Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
55 replies to this topic

#1 tosh011

tosh011

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 14 April 2012 - 09:35 PM

hey guys, i have a google redirect virus.
i have posted my problem here http://www.bleepingcomputer.com/forums/topic449888.html/page__gopid__2665470#entry2665470
i've done the steps on the thread.

as you could see. there's a log that shows "931 GB \\.\PhysicalDrive0 Controlled by rootkit!"
aswMBR cause my laptop to have it's first Blue Screen of Death [BSoD].
don't know what to do next. please do help me.
i had troubles with my GMER log. i couldn't check some boxes.


DDS LOG
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Samsung at 12:59:43 on 2012-04-14
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.6058.4177 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuTor.dll
mURLSearchHooks: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuTor.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuTor.dll
TB: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuTor.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [guisvc.exe] "C:\ProgramData\Common Files\Microsoft Shared\Web Components\login.lnk"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [guisvc.exe] "C:\ProgramData\Common Files\Microsoft Shared\Web Components\login.lnk"
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 124.106.5.2 124.106.4.2
TCP: Interfaces\{1301A45D-F4A9-47C1-AAA1-629DAD437AFC} : DhcpNameServer = 124.106.5.2 124.106.4.2
TCP: Interfaces\{1301A45D-F4A9-47C1-AAA1-629DAD437AFC}\3444D225F5B494E474 : DhcpNameServer = 192.168.3.254
TCP: Interfaces\{1301A45D-F4A9-47C1-AAA1-629DAD437AFC}\75962756C6563737 : DhcpNameServer = 124.106.5.2 124.106.7.2
TCP: Interfaces\{BAC2CA2C-2731-4A23-A2F7-74539024D11C} : DhcpNameServer = 124.106.5.2 124.106.4.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuTor.dll
BHO-X64: uTorrentControl - No File
TB-X64: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuTor.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [guisvc.exe] "C:\ProgramData\Common Files\Microsoft Shared\Web Components\login.lnk"
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\m2jw6bjv.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Samsung\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\Windows\system32\Drivers\SABI.sys --> C:\Windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMPPALR3;IntelR CentrinoR Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 BFBackupUtilityService;Backup Utility Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute [?]
R2 BFBackupUtilityVSSService;Backup Utility VSS Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute [?]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-13 1997416]
R2 SGDrv;SGDrv;C:\Windows\system32\DRIVERS\SGdrv64.sys --> C:\Windows\system32\DRIVERS\SGdrv64.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-13 2656536]
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-3-20 245760]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-11 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 253600]
S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-11 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-14 03:10:10 -------- d-----w- C:\Program Files (x86)\BUFFALO
2012-04-13 04:56:40 -------- d-----w- C:\Users\Samsung\AppData\Roaming\Malwarebytes
2012-04-13 04:56:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-13 04:56:34 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-13 04:56:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-12 00:19:56 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 00:19:55 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 00:19:55 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 00:18:53 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 00:18:53 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 00:18:53 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 00:18:52 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 00:18:52 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 00:18:52 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 00:18:52 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 04:09:52 8767136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 03:44:03 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-11 03:39:19 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-11 03:39:19 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-04-11 03:39:18 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-04-11 03:39:18 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-04-11 03:39:18 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-30 10:13:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-28 16:10:00 -------- d-----w- C:\Users\Samsung\AppData\Local\ElevatedDiagnostics
2012-03-27 14:08:58 -------- d-----w- C:\Users\Samsung\AppData\Local\com.zipeg
2012-03-27 14:08:53 -------- d-----w- C:\Users\Samsung\AppData\Local\Zipeg
2012-03-24 04:26:22 -------- d-----w- C:\Windows\SysWow64\Wat
2012-03-24 04:26:22 -------- d-----w- C:\Windows\System32\Wat
2012-03-23 06:01:58 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-03-23 06:00:57 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-03-23 06:00:57 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-03-23 06:00:57 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-03-23 06:00:56 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-23 06:00:56 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-23 06:00:55 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-23 05:51:36 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-03-23 05:51:36 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-03-23 05:43:32 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-03-23 05:43:32 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-03-23 05:43:32 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-03-23 05:43:32 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-03-23 05:43:30 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-03-23 05:36:37 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-03-23 05:36:37 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-03-23 05:33:46 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-03-23 05:33:45 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-03-23 05:33:45 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-03-23 05:33:45 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-03-23 05:33:45 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-03-23 05:33:44 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-03-23 05:33:44 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-03-23 05:33:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-03-23 05:33:34 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-03-23 05:28:33 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-03-23 05:28:33 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-03-23 05:22:26 77312 ----a-w- C:\Windows\System32\packager.dll
2012-03-23 05:22:26 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-22 12:23:40 -------- d-----w- C:\Program Files\FlyFF
2012-03-22 09:29:06 472576 ----a-w- C:\Windows\AutoKMS.exe
2012-03-22 09:28:59 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-22 09:28:59 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-22 09:28:59 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-22 09:28:58 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-22 09:28:58 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-22 09:28:56 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-22 09:28:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-22 09:28:56 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-22 09:16:46 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-22 09:16:31 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-22 09:15:20 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-03-22 09:15:05 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-03-22 09:14:52 -------- d-----w- C:\Users\Samsung\AppData\Local\Microsoft Help
2012-03-22 09:10:24 93240 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2012-03-22 09:10:24 -------- d-----w- C:\Program Files (x86)\PowerISO
2012-03-22 07:33:44 -------- d-----w- C:\Program Files\O2Jam
2012-03-20 12:34:58 -------- d-----w- C:\Program Files (x86)\Browny02
2012-03-20 12:34:56 73728 ------w- C:\Windows\SysWow64\BrDctF2.dll
2012-03-20 12:34:56 61440 ----a-w- C:\Windows\SysWow64\brprtink.dll
2012-03-20 12:34:56 5120 ------w- C:\Windows\SysWow64\BrDctF2L.dll
2012-03-20 12:34:56 50688 ----a-w- C:\Windows\System32\BrUsi09c.dll
2012-03-20 12:34:56 3072 ------w- C:\Windows\SysWow64\BrDctF2S.dll
2012-03-20 12:34:56 217088 ------w- C:\Windows\SysWow64\NSSearch.dll
2012-03-20 12:34:56 1560576 ----a-w- C:\Windows\System32\BrWi209c.dll
2012-03-20 12:34:56 -------- d-----w- C:\Program Files (x86)\Brother
2012-03-20 12:34:55 180224 ------w- C:\Windows\SysWow64\BroSNMP.dll
2012-03-20 12:34:44 -------- d-----w- C:\ProgramData\Brother
2012-03-20 10:21:33 -------- d-----w- C:\Users\Samsung\AppData\Local\Diagnostics
2012-03-20 09:12:40 -------- d-----w- C:\Program Files (x86)\Warcraft III Reign of Chaos & The Frozen Throne
2012-03-18 12:03:26 98816 ----a-w- C:\Windows\sed.exe
2012-03-18 12:03:26 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-18 12:03:26 256000 ----a-w- C:\Windows\PEV.exe
2012-03-18 12:03:26 208896 ----a-w- C:\Windows\MBR.exe
2012-03-18 12:03:20 -------- d-s---w- C:\ComboFix
2012-03-18 12:01:57 -------- d-----w- C:\Program Files\CCleaner
2012-03-18 11:46:21 -------- d-----w- C:\Program Files\Pangya
2012-03-18 10:53:55 -------- d-----w- C:\Program Files\VideoConverterPortable
2012-03-16 09:36:29 -------- d-----w- C:\Program Files\Gpotato
2012-03-15 08:19:35 -------- d-----w- C:\Users\Samsung\AppData\Roaming\NVIDIA
2012-03-15 08:19:34 412517 ----a-w- C:\Program Files (x86)\readersdll.exe
2012-03-15 08:19:34 -------- d-----w- C:\ProgramData\Common Files
.
==================== Find3M ====================
.
2012-03-14 01:04:12 94720 --sha-r- C:\Windows\SysWow64\btpanuih.dll
2012-03-13 08:01:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-15 03:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 03:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-14 04:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:00:42.11 ===============

GMER LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-15 09:37:41
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b803051e66f2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b803051e66f2@10f9ee39402b 0x64 0x0F 0x6C 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b803051e66f2@5c17d33e0f3d 0xF6 0xF9 0xAB 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b803051e66f2@3c8bfe0db3a4 0xF9 0xCE 0x23 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\50-67-f0-8f-b2-2b@TeredoAddress 2001:0:4137:9e76:24a3:d872:8f31:eb21
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 946
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b803051e66f2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b803051e66f2@10f9ee39402b 0x64 0x0F 0x6C 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b803051e66f2@5c17d33e0f3d 0xF6 0xF9 0xAB 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b803051e66f2@3c8bfe0db3a4 0xF9 0xCE 0x23 0x21 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BUFFALO\Backup Utility\\x30d0\x30c3\x30af\x30a2\x30c3\x30d7 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BUFFALO\Backup Utility\\x30d0\x30c3\x30af\x30a2\x30c3\x30d7 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BUFFALO\Backup Utility\ 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BUFFALO\Backup Utility\ 1

---- Files - GMER 1.0.15 ----

File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0006b1 0 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0007cf 0 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F7F8.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F7F9.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F80A.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F80B.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F80C.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F80D.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F82D.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F82E.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F83F.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F840.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F850.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F851.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F852.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F853.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F864.tmp 150798 bytes
File C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F865.tmp 150798 bytes
File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  Attach.txt   5.89KB   3 downloads
  • Attached File  1.jpg   177.77KB   2 downloads

Edited by tosh011, 14 April 2012 - 09:37 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 AM

Posted 15 April 2012 - 12:11 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tosh011

tosh011
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 15 April 2012 - 01:20 AM

SECURITY CHECKUP LOG


Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


COMBOFIX LOG

ComboFix 12-04-14.03 - Samsung 5/2012 Sun 13:47:55.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.6058.4429 [GMT 8:00]
Running from: c:\users\Samsung\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 05:55 . 2012-04-15 05:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-15 05:55 . 2012-04-15 05:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 03:10 . 2012-04-14 03:10 -------- d-----w- c:\program files (x86)\BUFFALO
2012-04-13 04:56 . 2012-04-13 04:56 -------- d-----w- c:\users\Samsung\AppData\Roaming\Malwarebytes
2012-04-13 04:56 . 2012-04-13 04:56 -------- d-----w- c:\programdata\Malwarebytes
2012-04-13 04:56 . 2012-04-04 07:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 04:56 . 2012-04-13 04:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-12 00:19 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 00:19 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 00:19 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 00:18 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 00:18 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 00:18 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 00:18 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 00:18 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 00:18 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 00:18 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 04:09 . 2012-04-14 14:09 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 03:44 . 2012-04-14 14:10 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-11 03:43 . 2012-04-11 03:43 -------- d-----w- c:\windows\system32\Macromed
2012-04-11 03:39 . 2012-04-11 03:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-11 03:39 . 2012-04-11 03:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-11 03:39 . 2012-04-11 03:39 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-04-11 03:39 . 2012-04-11 03:39 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-04-11 03:39 . 2012-04-11 03:39 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-04-10 23:22 . 2012-04-10 23:22 -------- d-----w- c:\program files (x86)\Google
2012-04-09 11:54 . 2012-04-09 11:54 -------- d-----w- c:\users\Unauthorized
2012-03-30 10:13 . 2012-03-30 10:16 -------- d-----w- c:\users\Samsung\AppData\Roaming\Yahoo!
2012-03-30 10:13 . 2012-03-30 10:13 -------- d-----w- c:\programdata\Yahoo! Companion
2012-03-30 10:13 . 2012-04-14 14:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-30 08:16 . 2012-03-30 10:13 -------- d-----w- c:\programdata\Yahoo!
2012-03-28 16:10 . 2012-03-28 16:10 -------- d-----w- c:\users\Samsung\AppData\Local\ElevatedDiagnostics
2012-03-27 14:08 . 2012-03-27 14:08 -------- d-----w- c:\users\Samsung\AppData\Local\com.zipeg
2012-03-27 14:08 . 2012-03-27 14:09 -------- d-----w- c:\users\Samsung\AppData\Local\Zipeg
2012-03-25 17:59 . 2012-03-25 17:59 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-24 04:26 . 2012-03-24 04:26 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-24 04:26 . 2012-03-24 04:26 -------- d-----w- c:\windows\system32\Wat
2012-03-23 06:01 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-03-23 06:00 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-23 06:00 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-23 06:00 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-23 06:00 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-23 06:00 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-23 06:00 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-23 05:51 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-23 05:51 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-03-23 05:43 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-23 05:43 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-03-23 05:43 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-03-23 05:43 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-03-23 05:43 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-23 05:36 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-23 05:36 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-23 05:33 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-03-23 05:33 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-03-23 05:33 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-03-23 05:33 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-03-23 05:33 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-03-23 05:33 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-03-23 05:33 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-03-23 05:33 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-23 05:33 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-03-23 05:28 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-03-23 05:28 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-03-23 05:22 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-23 05:22 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-22 12:23 . 2012-04-12 22:08 -------- d-----w- c:\program files\FlyFF
2012-03-22 09:29 . 2012-03-22 09:29 472576 ----a-w- c:\windows\AutoKMS.exe
2012-03-22 09:28 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-22 09:28 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-22 09:28 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-22 09:28 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-22 09:28 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-22 09:28 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-22 09:28 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-22 09:28 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-22 09:16 . 2012-03-22 09:16 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-03-22 09:16 . 2012-03-24 04:24 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-22 09:16 . 2012-03-22 09:16 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-03-22 09:16 . 2012-03-22 09:16 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-03-22 09:15 . 2012-03-22 09:15 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-03-22 09:15 . 2012-03-22 09:15 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-03-22 09:14 . 2012-03-22 09:14 -------- d-----w- c:\users\Samsung\AppData\Local\Microsoft Help
2012-03-22 09:14 . 2012-04-12 00:21 -------- d-----w- c:\programdata\Microsoft Help
2012-03-22 09:14 . 2012-03-22 09:14 -------- d-----r- C:\MSOCache
2012-03-22 09:10 . 2012-03-22 09:10 -------- d-----w- c:\program files (x86)\PowerISO
2012-03-22 09:10 . 2011-06-15 08:30 93240 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-03-22 07:33 . 2012-03-22 09:45 -------- d-----w- c:\program files\O2Jam
2012-03-20 12:34 . 2012-03-20 12:34 -------- d-----w- c:\program files (x86)\Browny02
2012-03-20 12:34 . 2012-03-20 12:34 -------- d-----w- c:\program files (x86)\Brother
2012-03-20 12:34 . 2010-02-09 09:11 217088 ------w- c:\windows\SysWow64\NSSearch.dll
2012-03-20 12:34 . 2010-01-22 07:52 61440 ----a-w- c:\windows\SysWow64\brprtink.dll
2012-03-20 12:34 . 2010-01-22 07:34 3072 ------w- c:\windows\SysWow64\BrDctF2S.dll
2012-03-20 12:34 . 2010-01-12 02:02 1560576 ----a-w- c:\windows\system32\BrWi209c.dll
2012-03-20 12:34 . 2009-08-18 10:36 50688 ----a-w- c:\windows\system32\BrUsi09c.dll
2012-03-20 12:34 . 2007-12-13 14:16 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
2012-03-20 12:34 . 2007-12-13 14:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll
2012-03-20 12:34 . 2010-02-05 03:42 180224 ------w- c:\windows\SysWow64\BroSNMP.dll
2012-03-20 12:34 . 2012-03-20 12:34 -------- d-----w- c:\programdata\Brother
2012-03-20 10:21 . 2012-03-20 10:21 -------- d-----w- c:\users\Samsung\AppData\Local\Diagnostics
2012-03-20 09:12 . 2012-03-20 09:13 -------- d-----w- c:\program files (x86)\Warcraft III Reign of Chaos & The Frozen Throne
2012-03-18 12:01 . 2012-03-18 12:01 -------- d-----w- c:\program files\CCleaner
2012-03-18 11:46 . 2012-03-18 11:47 -------- d-----w- c:\program files\Pangya
2012-03-18 10:53 . 2012-04-01 02:53 -------- d-----w- c:\program files\VideoConverterPortable
2012-03-16 09:36 . 2012-03-16 09:36 -------- d-----w- c:\program files\Gpotato
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 13:48 . 2012-03-15 08:19 412517 ----a-w- c:\program files (x86)\readersdll.exe
2012-03-13 08:01 . 2012-03-13 07:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-15 03:01 . 2012-02-15 03:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 03:01 . 2012-02-15 03:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 04:09 . 2012-02-14 04:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files (x86)\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e9df9360-97f8-4690-afe6-996c80790da4}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files (x86)\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"guisvc.exe"="c:\programdata\Common Files\Microsoft Shared\Web Components\login.lnk" [2012-03-30 1194]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 6591800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"guisvc.exe"="c:\programdata\Common Files\Microsoft Shared\Web Components\login.lnk" [2012-03-30 1194]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Backup Utility TaskTray Tool"="c:\program files (x86)\BUFFALO\Backup_Utility\BUTray.exe" [2011-08-25 3599432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\gPotato\IrisOnline\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMPPALR3;IntelR CentrinoR Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 BFBackupUtilityService;Backup Utility Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUService.exe [2010-08-20 320888]
S2 BFBackupUtilityVSSService;Backup Utility VSS Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [2010-04-28 359288]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-04 1997416]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-04 2656536]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 14:10]
.
2012-04-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1697996849-2986243868-690567337-1000Core.job
- c:\users\Samsung\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-13 10:40]
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1697996849-2986243868-690567337-1000UA.job
- c:\users\Samsung\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-13 10:40]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 23:22]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 23:22]
.
2012-04-15 c:\windows\Tasks\uizlybd.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-18 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-18 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-18 418584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 124.106.6.2 124.106.4.2
FF - ProfilePath - c:\users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\m2jw6bjv.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E9DF9360-97F8-4690-AFE6-996C80790DA4} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-15 13:59:31
ComboFix-quarantined-files.txt 2012-04-15 05:59
.
Pre-Run: 891,074,060,288 bytes free
Post-Run: 892,377,374,720 bytes free
.
- - End Of File - - C575D2C1C76C28DDD0BBD7E17DE87D9A


----
still having the google redirect. and i still don't know how to remove the rootkit on the Physical Drive.
please refer to the 7th post. http://www.bleepingcomputer.com/forums/topic449888.html/page__view__findpost__p__2664477

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 AM

Posted 15 April 2012 - 01:26 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tosh011

tosh011
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 15 April 2012 - 02:06 AM

TDSS KILLER

15:03:11.0407 4116 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
15:03:13.0411 4116 ============================================================
15:03:13.0411 4116 Current date / time: 2012/04/15 15:03:13.0411
15:03:13.0411 4116 SystemInfo:
15:03:13.0411 4116
15:03:13.0412 4116 OS Version: 6.1.7601 ServicePack: 1.0
15:03:13.0412 4116 Product type: Workstation
15:03:13.0412 4116 ComputerName: TOSHIXD
15:03:13.0412 4116 UserName: Samsung
15:03:13.0412 4116 Windows directory: C:\Windows
15:03:13.0412 4116 System windows directory: C:\Windows
15:03:13.0412 4116 Running under WOW64
15:03:13.0412 4116 Processor architecture: Intel x64
15:03:13.0412 4116 Number of processors: 4
15:03:13.0412 4116 Page size: 0x1000
15:03:13.0412 4116 Boot type: Normal boot
15:03:13.0412 4116 ============================================================
15:03:14.0116 4116 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:03:14.0125 4116 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:03:14.0129 4116 \Device\Harddisk0\DR0:
15:03:14.0130 4116 MBR used
15:03:14.0130 4116 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:03:14.0130 4116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
15:03:14.0130 4116 \Device\Harddisk1\DR1:
15:03:14.0131 4116 MBR used
15:03:14.0131 4116 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0xE8E07481
15:03:14.0639 4116 Initialize success
15:03:14.0640 4116 ============================================================
15:03:15.0756 1820 ============================================================
15:03:15.0756 1820 Scan started
15:03:15.0756 1820 Mode: Manual;
15:03:15.0756 1820 ============================================================
15:03:16.0571 1820 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:03:16.0575 1820 1394ohci - ok
15:03:16.0765 1820 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:03:16.0771 1820 ACPI - ok
15:03:16.0875 1820 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:03:16.0876 1820 AcpiPmi - ok
15:03:17.0075 1820 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:03:17.0080 1820 AdobeFlashPlayerUpdateSvc - ok
15:03:17.0308 1820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:03:17.0316 1820 adp94xx - ok
15:03:17.0942 1820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:03:17.0949 1820 adpahci - ok
15:03:18.0182 1820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:03:18.0186 1820 adpu320 - ok
15:03:18.0328 1820 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:03:18.0330 1820 AeLookupSvc - ok
15:03:18.0542 1820 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:03:18.0550 1820 AFD - ok
15:03:18.0656 1820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:03:18.0658 1820 agp440 - ok
15:03:18.0806 1820 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:03:18.0808 1820 ALG - ok
15:03:18.0982 1820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:03:18.0983 1820 aliide - ok
15:03:19.0091 1820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:03:19.0092 1820 amdide - ok
15:03:19.0246 1820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:03:19.0248 1820 AmdK8 - ok
15:03:19.0424 1820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:03:19.0426 1820 AmdPPM - ok
15:03:19.0532 1820 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:03:19.0536 1820 amdsata - ok
15:03:19.0646 1820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:03:19.0649 1820 amdsbs - ok
15:03:19.0814 1820 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:03:19.0815 1820 amdxata - ok
15:03:19.0912 1820 AMPPAL (9921e78bc29634235f4bf5809e7e8cde) C:\Windows\system32\DRIVERS\AMPPAL.sys
15:03:19.0917 1820 AMPPAL - ok
15:03:20.0112 1820 AMPPALP (9921e78bc29634235f4bf5809e7e8cde) C:\Windows\system32\DRIVERS\amppal.sys
15:03:20.0117 1820 AMPPALP - ok
15:03:20.0246 1820 AMPPALR3 (83a0e7ba4ae616d3654e700d9c5ff9db) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
15:03:20.0263 1820 AMPPALR3 - ok
15:03:20.0441 1820 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:03:20.0443 1820 AppID - ok
15:03:20.0593 1820 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:03:20.0594 1820 AppIDSvc - ok
15:03:20.0706 1820 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:03:20.0708 1820 Appinfo - ok
15:03:20.0842 1820 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:03:20.0844 1820 Apple Mobile Device - ok
15:03:20.0943 1820 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:03:20.0947 1820 AppMgmt - ok
15:03:21.0055 1820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:03:21.0057 1820 arc - ok
15:03:21.0157 1820 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:03:21.0159 1820 arcsas - ok
15:03:21.0275 1820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:03:21.0276 1820 AsyncMac - ok
15:03:21.0474 1820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:03:21.0476 1820 atapi - ok
15:03:21.0670 1820 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:03:21.0681 1820 AudioEndpointBuilder - ok
15:03:21.0727 1820 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:03:21.0737 1820 AudioSrv - ok
15:03:21.0838 1820 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:03:21.0840 1820 AxInstSV - ok
15:03:21.0964 1820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:03:21.0972 1820 b06bdrv - ok
15:03:22.0140 1820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:03:22.0145 1820 b57nd60a - ok
15:03:22.0354 1820 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:03:22.0356 1820 BDESVC - ok
15:03:22.0453 1820 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:03:22.0454 1820 Beep - ok
15:03:22.0630 1820 BFBackupUtilityService - ok
15:03:22.0809 1820 BFBackupUtilityVSSService - ok
15:03:22.0928 1820 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:03:22.0940 1820 BFE - ok
15:03:23.0105 1820 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:03:23.0120 1820 BITS - ok
15:03:23.0235 1820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:03:23.0237 1820 blbdrive - ok
15:03:23.0413 1820 Bluetooth Device Monitor (55b0c8441de7d91a819a39d0351154a2) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
15:03:23.0427 1820 Bluetooth Device Monitor - ok
15:03:23.0601 1820 Bluetooth Media Service (7e262330df0c4be4ece853b59b9cbe4c) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
15:03:23.0622 1820 Bluetooth Media Service - ok
15:03:23.0743 1820 Bluetooth OBEX Service (8bf4b9956e13871a88a3810074e2e110) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
15:03:23.0758 1820 Bluetooth OBEX Service - ok
15:03:23.0915 1820 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:03:23.0923 1820 Bonjour Service - ok
15:03:24.0109 1820 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:03:24.0111 1820 bowser - ok
15:03:24.0215 1820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:03:24.0216 1820 BrFiltLo - ok
15:03:24.0326 1820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:03:24.0327 1820 BrFiltUp - ok
15:03:24.0484 1820 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:03:24.0486 1820 BridgeMP - ok
15:03:24.0637 1820 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:03:24.0640 1820 Browser - ok
15:03:24.0746 1820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:03:24.0751 1820 Brserid - ok
15:03:24.0932 1820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:03:24.0934 1820 BrSerWdm - ok
15:03:25.0088 1820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:03:25.0089 1820 BrUsbMdm - ok
15:03:25.0232 1820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:03:25.0233 1820 BrUsbSer - ok
15:03:25.0310 1820 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
15:03:25.0314 1820 BrYNSvc - ok
15:03:25.0434 1820 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:03:25.0435 1820 BthEnum - ok
15:03:25.0582 1820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:03:25.0583 1820 BTHMODEM - ok
15:03:25.0767 1820 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:03:25.0770 1820 BthPan - ok
15:03:25.0927 1820 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:03:25.0936 1820 BTHPORT - ok
15:03:26.0068 1820 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:03:26.0070 1820 bthserv - ok
15:03:26.0210 1820 BTHSSecurityMgr (a5b3e8b2b78c7b3da56a0de490e6718c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
15:03:26.0212 1820 BTHSSecurityMgr - ok
15:03:26.0309 1820 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:03:26.0312 1820 BTHUSB - ok
15:03:26.0432 1820 btmaux (270fba230e78e25726d065a924589a72) C:\Windows\system32\DRIVERS\btmaux.sys
15:03:26.0434 1820 btmaux - ok
15:03:26.0587 1820 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\Windows\system32\DRIVERS\btmhsf.sys
15:03:26.0596 1820 btmhsf - ok
15:03:26.0746 1820 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:03:26.0748 1820 cdfs - ok
15:03:26.0944 1820 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:03:26.0948 1820 cdrom - ok
15:03:27.0024 1820 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:03:27.0026 1820 CertPropSvc - ok
15:03:27.0121 1820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:03:27.0122 1820 circlass - ok
15:03:27.0277 1820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:03:27.0284 1820 CLFS - ok
15:03:27.0433 1820 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:27.0435 1820 clr_optimization_v2.0.50727_32 - ok
15:03:27.0532 1820 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:03:27.0534 1820 clr_optimization_v2.0.50727_64 - ok
15:03:27.0748 1820 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:03:27.0751 1820 clr_optimization_v4.0.30319_32 - ok
15:03:27.0939 1820 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:03:27.0943 1820 clr_optimization_v4.0.30319_64 - ok
15:03:28.0123 1820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:03:28.0124 1820 CmBatt - ok
15:03:28.0289 1820 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:03:28.0290 1820 cmdide - ok
15:03:28.0494 1820 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:03:28.0502 1820 CNG - ok
15:03:28.0601 1820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:03:28.0603 1820 Compbatt - ok
15:03:28.0782 1820 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:03:28.0784 1820 CompositeBus - ok
15:03:28.0929 1820 COMSysApp - ok
15:03:29.0030 1820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:03:29.0031 1820 crcdisk - ok
15:03:29.0179 1820 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:03:29.0183 1820 CryptSvc - ok
15:03:29.0247 1820 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:03:29.0255 1820 CSC - ok
15:03:29.0405 1820 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:03:29.0417 1820 CscService - ok
15:03:29.0536 1820 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:03:29.0548 1820 DcomLaunch - ok
15:03:29.0694 1820 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:03:29.0699 1820 defragsvc - ok
15:03:29.0809 1820 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:03:29.0811 1820 DfsC - ok
15:03:29.0950 1820 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:03:29.0956 1820 Dhcp - ok
15:03:30.0126 1820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:03:30.0127 1820 discache - ok
15:03:30.0235 1820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:03:30.0237 1820 Disk - ok
15:03:30.0414 1820 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
15:03:30.0416 1820 dmvsc - ok
15:03:30.0513 1820 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:03:30.0517 1820 Dnscache - ok
15:03:30.0631 1820 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:03:30.0637 1820 dot3svc - ok
15:03:30.0679 1820 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:03:30.0683 1820 DPS - ok
15:03:30.0838 1820 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:03:30.0839 1820 drmkaud - ok
15:03:30.0910 1820 dump_wmimmc - ok
15:03:31.0130 1820 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:03:31.0146 1820 DXGKrnl - ok
15:03:31.0267 1820 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:03:31.0270 1820 EapHost - ok
15:03:31.0512 1820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:03:31.0562 1820 ebdrv - ok
15:03:31.0675 1820 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:03:31.0678 1820 EFS - ok
15:03:31.0825 1820 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:03:31.0836 1820 ehRecvr - ok
15:03:31.0936 1820 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:03:31.0938 1820 ehSched - ok
15:03:32.0128 1820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:03:32.0137 1820 elxstor - ok
15:03:32.0162 1820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:03:32.0163 1820 ErrDev - ok
15:03:32.0255 1820 ETD (98b103d1d5c426a10219437e36e03fe8) C:\Windows\system32\DRIVERS\ETD.sys
15:03:32.0259 1820 ETD - ok
15:03:32.0345 1820 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:03:32.0353 1820 EventSystem - ok
15:03:32.0459 1820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:03:32.0465 1820 exfat - ok
15:03:32.0540 1820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:03:32.0543 1820 fastfat - ok
15:03:32.0674 1820 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:03:32.0684 1820 Fax - ok
15:03:32.0769 1820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:03:32.0770 1820 fdc - ok
15:03:32.0860 1820 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:03:32.0862 1820 fdPHost - ok
15:03:32.0888 1820 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:03:32.0890 1820 FDResPub - ok
15:03:32.0965 1820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:03:32.0967 1820 FileInfo - ok
15:03:32.0978 1820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:03:32.0979 1820 Filetrace - ok
15:03:32.0994 1820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:03:32.0995 1820 flpydisk - ok
15:03:33.0150 1820 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:03:33.0155 1820 FltMgr - ok
15:03:33.0229 1820 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:03:33.0251 1820 FontCache - ok
15:03:33.0391 1820 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:03:33.0393 1820 FontCache3.0.0.0 - ok
15:03:33.0565 1820 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:03:33.0567 1820 FsDepends - ok
15:03:33.0718 1820 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:03:33.0719 1820 Fs_Rec - ok
15:03:33.0788 1820 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:03:33.0792 1820 fvevol - ok
15:03:33.0917 1820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:03:33.0918 1820 gagp30kx - ok
15:03:33.0968 1820 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:03:33.0969 1820 GEARAspiWDM - ok
15:03:34.0054 1820 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:03:34.0067 1820 gpsvc - ok
15:03:34.0270 1820 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:34.0272 1820 gupdate - ok
15:03:34.0321 1820 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:34.0323 1820 gupdatem - ok
15:03:34.0505 1820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:03:34.0506 1820 hcw85cir - ok
15:03:34.0632 1820 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:03:34.0638 1820 HdAudAddService - ok
15:03:34.0678 1820 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:03:34.0681 1820 HDAudBus - ok
15:03:34.0698 1820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:03:34.0699 1820 HidBatt - ok
15:03:34.0712 1820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:03:34.0714 1820 HidBth - ok
15:03:34.0757 1820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:03:34.0759 1820 HidIr - ok
15:03:34.0802 1820 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:03:34.0804 1820 hidserv - ok
15:03:34.0926 1820 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:03:34.0928 1820 HidUsb - ok
15:03:34.0996 1820 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:03:35.0000 1820 hkmsvc - ok
15:03:35.0037 1820 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:03:35.0043 1820 HomeGroupListener - ok
15:03:35.0071 1820 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:03:35.0077 1820 HomeGroupProvider - ok
15:03:35.0103 1820 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:03:35.0104 1820 HpSAMD - ok
15:03:35.0149 1820 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:03:35.0161 1820 HTTP - ok
15:03:35.0203 1820 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:03:35.0204 1820 hwpolicy - ok
15:03:35.0255 1820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:03:35.0258 1820 i8042prt - ok
15:03:35.0390 1820 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\Windows\system32\DRIVERS\iaStor.sys
15:03:35.0397 1820 iaStor - ok
15:03:35.0446 1820 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:03:35.0453 1820 iaStorV - ok
15:03:35.0480 1820 iBtFltCoex (de9e40baee2e48fd1e3eb423074c014c) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
15:03:35.0484 1820 iBtFltCoex - ok
15:03:35.0640 1820 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:03:35.0660 1820 idsvc - ok
15:03:36.0070 1820 igfx (8cb8667f5a3b5515f2585f3254f3aaf7) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:03:36.0258 1820 igfx - ok
15:03:36.0369 1820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:03:36.0371 1820 iirsp - ok
15:03:36.0449 1820 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:03:36.0464 1820 IKEEXT - ok
15:03:36.0647 1820 IntcAzAudAddService (8e05adb4b809b478b2ec65a1a1633deb) C:\Windows\system32\drivers\RTKVHD64.sys
15:03:36.0693 1820 IntcAzAudAddService - ok
15:03:36.0900 1820 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:03:36.0906 1820 IntcDAud - ok
15:03:36.0946 1820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:03:36.0947 1820 intelide - ok
15:03:36.0987 1820 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:03:36.0989 1820 intelppm - ok
15:03:37.0029 1820 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:03:37.0033 1820 IPBusEnum - ok
15:03:37.0130 1820 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:03:37.0132 1820 IpFilterDriver - ok
15:03:37.0208 1820 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:03:37.0218 1820 iphlpsvc - ok
15:03:37.0231 1820 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:03:37.0233 1820 IPMIDRV - ok
15:03:37.0259 1820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:03:37.0261 1820 IPNAT - ok
15:03:37.0355 1820 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
15:03:37.0369 1820 iPod Service - ok
15:03:37.0511 1820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:03:37.0512 1820 IRENUM - ok
15:03:37.0540 1820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:03:37.0541 1820 isapnp - ok
15:03:37.0566 1820 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:03:37.0572 1820 iScsiPrt - ok
15:03:37.0668 1820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:03:37.0670 1820 kbdclass - ok
15:03:37.0735 1820 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:03:37.0737 1820 kbdhid - ok
15:03:37.0777 1820 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:37.0780 1820 KeyIso - ok
15:03:37.0822 1820 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:03:37.0824 1820 KSecDD - ok
15:03:37.0913 1820 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:03:37.0916 1820 KSecPkg - ok
15:03:37.0970 1820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:03:37.0971 1820 ksthunk - ok
15:03:38.0002 1820 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:03:38.0010 1820 KtmRm - ok
15:03:38.0092 1820 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:03:38.0098 1820 LanmanServer - ok
15:03:38.0136 1820 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:03:38.0142 1820 LanmanWorkstation - ok
15:03:38.0228 1820 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:03:38.0230 1820 lltdio - ok
15:03:38.0270 1820 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:03:38.0276 1820 lltdsvc - ok
15:03:38.0319 1820 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:03:38.0321 1820 lmhosts - ok
15:03:38.0485 1820 LMS (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:03:38.0491 1820 LMS - ok
15:03:38.0668 1820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:03:38.0671 1820 LSI_FC - ok
15:03:38.0690 1820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:03:38.0692 1820 LSI_SAS - ok
15:03:38.0716 1820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:03:38.0718 1820 LSI_SAS2 - ok
15:03:38.0745 1820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:03:38.0747 1820 LSI_SCSI - ok
15:03:38.0788 1820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:03:38.0790 1820 luafv - ok
15:03:38.0830 1820 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:03:38.0833 1820 Mcx2Svc - ok
15:03:38.0855 1820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:03:38.0856 1820 megasas - ok
15:03:38.0883 1820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:03:38.0888 1820 MegaSR - ok
15:03:38.0923 1820 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
15:03:38.0925 1820 MEIx64 - ok
15:03:39.0074 1820 Microsoft SharePoint Workspace Audit Service - ok
15:03:39.0210 1820 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:03:39.0213 1820 MMCSS - ok
15:03:39.0268 1820 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:03:39.0272 1820 Modem - ok
15:03:39.0297 1820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:03:39.0298 1820 monitor - ok
15:03:39.0394 1820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:03:39.0395 1820 mouclass - ok
15:03:39.0434 1820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:03:39.0435 1820 mouhid - ok
15:03:39.0494 1820 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:03:39.0496 1820 mountmgr - ok
15:03:39.0521 1820 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:03:39.0524 1820 mpio - ok
15:03:39.0545 1820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:03:39.0546 1820 mpsdrv - ok
15:03:39.0600 1820 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:03:39.0614 1820 MpsSvc - ok
15:03:39.0646 1820 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:03:39.0649 1820 MRxDAV - ok
15:03:39.0684 1820 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:03:39.0687 1820 mrxsmb - ok
15:03:39.0809 1820 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:03:39.0814 1820 mrxsmb10 - ok
15:03:39.0847 1820 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:03:39.0849 1820 mrxsmb20 - ok
15:03:39.0942 1820 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:03:39.0943 1820 msahci - ok
15:03:40.0022 1820 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:03:40.0025 1820 msdsm - ok
15:03:40.0060 1820 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:03:40.0064 1820 MSDTC - ok
15:03:40.0096 1820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:03:40.0097 1820 Msfs - ok
15:03:40.0119 1820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:03:40.0120 1820 mshidkmdf - ok
15:03:40.0213 1820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:03:40.0214 1820 msisadrv - ok
15:03:40.0272 1820 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:03:40.0276 1820 MSiSCSI - ok
15:03:40.0291 1820 msiserver - ok
15:03:40.0358 1820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:03:40.0359 1820 MSKSSRV - ok
15:03:40.0394 1820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:03:40.0395 1820 MSPCLOCK - ok
15:03:40.0415 1820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:03:40.0416 1820 MSPQM - ok
15:03:40.0452 1820 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:03:40.0459 1820 MsRPC - ok
15:03:40.0486 1820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:03:40.0488 1820 mssmbios - ok
15:03:40.0509 1820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:03:40.0510 1820 MSTEE - ok
15:03:40.0522 1820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:03:40.0523 1820 MTConfig - ok
15:03:40.0630 1820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:03:40.0632 1820 Mup - ok
15:03:40.0676 1820 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:03:40.0687 1820 napagent - ok
15:03:40.0786 1820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:03:40.0794 1820 NativeWifiP - ok
15:03:40.0866 1820 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
15:03:40.0881 1820 NDIS - ok
15:03:40.0927 1820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:03:40.0929 1820 NdisCap - ok
15:03:40.0963 1820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:03:40.0964 1820 NdisTapi - ok
15:03:41.0073 1820 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:03:41.0075 1820 Ndisuio - ok
15:03:41.0099 1820 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:03:41.0102 1820 NdisWan - ok
15:03:41.0130 1820 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:03:41.0131 1820 NDProxy - ok
15:03:41.0172 1820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:03:41.0174 1820 NetBIOS - ok
15:03:41.0200 1820 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:03:41.0205 1820 NetBT - ok
15:03:41.0249 1820 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:41.0252 1820 Netlogon - ok
15:03:41.0362 1820 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:03:41.0370 1820 Netman - ok
15:03:41.0402 1820 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:03:41.0414 1820 netprofm - ok
15:03:41.0508 1820 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:03:41.0511 1820 NetTcpPortSharing - ok
15:03:41.0854 1820 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
15:03:41.0988 1820 NETwNs64 - ok
15:03:42.0101 1820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:03:42.0103 1820 nfrd960 - ok
15:03:42.0218 1820 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:03:42.0225 1820 NlaSvc - ok
15:03:42.0241 1820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:03:42.0243 1820 Npfs - ok
15:03:42.0266 1820 npggsvc - ok
15:03:42.0282 1820 NPPTNT2 - ok
15:03:42.0305 1820 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:03:42.0308 1820 nsi - ok
15:03:42.0327 1820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:03:42.0328 1820 nsiproxy - ok
15:03:42.0451 1820 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:03:42.0477 1820 Ntfs - ok
15:03:42.0624 1820 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:03:42.0625 1820 Null - ok
15:03:43.0020 1820 nvlddmkm (70e89a21827b2669af906b703c7c48b5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:03:43.0259 1820 nvlddmkm - ok
15:03:43.0383 1820 nvpciflt (4b9c0c2bf78289513101eb0d44834701) C:\Windows\system32\DRIVERS\nvpciflt.sys
15:03:43.0384 1820 nvpciflt - ok
15:03:43.0442 1820 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:03:43.0445 1820 nvraid - ok
15:03:43.0523 1820 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:03:43.0527 1820 nvstor - ok
15:03:43.0594 1820 NVSvc (e04fce1d149cf05c3449e3171f9c3e41) C:\Windows\system32\nvvsvc.exe
15:03:43.0612 1820 NVSvc - ok
15:03:43.0704 1820 nvUpdatusService (d96ddea6c699a99832e0186057801971) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:03:43.0737 1820 nvUpdatusService - ok
15:03:43.0845 1820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:03:43.0848 1820 nv_agp - ok
15:03:43.0871 1820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:03:43.0873 1820 ohci1394 - ok
15:03:44.0050 1820 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:03:44.0053 1820 ose - ok
15:03:44.0288 1820 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:03:44.0363 1820 osppsvc - ok
15:03:44.0477 1820 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:03:44.0484 1820 p2pimsvc - ok
15:03:44.0613 1820 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:03:44.0622 1820 p2psvc - ok
15:03:44.0675 1820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:03:44.0677 1820 Parport - ok
15:03:44.0701 1820 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:03:44.0703 1820 partmgr - ok
15:03:44.0736 1820 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:03:44.0742 1820 PcaSvc - ok
15:03:44.0844 1820 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:03:44.0847 1820 pci - ok
15:03:44.0874 1820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:03:44.0875 1820 pciide - ok
15:03:44.0907 1820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:03:44.0911 1820 pcmcia - ok
15:03:44.0993 1820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:03:44.0994 1820 pcw - ok
15:03:45.0034 1820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:03:45.0045 1820 PEAUTH - ok
15:03:45.0110 1820 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:03:45.0133 1820 PeerDistSvc - ok
15:03:45.0256 1820 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:03:45.0259 1820 PerfHost - ok
15:03:45.0382 1820 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:03:45.0405 1820 pla - ok
15:03:45.0574 1820 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:03:45.0583 1820 PlugPlay - ok
15:03:45.0645 1820 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:03:45.0648 1820 PNRPAutoReg - ok
15:03:45.0686 1820 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:03:45.0693 1820 PNRPsvc - ok
15:03:45.0745 1820 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:03:45.0754 1820 PolicyAgent - ok
15:03:45.0812 1820 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:03:45.0817 1820 Power - ok
15:03:45.0897 1820 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:03:45.0899 1820 PptpMiniport - ok
15:03:45.0933 1820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:03:45.0935 1820 Processor - ok
15:03:45.0985 1820 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:03:45.0991 1820 ProfSvc - ok
15:03:46.0030 1820 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:46.0033 1820 ProtectedStorage - ok
15:03:46.0075 1820 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:03:46.0078 1820 Psched - ok
15:03:46.0164 1820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:03:46.0188 1820 ql2300 - ok
15:03:46.0217 1820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:03:46.0220 1820 ql40xx - ok
15:03:46.0257 1820 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:03:46.0264 1820 QWAVE - ok
15:03:46.0339 1820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:03:46.0341 1820 QWAVEdrv - ok
15:03:46.0353 1820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:03:46.0354 1820 RasAcd - ok
15:03:46.0410 1820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:03:46.0412 1820 RasAgileVpn - ok
15:03:46.0455 1820 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:03:46.0459 1820 RasAuto - ok
15:03:46.0488 1820 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:03:46.0491 1820 Rasl2tp - ok
15:03:46.0516 1820 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:03:46.0524 1820 RasMan - ok
15:03:46.0548 1820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:03:46.0551 1820 RasPppoe - ok
15:03:46.0579 1820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:03:46.0581 1820 RasSstp - ok
15:03:46.0616 1820 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:03:46.0621 1820 rdbss - ok
15:03:46.0731 1820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:03:46.0733 1820 rdpbus - ok
15:03:46.0766 1820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:03:46.0768 1820 RDPCDD - ok
15:03:46.0892 1820 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:03:46.0896 1820 RDPDR - ok
15:03:46.0921 1820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:03:46.0922 1820 RDPENCDD - ok
15:03:47.0029 1820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:03:47.0030 1820 RDPREFMP - ok
15:03:47.0069 1820 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:03:47.0070 1820 RdpVideoMiniport - ok
15:03:47.0187 1820 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:03:47.0191 1820 RDPWD - ok
15:03:47.0237 1820 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:03:47.0241 1820 rdyboost - ok
15:03:47.0339 1820 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:03:47.0342 1820 RemoteAccess - ok
15:03:47.0378 1820 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:03:47.0383 1820 RemoteRegistry - ok
15:03:47.0455 1820 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:03:47.0458 1820 RFCOMM - ok
15:03:47.0542 1820 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:03:47.0546 1820 RpcEptMapper - ok
15:03:47.0581 1820 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:03:47.0584 1820 RpcLocator - ok
15:03:47.0620 1820 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:03:47.0631 1820 RpcSs - ok
15:03:47.0673 1820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:03:47.0675 1820 rspndr - ok
15:03:47.0739 1820 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:03:47.0751 1820 RTL8167 - ok
15:03:47.0789 1820 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:03:47.0790 1820 s3cap - ok
15:03:47.0832 1820 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys
15:03:47.0833 1820 SABI - ok
15:03:47.0916 1820 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:47.0919 1820 SamSs - ok
15:03:47.0958 1820 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:03:47.0961 1820 sbp2port - ok
15:03:48.0013 1820 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:03:48.0019 1820 SCardSvr - ok
15:03:48.0180 1820 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
15:03:48.0182 1820 SCDEmu - ok
15:03:48.0226 1820 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:03:48.0228 1820 scfilter - ok
15:03:48.0292 1820 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:03:48.0311 1820 Schedule - ok
15:03:48.0345 1820 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:03:48.0347 1820 SCPolicySvc - ok
15:03:48.0369 1820 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:03:48.0374 1820 SDRSVC - ok
15:03:48.0482 1820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:03:48.0483 1820 secdrv - ok
15:03:48.0513 1820 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:03:48.0517 1820 seclogon - ok
15:03:48.0545 1820 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:03:48.0549 1820 SENS - ok
15:03:48.0611 1820 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:03:48.0615 1820 SensrSvc - ok
15:03:48.0651 1820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:03:48.0652 1820 Serenum - ok
15:03:48.0676 1820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:03:48.0678 1820 Serial - ok
15:03:48.0701 1820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:03:48.0702 1820 sermouse - ok
15:03:48.0752 1820 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:03:48.0757 1820 SessionEnv - ok
15:03:48.0780 1820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:03:48.0781 1820 sffdisk - ok
15:03:48.0808 1820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:03:48.0809 1820 sffp_mmc - ok
15:03:48.0825 1820 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:03:48.0826 1820 sffp_sd - ok
15:03:48.0866 1820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:03:48.0867 1820 sfloppy - ok
15:03:48.0903 1820 SGDrv (2fe1cd3aa602414841db10ad96c95a5e) C:\Windows\system32\DRIVERS\SGdrv64.sys
15:03:48.0904 1820 SGDrv - ok
15:03:48.0962 1820 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:03:48.0969 1820 SharedAccess - ok
15:03:49.0025 1820 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:03:49.0034 1820 ShellHWDetection - ok
15:03:49.0094 1820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:03:49.0096 1820 SiSRaid2 - ok
15:03:49.0213 1820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:03:49.0215 1820 SiSRaid4 - ok
15:03:49.0247 1820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:03:49.0250 1820 Smb - ok
15:03:49.0317 1820 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:03:49.0320 1820 SNMPTRAP - ok
15:03:49.0337 1820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:03:49.0338 1820 spldr - ok
15:03:49.0364 1820 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:03:49.0375 1820 Spooler - ok
15:03:49.0474 1820 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:03:49.0528 1820 sppsvc - ok
15:03:49.0665 1820 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:03:49.0669 1820 sppuinotify - ok
15:03:49.0732 1820 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:03:49.0742 1820 srv - ok
15:03:49.0855 1820 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:03:49.0862 1820 srv2 - ok
15:03:49.0915 1820 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:03:49.0918 1820 srvnet - ok
15:03:49.0998 1820 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:03:50.0003 1820 SSDPSRV - ok
15:03:50.0016 1820 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:03:50.0020 1820 SstpSvc - ok
15:03:50.0054 1820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:03:50.0055 1820 stexstor - ok
15:03:50.0175 1820 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:03:50.0187 1820 stisvc - ok
15:03:50.0258 1820 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:03:50.0259 1820 storflt - ok
15:03:50.0343 1820 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:03:50.0345 1820 storvsc - ok
15:03:50.0391 1820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:03:50.0392 1820 swenum - ok
15:03:50.0560 1820 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:03:50.0569 1820 SwitchBoard - ok
15:03:50.0721 1820 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:03:50.0732 1820 swprv - ok
15:03:50.0781 1820 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
15:03:50.0784 1820 Synth3dVsc - ok
15:03:50.0921 1820 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:03:50.0951 1820 SysMain - ok
15:03:51.0027 1820 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:03:51.0033 1820 TabletInputService - ok
15:03:51.0063 1820 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:03:51.0071 1820 TapiSrv - ok
15:03:51.0093 1820 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:03:51.0099 1820 TBS - ok
15:03:51.0201 1820 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:03:51.0231 1820 Tcpip - ok
15:03:51.0433 1820 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:03:51.0463 1820 TCPIP6 - ok
15:03:51.0531 1820 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:03:51.0533 1820 tcpipreg - ok
15:03:51.0642 1820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:03:51.0643 1820 TDPIPE - ok
15:03:51.0687 1820 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:03:51.0688 1820 TDTCP - ok
15:03:51.0788 1820 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:03:51.0791 1820 tdx - ok
15:03:51.0814 1820 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:03:51.0816 1820 TermDD - ok
15:03:51.0869 1820 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
15:03:51.0871 1820 terminpt - ok
15:03:51.0958 1820 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:03:51.0971 1820 TermService - ok
15:03:52.0002 1820 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:03:52.0006 1820 Themes - ok
15:03:52.0044 1820 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:03:52.0048 1820 THREADORDER - ok
15:03:52.0136 1820 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:03:52.0141 1820 TrkWks - ok
15:03:52.0209 1820 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:03:52.0213 1820 TrustedInstaller - ok
15:03:52.0278 1820 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:03:52.0280 1820 tssecsrv - ok
15:03:52.0304 1820 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:03:52.0306 1820 TsUsbFlt - ok
15:03:52.0325 1820 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:03:52.0326 1820 TsUsbGD - ok
15:03:52.0366 1820 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
15:03:52.0369 1820 tsusbhub - ok
15:03:52.0402 1820 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:03:52.0405 1820 tunnel - ok
15:03:52.0462 1820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:03:52.0464 1820 uagp35 - ok
15:03:52.0495 1820 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:03:52.0501 1820 udfs - ok
15:03:52.0548 1820 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:03:52.0552 1820 UI0Detect - ok
15:03:52.0568 1820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:03:52.0570 1820 uliagpkx - ok
15:03:52.0604 1820 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:03:52.0605 1820 umbus - ok
15:03:52.0615 1820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:03:52.0617 1820 UmPass - ok
15:03:52.0656 1820 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:03:52.0662 1820 UmRdpService - ok
15:03:52.0840 1820 UNS (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:03:52.0884 1820 UNS - ok
15:03:52.0998 1820 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:03:53.0007 1820 upnphost - ok
15:03:53.0053 1820 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:03:53.0054 1820 USBAAPL64 - ok
15:03:53.0087 1820 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:03:53.0089 1820 usbccgp - ok
15:03:53.0129 1820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:03:53.0132 1820 usbcir - ok
15:03:53.0155 1820 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:03:53.0157 1820 usbehci - ok
15:03:53.0201 1820 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:03:53.0208 1820 usbhub - ok
15:03:53.0241 1820 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:03:53.0242 1820 usbohci - ok
15:03:53.0266 1820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:03:53.0268 1820 usbprint - ok
15:03:53.0310 1820 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:03:53.0312 1820 usbscan - ok
15:03:53.0363 1820 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:03:53.0365 1820 USBSTOR - ok
15:03:53.0393 1820 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:03:53.0395 1820 usbuhci - ok
15:03:53.0519 1820 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:03:53.0523 1820 usbvideo - ok
15:03:53.0571 1820 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:03:53.0575 1820 UxSms - ok
15:03:53.0630 1820 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:53.0632 1820 VaultSvc - ok
15:03:53.0713 1820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:03:53.0715 1820 vdrvroot - ok
15:03:53.0805 1820 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:03:53.0817 1820 vds - ok
15:03:53.0880 1820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:03:53.0882 1820 vga - ok
15:03:53.0930 1820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:03:53.0932 1820 VgaSave - ok
15:03:53.0943 1820 VGPU - ok
15:03:53.0965 1820 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:03:53.0970 1820 vhdmp - ok
15:03:54.0009 1820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:03:54.0010 1820 viaide - ok
15:03:54.0055 1820 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:03:54.0059 1820 vmbus - ok
15:03:54.0099 1820 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:03:54.0101 1820 VMBusHID - ok
15:03:54.0159 1820 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:03:54.0161 1820 volmgr - ok
15:03:54.0195 1820 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:03:54.0202 1820 volmgrx - ok
15:03:54.0236 1820 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
15:03:54.0242 1820 volsnap - ok
15:03:54.0289 1820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:03:54.0292 1820 vsmraid - ok
15:03:54.0403 1820 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:03:54.0433 1820 VSS - ok
15:03:54.0502 1820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:03:54.0504 1820 vwifibus - ok
15:03:54.0600 1820 vwififlt (13a0decd1794de60a8427862c8669d27) C:\Windows\system32\DRIVERS\vwififlt.sys
15:03:54.0602 1820 vwififlt - ok
15:03:54.0624 1820 vwifimp (49003b357d101cdc474937437ecf5abc) C:\Windows\system32\DRIVERS\vwifimp.sys
15:03:54.0625 1820 vwifimp - ok
15:03:54.0679 1820 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:03:54.0688 1820 W32Time - ok
15:03:54.0736 1820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:03:54.0737 1820 WacomPen - ok
15:03:54.0779 1820 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:03:54.0781 1820 WANARP - ok
15:03:54.0798 1820 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:03:54.0801 1820 Wanarpv6 - ok
15:03:54.0879 1820 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:03:54.0941 1820 WatAdminSvc - ok
15:03:55.0037 1820 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:03:55.0073 1820 wbengine - ok
15:03:55.0104 1820 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:03:55.0113 1820 WbioSrvc - ok
15:03:55.0146 1820 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:03:55.0156 1820 wcncsvc - ok
15:03:55.0166 1820 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:03:55.0171 1820 WcsPlugInService - ok
15:03:55.0219 1820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:03:55.0220 1820 Wd - ok
15:03:55.0258 1820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:03:55.0268 1820 Wdf01000 - ok
15:03:55.0294 1820 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:03:55.0298 1820 WdiServiceHost - ok
15:03:55.0306 1820 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:03:55.0310 1820 WdiSystemHost - ok
15:03:55.0336 1820 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:03:55.0342 1820 WebClient - ok
15:03:55.0363 1820 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:03:55.0369 1820 Wecsvc - ok
15:03:55.0382 1820 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:03:55.0389 1820 wercplsupport - ok
15:03:55.0431 1820 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:03:55.0435 1820 WerSvc - ok
15:03:55.0455 1820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:03:55.0457 1820 WfpLwf - ok
15:03:55.0477 1820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:03:55.0478 1820 WIMMount - ok
15:03:55.0518 1820 WinDefend - ok
15:03:55.0530 1820 WinHttpAutoProxySvc - ok
15:03:55.0580 1820 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:03:55.0585 1820 Winmgmt - ok
15:03:55.0658 1820 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:03:55.0685 1820 WinRM - ok
15:03:55.0834 1820 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:03:55.0835 1820 WinUsb - ok
15:03:55.0889 1820 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:03:55.0902 1820 Wlansvc - ok
15:03:55.0999 1820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:03:56.0000 1820 WmiAcpi - ok
15:03:56.0081 1820 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:03:56.0085 1820 wmiApSrv - ok
15:03:56.0145 1820 WMPNetworkSvc - ok
15:03:56.0192 1820 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:03:56.0196 1820 WPCSvc - ok
15:03:56.0286 1820 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:03:56.0292 1820 WPDBusEnum - ok
15:03:56.0345 1820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:03:56.0346 1820 ws2ifsl - ok
15:03:56.0375 1820 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:03:56.0383 1820 wscsvc - ok
15:03:56.0397 1820 WSearch - ok
15:03:56.0502 1820 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:03:56.0543 1820 wuauserv - ok
15:03:56.0675 1820 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:03:56.0678 1820 WudfPf - ok
15:03:56.0709 1820 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:03:56.0713 1820 WUDFRd - ok
15:03:56.0747 1820 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:03:56.0752 1820 wudfsvc - ok
15:03:56.0779 1820 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:03:56.0787 1820 WwanSvc - ok
15:03:56.0913 1820 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
15:03:56.0924 1820 YahooAUService - ok
15:03:56.0982 1820 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:03:57.0057 1820 \Device\Harddisk0\DR0 - ok
15:03:57.0067 1820 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
15:03:57.0135 1820 \Device\Harddisk1\DR1 - ok
15:03:57.0142 1820 Boot (0x1200) (49dda4caf745c2a6a6c36f67b35d3bc4) \Device\Harddisk0\DR0\Partition0
15:03:57.0144 1820 \Device\Harddisk0\DR0\Partition0 - ok
15:03:57.0163 1820 Boot (0x1200) (7b024ecde32749370c11026939b252c9) \Device\Harddisk0\DR0\Partition1
15:03:57.0165 1820 \Device\Harddisk0\DR0\Partition1 - ok
15:03:57.0181 1820 Boot (0x1200) (173b166fc1dfe231f075c5bfb69dc63f) \Device\Harddisk1\DR1\Partition0
15:03:57.0185 1820 \Device\Harddisk1\DR1\Partition0 - ok
15:03:57.0193 1820 ============================================================
15:03:57.0193 1820 Scan finished
15:03:57.0193 1820 ============================================================
15:03:57.0217 1812 Detected object count: 0
15:03:57.0217 1812 Actual detected object count: 0

----
the last time i run the aswMBR, i got blue screen error. IRQL something. wouldn't be bad if i got into that sort of error again?

Edited by tosh011, 15 April 2012 - 02:07 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 AM

Posted 15 April 2012 - 02:47 AM

go ahead and run it most times it only happens once and it would be worse to miss an infection because of not running it - but only try once



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tosh011

tosh011
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 15 April 2012 - 03:08 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-15 15:50:29
-----------------------------
15:50:29.664 OS Version: Windows x64 6.1.7601 Service Pack 1
15:50:29.664 Number of processors: 4 586 0x2A07
15:50:29.666 ComputerName: TOSHIXD UserName: Samsung
15:50:31.406 Initialize success
16:07:19.807 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:07:19.814 Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 953869MB BusType: 3
16:07:19.837 Disk 0 MBR read successfully
16:07:19.841 Disk 0 MBR scan
16:07:19.845 Disk 0 Windows 7 default MBR code
16:07:19.900 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:07:19.918 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
16:07:19.967 Disk 0 scanning C:\Windows\system32\drivers
16:07:27.570 Service scanning
16:07:48.583 Modules scanning
16:07:48.599 Disk 0 trace - called modules:
16:07:48.630 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:07:48.645 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008163060]
16:07:48.645 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006edb050]
16:07:48.661 Scan finished successfully
16:08:01.079 Disk 0 MBR has been saved successfully to "C:\Users\Samsung\Desktop\MBR.dat"
16:08:01.094 The log file has been saved successfully to "C:\Users\Samsung\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 AM

Posted 15 April 2012 - 03:20 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::

File::
c:\windows\Tasks\uizlybd.job

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tosh011

tosh011
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 15 April 2012 - 06:17 AM

ComboFix 12-04-14.03 - Samsung 5/2012 Sun 18:45:44.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.6058.4623 [GMT 8:00]
Running from: c:\users\Samsung\Desktop\ComboFix.exe
Command switches used :: c:\users\Samsung\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\uizlybd.job"
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 10:56 . 2012-04-15 10:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-15 10:56 . 2012-04-15 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 03:10 . 2012-04-14 03:10 -------- d-----w- c:\program files (x86)\BUFFALO
2012-04-13 04:56 . 2012-04-13 04:56 -------- d-----w- c:\users\Samsung\AppData\Roaming\Malwarebytes
2012-04-13 04:56 . 2012-04-13 04:56 -------- d-----w- c:\programdata\Malwarebytes
2012-04-13 04:56 . 2012-04-04 07:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 04:56 . 2012-04-13 04:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-12 00:19 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 00:19 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 00:19 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 00:18 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 00:18 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 00:18 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 00:18 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 00:18 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 00:18 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 00:18 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 04:09 . 2012-04-14 14:09 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 03:44 . 2012-04-14 14:10 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-11 03:43 . 2012-04-11 03:43 -------- d-----w- c:\windows\system32\Macromed
2012-04-11 03:39 . 2012-04-11 03:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-11 03:39 . 2012-04-11 03:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-11 03:39 . 2012-04-11 03:39 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-04-11 03:39 . 2012-04-11 03:39 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-04-11 03:39 . 2012-04-11 03:39 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-04-10 23:22 . 2012-04-10 23:22 -------- d-----w- c:\program files (x86)\Google
2012-04-09 11:54 . 2012-04-09 11:54 -------- d-----w- c:\users\Unauthorized
2012-03-30 10:13 . 2012-03-30 10:16 -------- d-----w- c:\users\Samsung\AppData\Roaming\Yahoo!
2012-03-30 10:13 . 2012-03-30 10:13 -------- d-----w- c:\programdata\Yahoo! Companion
2012-03-30 10:13 . 2012-04-14 14:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-30 08:16 . 2012-03-30 10:13 -------- d-----w- c:\programdata\Yahoo!
2012-03-28 16:10 . 2012-03-28 16:10 -------- d-----w- c:\users\Samsung\AppData\Local\ElevatedDiagnostics
2012-03-27 14:08 . 2012-03-27 14:08 -------- d-----w- c:\users\Samsung\AppData\Local\com.zipeg
2012-03-27 14:08 . 2012-03-27 14:09 -------- d-----w- c:\users\Samsung\AppData\Local\Zipeg
2012-03-25 17:59 . 2012-03-25 17:59 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-24 04:26 . 2012-03-24 04:26 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-24 04:26 . 2012-03-24 04:26 -------- d-----w- c:\windows\system32\Wat
2012-03-23 06:01 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-03-23 06:00 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-23 06:00 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-23 06:00 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-23 06:00 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-23 06:00 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-23 06:00 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-23 05:51 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-23 05:51 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-03-23 05:43 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-23 05:43 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-03-23 05:43 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-03-23 05:43 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-03-23 05:43 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-23 05:36 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-23 05:36 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-23 05:33 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-03-23 05:33 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-03-23 05:33 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-03-23 05:33 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-03-23 05:33 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-03-23 05:33 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-03-23 05:33 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-03-23 05:33 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-23 05:33 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-03-23 05:28 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-03-23 05:28 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-03-23 05:22 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-23 05:22 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-22 12:23 . 2012-04-12 22:08 -------- d-----w- c:\program files\FlyFF
2012-03-22 09:29 . 2012-03-22 09:29 472576 ----a-w- c:\windows\AutoKMS.exe
2012-03-22 09:28 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-22 09:28 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-22 09:28 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-22 09:28 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-22 09:28 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-22 09:28 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-22 09:28 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-22 09:28 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-22 09:16 . 2012-03-22 09:16 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-03-22 09:16 . 2012-03-24 04:24 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-22 09:16 . 2012-03-22 09:16 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-03-22 09:16 . 2012-03-22 09:16 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-03-22 09:15 . 2012-03-22 09:15 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-03-22 09:15 . 2012-03-22 09:15 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-03-22 09:14 . 2012-03-22 09:14 -------- d-----w- c:\users\Samsung\AppData\Local\Microsoft Help
2012-03-22 09:14 . 2012-04-12 00:21 -------- d-----w- c:\programdata\Microsoft Help
2012-03-22 09:14 . 2012-03-22 09:14 -------- d-----r- C:\MSOCache
2012-03-22 09:10 . 2012-03-22 09:10 -------- d-----w- c:\program files (x86)\PowerISO
2012-03-22 09:10 . 2011-06-15 08:30 93240 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-03-22 07:33 . 2012-03-22 09:45 -------- d-----w- c:\program files\O2Jam
2012-03-20 12:34 . 2012-03-20 12:34 -------- d-----w- c:\program files (x86)\Browny02
2012-03-20 12:34 . 2012-03-20 12:34 -------- d-----w- c:\program files (x86)\Brother
2012-03-20 12:34 . 2010-02-09 09:11 217088 ------w- c:\windows\SysWow64\NSSearch.dll
2012-03-20 12:34 . 2010-01-22 07:52 61440 ----a-w- c:\windows\SysWow64\brprtink.dll
2012-03-20 12:34 . 2010-01-22 07:34 3072 ------w- c:\windows\SysWow64\BrDctF2S.dll
2012-03-20 12:34 . 2010-01-12 02:02 1560576 ----a-w- c:\windows\system32\BrWi209c.dll
2012-03-20 12:34 . 2009-08-18 10:36 50688 ----a-w- c:\windows\system32\BrUsi09c.dll
2012-03-20 12:34 . 2007-12-13 14:16 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
2012-03-20 12:34 . 2007-12-13 14:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll
2012-03-20 12:34 . 2010-02-05 03:42 180224 ------w- c:\windows\SysWow64\BroSNMP.dll
2012-03-20 12:34 . 2012-03-20 12:34 -------- d-----w- c:\programdata\Brother
2012-03-20 10:21 . 2012-03-20 10:21 -------- d-----w- c:\users\Samsung\AppData\Local\Diagnostics
2012-03-20 09:12 . 2012-03-20 09:13 -------- d-----w- c:\program files (x86)\Warcraft III Reign of Chaos & The Frozen Throne
2012-03-18 12:01 . 2012-03-18 12:01 -------- d-----w- c:\program files\CCleaner
2012-03-18 11:46 . 2012-03-18 11:47 -------- d-----w- c:\program files\Pangya
2012-03-18 10:53 . 2012-04-01 02:53 -------- d-----w- c:\program files\VideoConverterPortable
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 13:48 . 2012-03-15 08:19 412517 ----a-w- c:\program files (x86)\readersdll.exe
2012-03-13 08:01 . 2012-03-13 07:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-15 03:01 . 2012-02-15 03:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 03:01 . 2012-02-15 03:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 04:09 . 2012-02-14 04:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-15_05.55.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-04-15 09:52 37840 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-15 09:52 30140 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-15 01:04 30140 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-22 15:48 . 2012-04-15 08:33 4914 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-13 04:42 . 2012-04-15 09:52 9740 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1697996849-2986243868-690567337-1000_UserData.bin
- 2012-03-13 04:00 . 2012-04-14 15:16 6298 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-03-13 04:00 . 2012-04-15 10:56 6298 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-04-15 01:02 . 2012-04-15 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-15 10:56 . 2012-04-15 10:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-15 01:02 . 2012-04-15 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-15 10:56 . 2012-04-15 10:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-15 01:09 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-15 10:36 616008 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-15 01:09 106388 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-15 10:36 106388 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-15 10:56 468736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-14 15:16 468736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-13 07:44 . 2012-04-15 10:56 7249848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1697996849-2986243868-690567337-1000-8192.dat
+ 2012-03-25 01:05 . 2012-04-15 10:56 2492100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1697996849-2986243868-690567337-1000-12288.dat
- 2012-03-25 01:05 . 2012-04-14 04:42 2492100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1697996849-2986243868-690567337-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files (x86)\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e9df9360-97f8-4690-afe6-996c80790da4}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files (x86)\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"guisvc.exe"="c:\programdata\Common Files\Microsoft Shared\Web Components\login.lnk" [2012-03-30 1194]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 6591800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"guisvc.exe"="c:\programdata\Common Files\Microsoft Shared\Web Components\login.lnk" [2012-03-30 1194]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Backup Utility TaskTray Tool"="c:\program files (x86)\BUFFALO\Backup_Utility\BUTray.exe" [2011-08-25 3599432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
2;2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\gPotato\IrisOnline\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMPPALR3;IntelR CentrinoR Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 BFBackupUtilityService;Backup Utility Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUService.exe [2010-08-20 320888]
S2 BFBackupUtilityVSSService;Backup Utility VSS Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [2010-04-28 359288]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-04 1997416]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [x]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 14:10]
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1697996849-2986243868-690567337-1000Core.job
- c:\users\Samsung\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-13 10:40]
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1697996849-2986243868-690567337-1000UA.job
- c:\users\Samsung\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-13 10:40]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 23:22]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 23:22]
.
2012-04-15 c:\windows\Tasks\uizlybd.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-18 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-18 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-18 418584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 124.106.6.2 124.106.4.2
FF - ProfilePath - c:\users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\m2jw6bjv.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E9DF9360-97F8-4690-AFE6-996C80790DA4} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
c:\program files (x86)\Samsung\Easy Settings\SmartSetting.exe
c:\program files (x86)\Samsung\Easy Settings\dmhkcore.exe
c:\program files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
c:\program files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-15 19:01:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 11:01
ComboFix2.txt 2012-04-15 05:59
.
Pre-Run: 892,158,767,104 bytes free
Post-Run: 892,127,637,504 bytes free
.
- - End Of File - - 5DCB1994CDBD6FEC6E22B51C4468A3F5


-------

still being redirect even in Mozilla Firefox. [even yahoo search results redirect me to other sites.]

Edited by tosh011, 15 April 2012 - 06:56 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 AM

Posted 15 April 2012 - 12:44 PM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
DeleteFile:
c:\windows\Tasks\uizlybd.job
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tosh011

tosh011
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 15 April 2012 - 07:12 PM

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\windows\tasks\uizlybd.job", destinationFile = "(null)", replaceWithDummy = 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 AM

Posted 15 April 2012 - 08:51 PM

rerun combofix and are you being redirected?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 tosh011

tosh011
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 16 April 2012 - 12:48 AM

ComboFix 12-04-14.03 - Samsung 6/2012 Mon 13:28:41.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.6058.4665 [GMT 8:00]
Running from: c:\users\Samsung\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 05:38 . 2012-04-16 05:38 77824 ----a-w- c:\windows\Keygen.exe
2012-04-16 05:37 . 2012-04-16 05:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-16 05:37 . 2012-04-16 05:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 11:27 . 2012-04-15 11:27 -------- d-----w- c:\program files (x86)\Google
2012-04-14 03:10 . 2012-04-14 03:10 -------- d-----w- c:\program files (x86)\BUFFALO
2012-04-13 04:56 . 2012-04-13 04:56 -------- d-----w- c:\users\Samsung\AppData\Roaming\Malwarebytes
2012-04-13 04:56 . 2012-04-13 04:56 -------- d-----w- c:\programdata\Malwarebytes
2012-04-13 04:56 . 2012-04-04 07:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 04:56 . 2012-04-13 04:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-12 00:19 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 00:19 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 00:19 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 00:18 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 00:18 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 00:18 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 00:18 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 00:18 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 00:18 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 00:18 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 04:09 . 2012-04-14 14:09 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 03:44 . 2012-04-14 14:10 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-11 03:43 . 2012-04-11 03:43 -------- d-----w- c:\windows\system32\Macromed
2012-04-11 03:39 . 2012-04-11 03:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-11 03:39 . 2012-04-11 03:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-11 03:39 . 2012-04-11 03:39 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-04-11 03:39 . 2012-04-11 03:39 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-04-11 03:39 . 2012-04-11 03:39 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-04-09 11:54 . 2012-04-09 11:54 -------- d-----w- c:\users\Unauthorized
2012-03-30 10:13 . 2012-03-30 10:16 -------- d-----w- c:\users\Samsung\AppData\Roaming\Yahoo!
2012-03-30 10:13 . 2012-03-30 10:13 -------- d-----w- c:\programdata\Yahoo! Companion
2012-03-30 10:13 . 2012-04-14 14:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-30 08:16 . 2012-03-30 10:13 -------- d-----w- c:\programdata\Yahoo!
2012-03-28 16:10 . 2012-03-28 16:10 -------- d-----w- c:\users\Samsung\AppData\Local\ElevatedDiagnostics
2012-03-27 14:08 . 2012-03-27 14:08 -------- d-----w- c:\users\Samsung\AppData\Local\com.zipeg
2012-03-27 14:08 . 2012-03-27 14:09 -------- d-----w- c:\users\Samsung\AppData\Local\Zipeg
2012-03-25 17:59 . 2012-03-25 17:59 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-24 04:26 . 2012-03-24 04:26 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-24 04:26 . 2012-03-24 04:26 -------- d-----w- c:\windows\system32\Wat
2012-03-23 06:01 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-03-23 06:00 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-23 06:00 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-23 06:00 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-23 06:00 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-23 06:00 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-23 06:00 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-23 05:51 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-23 05:51 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-03-23 05:43 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-23 05:43 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-03-23 05:43 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-03-23 05:43 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-03-23 05:43 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-23 05:36 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-23 05:36 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-23 05:33 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-03-23 05:33 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-03-23 05:33 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-03-23 05:33 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-03-23 05:33 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-03-23 05:33 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-03-23 05:33 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-03-23 05:33 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-23 05:33 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-03-23 05:28 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-03-23 05:28 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-03-23 05:22 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-23 05:22 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-22 12:23 . 2012-04-12 22:08 -------- d-----w- c:\program files\FlyFF
2012-03-22 09:29 . 2012-03-22 09:29 472576 ----a-w- c:\windows\AutoKMS.exe
2012-03-22 09:28 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-22 09:28 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-22 09:28 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-22 09:28 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-22 09:28 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-22 09:28 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-22 09:28 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-22 09:28 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-22 09:16 . 2012-03-22 09:16 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-03-22 09:16 . 2012-03-24 04:24 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-22 09:16 . 2012-03-22 09:16 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-03-22 09:16 . 2012-03-22 09:16 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-03-22 09:15 . 2012-03-22 09:15 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-03-22 09:15 . 2012-03-22 09:15 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-03-22 09:14 . 2012-03-22 09:14 -------- d-----w- c:\users\Samsung\AppData\Local\Microsoft Help
2012-03-22 09:14 . 2012-04-12 00:21 -------- d-----w- c:\programdata\Microsoft Help
2012-03-22 09:14 . 2012-03-22 09:14 -------- d-----r- C:\MSOCache
2012-03-22 09:10 . 2012-03-22 09:10 -------- d-----w- c:\program files (x86)\PowerISO
2012-03-22 09:10 . 2011-06-15 08:30 93240 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-03-22 07:33 . 2012-03-22 09:45 -------- d-----w- c:\program files\O2Jam
2012-03-20 12:34 . 2012-03-20 12:34 -------- d-----w- c:\program files (x86)\Browny02
2012-03-20 12:34 . 2012-03-20 12:34 -------- d-----w- c:\program files (x86)\Brother
2012-03-20 12:34 . 2010-02-09 09:11 217088 ------w- c:\windows\SysWow64\NSSearch.dll
2012-03-20 12:34 . 2010-01-22 07:52 61440 ----a-w- c:\windows\SysWow64\brprtink.dll
2012-03-20 12:34 . 2010-01-22 07:34 3072 ------w- c:\windows\SysWow64\BrDctF2S.dll
2012-03-20 12:34 . 2010-01-12 02:02 1560576 ----a-w- c:\windows\system32\BrWi209c.dll
2012-03-20 12:34 . 2009-08-18 10:36 50688 ----a-w- c:\windows\system32\BrUsi09c.dll
2012-03-20 12:34 . 2007-12-13 14:16 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
2012-03-20 12:34 . 2007-12-13 14:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll
2012-03-20 12:34 . 2010-02-05 03:42 180224 ------w- c:\windows\SysWow64\BroSNMP.dll
2012-03-20 12:34 . 2012-03-20 12:34 -------- d-----w- c:\programdata\Brother
2012-03-20 10:21 . 2012-03-20 10:21 -------- d-----w- c:\users\Samsung\AppData\Local\Diagnostics
2012-03-20 09:12 . 2012-03-20 09:13 -------- d-----w- c:\program files (x86)\Warcraft III Reign of Chaos & The Frozen Throne
2012-03-18 12:01 . 2012-03-18 12:01 -------- d-----w- c:\program files\CCleaner
2012-03-18 11:46 . 2012-03-18 11:47 -------- d-----w- c:\program files\Pangya
2012-03-18 10:53 . 2012-04-01 02:53 -------- d-----w- c:\program files\VideoConverterPortable
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 13:48 . 2012-03-15 08:19 412517 ----a-w- c:\program files (x86)\readersdll.exe
2012-03-13 08:01 . 2012-03-13 07:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-15 03:01 . 2012-02-15 03:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 03:01 . 2012-02-15 03:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 04:09 . 2012-02-14 04:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-15_05.55.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-04-16 00:12 38562 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-16 00:12 30284 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-13 04:42 . 2012-04-16 00:12 10190 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1697996849-2986243868-690567337-1000_UserData.bin
+ 2012-03-22 15:48 . 2012-04-15 11:05 5010 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-03-13 04:00 . 2012-04-14 15:16 6298 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-03-13 04:00 . 2012-04-16 05:37 6298 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-04-15 01:02 . 2012-04-15 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-16 05:38 . 2012-04-16 05:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-15 01:02 . 2012-04-15 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-16 05:38 . 2012-04-16 05:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-15 01:09 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-16 00:16 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-16 00:16 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-15 01:09 106388 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-16 05:37 468736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-14 15:16 468736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-13 07:44 . 2012-04-16 05:37 7249848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1697996849-2986243868-690567337-1000-8192.dat
+ 2012-03-25 01:05 . 2012-04-15 10:56 2492100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1697996849-2986243868-690567337-1000-12288.dat
- 2012-03-25 01:05 . 2012-04-14 04:42 2492100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1697996849-2986243868-690567337-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files (x86)\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e9df9360-97f8-4690-afe6-996c80790da4}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files (x86)\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"guisvc.exe"="c:\programdata\Common Files\Microsoft Shared\Web Components\login.lnk" [2012-03-30 1194]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 6591800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"guisvc.exe"="c:\programdata\Common Files\Microsoft Shared\Web Components\login.lnk" [2012-03-30 1194]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Backup Utility TaskTray Tool"="c:\program files (x86)\BUFFALO\Backup_Utility\BUTray.exe" [2011-08-25 3599432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\gPotato\IrisOnline\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMPPALR3;IntelR CentrinoR Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 BFBackupUtilityService;Backup Utility Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUService.exe [2010-08-20 320888]
S2 BFBackupUtilityVSSService;Backup Utility VSS Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [2010-04-28 359288]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-04 1997416]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-04 2656536]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 14:10]
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1697996849-2986243868-690567337-1000Core.job
- c:\users\Samsung\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-13 10:40]
.
2012-04-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1697996849-2986243868-690567337-1000UA.job
- c:\users\Samsung\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-13 10:40]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1697996849-2986243868-690567337-1000Core.job
- c:\users\Samsung\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-15 11:49]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1697996849-2986243868-690567337-1000UA.job
- c:\users\Samsung\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-15 11:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-18 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-18 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-18 418584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 124.106.6.2 124.106.4.2
FF - ProfilePath - c:\users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\m2jw6bjv.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E9DF9360-97F8-4690-AFE6-996C80790DA4} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-16 13:43:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-16 05:43
ComboFix2.txt 2012-04-15 11:01
ComboFix3.txt 2012-04-15 05:59
.
Pre-Run: 892,753,129,472 bytes free
Post-Run: 892,681,940,992 bytes free
.
- - End Of File - - 883C1FC359BFB9F5536A951D818B4E07


---
it's not redirecting anymore i guess. how will i know if it's completely fixed?
the rootkit found by bootkit_remover just keeps bugging me. is this alright to just leave it?

Attached Files


Edited by tosh011, 16 April 2012 - 12:53 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 AM

Posted 16 April 2012 - 12:59 AM

so far nothing else is seeing it and as we fixed the redirect it would seem that there is nothing there

lets run one more to check

MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 tosh011

tosh011
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 16 April 2012 - 01:48 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: 300E4Z/300E5Z/300E7Z
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 208):
0x02E4E000 \SystemRoot\system32\ntoskrnl.exe
0x02E05000 \SystemRoot\system32\hal.dll
0x00BAE000 \SystemRoot\system32\kdcom.dll
0x00C80000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CCF000 \SystemRoot\system32\PSHED.dll
0x00CE3000 \SystemRoot\system32\CLFS.SYS
0x00E4D000 \SystemRoot\system32\CI.dll
0x00F0D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FB1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00D41000 \SystemRoot\system32\drivers\ACPI.sys
0x00FC0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FC9000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E00000 \SystemRoot\system32\drivers\pci.sys
0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FD3000 \SystemRoot\System32\drivers\partmgr.sys
0x00FE8000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FF1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00D98000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x01071000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011C5000 \SystemRoot\system32\drivers\atapi.sys
0x011CE000 \SystemRoot\system32\drivers\ataport.SYS
0x01000000 \SystemRoot\system32\drivers\msahci.sys
0x0100B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x0101B000 \SystemRoot\system32\drivers\amdxata.sys
0x00DAD000 \SystemRoot\system32\drivers\fltmgr.sys
0x01026000 \SystemRoot\system32\drivers\fileinfo.sys
0x01224000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014FF000 \SystemRoot\System32\Drivers\msrpc.sys
0x0155D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01578000 \SystemRoot\System32\Drivers\cng.sys
0x015EA000 \SystemRoot\System32\drivers\pcw.sys
0x01400000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0140A000 \SystemRoot\system32\drivers\ndis.sys
0x016CB000 \SystemRoot\system32\drivers\NETIO.SYS
0x0172B000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01841000 \SystemRoot\System32\drivers\tcpip.sys
0x01A45000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A8F000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01A9F000 \SystemRoot\system32\drivers\volsnap.sys
0x01AEB000 \SystemRoot\System32\Drivers\spldr.sys
0x01AF3000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B2D000 \SystemRoot\system32\DRIVERS\nvpciflt.sys
0x01B32000 \SystemRoot\System32\Drivers\mup.sys
0x01B44000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B4D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B87000 \SystemRoot\system32\drivers\disk.sys
0x01B9D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x04000000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0402A000 \SystemRoot\System32\Drivers\Null.SYS
0x04033000 \SystemRoot\System32\Drivers\Beep.SYS
0x0403A000 \SystemRoot\System32\drivers\vga.sys
0x04048000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0406D000 \SystemRoot\System32\drivers\watchdog.sys
0x0407D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x041F4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01BDB000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01BE4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01BEF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01822000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01756000 \SystemRoot\system32\drivers\afd.sys
0x01600000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0182F000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x01645000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0164E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01674000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0168A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01699000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x016B4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x017DF000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x013C7000 \??\C:\Windows\system32\Drivers\SABI.sys
0x04466000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x044B7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x044C3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x044CE000 \SystemRoot\System32\drivers\discache.sys
0x044DD000 \SystemRoot\system32\drivers\csc.sys
0x04560000 \SystemRoot\System32\Drivers\dfsc.sys
0x0457E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0458F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0F201000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FE78000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x0FE7A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0FF6E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04A4D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04A00000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04A11000 \SystemRoot\system32\drivers\usbehci.sys
0x04400000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04A22000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x058D1000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x06153000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x06160000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x061D5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x061DA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05800000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0580F000 \SystemRoot\system32\DRIVERS\ETD.sys
0x0583F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0584E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0585B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05871000 \SystemRoot\system32\DRIVERS\AMPPAL.sys
0x058BF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0FFB4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0FFCA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0FFEE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x045B5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x045E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x013D1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x01200000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04456000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x058CF000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04224000 \SystemRoot\system32\DRIVERS\ks.sys
0x04267000 \SystemRoot\system32\DRIVERS\SGdrv64.sys
0x0426F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04281000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x042DB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07CE6000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x07FAD000 \SystemRoot\system32\drivers\portcls.sys
0x07C00000 \SystemRoot\system32\drivers\drmk.sys
0x07C22000 \SystemRoot\system32\drivers\ksthunk.sys
0x07C28000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x07C7B000 \SystemRoot\System32\drivers\Dxapi.sys
0x07C87000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04086000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x07C95000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x07CA8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07CC5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x042F0000 \SystemRoot\System32\Drivers\usbvideo.sys
0x07CC7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x07CD5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0431E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07FEA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07FF3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x00660000 \SystemRoot\System32\cdd.dll
0x04337000 \SystemRoot\system32\DRIVERS\iBtFltCoex.sys
0x0434C000 \SystemRoot\system32\DRIVERS\btmhsf.sys
0x04395000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x06468000 \SystemRoot\System32\Drivers\bthport.sys
0x00960000 \SystemRoot\System32\ATMFD.DLL
0x064F4000 \SystemRoot\system32\drivers\luafv.sys
0x06517000 \SystemRoot\system32\drivers\WudfPf.sys
0x06538000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x06564000 \SystemRoot\system32\drivers\BthEnum.sys
0x06574000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x06594000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x065AB000 \SystemRoot\system32\drivers\modem.sys
0x065BA000 \SystemRoot\system32\DRIVERS\btmaux.sys
0x065CE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06400000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06453000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x065E3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0A8B9000 \SystemRoot\system32\drivers\HTTP.sys
0x0A982000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0A9A0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0A9B8000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x0A9C2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0A800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0A84E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0B0F5000 \SystemRoot\system32\drivers\peauth.sys
0x0B19B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0B1A6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0B1D7000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0B000000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0B2FD000 \SystemRoot\System32\DRIVERS\srv.sys
0x0B395000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0B200000 \SystemRoot\system32\drivers\spsys.sys
0x770B0000 \Windows\System32\ntdll.dll
0x47B80000 \Windows\System32\smss.exe
0xFF3D0000 \Windows\System32\apisetschema.dll
0xFF140000 \Windows\System32\autochk.exe
0xFF2F0000 \Windows\System32\usp10.dll
0xFF2E0000 \Windows\System32\nsi.dll
0xFF240000 \Windows\System32\clbcatq.dll
0xFF1C0000 \Windows\System32\shlwapi.dll
0xFF160000 \Windows\System32\Wldap32.dll
0x76FB0000 \Windows\System32\user32.dll
0xFF0C0000 \Windows\System32\msvcrt.dll
0xFF0B0000 \Windows\System32\lpk.dll
0xFE320000 \Windows\System32\shell32.dll
0xFE210000 \Windows\System32\msctf.dll
0xFE1F0000 \Windows\System32\sechost.dll
0xFE180000 \Windows\System32\gdi32.dll
0x76DA0000 \Windows\System32\iertutil.dll
0x77280000 \Windows\System32\psapi.dll
0xFE130000 \Windows\System32\ws2_32.dll
0xFDF20000 \Windows\System32\ole32.dll
0x77270000 \Windows\System32\normaliz.dll
0xFDE80000 \Windows\System32\comdlg32.dll
0x76C40000 \Windows\System32\wininet.dll
0xFDE60000 \Windows\System32\imagehlp.dll
0xFDD30000 \Windows\System32\rpcrt4.dll
0xFDC50000 \Windows\System32\advapi32.dll
0xFDC20000 \Windows\System32\imm32.dll
0x76B20000 \Windows\System32\kernel32.dll
0xFDA40000 \Windows\System32\setupapi.dll
0xFD960000 \Windows\System32\oleaut32.dll
0xFD8E0000 \Windows\System32\difxapi.dll
0x769D0000 \Windows\System32\urlmon.dll
0xFD870000 \Windows\System32\KernelBase.dll
0xFD830000 \Windows\System32\cfgmgr32.dll
0xFD6C0000 \Windows\System32\crypt32.dll
0xFD680000 \Windows\System32\wintrust.dll
0xFD660000 \Windows\System32\devobj.dll
0xFD5C0000 \Windows\System32\comctl32.dll
0xFD5B0000 \Windows\System32\msasn1.dll
0x77260000 \Windows\SysWOW64\normaliz.dll

Processes (total 89):
0 System Idle Process
4 System
388 C:\Windows\System32\smss.exe
528 csrss.exe
636 C:\Windows\System32\wininit.exe
660 csrss.exe
692 C:\Windows\System32\services.exe
716 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
840 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\nvvsvc.exe
944 C:\Windows\System32\svchost.exe
128 C:\Windows\System32\svchost.exe
412 C:\Windows\System32\svchost.exe
548 C:\Windows\System32\svchost.exe
532 C:\Windows\System32\audiodg.exe
432 C:\Windows\System32\winlogon.exe
1108 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1396 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1408 C:\Windows\System32\nvvsvc.exe
1552 C:\Windows\System32\taskeng.exe
1576 C:\Windows\System32\spoolsv.exe
1604 C:\Windows\System32\svchost.exe
1736 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
1772 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1872 C:\Windows\System32\rundll32.exe
1880 C:\Windows\SysWOW64\rundll32.exe
1936 C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
1964 C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
2004 C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
2028 C:\Program Files\Bonjour\mDNSResponder.exe
484 C:\Windows\System32\svchost.exe
1184 C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
2064 C:\Windows\System32\svchost.exe
2184 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2208 C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
2560 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
2784 C:\Windows\System32\svchost.exe
2864 C:\Windows\System32\taskhost.exe
2996 C:\Windows\System32\dwm.exe
1044 C:\Windows\explorer.exe
2172 C:\Windows\System32\igfxtray.exe
3080 C:\Windows\System32\hkcmd.exe
3092 C:\Windows\System32\igfxpers.exe
3116 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3176 C:\Windows\System32\rundll32.exe
3200 C:\Program Files\Elantech\ETDCtrl.exe
3296 C:\Program Files\Windows Sidebar\sidebar.exe
3408 C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
4020 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4028 C:\Windows\System32\svchost.exe
4052 C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
3364 C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
3220 C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
3060 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
3056 C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
3604 C:\Program Files (x86)\Browny02\BrYNSvc.exe
1812 C:\Windows\System32\taskeng.exe
1104 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
1096 C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
3372 C:\Program Files\Elantech\ETDCtrlHelper.exe
3212 C:\Windows\System32\SearchIndexer.exe
2316 C:\Program Files\Windows Media Player\wmpnetwk.exe
4264 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe
4696 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe
4284 C:\Windows\System32\svchost.exe
4528 C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
4416 C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
4736 C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
4776 C:\Windows\System32\taskeng.exe
4832 C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
4228 C:\Windows\System32\igfxext.exe
5128 C:\Windows\System32\igfxsrvc.exe
3404 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
4536 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
5544 C:\Windows\System32\sppsvc.exe
5468 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
3680 C:\Windows\System32\wuauclt.exe
4788 C:\Program Files\iPod\bin\iPodService.exe
3164 C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe
4576 C:\Program Files (x86)\uTorrent\uTorrent.exe
5884 WmiPrvSE.exe
4156 C:\Windows\System32\SearchProtocolHost.exe
3852 C:\Windows\System32\SearchFilterHost.exe
4072 dllhost.exe
1120 dllhost.exe
4232 C:\Users\Samsung\Desktop\MBRCheck.exe
3740 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHN-M101MBB, Rev: 2AR10001

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users