ok
18:08:53.0148 3960 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:08:53.0164 3960 IpFilterDriver - ok
18:08:53.0226 3960 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:08:53.0242 3960 iphlpsvc - ok
18:08:53.0289 3960 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:08:53.0304 3960 IPMIDRV - ok
18:08:53.0367 3960 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:08:53.0367 3960 IPNAT - ok
18:08:53.0398 3960 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:08:53.0414 3960 IRENUM - ok
18:08:53.0429 3960 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:08:53.0429 3960 isapnp - ok
18:08:53.0460 3960 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:08:53.0476 3960 iScsiPrt - ok
18:08:53.0585 3960 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
18:08:53.0585 3960 IviRegMgr - ok
18:08:53.0632 3960 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:08:53.0632 3960 kbdclass - ok
18:08:53.0679 3960 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:08:53.0679 3960 kbdhid - ok
18:08:53.0710 3960 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:08:53.0710 3960 KeyIso - ok
18:08:53.0757 3960 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:08:53.0757 3960 KSecDD - ok
18:08:53.0819 3960 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:08:53.0819 3960 KSecPkg - ok
18:08:53.0866 3960 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:08:53.0866 3960 ksthunk - ok
18:08:53.0913 3960 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:08:53.0928 3960 KtmRm - ok
18:08:53.0991 3960 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:08:53.0991 3960 LanmanServer - ok
18:08:54.0053 3960 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:08:54.0069 3960 LanmanWorkstation - ok
18:08:54.0116 3960 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:08:54.0116 3960 lltdio - ok
18:08:54.0162 3960 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:08:54.0178 3960 lltdsvc - ok
18:08:54.0209 3960 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:08:54.0209 3960 lmhosts - ok
18:08:54.0256 3960 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:08:54.0256 3960 LSI_FC - ok
18:08:54.0303 3960 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:08:54.0303 3960 LSI_SAS - ok
18:08:54.0350 3960 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:08:54.0350 3960 LSI_SAS2 - ok
18:08:54.0365 3960 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:08:54.0381 3960 LSI_SCSI - ok
18:08:54.0428 3960 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:08:54.0428 3960 luafv - ok
18:08:54.0490 3960 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:08:54.0506 3960 Mcx2Svc - ok
18:08:54.0568 3960 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:08:54.0568 3960 mdmxsdk - ok
18:08:54.0584 3960 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:08:54.0584 3960 megasas - ok
18:08:54.0630 3960 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:08:54.0630 3960 MegaSR - ok
18:08:54.0740 3960 Microsoft SharePoint Workspace Audit Service - ok
18:08:54.0786 3960 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:08:54.0786 3960 MMCSS - ok
18:08:54.0833 3960 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:08:54.0833 3960 Modem - ok
18:08:54.0896 3960 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:08:54.0896 3960 monitor - ok
18:08:54.0927 3960 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:08:54.0927 3960 mouclass - ok
18:08:54.0974 3960 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:08:54.0974 3960 mouhid - ok
18:08:55.0020 3960 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:08:55.0020 3960 mountmgr - ok
18:08:55.0083 3960 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
18:08:55.0083 3960 MpFilter - ok
18:08:55.0130 3960 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:08:55.0130 3960 mpio - ok
18:08:55.0176 3960 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:08:55.0176 3960 MpNWMon - ok
18:08:55.0208 3960 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:08:55.0208 3960 mpsdrv - ok
18:08:55.0270 3960 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:08:55.0301 3960 MpsSvc - ok
18:08:55.0364 3960 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:08:55.0364 3960 MRxDAV - ok
18:08:55.0410 3960 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:08:55.0410 3960 mrxsmb - ok
18:08:55.0457 3960 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:08:55.0457 3960 mrxsmb10 - ok
18:08:55.0488 3960 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:08:55.0504 3960 mrxsmb20 - ok
18:08:55.0520 3960 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:08:55.0520 3960 msahci - ok
18:08:55.0566 3960 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:08:55.0566 3960 msdsm - ok
18:08:55.0613 3960 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:08:55.0613 3960 MSDTC - ok
18:08:55.0660 3960 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:08:55.0660 3960 Msfs - ok
18:08:55.0691 3960 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:08:55.0691 3960 mshidkmdf - ok
18:08:55.0707 3960 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:08:55.0707 3960 msisadrv - ok
18:08:55.0738 3960 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:08:55.0754 3960 MSiSCSI - ok
18:08:55.0754 3960 msiserver - ok
18:08:55.0785 3960 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:08:55.0785 3960 MSKSSRV - ok
18:08:55.0863 3960 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
18:08:55.0878 3960 MsMpSvc - ok
18:08:55.0894 3960 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:08:55.0894 3960 MSPCLOCK - ok
18:08:55.0910 3960 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:08:55.0910 3960 MSPQM - ok
18:08:55.0956 3960 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:08:55.0956 3960 MsRPC - ok
18:08:56.0003 3960 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:08:56.0003 3960 mssmbios - ok
18:08:56.0003 3960 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:08:56.0003 3960 MSTEE - ok
18:08:56.0034 3960 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:08:56.0034 3960 MTConfig - ok
18:08:56.0066 3960 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:08:56.0066 3960 Mup - ok
18:08:56.0112 3960 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:08:56.0112 3960 napagent - ok
18:08:56.0144 3960 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:08:56.0144 3960 NativeWifiP - ok
18:08:56.0190 3960 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:08:56.0237 3960 NDIS - ok
18:08:56.0253 3960 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:08:56.0253 3960 NdisCap - ok
18:08:56.0284 3960 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:08:56.0284 3960 NdisTapi - ok
18:08:56.0331 3960 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:08:56.0331 3960 Ndisuio - ok
18:08:56.0362 3960 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:08:56.0378 3960 NdisWan - ok
18:08:56.0409 3960 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:08:56.0409 3960 NDProxy - ok
18:08:56.0440 3960 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
18:08:56.0456 3960 Net Driver HPZ12 - ok
18:08:56.0471 3960 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:08:56.0471 3960 NetBIOS - ok
18:08:56.0518 3960 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:08:56.0518 3960 NetBT - ok
18:08:56.0565 3960 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:08:56.0580 3960 Netlogon - ok
18:08:56.0612 3960 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:08:56.0627 3960 Netman - ok
18:08:56.0658 3960 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:08:56.0674 3960 netprofm - ok
18:08:56.0799 3960 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:08:56.0799 3960 NetTcpPortSharing - ok
18:08:56.0830 3960 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:08:56.0830 3960 nfrd960 - ok
18:08:56.0877 3960 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:08:56.0877 3960 NisDrv - ok
18:08:56.0970 3960 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
18:08:56.0970 3960 NisSrv - ok
18:08:57.0017 3960 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:08:57.0017 3960 NlaSvc - ok
18:08:57.0048 3960 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:08:57.0048 3960 Npfs - ok
18:08:57.0095 3960 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:08:57.0095 3960 nsi - ok
18:08:57.0111 3960 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:08:57.0111 3960 nsiproxy - ok
18:08:57.0189 3960 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:08:57.0251 3960 Ntfs - ok
18:08:57.0267 3960 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:08:57.0267 3960 Null - ok
18:08:57.0314 3960 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:08:57.0314 3960 nvraid - ok
18:08:57.0329 3960 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:08:57.0345 3960 nvstor - ok
18:08:57.0360 3960 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:08:57.0360 3960 nv_agp - ok
18:08:57.0392 3960 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:08:57.0392 3960 ohci1394 - ok
18:08:57.0470 3960 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:08:57.0485 3960 ose - ok
18:08:57.0688 3960 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:08:57.0813 3960 osppsvc - ok
18:08:57.0938 3960 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:08:57.0953 3960 p2pimsvc - ok
18:08:57.0984 3960 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:08:58.0000 3960 p2psvc - ok
18:08:58.0078 3960 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:08:58.0078 3960 Parport - ok
18:08:58.0109 3960 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:08:58.0125 3960 partmgr - ok
18:08:58.0140 3960 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:08:58.0156 3960 PcaSvc - ok
18:08:58.0187 3960 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:08:58.0187 3960 pci - ok
18:08:58.0203 3960 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:08:58.0203 3960 pciide - ok
18:08:58.0234 3960 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:08:58.0234 3960 pcmcia - ok
18:08:58.0281 3960 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:08:58.0281 3960 pcw - ok
18:08:58.0312 3960 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:08:58.0343 3960 PEAUTH - ok
18:08:58.0421 3960 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:08:58.0437 3960 PerfHost - ok
18:08:58.0515 3960 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:08:58.0577 3960 pla - ok
18:08:58.0640 3960 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:08:58.0655 3960 PlugPlay - ok
18:08:58.0686 3960 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
18:08:58.0686 3960 Pml Driver HPZ12 - ok
18:08:58.0718 3960 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:08:58.0718 3960 PNRPAutoReg - ok
18:08:58.0749 3960 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:08:58.0749 3960 PNRPsvc - ok
18:08:58.0827 3960 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
18:08:58.0842 3960 Point64 - ok
18:08:58.0905 3960 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:08:58.0920 3960 PolicyAgent - ok
18:08:58.0952 3960 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:08:58.0967 3960 Power - ok
18:08:58.0998 3960 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:08:58.0998 3960 PptpMiniport - ok
18:08:59.0045 3960 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:08:59.0045 3960 Processor - ok
18:08:59.0092 3960 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:08:59.0092 3960 ProfSvc - ok
18:08:59.0139 3960 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:08:59.0139 3960 ProtectedStorage - ok
18:08:59.0186 3960 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:08:59.0186 3960 Psched - ok
18:08:59.0232 3960 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
18:08:59.0232 3960 PxHlpa64 - ok
18:08:59.0295 3960 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:08:59.0357 3960 ql2300 - ok
18:08:59.0388 3960 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:08:59.0388 3960 ql40xx - ok
18:08:59.0435 3960 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:08:59.0435 3960 QWAVE - ok
18:08:59.0451 3960 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:08:59.0451 3960 QWAVEdrv - ok
18:08:59.0513 3960 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
18:08:59.0513 3960 RapiMgr - ok
18:08:59.0544 3960 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:08:59.0544 3960 RasAcd - ok
18:08:59.0591 3960 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:08:59.0591 3960 RasAgileVpn - ok
18:08:59.0607 3960 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:08:59.0607 3960 RasAuto - ok
18:08:59.0654 3960 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:08:59.0669 3960 Rasl2tp - ok
18:08:59.0716 3960 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:08:59.0716 3960 RasMan - ok
18:08:59.0747 3960 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:08:59.0747 3960 RasPppoe - ok
18:08:59.0763 3960 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:08:59.0763 3960 RasSstp - ok
18:08:59.0825 3960 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:08:59.0825 3960 rdbss - ok
18:08:59.0856 3960 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:08:59.0856 3960 rdpbus - ok
18:08:59.0872 3960 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:08:59.0872 3960 RDPCDD - ok
18:08:59.0888 3960 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:08:59.0888 3960 RDPENCDD - ok
18:08:59.0919 3960 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:08:59.0919 3960 RDPREFMP - ok
18:08:59.0950 3960 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:08:59.0966 3960 RDPWD - ok
18:09:00.0028 3960 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:09:00.0028 3960 rdyboost - ok
18:09:00.0075 3960 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:09:00.0075 3960 RemoteAccess - ok
18:09:00.0106 3960 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:09:00.0106 3960 RemoteRegistry - ok
18:09:00.0153 3960 rimsptsk (7eae3999b94a8ce60bfbaa83462b89a1) C:\Windows\system32\DRIVERS\rimssn64.sys
18:09:00.0153 3960 rimsptsk - ok
18:09:00.0184 3960 risdptsk (fa6d7cd63ad08a01d9259f58e0c5c09e) C:\Windows\system32\DRIVERS\risdsn64.sys
18:09:00.0184 3960 risdptsk - ok
18:09:00.0262 3960 Roxio UPnP Renderer 10 (d02e5a46f77c182ca1964080bcd586f7) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
18:09:00.0262 3960 Roxio UPnP Renderer 10 - ok
18:09:00.0293 3960 Roxio Upnp Server 10 (e5809597278802d09273ee07b5fc56e1) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
18:09:00.0293 3960 Roxio Upnp Server 10 - ok
18:09:00.0324 3960 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:09:00.0340 3960 RpcEptMapper - ok
18:09:00.0371 3960 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:09:00.0387 3960 RpcLocator - ok
18:09:00.0434 3960 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:09:00.0434 3960 RpcSs - ok
18:09:00.0512 3960 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:09:00.0512 3960 rspndr - ok
18:09:00.0543 3960 S3XXx64 (2be978b0347c9586f6f665b96b6bd115) C:\Windows\system32\DRIVERS\S3XXx64.sys
18:09:00.0543 3960 S3XXx64 - ok
18:09:00.0590 3960 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:09:00.0590 3960 SamSs - ok
18:09:00.0621 3960 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:09:00.0636 3960 sbp2port - ok
18:09:00.0668 3960 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:09:00.0683 3960 SCardSvr - ok
18:09:00.0714 3960 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:09:00.0714 3960 scfilter - ok
18:09:00.0777 3960 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:09:00.0824 3960 Schedule - ok
18:09:00.0855 3960 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:09:00.0870 3960 SCPolicySvc - ok
18:09:00.0995 3960 ScrybeUpdater (b60e9769655ddee8368e3abb6668e076) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
18:09:01.0042 3960 ScrybeUpdater - ok
18:09:01.0073 3960 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:09:01.0089 3960 SDRSVC - ok
18:09:01.0151 3960 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:09:01.0151 3960 secdrv - ok
18:09:01.0198 3960 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:09:01.0198 3960 seclogon - ok
18:09:01.0245 3960 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:09:01.0260 3960 SENS - ok
18:09:01.0276 3960 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:09:01.0276 3960 SensrSvc - ok
18:09:01.0307 3960 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:09:01.0307 3960 Serenum - ok
18:09:01.0338 3960 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:09:01.0338 3960 Serial - ok
18:09:01.0385 3960 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:09:01.0385 3960 sermouse - ok
18:09:01.0432 3960 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:09:01.0432 3960 SessionEnv - ok
18:09:01.0463 3960 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
18:09:01.0463 3960 SFEP - ok
18:09:01.0494 3960 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:09:01.0494 3960 sffdisk - ok
18:09:01.0526 3960 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:09:01.0526 3960 sffp_mmc - ok
18:09:01.0541 3960 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:09:01.0541 3960 sffp_sd - ok
18:09:01.0588 3960 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:09:01.0588 3960 sfloppy - ok
18:09:01.0635 3960 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:09:01.0635 3960 SharedAccess - ok
18:09:01.0682 3960 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:09:01.0713 3960 ShellHWDetection - ok
18:09:01.0728 3960 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:09:01.0728 3960 SiSRaid2 - ok
18:09:01.0760 3960 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:09:01.0760 3960 SiSRaid4 - ok
18:09:01.0791 3960 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:09:01.0791 3960 Smb - ok
18:09:01.0838 3960 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:09:01.0838 3960 SNMPTRAP - ok
18:09:01.0853 3960 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:09:01.0853 3960 spldr - ok
18:09:01.0900 3960 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:09:01.0916 3960 Spooler - ok
18:09:02.0025 3960 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:09:02.0118 3960 sppsvc - ok
18:09:02.0165 3960 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:09:02.0165 3960 sppuinotify - ok
18:09:02.0243 3960 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:09:02.0259 3960 srv - ok
18:09:02.0290 3960 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:09:02.0306 3960 srv2 - ok
18:09:02.0337 3960 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:09:02.0337 3960 srvnet - ok
18:09:02.0368 3960 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:09:02.0368 3960 SSDPSRV - ok
18:09:02.0399 3960 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:09:02.0399 3960 SstpSvc - ok
18:09:02.0430 3960 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:09:02.0430 3960 stexstor - ok
18:09:02.0462 3960 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
18:09:02.0462 3960 StillCam - ok
18:09:02.0524 3960 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:09:02.0540 3960 stisvc - ok
18:09:02.0571 3960 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:09:02.0571 3960 swenum - ok
18:09:02.0602 3960 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:09:02.0618 3960 swprv - ok
18:09:02.0696 3960 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:09:02.0758 3960 SysMain - ok
18:09:02.0789 3960 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:09:02.0805 3960 TabletInputService - ok
18:09:02.0852 3960 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:09:02.0852 3960 TapiSrv - ok
18:09:02.0898 3960 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:09:02.0898 3960 TBS - ok
18:09:03.0023 3960 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:09:03.0086 3960 Tcpip - ok
18:09:03.0132 3960 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:09:03.0148 3960 TCPIP6 - ok
18:09:03.0195 3960 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:09:03.0195 3960 tcpipreg - ok
18:09:03.0242 3960 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:09:03.0257 3960 TDPIPE - ok
18:09:03.0288 3960 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:09:03.0288 3960 TDTCP - ok
18:09:03.0335 3960 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:09:03.0335 3960 tdx - ok
18:09:03.0538 3960 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:09:03.0554 3960 TeamViewer7 - ok
18:09:03.0694 3960 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:09:03.0694 3960 TermDD - ok
18:09:03.0756 3960 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:09:03.0772 3960 TermService - ok
18:09:03.0819 3960 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:09:03.0819 3960 Themes - ok
18:09:03.0912 3960 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:09:03.0928 3960 THREADORDER - ok
18:09:03.0944 3960 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:09:03.0944 3960 TrkWks - ok
18:09:04.0022 3960 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:09:04.0022 3960 TrustedInstaller - ok
18:09:04.0084 3960 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:09:04.0084 3960 tssecsrv - ok
18:09:04.0146 3960 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:09:04.0146 3960 TsUsbFlt - ok
18:09:04.0193 3960 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:09:04.0209 3960 tunnel - ok
18:09:04.0240 3960 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:09:04.0256 3960 uagp35 - ok
18:09:04.0334 3960 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
18:09:04.0334 3960 uCamMonitor - ok
18:09:04.0396 3960 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:09:04.0396 3960 udfs - ok
18:09:04.0458 3960 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:09:04.0458 3960 UI0Detect - ok
18:09:04.0490 3960 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:09:04.0490 3960 uliagpkx - ok
18:09:04.0521 3960 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:09:04.0521 3960 umbus - ok
18:09:04.0536 3960 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:09:04.0552 3960 UmPass - ok
18:09:04.0568 3960 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:09:04.0599 3960 upnphost - ok
18:09:04.0630 3960 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:09:04.0630 3960 usbccgp - ok
18:09:04.0661 3960 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:09:04.0661 3960 usbcir - ok
18:09:04.0692 3960 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:09:04.0692 3960 usbehci - ok
18:09:04.0724 3960 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:09:04.0739 3960 usbhub - ok
18:09:04.0755 3960 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:09:04.0755 3960 usbohci - ok
18:09:04.0770 3960 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:09:04.0786 3960 usbprint - ok
18:09:04.0817 3960 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:09:04.0817 3960 usbscan - ok
18:09:04.0833 3960 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
18:09:04.0848 3960 USBSTOR - ok
18:09:04.0864 3960 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
18:09:04.0864 3960 usbuhci - ok
18:09:04.0895 3960 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:09:04.0895 3960 usbvideo - ok
18:09:04.0926 3960 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
18:09:04.0926 3960 usb_rndisx - ok
18:09:04.0958 3960 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:09:04.0973 3960 UxSms - ok
18:09:05.0051 3960 VAIO Event Service (d4197cf0c8567046fd4af28ff47af528) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
18:09:05.0067 3960 VAIO Event Service - ok
18:09:05.0098 3960 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:09:05.0098 3960 VaultSvc - ok
18:09:05.0207 3960 VcmXmlIfHelper (76df898710495c5b1476719410d8b895) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
18:09:05.0207 3960 VcmXmlIfHelper - ok
18:09:05.0285 3960 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:09:05.0285 3960 vdrvroot - ok
18:09:05.0332 3960 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:09:05.0348 3960 vds - ok
18:09:05.0394 3960 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:09:05.0394 3960 vga - ok
18:09:05.0441 3960 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:09:05.0441 3960 VgaSave - ok
18:09:05.0488 3960 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:09:05.0488 3960 vhdmp - ok
18:09:05.0519 3960 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:09:05.0535 3960 viaide - ok
18:09:05.0566 3960 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:09:05.0566 3960 volmgr - ok
18:09:05.0613 3960 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:09:05.0628 3960 volmgrx - ok
18:09:05.0660 3960 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:09:05.0660 3960 volsnap - ok
18:09:05.0706 3960 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:09:05.0706 3960 vsmraid - ok
18:09:05.0800 3960 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:09:05.0862 3960 VSS - ok
18:09:05.0878 3960 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:09:05.0878 3960 vwifibus - ok
18:09:05.0909 3960 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:09:05.0909 3960 vwififlt - ok
18:09:05.0956 3960 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:09:05.0956 3960 W32Time - ok
18:09:05.0987 3960 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:09:05.0987 3960 WacomPen - ok
18:09:06.0018 3960 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:09:06.0034 3960 WANARP - ok
18:09:06.0034 3960 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:09:06.0034 3960 Wanarpv6 - ok
18:09:06.0096 3960 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:09:06.0143 3960 WatAdminSvc - ok
18:09:06.0206 3960 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:09:06.0252 3960 wbengine - ok
18:09:06.0315 3960 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:09:06.0330 3960 WbioSrvc - ok
18:09:06.0393 3960 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
18:09:06.0393 3960 WcesComm - ok
18:09:06.0455 3960 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:09:06.0471 3960 wcncsvc - ok
18:09:06.0502 3960 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:09:06.0502 3960 WcsPlugInService - ok
18:09:06.0580 3960 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:09:06.0580 3960 Wd - ok
18:09:06.0627 3960 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:09:06.0642 3960 Wdf01000 - ok
18:09:06.0658 3960 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:09:06.0674 3960 WdiServiceHost - ok
18:09:06.0674 3960 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:09:06.0674 3960 WdiSystemHost - ok
18:09:06.0720 3960 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:09:06.0720 3960 WebClient - ok
18:09:06.0752 3960 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:09:06.0752 3960 Wecsvc - ok
18:09:06.0767 3960 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:09:06.0783 3960 wercplsupport - ok
18:09:06.0798 3960 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:09:06.0798 3960 WerSvc - ok
18:09:06.0830 3960 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:09:06.0830 3960 WfpLwf - ok
18:09:06.0876 3960 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
18:09:06.0876 3960 WimFltr - ok
18:09:06.0908 3960 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:09:06.0908 3960 WIMMount - ok
18:09:06.0970 3960 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
18:09:06.0986 3960 winachsf - ok
18:09:07.0032 3960 WinDefend - ok
18:09:07.0048 3960 WinHttpAutoProxySvc - ok
18:09:07.0110 3960 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:09:07.0110 3960 Winmgmt - ok
18:09:07.0204 3960 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:09:07.0266 3960 WinRM - ok
18:09:07.0329 3960 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:09:07.0360 3960 Wlansvc - ok
18:09:07.0454 3960 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:09:07.0454 3960 WmiAcpi - ok
18:09:07.0516 3960 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:09:07.0516 3960 wmiApSrv - ok
18:09:07.0578 3960 WMPNetworkSvc - ok
18:09:07.0610 3960 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:09:07.0610 3960 WPCSvc - ok
18:09:07.0656 3960 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:09:07.0672 3960 WPDBusEnum - ok
18:09:07.0734 3960 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:09:07.0750 3960 ws2ifsl - ok
18:09:07.0766 3960 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:09:07.0766 3960 wscsvc - ok
18:09:07.0812 3960 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:09:07.0812 3960 WSDPrintDevice - ok
18:09:07.0828 3960 WSearch - ok
18:09:07.0937 3960 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:09:08.0046 3960 wuauserv - ok
18:09:08.0109 3960 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:09:08.0109 3960 WudfPf - ok
18:09:08.0171 3960 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:09:08.0171 3960 WUDFRd - ok
18:09:08.0218 3960 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:09:08.0218 3960 wudfsvc - ok
18:09:08.0296 3960 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:09:08.0343 3960 WwanSvc - ok
18:09:08.0624 3960 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
18:09:08.0624 3960 XAudio - ok
18:09:08.0858 3960 XAudioService (3e775f0bd28ddeff53d78578b97a3cff) C:\Windows\system32\DRIVERS\xaudio64.exe
18:09:08.0873 3960 XAudioService - ok
18:09:09.0185 3960 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:09:09.0185 3960 yukonw7 - ok
18:09:09.0216 3960 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:09:09.0279 3960 \Device\Harddisk0\DR0 - ok
18:09:09.0279 3960 Boot (0x1200) (19d424578a66b3737fd05cf6ad3b5bc9) \Device\Harddisk0\DR0\Partition0
18:09:09.0279 3960 \Device\Harddisk0\DR0\Partition0 - ok
18:09:09.0279 3960 ============================================================
18:09:09.0279 3960 Scan finished
18:09:09.0279 3960 ============================================================
18:09:09.0294 4008 Detected object count: 0
18:09:09.0294 4008 Actual detected object count: 0

#8 prowe77

prowe77
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 07 April 2012 - 07:48 PM

Sorry Gringo - I should have tested this after the reboot from fixTDSS, but both Firefox and IE are not redirecting from Google search results anymore... so are the logs telling you there's anything left?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 07 April 2012 - 08:13 PM

Yes go ahead and run aswMBR - better to make sure now while we are on a roll



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 prowe77

prowe77
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 08 April 2012 - 08:00 AM

My last post didn't go through - sorry for the delay. Here's the result of the aswMBR scan - I took the default type of scan ("Quickscan" rather than "C:\")

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 20:15:37
-----------------------------
20:15:37.790 OS Version: Windows x64 6.1.7601 Service Pack 1
20:15:37.790 Number of processors: 2 586 0x170A
20:15:37.790 ComputerName: PROWE UserName:
20:15:39.537 Initialize success
20:17:11.206 AVAST engine defs: 12040701
20:17:40.003 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:17:40.003 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
20:17:40.003 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006b
20:17:40.003 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
20:17:40.019 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006c
20:17:40.019 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
20:17:40.035 Disk 0 MBR read successfully
20:17:40.035 Disk 0 MBR scan
20:17:40.035 Disk 0 Windows 7 default MBR code
20:17:40.050 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10420 MB offset 2048
20:17:40.081 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294814 MB offset 21342208
20:17:40.113 Disk 0 scanning C:\Windows\system32\drivers
20:17:50.221 Service scanning
20:18:18.582 Modules scanning
20:18:18.598 Disk 0 trace - called modules:
20:18:18.660 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:18:18.660 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a04660]
20:18:18.676 3 CLASSPNP.SYS[fffff88001b8343f] -> nt!IofCallDriver -> [0xfffffa80046c9e40]
20:18:18.676 5 ACPI.sys[fffff88000ec87a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046cf050]
20:18:20.548 AVAST engine scan C:\Windows
20:18:24.417 AVAST engine scan C:\Windows\system32
20:21:38.606 AVAST engine scan C:\Windows\system32\drivers
20:21:50.836 AVAST engine scan C:\Users\amlive
20:26:00.842 AVAST engine scan C:\ProgramData
20:27:47.453 Scan finished successfully
20:28:47.544 Disk 0 MBR has been saved successfully to "C:\Users\amlive\Desktop\MBR.dat"
20:28:47.544 The log file has been saved successfully to "C:\Users\amlive\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 08 April 2012 - 11:53 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 prowe77

prowe77
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 08 April 2012 - 07:12 PM

Here's the result of the file you requested to be run. It needed to reboot before it ran, but everything seems to be working great - so thanks!

ComboFix 12-04-05.09 - amlive 08-Apr-12 18:30:59.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2622 [GMT -5:00]
Running from: c:\users\amlive\Desktop\ComboFix.exe
Command switches used :: c:\users\amlive\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 23:40 . 2012-04-08 23:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-08 15:23 . 2012-03-14 01:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C52A844-0AC7-4644-98A6-13061657EA05}\mpengine.dll
2012-04-07 18:42 . 2012-04-07 18:42 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-04-06 19:38 . 2012-04-06 19:38 -------- d-----w- c:\program files (x86)\TeamViewer
2012-04-06 04:40 . 2012-04-06 07:25 -------- d-----w- C:\Qoobox-2
2012-04-05 02:02 . 2012-04-05 02:02 -------- d-----w- c:\users\amlive\AppData\Roaming\TeamViewer
2012-04-03 15:31 . 2012-04-03 15:31 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-02 22:56 . 2012-04-02 22:56 -------- d-----w- c:\users\amlive\AppData\Roaming\Synaptics
2012-04-02 22:52 . 2012-04-02 22:52 -------- d-----w- c:\programdata\Synaptics
2012-04-02 22:52 . 2012-04-02 22:52 -------- d-----w- c:\program files (x86)\Synaptics
2012-04-02 22:52 . 2011-04-01 00:29 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2012-04-01 17:36 . 2012-03-14 01:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-31 19:31 . 2012-03-31 19:25 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{038FB397-F7D6-45CB-901A-807505A67884}\gapaengine.dll
2012-03-31 19:16 . 2012-03-31 19:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-31 19:15 . 2012-03-31 19:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-31 19:11 . 2012-03-31 19:11 -------- d-----w- c:\windows\Intuit
2012-03-31 19:02 . 2012-03-31 19:02 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AEEDE82-E5EF-41E8-9EF9-63D039F27A5E}\offreg.dll
2012-03-31 15:18 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AEEDE82-E5EF-41E8-9EF9-63D039F27A5E}\mpengine.dll
2012-03-29 23:34 . 2012-03-29 23:34 -------- d-----w- c:\users\amlive\AppData\Roaming\Malwarebytes
2012-03-29 23:34 . 2012-03-29 23:34 -------- d-----w- c:\programdata\Malwarebytes
2012-03-29 23:34 . 2012-04-06 04:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 04:54 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-24 04:54 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-24 04:18 . 2012-03-24 04:18 -------- d-----w- c:\windows\system32\SPReview
2012-03-24 04:10 . 2010-11-20 13:27 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-03-24 04:09 . 2010-11-20 13:29 345600 ----a-w- c:\windows\system32\fveapi.dll
2012-03-24 04:08 . 2010-11-20 13:33 171392 ----a-w- c:\windows\system32\drivers\scsiport.sys
2012-03-24 04:07 . 2010-11-20 13:27 39424 ----a-w- c:\windows\system32\Spool\prtprocs\x64\winprint.dll
2012-03-24 04:06 . 2010-11-20 13:27 21504 ----a-w- c:\windows\system32\TRAPI.dll
2012-03-24 04:05 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2012-03-24 04:05 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2012-03-24 04:05 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-03-24 04:05 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-03-24 04:04 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-03-24 04:04 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-03-24 04:04 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2012-03-24 04:04 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2012-03-24 04:04 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2012-03-24 04:03 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2012-03-24 04:03 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-03-24 02:56 . 2012-03-24 02:56 -------- d-----w- c:\program files (x86)\windows-7-themes.com
2012-03-24 02:24 . 2012-03-24 02:24 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-03-24 02:23 . 2012-03-24 02:23 -------- d-----w- c:\windows\PCHEALTH
2012-03-24 02:23 . 2012-03-24 02:23 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-03-24 02:21 . 2012-03-24 02:21 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-03-24 02:20 . 2012-03-24 02:20 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-03-24 02:19 . 2012-03-24 02:19 -------- d-----r- C:\MSOCache
2012-03-24 01:08 . 2012-03-24 01:08 -------- d-----w- c:\programdata\IObit
2012-03-24 01:08 . 2012-03-31 18:50 -------- d-----w- c:\users\amlive\AppData\Roaming\IObit
2012-03-24 01:07 . 2012-03-24 01:07 -------- d-----w- c:\program files (x86)\IObit
2012-03-24 01:00 . 2012-03-24 01:04 31784856 ----a-w- C:\asc-setup.exe
2012-03-19 00:36 . 2012-03-19 00:36 -------- d-----w- c:\users\amlive\AppData\Local\Programs
2012-03-14 13:28 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:28 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:27 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 13:04 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:03 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:03 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 13:01 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:01 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 13:01 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 13:01 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 13:01 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 15:31 . 2012-01-13 13:28 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-24 04:29 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-24 04:29 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-07 14:09 . 2012-03-07 14:09 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-06 23:15 . 2010-06-29 13:18 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2009-12-22 00:26 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-01-31 12:44 . 2009-12-22 00:46 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-07_16.02.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-08 23:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-07 16:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-07 16:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 23:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-07 16:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 23:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-25 20:41 . 2012-04-08 23:22 56106 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-08 23:22 49510 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-25 14:35 . 2012-04-08 23:22 14368 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3310979162-2329505881-3252644822-1000_UserData.bin
- 2009-07-14 05:30 . 2012-04-06 02:24 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-04-07 18:42 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-08-01 20:59 . 2011-08-01 20:59 45416 c:\windows\system32\DriverStore\FileRepository\point64.inf_amd64_neutral_b1cf5e889e918ca6\point64.sys
+ 2011-08-01 20:59 . 2011-08-01 20:59 23960 c:\windows\system32\DriverStore\FileRepository\nuidfltr.inf_amd64_neutral_a071a87dc95c1c15\nuidfltr.sys
+ 2011-07-28 23:37 . 2011-07-28 23:37 52584 c:\windows\system32\DriverStore\FileRepository\dc3du.inf_amd64_neutral_74c6c3670a9a8e89\dc3d.sys
+ 2011-08-01 20:59 . 2011-08-01 20:59 52584 c:\windows\system32\DriverStore\FileRepository\dc3dh.inf_amd64_neutral_73d3d011f5a03306\dc3d.sys
+ 2011-08-01 20:59 . 2011-08-01 20:59 45416 c:\windows\system32\drivers\point64.sys
+ 2010-01-25 06:23 . 2012-04-08 01:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-25 06:23 . 2012-04-03 13:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-24 02:25 . 2012-04-03 13:11 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-24 02:25 . 2012-04-08 01:15 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-03 13:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 01:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-08 23:42 . 2012-04-08 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-07 16:01 . 2012-04-07 16:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-07 16:01 . 2012-04-07 16:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-08 23:42 . 2012-04-08 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-07 15:17 639172 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-08 23:25 639172 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-08 23:25 112188 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-07 15:17 112188 c:\windows\system32\perfc009.dat
+ 2011-05-18 13:08 . 2011-05-18 13:08 465408 c:\windows\system32\ipcoin82.dll
+ 2009-07-14 04:45 . 2012-04-07 23:03 461536 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2012-04-07 18:42 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-04-06 02:24 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-04-07 18:42 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-04-06 02:24 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-05-18 13:08 . 2011-05-18 13:08 465408 c:\windows\system32\DriverStore\FileRepository\ipcdless.inf_amd64_neutral_165412f37e9f9224\ipcoin82.dll
+ 2011-08-01 20:59 . 2011-08-01 20:59 470376 c:\windows\system32\DriverStore\FileRepository\dc3dh.inf_amd64_neutral_73d3d011f5a03306\ipcoin82.dll
+ 2009-07-14 05:01 . 2012-04-08 23:41 429388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-01 20:59 . 2011-08-01 20:59 1721576 c:\windows\system32\wdfcoinstaller01009.dll
+ 2011-08-01 20:59 . 2011-08-01 20:59 1721576 c:\windows\system32\DriverStore\FileRepository\point64.inf_amd64_neutral_b1cf5e889e918ca6\wdfcoinstaller01009.dll
+ 2011-08-01 20:59 . 2011-08-01 20:59 1721576 c:\windows\system32\DriverStore\FileRepository\nuidfltr.inf_amd64_neutral_a071a87dc95c1c15\wdfcoinstaller01009.dll
+ 2011-07-28 23:37 . 2011-07-28 23:37 1721576 c:\windows\system32\DriverStore\FileRepository\dc3du.inf_amd64_neutral_74c6c3670a9a8e89\WdfCoInstaller01009.dll
+ 2011-08-01 20:59 . 2011-08-01 20:59 1721576 c:\windows\system32\DriverStore\FileRepository\dc3dh.inf_amd64_neutral_73d3d011f5a03306\WdfCoInstaller01009.dll
+ 2011-07-01 16:42 . 2012-04-08 16:17 4692152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3310979162-2329505881-3252644822-1000-12288.dat
+ 2011-08-01 20:59 . 2011-08-01 20:59 1978368 c:\windows\Installer\353ba3.msi
+ 2011-08-01 20:59 . 2011-08-01 20:59 2081792 c:\windows\Installer\353b9e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"chromium"="c:\users\amlive\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-04 1224176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-14 17:15 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\setup\disabledrunkeys]
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c9cf8e985c5662;Google Update Service (gupdate1c9cf8e985c5662);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-08 133104]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R3 50930040;50930040; [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 253600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-08 133104]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswFsBlk
*Deregistered* - aswRdr
*Deregistered* - aswSP
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:31]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-08 03:39]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-08 03:39]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3310979162-2329505881-3252644822-1000Core.job
- c:\users\amlive\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-24 01:11]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3310979162-2329505881-3252644822-1000UA.job
- c:\users\amlive\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-24 01:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1 184.16.4.22
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\teamviewer\version7\TeamViewer_Desktop.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-04-08 19:04:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 00:04
ComboFix2.txt 2012-04-07 16:22
ComboFix3.txt 2012-04-06 07:24
.
Pre-Run: 248,331,378,688 bytes free
Post-Run: 248,259,977,216 bytes free
.
- - End Of File - - EC9307A3D4F69C9CDEDE60B6529EEE45

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 08 April 2012 - 08:14 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.0
Java™ 6 Update 29
Java™ SE Runtime Environment 6
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 prowe77

prowe77
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 09 April 2012 - 01:33 AM

Everything's still running great - no problems.


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
amlive :: PROWE [administrator]

09-Apr-12 00:33:00
mbam-log-2012-04-09 (00-33-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200018
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

===========================================================================


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:22:01, on 09-Apr-12
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [chromium] C:\Users\amlive\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9cf8e985c5662) (gupdate1c9cf8e985c5662) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 8741 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 09 April 2012 - 01:37 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [chromium] C:\Users\amlive\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users