Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect


  • This topic is locked This topic is locked
17 replies to this topic

#1 CherryCola

CherryCola

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 20 April 2012 - 09:28 PM

Hi,
I noticed a few days ago my Google searches were being redirected all the time to sites like Happili and more recently, beesq.net. Malwarebytes doesn't pick up anything when I run a scan and the redirects keep coming. I am running Windows 7 64 bit. DDS logs are attached. Thank you very much!
Edit: Forgot to add I'm using Firefox but it happens on other browsers as well, I checked.

Attached Files


Edited by CherryCola, 20 April 2012 - 09:29 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 21 April 2012 - 07:39 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 CherryCola

CherryCola
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 21 April 2012 - 02:25 PM

Here are the logs from security check and combofix. The redirects don't happen as frequently...but they still happen.
Here's the log from security check:
Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 26
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
NetRatingsNetSight NetSight NielsenOnline.exe
NetRatingsNetSight NetSight meter5 NielsenOnline64.exe
``````````End of Log````````````


And here's the log from combofix:
ComboFix 12-04-20.03 - Karen Chen 04/21/2012 9:27.5.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6077.3604 [GMT -4:00]
Running from: c:\users\Karen Chen\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-21 13:48 . 2012-04-21 13:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-21 13:48 . 2012-04-21 13:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-21 02:14 . 2012-04-21 02:15 -------- d-----w- C:\username123
2012-04-21 00:34 . 2012-04-21 00:34 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8F8DB97-B6C7-4726-821F-686AA4B77DD4}\offreg.dll
2012-04-20 22:11 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8F8DB97-B6C7-4726-821F-686AA4B77DD4}\mpengine.dll
2012-04-19 16:11 . 2012-04-19 16:11 -------- d-----w- c:\users\Karen Chen\AppData\Roaming\SUPERAntiSpyware.com
2012-04-19 16:11 . 2012-04-19 16:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-19 16:11 . 2012-04-19 16:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-19 16:11 . 2012-04-19 16:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-14 05:16 . 2012-04-14 05:16 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 05:15 . 2012-04-14 05:16 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-13 15:14 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 15:14 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-13 15:14 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-13 15:07 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 15:07 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 15:07 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 15:07 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 15:07 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 15:07 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 15:07 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-02 19:41 . 2012-04-02 19:41 -------- d-----w- c:\users\Karen Chen\AppData\Local\{09B1D6A4-7CFC-11E1-826D-B8AC6F996F26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 05:16 . 2011-07-08 13:45 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2010-10-06 00:39 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 13:56 . 2012-02-24 13:56 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-23 14:18 . 2010-08-11 00:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 15:43 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 15:43 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 15:43 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 15:43 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 15:43 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 15:47 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 15:47 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 15:48 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 15:43 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 15:43 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 15:43 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-11 39408]
"googletalk"="c:\users\Karen Chen\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2010-07-11 2199040]
"F.lux"="c:\users\Karen Chen\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Akamai NetSession Interface"="c:\users\Karen Chen\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"uTorrent"="c:\users\Karen Chen\Desktop\utorrent.exe" [2011-07-04 639352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"NielsenOnline"="c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2010-11-17 47424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
.
c:\users\Karen Chen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-6-25 102912]
SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2011-7-20 296088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 CSHelper;CopySafe Helper Service;c:\windows\SysWOW64\CSHelper.exe [2010-09-03 266240]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-11 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-11 79360]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\PriusOnline\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 135664]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va002;X6va002;c:\users\KARENC~1\AppData\Local\Temp\00267EA.tmp [x]
R3 X6va005;X6va005;c:\users\KARENC~1\AppData\Local\Temp\0058D5D.tmp [x]
S1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter5\nnfwdk64.sys [2010-10-04 25648]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NielsenUpdate;Nielsen Update;c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2011-05-03 306496]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 sasservice;Microsoft Send-a-Smile Background Service;c:\program files (x86)\Microsoft Send-a-Smile\sasservice.EXE [2010-09-22 255312]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 05:16]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 02:51]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 02:51]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1938527753-252497439-596932831-1000Core.job
- c:\users\Karen Chen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 00:24]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1938527753-252497439-596932831-1000UA.job
- c:\users\Karen Chen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 00:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: diskfam.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 137.99.25.14 137.99.203.20
DPF: {9103166D-A34B-45A2-91F5-73D508C7A650} - hxxp://imusicsoft.com/develop/nateviewer/PageR/NateComicViewer.cab
DPF: {CCD4D366-51C3-4D2E-BA25-262C45F104F5} - hxxp://imusicsoft.co.kr/develop/nateviewer/NateComicViewer.cab
FF - ProfilePath - c:\users\Karen Chen\AppData\Roaming\Mozilla\Firefox\Profiles\81r6eysa.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3001716&SearchSource=2&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0E14BF3A-5045-44E8-8F96-30E93C686ABc} - c:\windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-smedpm - c:\users\KARENC~1\AppData\Local\Temp\smedpm.dll
HKLM-Run-mcpry - c:\users\KARENC~1\AppData\Local\Temp\mcpry.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-TVUPlayer - c:\program files (x86)\TVUPlayer\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\KARENC~1\AppData\Local\Temp\00267EA.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\KARENC~1\AppData\Local\Temp\0058D5D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\NetRatingsNetSight]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-21 09:53:58
ComboFix-quarantined-files.txt 2012-04-21 13:53
.
Pre-Run: 89,467,912,192 bytes free
Post-Run: 92,701,184,000 bytes free
.
- - End Of File - - 0CD34C4EDDF2ACF905696D88EB714414

Edited by CherryCola, 21 April 2012 - 02:26 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 21 April 2012 - 02:30 PM

Hello

I would like you to check all the browsers that are installed on the computer and let me know which oines are redirecting and which ones are not

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 CherryCola

CherryCola
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 21 April 2012 - 04:59 PM

Firefox and Chrome are both redirecting. IE does not seem to redirect (or maybe I just didn't google enough to see if it was redirecting).
Here is the log from TDSSKiller:
15:46:19.0170 7324 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
15:46:19.0457 7324 ============================================================
15:46:19.0457 7324 Current date / time: 2012/04/21 15:46:19.0457
15:46:19.0457 7324 SystemInfo:
15:46:19.0457 7324
15:46:19.0457 7324 OS Version: 6.1.7601 ServicePack: 1.0
15:46:19.0457 7324 Product type: Workstation
15:46:19.0457 7324 ComputerName: KARENCHEN-PC
15:46:19.0459 7324 UserName: Karen Chen
15:46:19.0459 7324 Windows directory: C:\Windows
15:46:19.0459 7324 System windows directory: C:\Windows
15:46:19.0459 7324 Running under WOW64
15:46:19.0459 7324 Processor architecture: Intel x64
15:46:19.0459 7324 Number of processors: 8
15:46:19.0459 7324 Page size: 0x1000
15:46:19.0459 7324 Boot type: Normal boot
15:46:19.0459 7324 ============================================================
15:46:20.0212 7324 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:46:20.0226 7324 \Device\Harddisk0\DR0:
15:46:20.0227 7324 MBR partitions:
15:46:20.0227 7324 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:46:20.0227 7324 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
15:46:20.0257 7324 C: <-> \Device\Harddisk0\DR0\Partition1
15:46:20.0257 7324 Initialize success
15:46:20.0257 7324 ============================================================
15:46:21.0299 5932 ============================================================
15:46:21.0299 5932 Scan started
15:46:21.0299 5932 Mode: Manual;
15:46:21.0299 5932 ============================================================
15:46:22.0947 5932 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:46:22.0950 5932 !SASCORE - ok
15:46:23.0081 5932 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:46:23.0084 5932 1394ohci - ok
15:46:23.0151 5932 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:46:23.0156 5932 ACPI - ok
15:46:23.0209 5932 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:46:23.0210 5932 AcpiPmi - ok
15:46:23.0327 5932 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:46:23.0330 5932 AdobeFlashPlayerUpdateSvc - ok
15:46:23.0379 5932 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:46:23.0386 5932 adp94xx - ok
15:46:23.0434 5932 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:46:23.0438 5932 adpahci - ok
15:46:23.0465 5932 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:46:23.0468 5932 adpu320 - ok
15:46:23.0559 5932 ADSMService (c0bf554d2277f7a4c735d475ade2e3b2) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
15:46:23.0562 5932 ADSMService - ok
15:46:23.0593 5932 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:46:23.0594 5932 AeLookupSvc - ok
15:46:23.0635 5932 AFBAgent (fb2be0bae9b3f248080cdbf91ef16c7f) C:\Windows\system32\FBAgent.exe
15:46:23.0642 5932 AFBAgent - ok
15:46:23.0741 5932 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:46:23.0747 5932 AFD - ok
15:46:23.0816 5932 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:46:23.0817 5932 agp440 - ok
15:46:23.0871 5932 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:46:23.0872 5932 ALG - ok
15:46:23.0939 5932 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:46:23.0940 5932 aliide - ok
15:46:23.0976 5932 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:46:23.0977 5932 amdide - ok
15:46:24.0007 5932 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:46:24.0009 5932 AmdK8 - ok
15:46:24.0031 5932 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:46:24.0032 5932 AmdPPM - ok
15:46:24.0085 5932 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:46:24.0087 5932 amdsata - ok
15:46:24.0152 5932 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:46:24.0154 5932 amdsbs - ok
15:46:24.0178 5932 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:46:24.0179 5932 amdxata - ok
15:46:24.0258 5932 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:46:24.0259 5932 AppID - ok
15:46:24.0293 5932 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:46:24.0295 5932 AppIDSvc - ok
15:46:24.0372 5932 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:46:24.0374 5932 Appinfo - ok
15:46:24.0522 5932 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:46:24.0525 5932 Apple Mobile Device - ok
15:46:24.0598 5932 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:46:24.0601 5932 AppMgmt - ok
15:46:24.0648 5932 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:46:24.0651 5932 arc - ok
15:46:24.0710 5932 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:46:24.0712 5932 arcsas - ok
15:46:24.0747 5932 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
15:46:24.0748 5932 AsDsm - ok
15:46:24.0802 5932 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
15:46:24.0804 5932 ASLDRService - ok
15:46:24.0870 5932 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
15:46:24.0871 5932 ASMMAP64 - ok
15:46:25.0029 5932 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:46:25.0030 5932 aspnet_state - ok
15:46:25.0094 5932 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:46:25.0095 5932 AsyncMac - ok
15:46:25.0171 5932 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:46:25.0172 5932 atapi - ok
15:46:25.0316 5932 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
15:46:25.0350 5932 athr - ok
15:46:25.0432 5932 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
15:46:25.0434 5932 ATKGFNEXSrv - ok
15:46:25.0511 5932 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:46:25.0521 5932 AudioEndpointBuilder - ok
15:46:25.0568 5932 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:46:25.0577 5932 AudioSrv - ok
15:46:25.0639 5932 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:46:25.0641 5932 AxInstSV - ok
15:46:25.0752 5932 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:46:25.0757 5932 b06bdrv - ok
15:46:25.0803 5932 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:46:25.0807 5932 b57nd60a - ok
15:46:25.0853 5932 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:46:25.0856 5932 BDESVC - ok
15:46:25.0888 5932 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:46:25.0888 5932 Beep - ok
15:46:25.0973 5932 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:46:25.0983 5932 BFE - ok
15:46:26.0071 5932 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:46:26.0087 5932 BITS - ok
15:46:26.0119 5932 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:46:26.0120 5932 blbdrive - ok
15:46:26.0222 5932 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:46:26.0228 5932 Bonjour Service - ok
15:46:26.0292 5932 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:46:26.0294 5932 bowser - ok
15:46:26.0345 5932 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:46:26.0346 5932 BrFiltLo - ok
15:46:26.0407 5932 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:46:26.0407 5932 BrFiltUp - ok
15:46:26.0441 5932 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:46:26.0443 5932 BridgeMP - ok
15:46:26.0509 5932 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:46:26.0512 5932 Browser - ok
15:46:26.0544 5932 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:46:26.0548 5932 Brserid - ok
15:46:26.0576 5932 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:46:26.0578 5932 BrSerWdm - ok
15:46:26.0610 5932 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:46:26.0611 5932 BrUsbMdm - ok
15:46:26.0642 5932 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:46:26.0643 5932 BrUsbSer - ok
15:46:26.0721 5932 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:46:26.0722 5932 BthEnum - ok
15:46:26.0755 5932 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:46:26.0757 5932 BTHMODEM - ok
15:46:26.0794 5932 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:46:26.0797 5932 BthPan - ok
15:46:26.0875 5932 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:46:26.0882 5932 BTHPORT - ok
15:46:26.0923 5932 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:46:26.0925 5932 bthserv - ok
15:46:26.0978 5932 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:46:26.0980 5932 BTHUSB - ok
15:46:27.0114 5932 catchme - ok
15:46:27.0190 5932 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:46:27.0192 5932 cdfs - ok
15:46:27.0258 5932 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:46:27.0260 5932 cdrom - ok
15:46:27.0327 5932 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:46:27.0329 5932 CertPropSvc - ok
15:46:27.0355 5932 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:46:27.0356 5932 circlass - ok
15:46:27.0389 5932 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:46:27.0395 5932 CLFS - ok
15:46:27.0462 5932 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:46:27.0465 5932 clr_optimization_v2.0.50727_32 - ok
15:46:27.0505 5932 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:46:27.0508 5932 clr_optimization_v2.0.50727_64 - ok
15:46:27.0622 5932 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:46:27.0625 5932 clr_optimization_v4.0.30319_32 - ok
15:46:27.0737 5932 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:46:27.0740 5932 clr_optimization_v4.0.30319_64 - ok
15:46:27.0806 5932 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:46:27.0807 5932 CmBatt - ok
15:46:27.0890 5932 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:46:27.0891 5932 cmdide - ok
15:46:27.0988 5932 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:46:27.0994 5932 CNG - ok
15:46:28.0025 5932 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:46:28.0026 5932 Compbatt - ok
15:46:28.0090 5932 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:46:28.0091 5932 CompositeBus - ok
15:46:28.0126 5932 COMSysApp - ok
15:46:28.0168 5932 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:46:28.0169 5932 crcdisk - ok
15:46:28.0263 5932 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
15:46:28.0265 5932 Creative ALchemy AL6 Licensing Service - ok
15:46:28.0302 5932 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:46:28.0304 5932 Creative Audio Engine Licensing Service - ok
15:46:28.0375 5932 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:46:28.0379 5932 CryptSvc - ok
15:46:28.0443 5932 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:46:28.0450 5932 CSC - ok
15:46:28.0528 5932 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:46:28.0539 5932 CscService - ok
15:46:28.0643 5932 CSHelper (aefb8558199bd5212b268b09bfa1d71a) C:\Windows\SysWOW64\CSHelper.exe
15:46:28.0647 5932 CSHelper - ok
15:46:28.0718 5932 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
15:46:28.0719 5932 dc3d - ok
15:46:28.0805 5932 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:46:28.0817 5932 DcomLaunch - ok
15:46:28.0909 5932 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:46:28.0914 5932 defragsvc - ok
15:46:28.0969 5932 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:46:28.0971 5932 DfsC - ok
15:46:29.0009 5932 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:46:29.0014 5932 Dhcp - ok
15:46:29.0042 5932 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:46:29.0043 5932 discache - ok
15:46:29.0079 5932 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:46:29.0080 5932 Disk - ok
15:46:29.0139 5932 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:46:29.0143 5932 Dnscache - ok
15:46:29.0209 5932 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:46:29.0214 5932 dot3svc - ok
15:46:29.0296 5932 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:46:29.0298 5932 Dot4 - ok
15:46:29.0367 5932 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
15:46:29.0368 5932 Dot4Print - ok
15:46:29.0430 5932 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:46:29.0431 5932 dot4usb - ok
15:46:29.0490 5932 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:46:29.0494 5932 DPS - ok
15:46:29.0524 5932 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:46:29.0525 5932 drmkaud - ok
15:46:29.0547 5932 dump_wmimmc - ok
15:46:29.0631 5932 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:46:29.0646 5932 DXGKrnl - ok
15:46:29.0668 5932 EagleX64 - ok
15:46:29.0706 5932 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:46:29.0710 5932 EapHost - ok
15:46:29.0816 5932 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:46:29.0862 5932 ebdrv - ok
15:46:29.0909 5932 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:46:29.0914 5932 EFS - ok
15:46:30.0001 5932 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:46:30.0012 5932 ehRecvr - ok
15:46:30.0042 5932 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:46:30.0044 5932 ehSched - ok
15:46:30.0075 5932 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:46:30.0082 5932 elxstor - ok
15:46:30.0147 5932 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:46:30.0148 5932 ErrDev - ok
15:46:30.0215 5932 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:46:30.0221 5932 EventSystem - ok
15:46:30.0257 5932 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:46:30.0260 5932 exfat - ok
15:46:30.0293 5932 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:46:30.0296 5932 fastfat - ok
15:46:30.0382 5932 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:46:30.0393 5932 Fax - ok
15:46:30.0429 5932 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:46:30.0430 5932 fdc - ok
15:46:30.0467 5932 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:46:30.0470 5932 fdPHost - ok
15:46:30.0488 5932 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:46:30.0490 5932 FDResPub - ok
15:46:30.0510 5932 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:46:30.0512 5932 FileInfo - ok
15:46:30.0530 5932 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:46:30.0531 5932 Filetrace - ok
15:46:30.0631 5932 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:46:30.0640 5932 FLEXnet Licensing Service - ok
15:46:30.0673 5932 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:46:30.0674 5932 flpydisk - ok
15:46:30.0748 5932 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:46:30.0753 5932 FltMgr - ok
15:46:30.0853 5932 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:46:30.0870 5932 FontCache - ok
15:46:30.0958 5932 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:46:30.0959 5932 FontCache3.0.0.0 - ok
15:46:31.0025 5932 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:46:31.0026 5932 FsDepends - ok
15:46:31.0078 5932 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:46:31.0079 5932 Fs_Rec - ok
15:46:31.0132 5932 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:46:31.0135 5932 fvevol - ok
15:46:31.0157 5932 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:46:31.0159 5932 gagp30kx - ok
15:46:31.0235 5932 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:46:31.0237 5932 GEARAspiWDM - ok
15:46:31.0311 5932 ghaio (7d66ebde8b7f9b4e00beefeee82670d4) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
15:46:31.0312 5932 ghaio - ok
15:46:31.0382 5932 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:46:31.0394 5932 gpsvc - ok
15:46:31.0504 5932 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:46:31.0507 5932 gupdate - ok
15:46:31.0535 5932 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:46:31.0537 5932 gupdatem - ok
15:46:31.0570 5932 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:46:31.0573 5932 gusvc - ok
15:46:31.0614 5932 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:46:31.0615 5932 hcw85cir - ok
15:46:31.0689 5932 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:46:31.0694 5932 HdAudAddService - ok
15:46:31.0760 5932 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:46:31.0762 5932 HDAudBus - ok
15:46:31.0824 5932 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:46:31.0825 5932 HECIx64 - ok
15:46:31.0845 5932 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:46:31.0846 5932 HidBatt - ok
15:46:31.0871 5932 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:46:31.0873 5932 HidBth - ok
15:46:31.0896 5932 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:46:31.0897 5932 HidIr - ok
15:46:31.0936 5932 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:46:31.0939 5932 hidserv - ok
15:46:32.0012 5932 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:46:32.0013 5932 HidUsb - ok
15:46:32.0089 5932 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:46:32.0094 5932 hkmsvc - ok
15:46:32.0164 5932 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:46:32.0171 5932 HomeGroupListener - ok
15:46:32.0230 5932 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:46:32.0237 5932 HomeGroupProvider - ok
15:46:32.0264 5932 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:46:32.0266 5932 HpSAMD - ok
15:46:32.0361 5932 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:46:32.0370 5932 HTTP - ok
15:46:32.0433 5932 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:46:32.0434 5932 hwpolicy - ok
15:46:32.0509 5932 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:46:32.0511 5932 i8042prt - ok
15:46:32.0596 5932 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
15:46:32.0603 5932 iaStor - ok
15:46:32.0673 5932 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:46:32.0679 5932 iaStorV - ok
15:46:32.0804 5932 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:46:32.0816 5932 idsvc - ok
15:46:32.0861 5932 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:46:32.0862 5932 iirsp - ok
15:46:32.0936 5932 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:46:32.0949 5932 IKEEXT - ok
15:46:33.0043 5932 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
15:46:33.0079 5932 IntcAzAudAddService - ok
15:46:33.0137 5932 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:46:33.0138 5932 intelide - ok
15:46:33.0168 5932 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:46:33.0170 5932 intelppm - ok
15:46:33.0210 5932 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:46:33.0214 5932 IPBusEnum - ok
15:46:33.0271 5932 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:46:33.0273 5932 IpFilterDriver - ok
15:46:33.0334 5932 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:46:33.0344 5932 iphlpsvc - ok
15:46:33.0402 5932 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:46:33.0403 5932 IPMIDRV - ok
15:46:33.0431 5932 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:46:33.0433 5932 IPNAT - ok
15:46:33.0539 5932 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
15:46:33.0550 5932 iPod Service - ok
15:46:33.0570 5932 ipswuio - ok
15:46:33.0606 5932 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:46:33.0607 5932 IRENUM - ok
15:46:33.0679 5932 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:46:33.0680 5932 isapnp - ok
15:46:33.0731 5932 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:46:33.0735 5932 iScsiPrt - ok
15:46:33.0768 5932 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:46:33.0770 5932 kbdclass - ok
15:46:33.0825 5932 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:46:33.0826 5932 kbdhid - ok
15:46:33.0884 5932 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
15:46:33.0885 5932 kbfiltr - ok
15:46:33.0944 5932 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:46:33.0948 5932 KeyIso - ok
15:46:34.0020 5932 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:46:34.0021 5932 KSecDD - ok
15:46:34.0069 5932 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:46:34.0072 5932 KSecPkg - ok
15:46:34.0103 5932 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:46:34.0105 5932 ksthunk - ok
15:46:34.0147 5932 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:46:34.0156 5932 KtmRm - ok
15:46:34.0194 5932 L1C (01c711667abedf8148998f3ac91991db) C:\Windows\system32\DRIVERS\L1C62x64.sys
15:46:34.0195 5932 L1C - ok
15:46:34.0282 5932 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:46:34.0291 5932 LanmanServer - ok
15:46:34.0358 5932 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:46:34.0367 5932 LanmanWorkstation - ok
15:46:34.0440 5932 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:46:34.0442 5932 lltdio - ok
15:46:34.0480 5932 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:46:34.0488 5932 lltdsvc - ok
15:46:34.0560 5932 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:46:34.0564 5932 lmhosts - ok
15:46:34.0620 5932 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:46:34.0623 5932 LMS - ok
15:46:34.0661 5932 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:46:34.0663 5932 LSI_FC - ok
15:46:34.0688 5932 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:46:34.0690 5932 LSI_SAS - ok
15:46:34.0723 5932 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:46:34.0724 5932 LSI_SAS2 - ok
15:46:34.0745 5932 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:46:34.0747 5932 LSI_SCSI - ok
15:46:34.0784 5932 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:46:34.0786 5932 luafv - ok
15:46:34.0869 5932 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:46:34.0870 5932 MBAMProtector - ok
15:46:34.0953 5932 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:46:34.0962 5932 MBAMService - ok
15:46:35.0011 5932 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:46:35.0016 5932 Mcx2Svc - ok
15:46:35.0045 5932 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:46:35.0046 5932 megasas - ok
15:46:35.0076 5932 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:46:35.0079 5932 MegaSR - ok
15:46:35.0174 5932 Microsoft SharePoint Workspace Audit Service - ok
15:46:35.0227 5932 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:46:35.0232 5932 MMCSS - ok
15:46:35.0264 5932 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:46:35.0265 5932 Modem - ok
15:46:35.0297 5932 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:46:35.0299 5932 monitor - ok
15:46:35.0361 5932 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:46:35.0362 5932 mouclass - ok
15:46:35.0411 5932 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:46:35.0412 5932 mouhid - ok
15:46:35.0475 5932 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:46:35.0477 5932 mountmgr - ok
15:46:35.0537 5932 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:46:35.0540 5932 mpio - ok
15:46:35.0566 5932 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:46:35.0568 5932 mpsdrv - ok
15:46:35.0646 5932 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:46:35.0662 5932 MpsSvc - ok
15:46:35.0735 5932 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:46:35.0737 5932 MRxDAV - ok
15:46:35.0796 5932 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:46:35.0799 5932 mrxsmb - ok
15:46:35.0868 5932 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:46:35.0872 5932 mrxsmb10 - ok
15:46:35.0895 5932 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:46:35.0897 5932 mrxsmb20 - ok
15:46:35.0949 5932 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:46:35.0950 5932 msahci - ok
15:46:35.0979 5932 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:46:35.0982 5932 msdsm - ok
15:46:36.0015 5932 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:46:36.0020 5932 MSDTC - ok
15:46:36.0064 5932 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:46:36.0065 5932 Msfs - ok
15:46:36.0094 5932 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:46:36.0095 5932 mshidkmdf - ok
15:46:36.0144 5932 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:46:36.0145 5932 msisadrv - ok
15:46:36.0172 5932 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:46:36.0177 5932 MSiSCSI - ok
15:46:36.0189 5932 msiserver - ok
15:46:36.0216 5932 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:46:36.0217 5932 MSKSSRV - ok
15:46:36.0242 5932 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:46:36.0243 5932 MSPCLOCK - ok
15:46:36.0267 5932 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:46:36.0268 5932 MSPQM - ok
15:46:36.0333 5932 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:46:36.0338 5932 MsRPC - ok
15:46:36.0364 5932 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:46:36.0365 5932 mssmbios - ok
15:46:36.0388 5932 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:46:36.0389 5932 MSTEE - ok
15:46:36.0414 5932 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:46:36.0415 5932 MTConfig - ok
15:46:36.0456 5932 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
15:46:36.0457 5932 MTsensor - ok
15:46:36.0479 5932 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:46:36.0481 5932 Mup - ok
15:46:36.0544 5932 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:46:36.0555 5932 napagent - ok
15:46:36.0594 5932 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:46:36.0598 5932 NativeWifiP - ok
15:46:36.0683 5932 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:46:36.0694 5932 NDIS - ok
15:46:36.0721 5932 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:46:36.0722 5932 NdisCap - ok
15:46:36.0751 5932 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:46:36.0752 5932 NdisTapi - ok
15:46:36.0821 5932 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:46:36.0823 5932 Ndisuio - ok
15:46:36.0881 5932 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:46:36.0884 5932 NdisWan - ok
15:46:36.0940 5932 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:46:36.0941 5932 NDProxy - ok
15:46:37.0011 5932 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
15:46:37.0015 5932 Net Driver HPZ12 - ok
15:46:37.0034 5932 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:46:37.0036 5932 NetBIOS - ok
15:46:37.0103 5932 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:46:37.0107 5932 NetBT - ok
15:46:37.0170 5932 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:46:37.0174 5932 Netlogon - ok
15:46:37.0215 5932 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:46:37.0223 5932 Netman - ok
15:46:37.0362 5932 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:46:37.0365 5932 NetMsmqActivator - ok
15:46:37.0385 5932 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:46:37.0387 5932 NetPipeActivator - ok
15:46:37.0417 5932 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:46:37.0426 5932 netprofm - ok
15:46:37.0462 5932 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:46:37.0465 5932 NetTcpActivator - ok
15:46:37.0486 5932 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:46:37.0489 5932 NetTcpPortSharing - ok
15:46:37.0528 5932 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:46:37.0531 5932 nfrd960 - ok
15:46:37.0661 5932 NielsenUpdate (33fea967497e9f6b2457d1c4e8eb11a0) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
15:46:37.0666 5932 NielsenUpdate - ok
15:46:37.0742 5932 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:46:37.0749 5932 NlaSvc - ok
15:46:37.0860 5932 nnfwdk (3cff736f1f581069a954f7dedb2dfbfa) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter5\nnfwdk64.sys
15:46:37.0861 5932 nnfwdk - ok
15:46:37.0908 5932 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:46:37.0910 5932 Npfs - ok
15:46:37.0939 5932 npggsvc - ok
15:46:37.0955 5932 NPPTNT2 - ok
15:46:38.0030 5932 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:46:38.0035 5932 nsi - ok
15:46:38.0056 5932 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:46:38.0057 5932 nsiproxy - ok
15:46:38.0148 5932 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:46:38.0170 5932 Ntfs - ok
15:46:38.0244 5932 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
15:46:38.0245 5932 NuidFltr - ok
15:46:38.0282 5932 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:46:38.0283 5932 Null - ok
15:46:38.0336 5932 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
15:46:38.0339 5932 NVHDA - ok
15:46:38.0676 5932 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:46:38.0835 5932 nvlddmkm - ok
15:46:38.0907 5932 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:46:38.0910 5932 nvraid - ok
15:46:38.0952 5932 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:46:38.0955 5932 nvstor - ok
15:46:39.0044 5932 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
15:46:39.0059 5932 nvsvc - ok
15:46:39.0207 5932 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:46:39.0235 5932 nvUpdatusService - ok
15:46:39.0326 5932 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:46:39.0329 5932 nv_agp - ok
15:46:39.0385 5932 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:46:39.0387 5932 ohci1394 - ok
15:46:39.0447 5932 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:46:39.0449 5932 ose - ok
15:46:39.0631 5932 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:46:39.0691 5932 osppsvc - ok
15:46:39.0762 5932 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:46:39.0771 5932 p2pimsvc - ok
15:46:39.0814 5932 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:46:39.0824 5932 p2psvc - ok
15:46:39.0877 5932 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:46:39.0879 5932 Parport - ok
15:46:39.0931 5932 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:46:39.0933 5932 partmgr - ok
15:46:40.0001 5932 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:46:40.0008 5932 PcaSvc - ok
15:46:40.0071 5932 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:46:40.0074 5932 pci - ok
15:46:40.0137 5932 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:46:40.0138 5932 pciide - ok
15:46:40.0175 5932 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:46:40.0179 5932 pcmcia - ok
15:46:40.0207 5932 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:46:40.0208 5932 pcw - ok
15:46:40.0240 5932 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:46:40.0247 5932 PEAUTH - ok
15:46:40.0300 5932 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:46:40.0320 5932 PeerDistSvc - ok
15:46:40.0371 5932 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:46:40.0376 5932 PerfHost - ok
15:46:40.0474 5932 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:46:40.0495 5932 pla - ok
15:46:40.0566 5932 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:46:40.0578 5932 PlugPlay - ok
15:46:40.0648 5932 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
15:46:40.0652 5932 Pml Driver HPZ12 - ok
15:46:40.0678 5932 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:46:40.0684 5932 PNRPAutoReg - ok
15:46:40.0711 5932 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:46:40.0720 5932 PNRPsvc - ok
15:46:40.0789 5932 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
15:46:40.0790 5932 Point64 - ok
15:46:40.0854 5932 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:46:40.0864 5932 PolicyAgent - ok
15:46:40.0899 5932 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:46:40.0908 5932 Power - ok
15:46:40.0974 5932 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:46:40.0976 5932 PptpMiniport - ok
15:46:41.0012 5932 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:46:41.0013 5932 Processor - ok
15:46:41.0077 5932 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:46:41.0085 5932 ProfSvc - ok
15:46:41.0138 5932 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:46:41.0143 5932 ProtectedStorage - ok
15:46:41.0198 5932 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:46:41.0200 5932 Psched - ok
15:46:41.0266 5932 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:46:41.0284 5932 ql2300 - ok
15:46:41.0314 5932 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:46:41.0316 5932 ql40xx - ok
15:46:41.0350 5932 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:46:41.0358 5932 QWAVE - ok
15:46:41.0381 5932 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:46:41.0383 5932 QWAVEdrv - ok
15:46:41.0404 5932 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:46:41.0405 5932 RasAcd - ok
15:46:41.0453 5932 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:46:41.0454 5932 RasAgileVpn - ok
15:46:41.0480 5932 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:46:41.0487 5932 RasAuto - ok
15:46:41.0549 5932 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:46:41.0551 5932 Rasl2tp - ok
15:46:41.0591 5932 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:46:41.0600 5932 RasMan - ok
15:46:41.0625 5932 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:46:41.0627 5932 RasPppoe - ok
15:46:41.0666 5932 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:46:41.0668 5932 RasSstp - ok
15:46:41.0736 5932 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:46:41.0741 5932 rdbss - ok
15:46:41.0762 5932 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:46:41.0764 5932 rdpbus - ok
15:46:41.0785 5932 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:46:41.0786 5932 RDPCDD - ok
15:46:41.0846 5932 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:46:41.0849 5932 RDPDR - ok
15:46:41.0890 5932 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:46:41.0891 5932 RDPENCDD - ok
15:46:41.0946 5932 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:46:41.0947 5932 RDPREFMP - ok
15:46:42.0029 5932 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:46:42.0030 5932 RdpVideoMiniport - ok
15:46:42.0091 5932 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:46:42.0094 5932 RDPWD - ok
15:46:42.0158 5932 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:46:42.0162 5932 rdyboost - ok
15:46:42.0190 5932 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:46:42.0195 5932 RemoteAccess - ok
15:46:42.0241 5932 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:46:42.0248 5932 RemoteRegistry - ok
15:46:42.0294 5932 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:46:42.0297 5932 RFCOMM - ok
15:46:42.0332 5932 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
15:46:42.0333 5932 rimspci - ok
15:46:42.0366 5932 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
15:46:42.0367 5932 rixdpcie - ok
15:46:42.0390 5932 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:46:42.0397 5932 RpcEptMapper - ok
15:46:42.0429 5932 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:46:42.0432 5932 RpcLocator - ok
15:46:42.0501 5932 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:46:42.0514 5932 RpcSs - ok
15:46:42.0547 5932 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:46:42.0549 5932 rspndr - ok
15:46:42.0609 5932 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:46:42.0610 5932 s3cap - ok
15:46:42.0665 5932 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:46:42.0669 5932 SamSs - ok
15:46:42.0766 5932 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:46:42.0767 5932 SASDIFSV - ok
15:46:42.0784 5932 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:46:42.0785 5932 SASKUTIL - ok
15:46:42.0871 5932 sasservice (5d0d15f123cb9d474e5cbeb2fa1bea98) C:\Program Files (x86)\Microsoft Send-a-Smile\sasservice.EXE
15:46:42.0874 5932 sasservice - ok
15:46:42.0900 5932 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:46:42.0902 5932 sbp2port - ok
15:46:43.0006 5932 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:46:43.0020 5932 SBSDWSCService - ok
15:46:43.0047 5932 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:46:43.0055 5932 SCardSvr - ok
15:46:43.0116 5932 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:46:43.0117 5932 scfilter - ok
15:46:43.0200 5932 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:46:43.0219 5932 Schedule - ok
15:46:43.0283 5932 SCManager - ok
15:46:43.0358 5932 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:46:43.0360 5932 SCPolicySvc - ok
15:46:43.0444 5932 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:46:43.0446 5932 sdbus - ok
15:46:43.0503 5932 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:46:43.0511 5932 SDRSVC - ok
15:46:43.0547 5932 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:46:43.0548 5932 secdrv - ok
15:46:43.0608 5932 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:46:43.0618 5932 seclogon - ok
15:46:43.0655 5932 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:46:43.0662 5932 SENS - ok
15:46:43.0690 5932 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:46:43.0696 5932 SensrSvc - ok
15:46:43.0769 5932 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:46:43.0770 5932 Serenum - ok
15:46:43.0827 5932 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:46:43.0828 5932 Serial - ok
15:46:43.0889 5932 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:46:43.0890 5932 sermouse - ok
15:46:43.0972 5932 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:46:43.0980 5932 SessionEnv - ok
15:46:44.0057 5932 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:46:44.0058 5932 sffdisk - ok
15:46:44.0093 5932 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:46:44.0095 5932 sffp_mmc - ok
15:46:44.0117 5932 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:46:44.0118 5932 sffp_sd - ok
15:46:44.0156 5932 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:46:44.0157 5932 sfloppy - ok
15:46:44.0199 5932 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:46:44.0207 5932 SharedAccess - ok
15:46:44.0273 5932 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:46:44.0285 5932 ShellHWDetection - ok
15:46:44.0347 5932 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:46:44.0348 5932 SiSRaid2 - ok
15:46:44.0370 5932 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:46:44.0372 5932 SiSRaid4 - ok
15:46:44.0410 5932 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:46:44.0412 5932 Smb - ok
15:46:44.0470 5932 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:46:44.0476 5932 SNMPTRAP - ok
15:46:44.0553 5932 SNP2UVC (7aec460dbdd193680f0e77724e40e7b6) C:\Windows\system32\DRIVERS\snp2uvc.sys
15:46:44.0575 5932 SNP2UVC - ok
15:46:44.0598 5932 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:46:44.0600 5932 spldr - ok
15:46:44.0671 5932 spmgr (739db668dbd812285ecc553e64a5e212) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
15:46:44.0673 5932 spmgr - ok
15:46:44.0740 5932 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:46:44.0752 5932 Spooler - ok
15:46:44.0881 5932 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:46:44.0932 5932 sppsvc - ok
15:46:44.0973 5932 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:46:44.0980 5932 sppuinotify - ok
15:46:45.0049 5932 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:46:45.0056 5932 srv - ok
15:46:45.0121 5932 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:46:45.0126 5932 srv2 - ok
15:46:45.0153 5932 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:46:45.0156 5932 srvnet - ok
15:46:45.0226 5932 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:46:45.0234 5932 SSDPSRV - ok
15:46:45.0301 5932 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:46:45.0308 5932 SstpSvc - ok
15:46:45.0418 5932 Steam Client Service - ok
15:46:45.0513 5932 Stereo Service (6086b60f2e36d06a063cb07ed0524332) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:46:45.0518 5932 Stereo Service - ok
15:46:45.0573 5932 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:46:45.0575 5932 stexstor - ok
15:46:45.0651 5932 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:46:45.0666 5932 stisvc - ok
15:46:45.0733 5932 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:46:45.0735 5932 storflt - ok
15:46:45.0785 5932 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:46:45.0786 5932 storvsc - ok
15:46:45.0843 5932 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:46:45.0844 5932 swenum - ok
15:46:45.0991 5932 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:46:45.0998 5932 SwitchBoard - ok
15:46:46.0035 5932 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:46:46.0046 5932 swprv - ok
15:46:46.0072 5932 Synth3dVsc - ok
15:46:46.0146 5932 SynTP (8f63178d1db81bb79270ae55ecdd8321) C:\Windows\system32\DRIVERS\SynTP.sys
15:46:46.0150 5932 SynTP - ok
15:46:46.0246 5932 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:46:46.0274 5932 SysMain - ok
15:46:46.0331 5932 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:46:46.0339 5932 TabletInputService - ok
15:46:46.0368 5932 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:46:46.0378 5932 TapiSrv - ok
15:46:46.0408 5932 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:46:46.0416 5932 TBS - ok
15:46:46.0518 5932 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:46:46.0541 5932 Tcpip - ok
15:46:46.0626 5932 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:46:46.0649 5932 TCPIP6 - ok
15:46:46.0720 5932 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:46:46.0721 5932 tcpipreg - ok
15:46:46.0763 5932 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:46:46.0764 5932 TDPIPE - ok
15:46:46.0817 5932 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:46:46.0818 5932 TDTCP - ok
15:46:46.0897 5932 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:46:46.0899 5932 tdx - ok
15:46:46.0974 5932 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:46:46.0976 5932 TermDD - ok
15:46:47.0050 5932 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:46:47.0064 5932 TermService - ok
15:46:47.0121 5932 Themes (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll
15:46:47.0129 5932 Themes - ok
15:46:47.0158 5932 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:46:47.0164 5932 THREADORDER - ok
15:46:47.0208 5932 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:46:47.0217 5932 TrkWks - ok
15:46:47.0280 5932 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:46:47.0283 5932 TrustedInstaller - ok
15:46:47.0346 5932 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:46:47.0347 5932 tssecsrv - ok
15:46:47.0406 5932 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:46:47.0408 5932 TsUsbFlt - ok
15:46:47.0426 5932 tsusbhub - ok
15:46:47.0519 5932 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:46:47.0521 5932 tunnel - ok
15:46:47.0561 5932 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:46:47.0563 5932 uagp35 - ok
15:46:47.0618 5932 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:46:47.0622 5932 udfs - ok
15:46:47.0674 5932 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:46:47.0681 5932 UI0Detect - ok
15:46:47.0749 5932 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:46:47.0750 5932 uliagpkx - ok
15:46:47.0820 5932 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:46:47.0821 5932 umbus - ok
15:46:47.0861 5932 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:46:47.0862 5932 UmPass - ok
15:46:47.0918 5932 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:46:47.0927 5932 UmRdpService - ok
15:46:48.0012 5932 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:46:48.0040 5932 UNS - ok
15:46:48.0092 5932 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:46:48.0103 5932 upnphost - ok
15:46:48.0167 5932 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:46:48.0168 5932 USBAAPL64 - ok
15:46:48.0236 5932 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:46:48.0238 5932 usbccgp - ok
15:46:48.0301 5932 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:46:48.0303 5932 usbcir - ok
15:46:48.0386 5932 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:46:48.0388 5932 usbehci - ok
15:46:48.0436 5932 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:46:48.0441 5932 usbhub - ok
15:46:48.0499 5932 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:46:48.0500 5932 usbohci - ok
15:46:48.0552 5932 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:46:48.0554 5932 usbprint - ok
15:46:48.0615 5932 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:46:48.0616 5932 usbscan - ok
15:46:48.0693 5932 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:46:48.0695 5932 USBSTOR - ok
15:46:48.0754 5932 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:46:48.0755 5932 usbuhci - ok
15:46:48.0834 5932 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:46:48.0837 5932 usbvideo - ok
15:46:48.0880 5932 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:46:48.0888 5932 UxSms - ok
15:46:48.0953 5932 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:46:48.0957 5932 VaultSvc - ok
15:46:49.0036 5932 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:46:49.0037 5932 vdrvroot - ok
15:46:49.0115 5932 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:46:49.0130 5932 vds - ok
15:46:49.0204 5932 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:46:49.0205 5932 vga - ok
15:46:49.0240 5932 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:46:49.0242 5932 VgaSave - ok
15:46:49.0259 5932 VGPU - ok
15:46:49.0332 5932 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:46:49.0336 5932 vhdmp - ok
15:46:49.0401 5932 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:46:49.0402 5932 viaide - ok
15:46:49.0484 5932 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:46:49.0487 5932 vmbus - ok
15:46:49.0538 5932 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:46:49.0540 5932 VMBusHID - ok
15:46:49.0610 5932 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:46:49.0612 5932 volmgr - ok
15:46:49.0905 5932 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:46:49.0910 5932 volmgrx - ok
15:46:50.0080 5932 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:46:50.0085 5932 volsnap - ok
15:46:50.0132 5932 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:46:50.0135 5932 vsmraid - ok
15:46:50.0225 5932 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:46:50.0249 5932 VSS - ok
15:46:50.0428 5932 VSTWinDriver6 (e72b7f6ad60ec55b2bbef6c6202cde2a) C:\Windows\system32\drivers\VSTwindrvr6.sys
15:46:50.0432 5932 VSTWinDriver6 - ok
15:46:50.0485 5932 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:46:50.0486 5932 vwifibus - ok
15:46:50.0510 5932 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:46:50.0511 5932 vwififlt - ok
15:46:50.0548 5932 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:46:50.0549 5932 vwifimp - ok
15:46:50.0593 5932 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:46:50.0604 5932 W32Time - ok
15:46:50.0666 5932 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:46:50.0668 5932 WacomPen - ok
15:46:50.0737 5932 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:46:50.0739 5932 WANARP - ok
15:46:50.0754 5932 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:46:50.0756 5932 Wanarpv6 - ok
15:46:50.0855 5932 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:46:50.0870 5932 WatAdminSvc - ok
15:46:50.0967 5932 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:46:50.0993 5932 wbengine - ok
15:46:51.0042 5932 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:46:51.0052 5932 WbioSrvc - ok
15:46:51.0119 5932 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:46:51.0130 5932 wcncsvc - ok
15:46:51.0190 5932 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:46:51.0198 5932 WcsPlugInService - ok
15:46:51.0242 5932 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:46:51.0243 5932 Wd - ok
15:46:51.0306 5932 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:46:51.0314 5932 Wdf01000 - ok
15:46:51.0368 5932 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:46:51.0376 5932 WdiServiceHost - ok
15:46:51.0418 5932 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:46:51.0427 5932 WdiSystemHost - ok
15:46:51.0490 5932 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:46:51.0500 5932 WebClient - ok
15:46:51.0562 5932 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:46:51.0572 5932 Wecsvc - ok
15:46:51.0635 5932 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:46:51.0643 5932 wercplsupport - ok
15:46:51.0684 5932 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:46:51.0694 5932 WerSvc - ok
15:46:51.0728 5932 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:46:51.0729 5932 WfpLwf - ok
15:46:51.0784 5932 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
15:46:51.0787 5932 WimFltr - ok
15:46:51.0824 5932 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:46:51.0825 5932 WIMMount - ok
15:46:51.0890 5932 WinDefend - ok
15:46:51.0907 5932 WinHttpAutoProxySvc - ok
15:46:51.0968 5932 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:46:51.0972 5932 Winmgmt - ok
15:46:52.0068 5932 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:46:52.0098 5932 WinRM - ok
15:46:52.0191 5932 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:46:52.0193 5932 WinUsb - ok
15:46:52.0271 5932 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:46:52.0293 5932 Wlansvc - ok
15:46:52.0466 5932 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:46:52.0493 5932 wlidsvc - ok
15:46:52.0554 5932 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:46:52.0555 5932 WmiAcpi - ok
15:46:52.0610 5932 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:46:52.0614 5932 wmiApSrv - ok
15:46:52.0659 5932 WMPNetworkSvc - ok
15:46:52.0690 5932 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:46:52.0698 5932 WPCSvc - ok
15:46:52.0748 5932 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:46:52.0757 5932 WPDBusEnum - ok
15:46:52.0785 5932 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:46:52.0787 5932 ws2ifsl - ok
15:46:52.0839 5932 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:46:52.0847 5932 wscsvc - ok
15:46:52.0862 5932 WSearch - ok
15:46:52.0960 5932 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:46:52.0995 5932 wuauserv - ok
15:46:53.0109 5932 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:46:53.0111 5932 WudfPf - ok
15:46:53.0159 5932 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:46:53.0162 5932 WUDFRd - ok
15:46:53.0223 5932 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:46:53.0231 5932 wudfsvc - ok
15:46:53.0266 5932 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:46:53.0276 5932 WwanSvc - ok
15:46:53.0331 5932 X6va002 - ok
15:46:53.0406 5932 X6va005 - ok
15:46:53.0505 5932 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:46:53.0581 5932 \Device\Harddisk0\DR0 - ok
15:46:53.0597 5932 Boot (0x1200) (b86e9563f7062146299fef2b03edb5f8) \Device\Harddisk0\DR0\Partition0
15:46:53.0601 5932 \Device\Harddisk0\DR0\Partition0 - ok
15:46:53.0617 5932 Boot (0x1200) (98efa6eabb92d9c6e5db85413028d132) \Device\Harddisk0\DR0\Partition1
15:46:53.0621 5932 \Device\Harddisk0\DR0\Partition1 - ok
15:46:53.0622 5932 ============================================================
15:46:53.0622 5932 Scan finished
15:46:53.0622 5932 ============================================================
15:46:53.0651 2796 Detected object count: 0
15:46:53.0651 2796 Actual detected object count: 0
15:47:54.0665 1180 Deinitialize success

And here's the log from aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-21 15:48:35
-----------------------------
15:48:35.975 OS Version: Windows x64 6.1.7601 Service Pack 1
15:48:35.976 Number of processors: 8 586 0x1E05
15:48:35.978 ComputerName: KARENCHEN-PC UserName: Karen Chen
15:48:37.804 Initialize success
15:49:30.518 AVAST engine defs: 12042101
15:49:41.511 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:49:41.517 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
15:49:41.535 Disk 0 MBR read successfully
15:49:41.541 Disk 0 MBR scan
15:49:41.551 Disk 0 Windows 7 default MBR code
15:49:41.560 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:49:41.580 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
15:49:41.624 Disk 0 scanning C:\Windows\system32\drivers
15:50:01.604 Service scanning
15:50:36.753 Modules scanning
15:50:36.774 Disk 0 trace - called modules:
15:50:36.808 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
15:50:36.821 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006061790]
15:50:37.175 3 CLASSPNP.SYS[fffff88001ba743f] -> nt!IofCallDriver -> [0xfffffa8005ac0e40]
15:50:37.188 5 ACPI.sys[fffff88000f3b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005abf050]
15:50:40.158 AVAST engine scan C:\Windows
15:50:46.594 AVAST engine scan C:\Windows\system32
15:54:51.397 AVAST engine scan C:\Windows\system32\drivers
15:55:17.067 AVAST engine scan C:\Users\Karen Chen
17:18:53.003 AVAST engine scan C:\ProgramData
17:36:14.784 Scan finished successfully
17:41:03.463 Disk 0 MBR has been saved successfully to "C:\Users\Karen Chen\Desktop\MBR.dat"
17:41:03.479 The log file has been saved successfully to "C:\Users\Karen Chen\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 21 April 2012 - 05:11 PM

Hello


Uninstall both fireFox and chrome and if asked about user data or settings I want those removed also


reinstall them and check if they are redirecting


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 23 April 2012 - 11:39 PM

Hello


Just a friendly bump to check in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 CherryCola

CherryCola
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 24 April 2012 - 02:32 PM

Sorry its almost finals week at school..so things have been kind of hectic.
Anyway if I uninstall with all the user settings/user data removed does that mean my history/bookmarks/saved pws will be lost?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 24 April 2012 - 09:05 PM

you can save the bookmarks but the rest will need to go - http://techfleece.com/2011/07/26/how-to-backup-your-bookmarks-in-chrome-firefox-and-ie/
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 CherryCola

CherryCola
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 25 April 2012 - 10:59 AM

I just unistalled both chrome and FF, haven't googled enough to truly find out if the redirects are gone or not. I'll get back to you on that one :P

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 25 April 2012 - 01:04 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\Karen Chen\AppData\Roaming\Mozilla\Firefox\Profiles\81r6eysa.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3001716&SearchSource=2&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 CherryCola

CherryCola
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 26 April 2012 - 10:03 AM

Hi, here's the combofix log:
ComboFix 12-04-26.01 - Karen Chen 04/26/2012 10:34:17.6.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6077.3966 [GMT -4:00]
Running from: c:\users\Karen Chen\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\urttemp
c:\windows\SysWow64\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-26 14:56 . 2012-04-26 14:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-26 14:56 . 2012-04-26 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-26 14:23 . 2012-04-26 14:23 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40FBECD2-4B9D-4E46-BB2B-40370870B46B}\offreg.dll
2012-04-24 15:20 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40FBECD2-4B9D-4E46-BB2B-40370870B46B}\mpengine.dll
2012-04-22 04:57 . 2012-04-22 04:57 -------- d-----w- C:\AC_SWM
2012-04-22 04:02 . 2012-04-22 04:02 -------- d-----w- c:\program files\Motorola Inc
2012-04-22 04:02 . 2012-04-22 04:02 -------- d-----w- c:\program files (x86)\Motorola
2012-04-22 03:54 . 2012-04-22 04:32 -------- d-----w- C:\MOTO_MSM_ROOT
2012-04-22 03:08 . 2012-04-25 23:16 -------- d-----w- C:\Temp
2012-04-22 03:08 . 2012-04-22 03:08 -------- d-----w- c:\users\Karen Chen\AppData\Roaming\Motorola
2012-04-22 02:25 . 2012-04-22 02:41 -------- d-----w- c:\users\Karen Chen\.android
2012-04-22 02:24 . 2012-04-22 02:24 -------- d-----w- c:\program files (x86)\Android
2012-04-22 01:58 . 2012-04-22 01:58 -------- d-----w- c:\program files\Common Files\Motorola Shared
2012-04-21 02:14 . 2012-04-21 02:15 -------- d-----w- C:\username123
2012-04-19 16:11 . 2012-04-19 16:11 -------- d-----w- c:\users\Karen Chen\AppData\Roaming\SUPERAntiSpyware.com
2012-04-19 16:11 . 2012-04-19 16:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-19 16:11 . 2012-04-19 16:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-14 05:16 . 2012-04-14 05:16 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 05:15 . 2012-04-14 05:16 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-13 15:14 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 15:14 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-13 15:14 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-13 15:07 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 15:07 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 15:07 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 15:07 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 15:07 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 15:07 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 15:07 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-02 19:41 . 2012-04-02 19:41 -------- d-----w- c:\users\Karen Chen\AppData\Local\{09B1D6A4-7CFC-11E1-826D-B8AC6F996F26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 05:16 . 2011-07-08 13:45 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2010-10-06 00:39 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 13:56 . 2012-02-24 13:56 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-23 14:18 . 2010-08-11 00:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 15:43 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 15:43 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 15:43 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 15:43 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 15:43 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 15:47 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 15:47 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 15:48 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-21_13.48.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-25 23:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-19 22:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-19 22:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-25 23:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-25 23:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-19 22:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-11 00:48 . 2012-04-25 23:18 69464 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-25 23:18 37544 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-11 00:12 . 2012-04-25 23:18 12346 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1938527753-252497439-596932831-1000_UserData.bin
+ 2009-07-14 05:30 . 2012-04-22 04:03 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-01-27 14:50 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-11-08 16:59 . 2011-11-08 16:59 11776 c:\windows\system32\DriverStore\FileRepository\motusbdevice.inf_amd64_neutral_c5170007a9e7463f\motusbdevice.sys
+ 2011-03-31 18:53 . 2011-03-31 18:53 30208 c:\windows\system32\DriverStore\FileRepository\motport.inf_amd64_neutral_14a1b0d746bdb535\motport.sys
+ 2010-04-01 18:44 . 2010-04-01 18:44 26624 c:\windows\system32\DriverStore\FileRepository\motousbnet.inf_amd64_neutral_49121e563820e4d6\Motousbnet.sys
+ 2009-05-08 15:56 . 2009-05-08 15:56 53632 c:\windows\system32\DriverStore\FileRepository\motodrv.inf_amd64_neutral_a0be672cd3e62c3d\motodrv.sys
+ 2009-12-21 18:42 . 2009-12-21 18:42 15616 c:\windows\system32\DriverStore\FileRepository\motodrv.inf_amd64_neutral_a0be672cd3e62c3d\mot_ci.dll
+ 2009-07-10 17:06 . 2009-07-10 17:06 31744 c:\windows\system32\DriverStore\FileRepository\motoandroid.inf_amd64_neutral_50547d76aa5cd846\motoandroid.sys
+ 2011-03-31 18:53 . 2011-03-31 18:53 30208 c:\windows\system32\DriverStore\FileRepository\motmodem.inf_amd64_neutral_50ba6ed0f55412a8\motmodem.sys
+ 2011-04-04 18:55 . 2011-04-04 18:55 21504 c:\windows\system32\DriverStore\FileRepository\motccgp.inf_amd64_neutral_28ec47465596b1db\motccgp.sys
+ 2009-07-10 17:06 . 2009-07-10 17:06 31744 c:\windows\system32\drivers\motoandroid.sys
+ 2010-08-11 03:00 . 2012-04-25 23:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-11 03:00 . 2012-04-19 22:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-11 03:00 . 2012-04-25 23:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-11 03:00 . 2012-04-19 22:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-25 23:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-19 22:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-25 19:27 87408 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-08-11 01:06 . 2012-04-20 00:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-11 01:06 . 2012-04-26 00:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-11 01:06 . 2012-04-26 00:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-11 01:06 . 2012-04-20 00:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-11-02 19:52 . 2007-11-02 19:52 8576 c:\windows\system32\DriverStore\FileRepository\motousbnet.inf_amd64_neutral_49121e563820e4d6\motswch.sys
+ 2009-01-29 21:11 . 2009-01-29 21:11 6144 c:\windows\system32\DriverStore\FileRepository\motousbnet.inf_amd64_neutral_49121e563820e4d6\motfilt.sys
+ 2007-11-02 19:52 . 2007-11-02 19:52 8576 c:\windows\system32\DriverStore\FileRepository\motccgp.inf_amd64_neutral_28ec47465596b1db\motswch.sys
+ 2009-01-29 21:18 . 2009-01-29 21:18 9216 c:\windows\system32\DriverStore\FileRepository\motccgp.inf_amd64_neutral_28ec47465596b1db\motccgpfl.sys
+ 2012-04-25 23:16 . 2012-04-25 23:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-19 22:06 . 2012-04-19 22:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-19 22:06 . 2012-04-19 22:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-25 23:16 . 2012-04-25 23:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-22 04:02 . 2012-04-22 04:02 7886 c:\windows\Installer\{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}\_6FEFF9B68218417F98F549.exe
+ 2010-08-13 14:12 . 2012-04-26 13:44 465412 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-08-11 02:16 . 2012-04-22 17:31 606816 c:\windows\system32\prfc0804.dat
+ 2010-08-11 02:24 . 2012-04-22 17:31 601902 c:\windows\system32\prfc0404.dat
+ 2009-07-14 02:36 . 2012-04-22 17:31 608956 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-01-27 14:50 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-04-22 04:03 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-04-22 04:02 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-01-27 14:50 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-03-03 02:02 . 2009-03-03 02:02 118016 c:\windows\system32\DriverStore\FileRepository\moser.inf_amd64_neutral_7ecca89b25541f2b\Mousbser.sys
+ 2009-03-03 02:02 . 2009-03-03 02:02 118016 c:\windows\system32\DriverStore\FileRepository\momdm.inf_amd64_neutral_cc4485dc10ab041c\Mousbser.sys
+ 2009-07-14 05:01 . 2012-04-25 23:16 498956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-19 22:05 498956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-26 13:48 . 2012-04-26 13:48 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\69b65a56811b13c21fe4190ecbda40ba\System.Security.ni.dll
- 2012-04-21 13:19 . 2012-04-21 13:19 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\69b65a56811b13c21fe4190ecbda40ba\System.Security.ni.dll
- 2012-04-21 13:19 . 2012-04-21 13:19 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\21335cc2e54f4995b582cfa9d1efbcaa\System.Numerics.ni.dll
+ 2012-04-26 13:48 . 2012-04-26 13:48 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\21335cc2e54f4995b582cfa9d1efbcaa\System.Numerics.ni.dll
- 2012-04-21 13:19 . 2012-04-21 13:19 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\2420380bd60aeca61074fdcbba6dfef0\System.Dynamic.ni.dll
+ 2012-04-26 13:48 . 2012-04-26 13:48 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\2420380bd60aeca61074fdcbba6dfef0\System.Dynamic.ni.dll
- 2012-04-21 13:21 . 2012-04-21 13:21 224768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\5f3ad3cdbb108302803c10c323142e8a\System.Drawing.Design.ni.dll
+ 2012-04-26 13:50 . 2012-04-26 13:50 224768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\5f3ad3cdbb108302803c10c323142e8a\System.Drawing.Design.ni.dll
- 2012-04-21 13:18 . 2012-04-21 13:18 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8bcf11b8c1bcd3888359d0686aa53cdd\System.Configuration.ni.dll
+ 2012-04-26 13:48 . 2012-04-26 13:48 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8bcf11b8c1bcd3888359d0686aa53cdd\System.Configuration.ni.dll
+ 2012-04-26 13:49 . 2012-04-26 13:49 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\207e5ef9bceb158dd5a992b17611dc05\System.ComponentModel.Composition.ni.dll
- 2012-04-21 13:20 . 2012-04-21 13:20 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\207e5ef9bceb158dd5a992b17611dc05\System.ComponentModel.Composition.ni.dll
- 2012-04-21 13:20 . 2012-04-21 13:20 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e800dd1b7a4b95a6238af7293579baeb\PresentationFramework.Luna.ni.dll
+ 2012-04-26 13:49 . 2012-04-26 13:49 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e800dd1b7a4b95a6238af7293579baeb\PresentationFramework.Luna.ni.dll
- 2012-04-21 13:20 . 2012-04-21 13:20 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8ef8f6906ffa1fb643ef5b9782cf248b\PresentationFramework.Aero.ni.dll
+ 2012-04-26 13:49 . 2012-04-26 13:49 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8ef8f6906ffa1fb643ef5b9782cf248b\PresentationFramework.Aero.ni.dll
- 2012-04-21 13:20 . 2012-04-21 13:20 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63388c4a29f10aa1b9bad662a042c508\PresentationFramework.Royale.ni.dll
+ 2012-04-26 13:49 . 2012-04-26 13:49 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63388c4a29f10aa1b9bad662a042c508\PresentationFramework.Royale.ni.dll
+ 2012-04-26 13:49 . 2012-04-26 13:49 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\16f64df6836fe3cbce79fc4b702cdac1\PresentationFramework.Classic.ni.dll
- 2012-04-21 13:20 . 2012-04-21 13:20 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\16f64df6836fe3cbce79fc4b702cdac1\PresentationFramework.Classic.ni.dll
+ 2008-03-27 21:51 . 2008-03-27 21:51 1490656 c:\windows\system32\wdfcoinstaller01007.dll
+ 2010-08-11 02:16 . 2012-04-22 17:31 1742622 c:\windows\system32\prfh0804.dat
+ 2010-08-11 02:24 . 2012-04-22 17:31 1761174 c:\windows\system32\prfh0404.dat
+ 2009-07-14 02:36 . 2012-04-22 17:31 2052438 c:\windows\system32\perfh009.dat
+ 2008-03-27 21:51 . 2008-03-27 21:51 1490656 c:\windows\system32\DriverStore\FileRepository\motusbdevice.inf_amd64_neutral_c5170007a9e7463f\wdfcoinstaller01007.dll
+ 2008-03-27 21:51 . 2008-03-27 21:51 1490656 c:\windows\system32\DriverStore\FileRepository\motport.inf_amd64_neutral_14a1b0d746bdb535\wdfcoinstaller01007.dll
+ 2008-03-27 21:51 . 2008-03-27 21:51 1490656 c:\windows\system32\DriverStore\FileRepository\motousbnet.inf_amd64_neutral_49121e563820e4d6\wdfcoinstaller01007.dll
+ 2008-03-27 21:51 . 2008-03-27 21:51 1490656 c:\windows\system32\DriverStore\FileRepository\motoandroid.inf_amd64_neutral_50547d76aa5cd846\wdfcoinstaller01007.dll
+ 2008-03-27 21:51 . 2008-03-27 21:51 1490656 c:\windows\system32\DriverStore\FileRepository\motmodem.inf_amd64_neutral_50ba6ed0f55412a8\wdfcoinstaller01007.dll
+ 2008-03-27 21:51 . 2008-03-27 21:51 1490656 c:\windows\system32\DriverStore\FileRepository\motccgp.inf_amd64_neutral_28ec47465596b1db\wdfcoinstaller01007.dll
+ 2009-07-14 04:45 . 2012-04-25 13:47 6019615 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-04-14 03:50 6019615 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-20 07:43 . 2012-04-25 23:16 4193444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1938527753-252497439-596932831-1000-12288.dat
+ 2011-11-23 18:56 . 2011-11-23 18:56 2344960 c:\windows\Installer\b933227.msi
+ 2011-11-22 19:46 . 2011-11-22 19:46 1156608 c:\windows\Installer\b60119c.msi
+ 2009-07-12 06:35 . 2009-07-12 06:35 2736640 c:\windows\Installer\b601197.msi
- 2012-04-21 13:19 . 2012-04-21 13:19 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ee8c1f1aaed26c1ffff8d6ddbebeafae\WindowsBase.ni.dll
+ 2012-04-26 13:48 . 2012-04-26 13:48 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ee8c1f1aaed26c1ffff8d6ddbebeafae\WindowsBase.ni.dll
- 2012-04-21 13:18 . 2012-04-21 13:18 9085952 c:\windows\assembly\NativeImages_v4.0.30319_32\System\28327103d0ff58116482d6b559862433\System.ni.dll
+ 2012-04-26 13:47 . 2012-04-26 13:47 9085952 c:\windows\assembly\NativeImages_v4.0.30319_32\System\28327103d0ff58116482d6b559862433\System.ni.dll
+ 2012-04-26 13:48 . 2012-04-26 13:48 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\65fa447a186b5efcacc958aaeffa8f9f\System.Xml.ni.dll
- 2012-04-21 13:18 . 2012-04-21 13:18 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\65fa447a186b5efcacc958aaeffa8f9f\System.Xml.ni.dll
+ 2012-04-26 13:50 . 2012-04-26 13:50 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8439dc953efde189a2193d831d9c807e\System.Drawing.ni.dll
- 2012-04-21 13:21 . 2012-04-21 13:21 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8439dc953efde189a2193d831d9c807e\System.Drawing.ni.dll
- 2012-04-21 13:20 . 2012-04-21 13:20 6802432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\326acd19b3b944ceb7ce90c4147d2d8e\System.Data.ni.dll
+ 2012-04-26 13:50 . 2012-04-26 13:50 6802432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\326acd19b3b944ceb7ce90c4147d2d8e\System.Data.ni.dll
+ 2012-04-26 13:48 . 2012-04-26 13:48 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\ecb74b54ad7469a342c3640f2362a811\System.Data.SqlXml.ni.dll
- 2012-04-21 13:19 . 2012-04-21 13:19 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\ecb74b54ad7469a342c3640f2362a811\System.Data.SqlXml.ni.dll
- 2012-04-21 13:20 . 2012-04-21 13:20 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\e079dc641c5d6377e64adb73951f9e51\System.Data.Linq.ni.dll
+ 2012-04-26 13:50 . 2012-04-26 13:50 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\e079dc641c5d6377e64adb73951f9e51\System.Data.Linq.ni.dll
+ 2012-04-26 13:48 . 2012-04-26 13:48 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\21f39d3683f39e7fd4cfcbf25645ea2d\System.Core.ni.dll
- 2012-04-21 13:18 . 2012-04-21 13:18 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\21f39d3683f39e7fd4cfcbf25645ea2d\System.Core.ni.dll
- 2012-04-21 13:18 . 2012-04-21 13:18 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\767036637bee64d76639507249326df5\Microsoft.CSharp.ni.dll
+ 2012-04-26 13:48 . 2012-04-26 13:48 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\767036637bee64d76639507249326df5\Microsoft.CSharp.ni.dll
- 2012-04-21 13:22 . 2012-04-21 13:22 11871232 c:\windows\assembly\NativeImages_v4.0.30319_64\System\450ebbccfb2e44182fb6e0196037226c\System.ni.dll
+ 2012-04-26 13:52 . 2012-04-26 13:52 11871232 c:\windows\assembly\NativeImages_v4.0.30319_64\System\450ebbccfb2e44182fb6e0196037226c\System.ni.dll
+ 2012-04-26 13:51 . 2012-04-26 13:51 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\8f7f691aa155c11216387cf3420d9d1b\mscorlib.ni.dll
- 2012-04-21 13:22 . 2012-04-21 13:22 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\8f7f691aa155c11216387cf3420d9d1b\mscorlib.ni.dll
+ 2012-04-26 13:50 . 2012-04-26 13:50 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\b152559bb20408921769f449eb02334e\System.Windows.Forms.ni.dll
- 2012-04-21 13:21 . 2012-04-21 13:21 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\b152559bb20408921769f449eb02334e\System.Windows.Forms.ni.dll
- 2012-04-21 13:20 . 2012-04-21 13:20 10998272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\aaff830582f45d54b8f5b04aaa64f0d1\System.Design.ni.dll
+ 2012-04-26 13:50 . 2012-04-26 13:50 10998272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\aaff830582f45d54b8f5b04aaa64f0d1\System.Design.ni.dll
+ 2012-04-26 13:49 . 2012-04-26 13:49 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1c1688823388702d54ffd3b70add7cf7\PresentationFramework.ni.dll
- 2012-04-21 13:20 . 2012-04-21 13:20 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1c1688823388702d54ffd3b70add7cf7\PresentationFramework.ni.dll
+ 2012-04-26 13:49 . 2012-04-26 13:49 11106304 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\d98812be8af0e708e81df4d010eb9011\PresentationCore.ni.dll
- 2012-04-21 13:19 . 2012-04-21 13:19 11106304 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\d98812be8af0e708e81df4d010eb9011\PresentationCore.ni.dll
+ 2012-04-26 13:47 . 2012-04-26 13:47 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93e7df09dacd5fef442cc22d28efec83\mscorlib.ni.dll
- 2012-04-21 13:18 . 2012-04-21 13:18 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93e7df09dacd5fef442cc22d28efec83\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0E14BF3A-5045-44E8-8F96-30E93C686ABc}]
c:\windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-11 39408]
"googletalk"="c:\users\Karen Chen\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2010-07-11 2199040]
"F.lux"="c:\users\Karen Chen\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Akamai NetSession Interface"="c:\users\Karen Chen\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"uTorrent"="c:\users\Karen Chen\Desktop\utorrent.exe" [2011-07-04 639352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"NielsenOnline"="c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2010-11-17 47424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
.
c:\users\Karen Chen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-6-25 102912]
SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2011-7-20 296088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 CSHelper;CopySafe Helper Service;c:\windows\SysWOW64\CSHelper.exe [2010-09-03 266240]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-11 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-11 79360]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\PriusOnline\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 135664]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va002;X6va002;c:\users\KARENC~1\AppData\Local\Temp\00267EA.tmp [x]
R3 X6va005;X6va005;c:\users\KARENC~1\AppData\Local\Temp\0058D5D.tmp [x]
S1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter5\nnfwdk64.sys [2010-10-04 25648]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 NielsenUpdate;Nielsen Update;c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2011-05-03 306496]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 sasservice;Microsoft Send-a-Smile Background Service;c:\program files (x86)\Microsoft Send-a-Smile\sasservice.EXE [2010-09-22 255312]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 05:16]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 02:51]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 02:51]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1938527753-252497439-596932831-1000Core.job
- c:\users\Karen Chen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 00:24]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1938527753-252497439-596932831-1000UA.job
- c:\users\Karen Chen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 00:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Karen Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"smedpm"="c:\users\KARENC~1\AppData\Local\Temp\smedpm.dll" [BU]
"mcpry"="c:\users\KARENC~1\AppData\Local\Temp\mcpry.dll" [BU]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>;192.168.*.*
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: diskfam.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 137.99.25.14 137.99.203.20
DPF: {9103166D-A34B-45A2-91F5-73D508C7A650} - hxxp://imusicsoft.com/develop/nateviewer/PageR/NateComicViewer.cab
DPF: {CCD4D366-51C3-4D2E-BA25-262C45F104F5} - hxxp://imusicsoft.co.kr/develop/nateviewer/NateComicViewer.cab
FF - ProfilePath - c:\users\Karen Chen\AppData\Roaming\Mozilla\Firefox\Profiles\xjo653ww.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\KARENC~1\AppData\Local\Temp\00267EA.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\KARENC~1\AppData\Local\Temp\0058D5D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\NetRatingsNetSight]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-26 11:02:15
ComboFix-quarantined-files.txt 2012-04-26 15:02
.
Pre-Run: 91,422,507,008 bytes free
Post-Run: 90,960,072,704 bytes free
.
- - End Of File - - EBC1389DD721BD68FF479C1C01C4DA33

No redirects since I reinstalled, I think it's safe to say it's gone :D

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 26 April 2012 - 12:59 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.5.0
Bing Rewards Client Installer
DAEMON Tools Toolbar
eMule
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 CherryCola

CherryCola
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 28 April 2012 - 05:02 PM

No problems, no redirects.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:01:55 PM, on 4/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Send-a-Smile\SendASmile.exe
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Users\Karen Chen\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Karen Chen\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Karen Chen\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Users\Karen Chen\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\Program Files (x86)\Spotify\spotify.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\BNDReader.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {0E14BF3A-5045-44E8-8F96-30E93C686ABc} - C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\Karen Chen\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [F.lux] "C:\Users\Karen Chen\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Karen Chen\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Karen Chen\Desktop\utorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-21-1938527753-252497439-596932831-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1938527753-252497439-596932831-1003\..\Run: [AkamaiData] rundll32.exe "C:\Users\Karen Chen\AppData\Local\Akamai\AkamaiData\Akamaidata.DLL",DllRegisterServer (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1938527753-252497439-596932831-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = C:\Users\Karen Chen\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: SafeConnect.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: http://*.diskfam.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {9103166D-A34B-45A2-91F5-73D508C7A650} (NateComicViewer Class) - http://imusicsoft.com/develop/nateviewer/PageR/NateComicViewer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CCD4D366-51C3-4D2E-BA25-262C45F104F5} (MAContainer Control) - http://imusicsoft.co.kr/develop/nateviewer/NateComicViewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\SysWOW64\CSHelper.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nielsen Update (NielsenUpdate) - The Nielsen Company - C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files (x86)\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19899 bytes


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Karen Chen :: KARENCHEN-PC [administrator]

4/26/2012 7:58:01 PM
mbam-log-2012-04-26 (19-58-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224603
Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 28 April 2012 - 07:03 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
      O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
      O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
      O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [googletalk] C:\Users\Karen Chen\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
      O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
      O4 - HKCU\..\Run: [F.lux] "C:\Users\Karen Chen\Local Settings\Apps\F.lux\flux.exe" /noshow
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Karen Chen\AppData\Local\Akamai\netsession_win.exe"
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [uTorrent] "C:\Users\Karen Chen\Desktop\utorrent.exe" /MINIMIZED
      O4 - HKUS\S-1-5-21-1938527753-252497439-596932831-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1938527753-252497439-596932831-1003\..\Run: [AkamaiData] rundll32.exe "C:\Users\Karen Chen\AppData\Local\Akamai\AkamaiData\Akamaidata.DLL",DllRegisterServer (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1938527753-252497439-596932831-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Startup: Dropbox.lnk = C:\Users\Karen Chen\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
      O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users