Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Happili, system shuts down sometimes when running anti malware


  • This topic is locked This topic is locked
22 replies to this topic

#1 ethaniel

ethaniel

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 25 April 2012 - 11:01 AM

Hi,

I have been getting redirected to Happili when I use Google search occasionally on Firefox. Also, when I run full scans with anti malware programs, the computer shuts down without warning. The same thing happens when I run these programs in safe mode. I have tried spybot, superantispyware, lavasoft adaware, MBAM. Only superantispyware has found anything other than tracking cookies, svchost fake, but am unable to remove it after multiple tries. I have a hp laptop with Windows 7 x64.

Thanks for the help!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Ethan at 8:40:16 on 2012-04-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3838.2372 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\Ethan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Ethan\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Users\Ethan\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Video Download Toolbar Intercept: {b29002a0-87a1-4dc4-ac55-5982034eb61e} - C:\PROGRA~2\VIDEOD~1\VIDEOD~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Ethan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\Users\Ethan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn02.bcm.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 8.8.8.8 68.87.85.98 4.2.2.3
TCP: Interfaces\{C56020D5-E359-47A2-BAF7-838D534076A7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CE84E413-1A5A-419B-B4D1-A28952B824F0} : DhcpNameServer = 8.8.8.8 68.87.85.98 4.2.2.3
TCP: Interfaces\{CE84E413-1A5A-419B-B4D1-A28952B824F0}\2375942554034323 : DhcpNameServer = 192.168.11.254
TCP: Interfaces\{CE84E413-1A5A-419B-B4D1-A28952B824F0}\2375942554735343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CE84E413-1A5A-419B-B4D1-A28952B824F0}\2456C6B696E6E233143343 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CE84E413-1A5A-419B-B4D1-A28952B824F0}\2636D6D2E65647D237673637 : DhcpNameServer = 128.249.38.101 128.249.38.102 128.249.237.101
TCP: Interfaces\{CE84E413-1A5A-419B-B4D1-A28952B824F0}\3616275677966696 : DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.2
TCP: Interfaces\{CE84E413-1A5A-419B-B4D1-A28952B824F0}\452716A616E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CE84E413-1A5A-419B-B4D1-A28952B824F0}\45561644F647 : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Video Download Toolbar Intercept: {B29002A0-87A1-4DC4-AC55-5982034EB61E} - C:\PROGRA~2\VIDEOD~1\VIDEOD~1.DLL
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\tsblcywh.default\
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Ethan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ethan\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: C:\Users\Ethan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Ethan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 avfsmn;avfsmn;C:\Windows\system32\DRIVERS\avfsmn.sys --> C:\Windows\system32\DRIVERS\avfsmn.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-2-11 497496]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-2-3 296232]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 avhips;AntiMalware Host-based Intrusion Prevention System;\??\C:\Windows\system32\DRIVERS\avhips.sys --> C:\Windows\system32\DRIVERS\avhips.sys [?]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
R2 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [2011-3-20 559104]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-9-14 821592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-6-21 341296]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2008-12-10 417464]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-29 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-7-17 17152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-4-7 33184]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-4-7 21872]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-4-7 21384]
.
=============== Created Last 30 ================
.
2012-04-15 23:43:27 -------- d-----w- C:\Users\Ethan\AppData\Roaming\SUPERAntiSpyware.com
2012-04-15 23:13:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-15 23:13:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-15 23:13:21 -------- d-----w- C:\ProgramData\SUPERSetup
2012-04-15 23:11:58 24360 ----a-w- C:\Windows\System32\drivers\avhips.sys
2012-04-15 23:11:57 20264 ----a-w- C:\Windows\System32\drivers\avfsmn.sys
2012-04-15 23:11:43 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-04-15 21:03:29 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-04-15 20:48:36 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-04-15 20:48:36 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-15 20:46:24 -------- d-----w- C:\ProgramData\PC Tools
2012-04-15 20:46:22 -------- d-----w- C:\Users\Ethan\AppData\Roaming\TestApp
2012-04-13 04:23:17 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-31 22:53:47 -------- d-----w- C:\Users\Ethan\AppData\Local\{5B50628C-7B84-11E1-826D-B8AC6F996F26}
.
==================== Find3M ====================
.
2012-04-13 04:22:26 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-12 15:56:30 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-03-09 06:10:29 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-03-09 06:10:27 770912 ----a-w- C:\Windows\SysWow64\Msfdbqp.dll
2012-03-09 06:10:27 397152 ----a-w- C:\Windows\SysWow64\Msfdbse.dll
2012-03-09 06:10:27 189792 ----a-w- C:\Windows\SysWow64\SimpleProviders2.dll
2012-03-09 06:10:26 511328 ----a-w- C:\Windows\SysWow64\Synchronization2.dll
2012-03-09 06:10:26 253280 ----a-w- C:\Windows\SysWow64\MetaStore2.dll
2012-03-09 06:10:26 230240 ----a-w- C:\Windows\SysWow64\Msfdb.dll
2012-03-09 06:10:26 171360 ----a-w- C:\Windows\SysWow64\FileSyncProvider2.dll
2012-03-09 06:10:26 156512 ----a-w- C:\Windows\SysWow64\FeedSync2.dll
2012-02-19 22:17:54 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-04 18:31:41 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 8:42:32.56 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 PM

Posted 26 April 2012 - 01:13 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 PM

Posted 28 April 2012 - 11:15 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 ethaniel

ethaniel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 30 April 2012 - 10:54 AM

Yes, I need more time. Thank you for your help!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 PM

Posted 30 April 2012 - 11:12 AM

OK no problem I will check on you in a couple days If I have not heard from you



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 ethaniel

ethaniel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 30 April 2012 - 01:44 PM

Hi,

For now, there are no issues with the computer. Combofix took a very long time to finish, maybe over 20 mins?

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
SpywareBlaster 4.4
Spybot - Search & Destroy
Java™ 6 Update 31
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (11.0.)
Mozilla Thunderbird 2.0.0 Thunderbird out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
AVG avgwdsvc.exe
AVG avgtray.exe
IObit IObit Malware Fighter IMFsrv.exe
``````````End of Log````````````








ComboFix 12-04-31.02 - Ethan 04/30/2012 11:20:30.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3838.2720 [GMT -5:00]
Running from: c:\users\Ethan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
c:\users\Ethan\Taskmgr.exe
c:\windows\SysWow64\office.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 17:08 . 2012-04-30 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-30 17:08 . 2012-04-30 17:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-30 17:08 . 2012-04-30 17:08 -------- d-----w- c:\users\Amy\AppData\Local\temp
2012-04-30 03:50 . 2012-04-30 03:50 -------- d-----w- c:\program files (x86)\7-Zip
2012-04-15 23:43 . 2012-04-15 23:43 -------- d-----w- c:\users\Ethan\AppData\Roaming\SUPERAntiSpyware.com
2012-04-15 23:13 . 2012-04-15 23:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-15 23:13 . 2012-04-15 23:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-15 23:13 . 2012-04-15 23:13 -------- d-----w- c:\programdata\SUPERSetup
2012-04-15 23:11 . 2012-01-09 08:26 24360 ----a-w- c:\windows\system32\drivers\avhips.sys
2012-04-15 23:11 . 2012-01-09 08:26 20264 ----a-w- c:\windows\system32\drivers\avfsmn.sys
2012-04-15 23:11 . 2012-04-15 23:11 -------- d-----w- c:\program files (x86)\Anvisoft
2012-04-15 21:03 . 2012-04-15 21:03 -------- d-----w- c:\program files (x86)\PC Tools
2012-04-15 20:48 . 2012-04-16 04:03 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-04-15 20:48 . 2012-03-20 18:50 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-04-15 20:46 . 2012-04-16 00:11 -------- d-----w- c:\programdata\PC Tools
2012-04-15 20:46 . 2012-04-15 20:46 -------- d-----w- c:\users\Ethan\AppData\Roaming\TestApp
2012-04-13 13:36 . 2012-04-13 13:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-13 04:23 . 2012-04-13 04:22 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-31 22:53 . 2012-03-31 22:53 -------- d-----w- c:\users\Ethan\AppData\Local\{5B50628C-7B84-11E1-826D-B8AC6F996F26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 04:22 . 2010-04-17 19:12 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 20:56 . 2011-09-11 22:19 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-12 15:56 . 2012-03-12 15:56 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-09 06:10 . 2012-03-09 06:10 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-03-09 06:10 . 2012-03-09 06:10 770912 ----a-w- c:\windows\SysWow64\Msfdbqp.dll
2012-03-09 06:10 . 2012-03-09 06:10 397152 ----a-w- c:\windows\SysWow64\Msfdbse.dll
2012-03-09 06:10 . 2012-03-09 06:10 189792 ----a-w- c:\windows\SysWow64\SimpleProviders2.dll
2012-03-09 06:10 . 2012-03-09 06:10 511328 ----a-w- c:\windows\SysWow64\Synchronization2.dll
2012-03-09 06:10 . 2012-03-09 06:10 253280 ----a-w- c:\windows\SysWow64\MetaStore2.dll
2012-03-09 06:10 . 2012-03-09 06:10 230240 ----a-w- c:\windows\SysWow64\Msfdb.dll
2012-03-09 06:10 . 2012-03-09 06:10 171360 ----a-w- c:\windows\SysWow64\FileSyncProvider2.dll
2012-03-09 06:10 . 2012-03-09 06:10 156512 ----a-w- c:\windows\SysWow64\FeedSync2.dll
2012-02-19 22:18 . 2012-02-19 22:18 53248 ----a-r- c:\users\Ethan\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-02-19 22:17 . 2012-02-19 22:17 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-17 06:38 . 2012-03-16 19:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-16 19:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-16 19:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-16 19:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-16 19:09 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-16 19:09 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 15:25 . 2012-02-07 15:25 8192 ----a-r- c:\users\Ethan\AppData\Roaming\Microsoft\Installer\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}\Icon84031A18.exe
2012-02-04 18:31 . 2011-09-05 22:44 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-03 04:34 . 2012-03-16 19:10 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ethan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ethan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ethan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
.
c:\users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-02-04 2152152]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 avfsmn;avfsmn;c:\windows\system32\DRIVERS\avfsmn.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-02-03 296232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\avhips.sys [x]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2008-12-11 417464]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-04-24 22:09]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3488347116-2816871645-3535719180-1001Core.job
- c:\users\Ethan\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 05:31]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3488347116-2816871645-3535719180-1001UA.job
- c:\users\Ethan\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 05:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ethan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ethan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ethan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ethan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn02.bcm.edu/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\tsblcywh.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-70715488.sys
AddRemove-Usmleworld QBank - c:\windows\system32\javaws.exe
AddRemove-Usmleworld SimExam - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3488347116-2816871645-3535719180-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9f,f9,3e,98,b0,98,8e,2c,f0,53,e7,50,7f,49,07,07,f8,a0,46,5a,e4,32,42,
f8,5a,c2,37,10,52,be,ef,2a,0a,dd,d4,6b,1a,7e,3d,05,e6,5f,2d,02,80,66,5c,52,\
"??"=hex:1e,86,28,9f,52,63,63,bd,d3,93,f7,cc,7b,59,b2,bb
.
[HKEY_USERS\S-1-5-21-3488347116-2816871645-3535719180-1001\Software\SecuROM\License information*]
"datasecu"=hex:60,b0,d9,58,c2,9b,3c,35,5f,b2,5f,67,ff,89,51,40,49,49,4b,53,9d,
cd,1c,06,66,5c,3b,7f,1a,dc,fb,78,8a,8c,3f,6b,07,d1,d7,51,7b,b5,42,04,f1,e0,\
"rkeysecu"=hex:0f,71,59,ab,02,c1,29,36,b2,02,b9,cd,57,16,b1,8b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\07\05\01\12:\0cS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~2\WinTV\TVServer\HAUPPA~1.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-04-30 12:28:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-30 17:27
.
Pre-Run: 45,404,860,416 bytes free
Post-Run: 45,133,090,816 bytes free
.
- - End Of File - - 6DD8E3F708C74B0020A26BA0E95B438F

#7 ethaniel

ethaniel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 30 April 2012 - 01:50 PM

Unfortunately, there is occasionally still a google redirect to Happili.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 PM

Posted 30 April 2012 - 03:08 PM

Greetings

I would like to know which browsers are redirecting - please verify all that are installed

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo




Code:
Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ethaniel

ethaniel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 01 May 2012 - 12:17 AM

Hi,

I ran both programs. TDSS did not require a restart. The other took awhile and got stuck on one item for a long time, so I went ahead and saved the log. I don't use IE often, but I've started googling stuff with it and have not experienced any problems. It is just Firefox for now.


21:20:04.0818 5748 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
21:20:05.0214 5748 ============================================================
21:20:05.0214 5748 Current date / time: 2012/04/30 21:20:05.0214
21:20:05.0214 5748 SystemInfo:
21:20:05.0214 5748
21:20:05.0215 5748 OS Version: 6.1.7601 ServicePack: 1.0
21:20:05.0215 5748 Product type: Workstation
21:20:05.0216 5748 ComputerName: ETHAN-NOTEBOOK
21:20:05.0218 5748 UserName: Ethan
21:20:05.0218 5748 Windows directory: C:\Windows
21:20:05.0218 5748 System windows directory: C:\Windows
21:20:05.0218 5748 Running under WOW64
21:20:05.0218 5748 Processor architecture: Intel x64
21:20:05.0218 5748 Number of processors: 2
21:20:05.0218 5748 Page size: 0x1000
21:20:05.0218 5748 Boot type: Normal boot
21:20:05.0218 5748 ============================================================
21:20:08.0016 5748 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:20:08.0038 5748 ============================================================
21:20:08.0038 5748 \Device\Harddisk0\DR0:
21:20:08.0056 5748 MBR partitions:
21:20:08.0056 5748 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x238D5800
21:20:08.0056 5748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x238D6000, BlocksNum 0x1B57000
21:20:08.0056 5748 ============================================================
21:20:08.0114 5748 C: <-> \Device\Harddisk0\DR0\Partition0
21:20:08.0159 5748 D: <-> \Device\Harddisk0\DR0\Partition1
21:20:08.0160 5748 ============================================================
21:20:08.0160 5748 Initialize success
21:20:08.0160 5748 ============================================================
21:20:18.0797 4188 ============================================================
21:20:18.0797 4188 Scan started
21:20:18.0797 4188 Mode: Manual;
21:20:18.0797 4188 ============================================================
21:20:20.0712 4188 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:20:20.0722 4188 1394ohci - ok
21:20:20.0824 4188 Accelerometer (a768c6f605bc395d3b57fa0dc3ac3457) C:\Windows\system32\DRIVERS\Accelerometer.sys
21:20:20.0828 4188 Accelerometer - ok
21:20:20.0930 4188 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:20:20.0943 4188 ACPI - ok
21:20:21.0020 4188 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:20:21.0024 4188 AcpiPmi - ok
21:20:21.0144 4188 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:20:21.0162 4188 adp94xx - ok
21:20:21.0304 4188 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:20:21.0317 4188 adpahci - ok
21:20:21.0395 4188 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:20:21.0404 4188 adpu320 - ok
21:20:21.0678 4188 AdvancedSystemCareService5 (e410da575ff48d976b41670c6d262a82) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
21:20:21.0731 4188 AdvancedSystemCareService5 - ok
21:20:21.0797 4188 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:20:21.0804 4188 AeLookupSvc - ok
21:20:22.0076 4188 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
21:20:22.0109 4188 AESTFilters - ok
21:20:22.0284 4188 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:20:22.0304 4188 AFD - ok
21:20:22.0421 4188 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:20:22.0426 4188 agp440 - ok
21:20:22.0499 4188 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:20:22.0520 4188 ALG - ok
21:20:22.0539 4188 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:20:22.0543 4188 aliide - ok
21:20:22.0619 4188 AMD External Events Utility (d696f317bd465a602566f8e1dcce15f7) C:\Windows\system32\atiesrxx.exe
21:20:22.0653 4188 AMD External Events Utility - ok
21:20:22.0681 4188 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:20:22.0687 4188 amdide - ok
21:20:22.0771 4188 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:20:22.0775 4188 AmdK8 - ok
21:20:22.0809 4188 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:20:22.0811 4188 AmdPPM - ok
21:20:22.0893 4188 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:20:22.0897 4188 amdsata - ok
21:20:22.0947 4188 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:20:22.0958 4188 amdsbs - ok
21:20:22.0998 4188 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:20:22.0999 4188 amdxata - ok
21:20:23.0040 4188 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
21:20:23.0045 4188 androidusb - ok
21:20:23.0125 4188 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:20:23.0129 4188 AppID - ok
21:20:23.0226 4188 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:20:23.0238 4188 AppIDSvc - ok
21:20:23.0326 4188 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:20:23.0329 4188 Appinfo - ok
21:20:23.0433 4188 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:20:23.0440 4188 AppMgmt - ok
21:20:23.0517 4188 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:20:23.0523 4188 arc - ok
21:20:23.0554 4188 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:20:23.0560 4188 arcsas - ok
21:20:23.0715 4188 asdsrv (2be4aa54c7728b7a432713961b09fa89) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
21:20:23.0742 4188 asdsrv - ok
21:20:23.0776 4188 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:20:23.0780 4188 AsyncMac - ok
21:20:23.0852 4188 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:20:23.0856 4188 atapi - ok
21:20:24.0628 4188 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
21:20:24.0812 4188 atikmdag - ok
21:20:25.0112 4188 ATSWPDRV (4810b3923d07bec33c15b2f6b489fbc5) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
21:20:25.0123 4188 ATSWPDRV - ok
21:20:25.0322 4188 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:20:25.0347 4188 AudioEndpointBuilder - ok
21:20:25.0381 4188 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:20:25.0411 4188 AudioSrv - ok
21:20:25.0564 4188 avfsmn (7f5ea096d5edbaa9caeedf07dfae65da) C:\Windows\system32\DRIVERS\avfsmn.sys
21:20:25.0568 4188 avfsmn - ok
21:20:26.0302 4188 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
21:20:26.0425 4188 AVGIDSAgent - ok
21:20:26.0664 4188 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:20:26.0670 4188 AVGIDSDriver - ok
21:20:26.0696 4188 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:20:26.0700 4188 AVGIDSEH - ok
21:20:26.0728 4188 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:20:26.0732 4188 AVGIDSFilter - ok
21:20:26.0807 4188 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
21:20:26.0818 4188 Avgldx64 - ok
21:20:26.0885 4188 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
21:20:26.0891 4188 Avgmfx64 - ok
21:20:26.0981 4188 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
21:20:26.0986 4188 Avgrkx64 - ok
21:20:27.0049 4188 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
21:20:27.0064 4188 Avgtdia - ok
21:20:27.0264 4188 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:20:27.0296 4188 avgwd - ok
21:20:27.0370 4188 avhips (e0edb0f31b9755fb8f8017f3326de033) C:\Windows\system32\DRIVERS\avhips.sys
21:20:27.0375 4188 avhips - ok
21:20:27.0458 4188 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:20:27.0465 4188 AxInstSV - ok
21:20:27.0587 4188 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:20:27.0603 4188 b06bdrv - ok
21:20:27.0687 4188 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:20:27.0698 4188 b57nd60a - ok
21:20:28.0134 4188 BCM43XX (0e14a0071fe26a570bcaff5401014717) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:20:28.0215 4188 BCM43XX - ok
21:20:28.0410 4188 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:20:28.0416 4188 BDESVC - ok
21:20:28.0459 4188 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:20:28.0462 4188 Beep - ok
21:20:28.0638 4188 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:20:28.0661 4188 BFE - ok
21:20:28.0828 4188 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:20:28.0862 4188 BITS - ok
21:20:28.0939 4188 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:20:28.0945 4188 blbdrive - ok
21:20:29.0029 4188 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:20:29.0036 4188 bowser - ok
21:20:29.0070 4188 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:20:29.0075 4188 BrFiltLo - ok
21:20:29.0099 4188 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:20:29.0104 4188 BrFiltUp - ok
21:20:29.0161 4188 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:20:29.0168 4188 BridgeMP - ok
21:20:29.0242 4188 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:20:29.0251 4188 Browser - ok
21:20:29.0332 4188 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:20:29.0346 4188 Brserid - ok
21:20:29.0371 4188 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:20:29.0375 4188 BrSerWdm - ok
21:20:29.0437 4188 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:20:29.0441 4188 BrUsbMdm - ok
21:20:29.0468 4188 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:20:29.0471 4188 BrUsbSer - ok
21:20:29.0513 4188 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:20:29.0518 4188 BTHMODEM - ok
21:20:29.0609 4188 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:20:29.0613 4188 bthserv - ok
21:20:29.0786 4188 catchme - ok
21:20:29.0885 4188 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:20:29.0890 4188 cdfs - ok
21:20:30.0020 4188 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:20:30.0027 4188 cdrom - ok
21:20:30.0119 4188 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:20:30.0126 4188 CertPropSvc - ok
21:20:30.0198 4188 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:20:30.0203 4188 circlass - ok
21:20:30.0335 4188 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:20:30.0360 4188 CLFS - ok
21:20:30.0488 4188 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:20:30.0503 4188 clr_optimization_v2.0.50727_32 - ok
21:20:30.0619 4188 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:20:30.0630 4188 clr_optimization_v2.0.50727_64 - ok
21:20:30.0818 4188 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:20:30.0845 4188 clr_optimization_v4.0.30319_32 - ok
21:20:30.0917 4188 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:20:30.0957 4188 clr_optimization_v4.0.30319_64 - ok
21:20:31.0034 4188 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:20:31.0038 4188 CmBatt - ok
21:20:31.0112 4188 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:20:31.0117 4188 cmdide - ok
21:20:31.0220 4188 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:20:31.0238 4188 CNG - ok
21:20:31.0379 4188 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:20:31.0408 4188 Com4QLBEx - ok
21:20:31.0453 4188 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:20:31.0457 4188 Compbatt - ok
21:20:31.0550 4188 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:20:31.0555 4188 CompositeBus - ok
21:20:31.0584 4188 COMSysApp - ok
21:20:31.0656 4188 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:20:31.0661 4188 crcdisk - ok
21:20:31.0784 4188 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:20:31.0795 4188 CryptSvc - ok
21:20:31.0927 4188 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:20:31.0945 4188 CSC - ok
21:20:32.0136 4188 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:20:32.0161 4188 CscService - ok
21:20:32.0279 4188 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
21:20:32.0284 4188 dc3d - ok
21:20:32.0396 4188 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:20:32.0422 4188 DcomLaunch - ok
21:20:32.0543 4188 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:20:32.0556 4188 defragsvc - ok
21:20:32.0652 4188 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:20:32.0659 4188 DfsC - ok
21:20:32.0776 4188 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:20:32.0791 4188 Dhcp - ok
21:20:32.0849 4188 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:20:32.0856 4188 discache - ok
21:20:32.0898 4188 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:20:32.0904 4188 Disk - ok
21:20:33.0000 4188 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:20:33.0007 4188 Dnscache - ok
21:20:33.0100 4188 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:20:33.0106 4188 dot3svc - ok
21:20:33.0197 4188 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
21:20:33.0205 4188 Dot4 - ok
21:20:33.0285 4188 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
21:20:33.0290 4188 Dot4Print - ok
21:20:33.0327 4188 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
21:20:33.0331 4188 dot4usb - ok
21:20:33.0420 4188 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:20:33.0430 4188 DPS - ok
21:20:33.0485 4188 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:20:33.0489 4188 drmkaud - ok
21:20:33.0602 4188 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:20:33.0613 4188 dtsoftbus01 - ok
21:20:33.0783 4188 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:20:33.0812 4188 DXGKrnl - ok
21:20:33.0885 4188 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:20:33.0894 4188 EapHost - ok
21:20:34.0340 4188 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:20:34.0429 4188 ebdrv - ok
21:20:34.0598 4188 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:20:34.0619 4188 EFS - ok
21:20:34.0753 4188 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:20:34.0811 4188 ehRecvr - ok
21:20:34.0874 4188 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:20:34.0895 4188 ehSched - ok
21:20:35.0029 4188 ElbyCDIO (a14d6e3ef78f6d6ac42f98d633f2400a) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:20:35.0033 4188 ElbyCDIO - ok
21:20:35.0161 4188 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:20:35.0178 4188 elxstor - ok
21:20:35.0252 4188 enecir (228e8badcb14bf178a4aa4cfb7adebc8) C:\Windows\system32\DRIVERS\enecir.sys
21:20:35.0258 4188 enecir - ok
21:20:35.0321 4188 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:20:35.0325 4188 ErrDev - ok
21:20:35.0464 4188 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:20:35.0481 4188 EventSystem - ok
21:20:35.0554 4188 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:20:35.0563 4188 exfat - ok
21:20:35.0628 4188 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:20:35.0638 4188 fastfat - ok
21:20:35.0777 4188 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:20:35.0830 4188 Fax - ok
21:20:35.0866 4188 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:20:35.0869 4188 fdc - ok
21:20:35.0895 4188 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:20:35.0898 4188 fdPHost - ok
21:20:35.0917 4188 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:20:35.0922 4188 FDResPub - ok
21:20:35.0956 4188 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:20:35.0960 4188 FileInfo - ok
21:20:36.0212 4188 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
21:20:36.0214 4188 FileMonitor - ok
21:20:36.0255 4188 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:20:36.0258 4188 Filetrace - ok
21:20:36.0409 4188 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:20:36.0426 4188 FLEXnet Licensing Service - ok
21:20:36.0496 4188 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:20:36.0498 4188 flpydisk - ok
21:20:36.0585 4188 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:20:36.0588 4188 FltMgr - ok
21:20:36.0782 4188 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:20:36.0793 4188 FontCache - ok
21:20:36.0906 4188 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:20:36.0915 4188 FontCache3.0.0.0 - ok
21:20:37.0154 4188 FreeAgentGoNext Service (81b4a2c6c9bd17ffb6031a0a61c09764) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
21:20:37.0171 4188 FreeAgentGoNext Service - ok
21:20:37.0336 4188 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:20:37.0341 4188 FsDepends - ok
21:20:37.0374 4188 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:20:37.0379 4188 Fs_Rec - ok
21:20:37.0503 4188 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:20:37.0513 4188 fvevol - ok
21:20:37.0573 4188 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:20:37.0578 4188 gagp30kx - ok
21:20:37.0734 4188 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:20:37.0761 4188 gpsvc - ok
21:20:37.0922 4188 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:20:37.0950 4188 gusvc - ok
21:20:38.0101 4188 HauppaugeTVServer (a67b851dde46b0a05297878b49039618) C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
21:20:38.0148 4188 HauppaugeTVServer - ok
21:20:38.0369 4188 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:20:38.0373 4188 hcw85cir - ok
21:20:38.0512 4188 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:20:38.0525 4188 HdAudAddService - ok
21:20:38.0604 4188 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:20:38.0612 4188 HDAudBus - ok
21:20:38.0641 4188 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:20:38.0646 4188 HidBatt - ok
21:20:38.0681 4188 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:20:38.0687 4188 HidBth - ok
21:20:38.0725 4188 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:20:38.0731 4188 HidIr - ok
21:20:38.0801 4188 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:20:38.0808 4188 hidserv - ok
21:20:38.0847 4188 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:20:38.0851 4188 HidUsb - ok
21:20:38.0925 4188 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:20:38.0936 4188 hkmsvc - ok
21:20:39.0024 4188 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:20:39.0038 4188 HomeGroupListener - ok
21:20:39.0117 4188 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:20:39.0131 4188 HomeGroupProvider - ok
21:20:39.0222 4188 hpdskflt (4bebf72764caa516119a9c1287eda930) C:\Windows\system32\DRIVERS\hpdskflt.sys
21:20:39.0226 4188 hpdskflt - ok
21:20:39.0466 4188 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:20:39.0476 4188 hpqcxs08 - ok
21:20:39.0515 4188 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:20:39.0523 4188 hpqddsvc - ok
21:20:39.0596 4188 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:20:39.0600 4188 HpqKbFiltr - ok
21:20:39.0669 4188 hpqwmiex (111f2e783ff94fb55d42b8cf7114b4a3) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:20:39.0702 4188 hpqwmiex - ok
21:20:39.0777 4188 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:20:39.0782 4188 HpSAMD - ok
21:20:39.0949 4188 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:20:39.0986 4188 HPSLPSVC - ok
21:20:40.0077 4188 hpsrv (ea4f59217373405d36bd6907703da308) C:\Windows\system32\Hpservice.exe
21:20:40.0097 4188 hpsrv - ok
21:20:40.0266 4188 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:20:40.0289 4188 HTTP - ok
21:20:40.0358 4188 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:20:40.0364 4188 hwpolicy - ok
21:20:40.0448 4188 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:20:40.0457 4188 i8042prt - ok
21:20:40.0576 4188 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:20:40.0591 4188 iaStorV - ok
21:20:40.0794 4188 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:20:40.0818 4188 IDriverT - ok
21:20:41.0107 4188 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:20:41.0166 4188 idsvc - ok
21:20:41.0350 4188 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:20:41.0354 4188 iirsp - ok
21:20:41.0498 4188 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:20:41.0520 4188 IKEEXT - ok
21:20:41.0808 4188 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
21:20:41.0872 4188 IMFservice - ok
21:20:42.0141 4188 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:20:42.0145 4188 intelide - ok
21:20:42.0238 4188 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:20:42.0243 4188 intelppm - ok
21:20:42.0322 4188 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:20:42.0331 4188 IPBusEnum - ok
21:20:42.0445 4188 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:20:42.0450 4188 IpFilterDriver - ok
21:20:42.0572 4188 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:20:42.0593 4188 iphlpsvc - ok
21:20:42.0678 4188 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:20:42.0685 4188 IPMIDRV - ok
21:20:42.0726 4188 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:20:42.0734 4188 IPNAT - ok
21:20:42.0773 4188 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:20:42.0777 4188 IRENUM - ok
21:20:42.0843 4188 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:20:42.0847 4188 isapnp - ok
21:20:42.0917 4188 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:20:42.0929 4188 iScsiPrt - ok
21:20:42.0978 4188 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:20:42.0981 4188 kbdclass - ok
21:20:43.0018 4188 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:20:43.0020 4188 kbdhid - ok
21:20:43.0076 4188 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:20:43.0094 4188 KeyIso - ok
21:20:43.0154 4188 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:20:43.0161 4188 KSecDD - ok
21:20:43.0235 4188 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:20:43.0243 4188 KSecPkg - ok
21:20:43.0302 4188 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:20:43.0304 4188 ksthunk - ok
21:20:43.0393 4188 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:20:43.0404 4188 KtmRm - ok
21:20:43.0479 4188 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:20:43.0488 4188 LanmanServer - ok
21:20:43.0561 4188 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:20:43.0570 4188 LanmanWorkstation - ok
21:20:44.0011 4188 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
21:20:44.0158 4188 Lavasoft Ad-Aware Service - ok
21:20:44.0419 4188 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
21:20:44.0426 4188 Lbd - ok
21:20:44.0680 4188 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
21:20:44.0706 4188 LBTServ - ok
21:20:44.0783 4188 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:20:44.0789 4188 LHidFilt - ok
21:20:44.0904 4188 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:20:44.0928 4188 LightScribeService - ok
21:20:45.0017 4188 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:20:45.0022 4188 lltdio - ok
21:20:45.0107 4188 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:20:45.0123 4188 lltdsvc - ok
21:20:45.0160 4188 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:20:45.0169 4188 lmhosts - ok
21:20:45.0251 4188 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:20:45.0257 4188 LMouFilt - ok
21:20:45.0319 4188 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:20:45.0326 4188 LSI_FC - ok
21:20:45.0366 4188 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:20:45.0373 4188 LSI_SAS - ok
21:20:45.0405 4188 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:20:45.0411 4188 LSI_SAS2 - ok
21:20:45.0449 4188 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:20:45.0456 4188 LSI_SCSI - ok
21:20:45.0499 4188 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:20:45.0505 4188 luafv - ok
21:20:45.0571 4188 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:20:45.0582 4188 Mcx2Svc - ok
21:20:45.0643 4188 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:20:45.0647 4188 megasas - ok
21:20:45.0700 4188 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:20:45.0711 4188 MegaSR - ok
21:20:45.0894 4188 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:20:45.0917 4188 Microsoft Office Groove Audit Service - ok
21:20:46.0023 4188 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:20:46.0033 4188 MMCSS - ok
21:20:46.0061 4188 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:20:46.0066 4188 Modem - ok
21:20:46.0151 4188 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:20:46.0158 4188 monitor - ok
21:20:46.0243 4188 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:20:46.0248 4188 mouclass - ok
21:20:46.0327 4188 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:20:46.0331 4188 mouhid - ok
21:20:46.0411 4188 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:20:46.0418 4188 mountmgr - ok
21:20:46.0503 4188 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:20:46.0511 4188 mpio - ok
21:20:46.0549 4188 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:20:46.0555 4188 mpsdrv - ok
21:20:46.0699 4188 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:20:46.0728 4188 MpsSvc - ok
21:20:46.0809 4188 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:20:46.0817 4188 MRxDAV - ok
21:20:46.0901 4188 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:20:46.0911 4188 mrxsmb - ok
21:20:46.0999 4188 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:20:47.0010 4188 mrxsmb10 - ok
21:20:47.0050 4188 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:20:47.0058 4188 mrxsmb20 - ok
21:20:47.0118 4188 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:20:47.0122 4188 msahci - ok
21:20:47.0174 4188 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:20:47.0182 4188 msdsm - ok
21:20:47.0250 4188 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:20:47.0283 4188 MSDTC - ok
21:20:47.0370 4188 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:20:47.0375 4188 Msfs - ok
21:20:47.0407 4188 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:20:47.0411 4188 mshidkmdf - ok
21:20:47.0431 4188 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:20:47.0436 4188 msisadrv - ok
21:20:47.0526 4188 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:20:47.0537 4188 MSiSCSI - ok
21:20:47.0552 4188 msiserver - ok
21:20:47.0604 4188 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:20:47.0608 4188 MSKSSRV - ok
21:20:47.0623 4188 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:20:47.0627 4188 MSPCLOCK - ok
21:20:47.0666 4188 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:20:47.0670 4188 MSPQM - ok
21:20:47.0772 4188 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:20:47.0786 4188 MsRPC - ok
21:20:47.0867 4188 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:20:47.0872 4188 mssmbios - ok
21:20:47.0887 4188 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:20:47.0891 4188 MSTEE - ok
21:20:47.0930 4188 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:20:47.0935 4188 MTConfig - ok
21:20:48.0021 4188 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:20:48.0027 4188 Mup - ok
21:20:48.0154 4188 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:20:48.0177 4188 napagent - ok
21:20:48.0318 4188 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:20:48.0331 4188 NativeWifiP - ok
21:20:48.0475 4188 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:20:48.0504 4188 NDIS - ok
21:20:48.0559 4188 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:20:48.0563 4188 NdisCap - ok
21:20:48.0608 4188 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:20:48.0612 4188 NdisTapi - ok
21:20:48.0690 4188 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:20:48.0695 4188 Ndisuio - ok
21:20:48.0778 4188 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:20:48.0789 4188 NdisWan - ok
21:20:48.0866 4188 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:20:48.0872 4188 NDProxy - ok
21:20:48.0964 4188 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
21:20:48.0974 4188 Net Driver HPZ12 - ok
21:20:49.0035 4188 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:20:49.0040 4188 NetBIOS - ok
21:20:49.0129 4188 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:20:49.0141 4188 NetBT - ok
21:20:49.0200 4188 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:20:49.0225 4188 Netlogon - ok
21:20:49.0342 4188 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:20:49.0362 4188 Netman - ok
21:20:49.0443 4188 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:20:49.0464 4188 netprofm - ok
21:20:49.0656 4188 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:20:49.0688 4188 NetTcpPortSharing - ok
21:20:49.0759 4188 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:20:49.0766 4188 nfrd960 - ok
21:20:50.0040 4188 NitroReaderDriverReadSpool2 (0734398d3d99986bb8006e9bb5eab1e5) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
21:20:50.0066 4188 NitroReaderDriverReadSpool2 - ok
21:20:50.0212 4188 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:20:50.0221 4188 NlaSvc - ok
21:20:50.0316 4188 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:20:50.0319 4188 Npfs - ok
21:20:50.0389 4188 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:20:50.0395 4188 nsi - ok
21:20:50.0456 4188 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:20:50.0459 4188 nsiproxy - ok
21:20:50.0707 4188 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:20:50.0734 4188 Ntfs - ok
21:20:50.0971 4188 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
21:20:50.0974 4188 NuidFltr - ok
21:20:51.0002 4188 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:20:51.0004 4188 Null - ok
21:20:51.0082 4188 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:20:51.0086 4188 nvraid - ok
21:20:51.0145 4188 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:20:51.0150 4188 nvstor - ok
21:20:51.0252 4188 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:20:51.0254 4188 nv_agp - ok
21:20:51.0518 4188 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:20:51.0559 4188 odserv - ok
21:20:51.0648 4188 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:20:51.0650 4188 ohci1394 - ok
21:20:51.0749 4188 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:20:51.0760 4188 ose - ok
21:20:51.0851 4188 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:20:51.0857 4188 p2pimsvc - ok
21:20:51.0913 4188 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:20:51.0922 4188 p2psvc - ok
21:20:52.0007 4188 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:20:52.0009 4188 Parport - ok
21:20:52.0072 4188 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:20:52.0074 4188 partmgr - ok
21:20:52.0130 4188 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:20:52.0135 4188 PcaSvc - ok
21:20:52.0208 4188 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:20:52.0217 4188 pci - ok
21:20:52.0240 4188 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:20:52.0244 4188 pciide - ok
21:20:52.0303 4188 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:20:52.0313 4188 pcmcia - ok
21:20:52.0348 4188 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:20:52.0353 4188 pcw - ok
21:20:52.0449 4188 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:20:52.0469 4188 PEAUTH - ok
21:20:52.0684 4188 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:20:52.0729 4188 PeerDistSvc - ok
21:20:52.0898 4188 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:20:52.0916 4188 PerfHost - ok
21:20:53.0260 4188 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:20:53.0306 4188 pla - ok
21:20:53.0422 4188 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:20:53.0444 4188 PlugPlay - ok
21:20:53.0557 4188 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
21:20:53.0566 4188 Pml Driver HPZ12 - ok
21:20:53.0635 4188 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:20:53.0645 4188 PNRPAutoReg - ok
21:20:53.0709 4188 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:20:53.0726 4188 PNRPsvc - ok
21:20:53.0875 4188 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
21:20:53.0880 4188 Point64 - ok
21:20:54.0047 4188 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:20:54.0068 4188 PolicyAgent - ok
21:20:54.0169 4188 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:20:54.0185 4188 Power - ok
21:20:54.0282 4188 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:20:54.0289 4188 PptpMiniport - ok
21:20:54.0351 4188 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:20:54.0357 4188 Processor - ok
21:20:54.0417 4188 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:20:54.0432 4188 ProfSvc - ok
21:20:54.0489 4188 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:20:54.0510 4188 ProtectedStorage - ok
21:20:54.0605 4188 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:20:54.0612 4188 Psched - ok
21:20:54.0804 4188 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:20:54.0848 4188 ql2300 - ok
21:20:55.0052 4188 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:20:55.0059 4188 ql40xx - ok
21:20:55.0155 4188 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:20:55.0172 4188 QWAVE - ok
21:20:55.0200 4188 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:20:55.0205 4188 QWAVEdrv - ok
21:20:55.0233 4188 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:20:55.0238 4188 RasAcd - ok
21:20:55.0329 4188 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:20:55.0334 4188 RasAgileVpn - ok
21:20:55.0364 4188 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:20:55.0377 4188 RasAuto - ok
21:20:55.0456 4188 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:20:55.0463 4188 Rasl2tp - ok
21:20:55.0565 4188 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:20:55.0584 4188 RasMan - ok
21:20:55.0654 4188 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:20:55.0660 4188 RasPppoe - ok
21:20:55.0700 4188 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:20:55.0706 4188 RasSstp - ok
21:20:55.0805 4188 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:20:55.0818 4188 rdbss - ok
21:20:55.0848 4188 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:20:55.0853 4188 rdpbus - ok
21:20:55.0887 4188 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:20:55.0891 4188 RDPCDD - ok
21:20:56.0006 4188 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:20:56.0016 4188 RDPDR - ok
21:20:56.0065 4188 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:20:56.0069 4188 RDPENCDD - ok
21:20:56.0115 4188 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:20:56.0119 4188 RDPREFMP - ok
21:20:56.0194 4188 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:20:56.0205 4188 RDPWD - ok
21:20:56.0308 4188 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:20:56.0319 4188 rdyboost - ok
21:20:56.0559 4188 RegFilter (c7de6f41b1a734ea70bd2dc67235becc) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
21:20:56.0564 4188 RegFilter - ok
21:20:56.0639 4188 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:20:56.0650 4188 RemoteAccess - ok
21:20:56.0731 4188 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:20:56.0745 4188 RemoteRegistry - ok
21:20:56.0836 4188 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
21:20:56.0841 4188 RimUsb - ok
21:20:56.0941 4188 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
21:20:56.0947 4188 RimVSerPort - ok
21:20:57.0023 4188 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
21:20:57.0028 4188 ROOTMODEM - ok
21:20:57.0075 4188 RoxLiveShare9 - ok
21:20:57.0127 4188 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:20:57.0139 4188 RpcEptMapper - ok
21:20:57.0201 4188 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:20:57.0219 4188 RpcLocator - ok
21:20:57.0342 4188 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
21:20:57.0369 4188 RpcSs - ok
21:20:57.0418 4188 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:20:57.0436 4188 rspndr - ok
21:20:57.0548 4188 RTL8167 (66f9f7161d147b6486a22feb9425930d) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:20:57.0559 4188 RTL8167 - ok
21:20:57.0603 4188 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS
21:20:57.0606 4188 RTSTOR - ok
21:20:57.0674 4188 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:20:57.0682 4188 s3cap - ok
21:20:57.0746 4188 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:20:57.0759 4188 SamSs - ok
21:20:57.0882 4188 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:20:57.0884 4188 SASDIFSV - ok
21:20:57.0912 4188 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:20:57.0914 4188 SASKUTIL - ok
21:20:57.0953 4188 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:20:57.0957 4188 sbp2port - ok
21:20:58.0056 4188 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:20:58.0065 4188 SCardSvr - ok
21:20:58.0144 4188 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:20:58.0146 4188 scfilter - ok
21:20:58.0294 4188 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:20:58.0317 4188 Schedule - ok
21:20:58.0376 4188 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:20:58.0380 4188 SCPolicySvc - ok
21:20:58.0452 4188 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:20:58.0460 4188 SDRSVC - ok
21:20:58.0568 4188 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:20:58.0571 4188 secdrv - ok
21:20:58.0635 4188 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:20:58.0646 4188 seclogon - ok
21:20:58.0688 4188 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:20:58.0701 4188 SENS - ok
21:20:58.0732 4188 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:20:58.0739 4188 SensrSvc - ok
21:20:58.0773 4188 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:20:58.0776 4188 Serenum - ok
21:20:58.0817 4188 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:20:58.0820 4188 Serial - ok
21:20:58.0880 4188 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:20:58.0883 4188 sermouse - ok
21:20:58.0989 4188 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:20:59.0002 4188 SessionEnv - ok
21:20:59.0070 4188 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:20:59.0075 4188 sffdisk - ok
21:20:59.0098 4188 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:20:59.0102 4188 sffp_mmc - ok
21:20:59.0130 4188 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:20:59.0135 4188 sffp_sd - ok
21:20:59.0164 4188 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:20:59.0168 4188 sfloppy - ok
21:20:59.0267 4188 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:20:59.0284 4188 SharedAccess - ok
21:20:59.0388 4188 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:20:59.0408 4188 ShellHWDetection - ok
21:20:59.0488 4188 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:20:59.0494 4188 SiSRaid2 - ok
21:20:59.0531 4188 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:20:59.0537 4188 SiSRaid4 - ok
21:20:59.0600 4188 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
21:20:59.0605 4188 SmartDefragDriver - ok
21:20:59.0655 4188 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:20:59.0662 4188 Smb - ok
21:20:59.0754 4188 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:20:59.0773 4188 SNMPTRAP - ok
21:20:59.0819 4188 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:20:59.0825 4188 spldr - ok
21:20:59.0943 4188 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:21:00.0005 4188 Spooler - ok
21:21:00.0434 4188 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:21:00.0539 4188 sppsvc - ok
21:21:00.0972 4188 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:21:00.0986 4188 sppuinotify - ok
21:21:01.0158 4188 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:21:01.0170 4188 srv - ok
21:21:01.0331 4188 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:21:01.0340 4188 srv2 - ok
21:21:01.0384 4188 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:21:01.0392 4188 srvnet - ok
21:21:01.0459 4188 ssadbus (c1212ba5ab6783191899d194672a5b5c) C:\Windows\system32\DRIVERS\ssadbus.sys
21:21:01.0467 4188 ssadbus - ok
21:21:01.0503 4188 ssadmdfl (eb270596d4117c4306442f36ef2c290e) C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:21:01.0507 4188 ssadmdfl - ok
21:21:01.0547 4188 ssadmdm (e29027dfaec246299d1cf88627c5cbe6) C:\Windows\system32\DRIVERS\ssadmdm.sys
21:21:01.0556 4188 ssadmdm - ok
21:21:01.0645 4188 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
21:21:01.0653 4188 sscdbus - ok
21:21:01.0739 4188 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
21:21:01.0743 4188 sscdmdfl - ok
21:21:01.0814 4188 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
21:21:01.0823 4188 sscdmdm - ok
21:21:01.0941 4188 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:21:01.0957 4188 SSDPSRV - ok
21:21:02.0050 4188 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:21:02.0063 4188 SstpSvc - ok
21:21:02.0248 4188 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
21:21:02.0282 4188 STacSV - ok
21:21:02.0350 4188 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:21:02.0355 4188 stexstor - ok
21:21:02.0504 4188 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
21:21:02.0523 4188 STHDA - ok
21:21:02.0665 4188 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:21:02.0692 4188 stisvc - ok
21:21:02.0771 4188 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:21:02.0777 4188 storflt - ok
21:21:02.0840 4188 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
21:21:02.0853 4188 StorSvc - ok
21:21:02.0887 4188 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:21:02.0892 4188 storvsc - ok
21:21:02.0917 4188 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:21:02.0921 4188 swenum - ok
21:21:03.0050 4188 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:21:03.0075 4188 swprv - ok
21:21:03.0157 4188 SynTP (179fbf6d4d555b38f0131d89fa14bb30) C:\Windows\system32\DRIVERS\SynTP.sys
21:21:03.0168 4188 SynTP - ok
21:21:03.0422 4188 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:21:03.0486 4188 SysMain - ok
21:21:03.0711 4188 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:21:03.0724 4188 TabletInputService - ok
21:21:03.0785 4188 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:21:03.0805 4188 TapiSrv - ok
21:21:03.0836 4188 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:21:03.0850 4188 TBS - ok
21:21:04.0161 4188 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:21:04.0206 4188 Tcpip - ok
21:21:04.0474 4188 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:21:04.0502 4188 TCPIP6 - ok
21:21:04.0771 4188 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:21:04.0775 4188 tcpipreg - ok
21:21:04.0855 4188 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:21:04.0859 4188 TDPIPE - ok
21:21:04.0916 4188 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:21:04.0919 4188 TDTCP - ok
21:21:05.0016 4188 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:21:05.0020 4188 tdx - ok
21:21:05.0078 4188 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:21:05.0086 4188 TermDD - ok
21:21:05.0175 4188 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:21:05.0191 4188 TermService - ok
21:21:05.0287 4188 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:21:05.0294 4188 Themes - ok
21:21:05.0358 4188 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:21:05.0361 4188 THREADORDER - ok
21:21:05.0384 4188 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:21:05.0389 4188 TrkWks - ok
21:21:05.0494 4188 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:21:05.0506 4188 TrustedInstaller - ok
21:21:05.0592 4188 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:21:05.0594 4188 tssecsrv - ok
21:21:05.0649 4188 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:21:05.0651 4188 TsUsbFlt - ok
21:21:05.0735 4188 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:21:05.0738 4188 tunnel - ok
21:21:05.0802 4188 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:21:05.0804 4188 uagp35 - ok
21:21:05.0880 4188 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:21:05.0883 4188 udfs - ok
21:21:05.0948 4188 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:21:05.0960 4188 UI0Detect - ok
21:21:06.0138 4188 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:21:06.0144 4188 uliagpkx - ok
21:21:06.0272 4188 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:21:06.0277 4188 umbus - ok
21:21:06.0339 4188 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:21:06.0343 4188 UmPass - ok
21:21:06.0421 4188 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:21:06.0438 4188 UmRdpService - ok
21:21:06.0509 4188 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:21:06.0529 4188 upnphost - ok
21:21:06.0743 4188 UrlFilter (82520fe7a49765e76281dcc7d90c09f6) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
21:21:06.0745 4188 UrlFilter - ok
21:21:06.0895 4188 USB28xxBGA (4c1cbabf1bef8801d1c637650c799f26) C:\Windows\system32\DRIVERS\emBDA64.sys
21:21:06.0906 4188 USB28xxBGA - ok
21:21:06.0950 4188 USB28xxOEM (8a66e038cc070bf95dd9f4259c8d3df2) C:\Windows\system32\DRIVERS\emOEM64.sys
21:21:06.0954 4188 USB28xxOEM - ok
21:21:07.0047 4188 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:21:07.0050 4188 usbaudio - ok
21:21:07.0120 4188 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:21:07.0123 4188 usbccgp - ok
21:21:07.0176 4188 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:21:07.0178 4188 usbcir - ok
21:21:07.0239 4188 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:21:07.0240 4188 usbehci - ok
21:21:07.0293 4188 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:21:07.0309 4188 usbhub - ok
21:21:07.0348 4188 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:21:07.0349 4188 usbohci - ok
21:21:07.0413 4188 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:21:07.0414 4188 usbprint - ok
21:21:07.0471 4188 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:21:07.0474 4188 usbscan - ok
21:21:07.0501 4188 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:21:07.0505 4188 USBSTOR - ok
21:21:07.0529 4188 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:21:07.0531 4188 usbuhci - ok
21:21:07.0621 4188 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:21:07.0624 4188 usbvideo - ok
21:21:07.0684 4188 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:21:07.0688 4188 UxSms - ok
21:21:07.0735 4188 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:21:07.0741 4188 VaultSvc - ok
21:21:07.0803 4188 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:21:07.0805 4188 vdrvroot - ok
21:21:07.0915 4188 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:21:07.0930 4188 vds - ok
21:21:07.0998 4188 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:21:08.0000 4188 vga - ok
21:21:08.0019 4188 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:21:08.0020 4188 VgaSave - ok
21:21:08.0054 4188 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:21:08.0056 4188 vhdmp - ok
21:21:08.0103 4188 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:21:08.0106 4188 viaide - ok
21:21:08.0220 4188 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:21:08.0223 4188 vmbus - ok
21:21:08.0248 4188 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:21:08.0250 4188 VMBusHID - ok
21:21:08.0269 4188 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:21:08.0272 4188 volmgr - ok
21:21:08.0405 4188 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:21:08.0412 4188 volmgrx - ok
21:21:08.0475 4188 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:21:08.0479 4188 volsnap - ok
21:21:08.0622 4188 vpnagent (c52acf0e71dfcb0d7ebddc005aa76815) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
21:21:08.0635 4188 vpnagent - ok
21:21:08.0673 4188 vpnva (22cbf4070aa7e13c17389eda5b944a10) C:\Windows\system32\DRIVERS\vpnva64.sys
21:21:08.0675 4188 vpnva - ok
21:21:08.0772 4188 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:21:08.0777 4188 vsmraid - ok
21:21:08.0943 4188 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:21:08.0973 4188 VSS - ok
21:21:09.0143 4188 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:21:09.0144 4188 vwifibus - ok
21:21:09.0220 4188 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:21:09.0225 4188 vwififlt - ok
21:21:09.0338 4188 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:21:09.0344 4188 W32Time - ok
21:21:09.0394 4188 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:21:09.0396 4188 WacomPen - ok
21:21:09.0479 4188 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:21:09.0481 4188 WANARP - ok
21:21:09.0496 4188 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:21:09.0498 4188 Wanarpv6 - ok
21:21:09.0677 4188 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:21:09.0727 4188 WatAdminSvc - ok
21:21:09.0890 4188 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:21:09.0935 4188 wbengine - ok
21:21:10.0139 4188 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:21:10.0144 4188 WbioSrvc - ok
21:21:10.0230 4188 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:21:10.0236 4188 wcncsvc - ok
21:21:10.0321 4188 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:21:10.0327 4188 WcsPlugInService - ok
21:21:10.0389 4188 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:21:10.0391 4188 Wd - ok
21:21:10.0465 4188 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:21:10.0472 4188 Wdf01000 - ok
21:21:10.0505 4188 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:21:10.0509 4188 WdiServiceHost - ok
21:21:10.0523 4188 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:21:10.0528 4188 WdiSystemHost - ok
21:21:10.0610 4188 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:21:10.0628 4188 WebClient - ok
21:21:10.0664 4188 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:21:10.0669 4188 Wecsvc - ok
21:21:10.0699 4188 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:21:10.0703 4188 wercplsupport - ok
21:21:10.0744 4188 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:21:10.0748 4188 WerSvc - ok
21:21:10.0819 4188 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:21:10.0820 4188 WfpLwf - ok
21:21:10.0878 4188 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:21:10.0879 4188 WIMMount - ok
21:21:10.0976 4188 WinDefend - ok
21:21:10.0997 4188 WinHttpAutoProxySvc - ok
21:21:11.0130 4188 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:21:11.0133 4188 Winmgmt - ok
21:21:11.0342 4188 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:21:11.0365 4188 WinRM - ok
21:21:11.0606 4188 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:21:11.0608 4188 WinUsb - ok
21:21:11.0716 4188 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:21:11.0727 4188 Wlansvc - ok
21:21:12.0024 4188 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:21:12.0073 4188 wlidsvc - ok
21:21:12.0215 4188 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:21:12.0217 4188 WmiAcpi - ok
21:21:12.0349 4188 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:21:12.0367 4188 wmiApSrv - ok
21:21:12.0466 4188 WMPNetworkSvc - ok
21:21:12.0566 4188 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:21:12.0570 4188 WPCSvc - ok
21:21:12.0634 4188 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:21:12.0638 4188 WPDBusEnum - ok
21:21:12.0706 4188 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:21:12.0708 4188 ws2ifsl - ok
21:21:12.0737 4188 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:21:12.0741 4188 wscsvc - ok
21:21:12.0750 4188 WSearch - ok
21:21:12.0940 4188 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:21:12.0962 4188 wuauserv - ok
21:21:13.0122 4188 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:21:13.0124 4188 WudfPf - ok
21:21:13.0174 4188 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:21:13.0182 4188 WUDFRd - ok
21:21:13.0291 4188 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:21:13.0295 4188 wudfsvc - ok
21:21:13.0384 4188 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:21:13.0390 4188 WwanSvc - ok
21:21:13.0548 4188 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:21:13.0619 4188 \Device\Harddisk0\DR0 - ok
21:21:13.0639 4188 Boot (0x1200) (47b76fcb716e85809b1ca9062d848ac1) \Device\Harddisk0\DR0\Partition0
21:21:13.0641 4188 \Device\Harddisk0\DR0\Partition0 - ok
21:21:13.0696 4188 Boot (0x1200) (c6594f18e189f863f10af7f7c39f66a3) \Device\Harddisk0\DR0\Partition1
21:21:13.0702 4188 \Device\Harddisk0\DR0\Partition1 - ok
21:21:13.0715 4188 ============================================================
21:21:13.0715 4188 Scan finished
21:21:13.0715 4188 ============================================================
21:21:13.0759 4112 Detected object count: 0
21:21:13.0760 4112 Actual detected object count: 0





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 21:17:06
-----------------------------
21:17:06.888 OS Version: Windows x64 6.1.7601 Service Pack 1
21:17:06.889 Number of processors: 2 586 0x301
21:17:06.891 ComputerName: ETHAN-NOTEBOOK UserName: Ethan
21:17:09.487 Initialize success
21:21:14.990 AVAST engine defs: 12043001
21:23:00.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
21:23:00.900 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 11
21:23:00.988 Disk 0 MBR read successfully
21:23:01.000 Disk 0 MBR scan
21:23:01.021 Disk 0 Windows 7 default MBR code
21:23:01.046 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 291243 MB offset 2048
21:23:01.101 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13998 MB offset 596467712
21:23:01.174 Disk 0 scanning C:\Windows\system32\drivers
21:23:31.503 Service scanning
21:24:47.354 Modules scanning
21:24:47.389 Disk 0 trace - called modules:
21:24:47.459 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:24:47.477 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c93790]
21:24:47.507 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004c92710]
21:24:47.533 5 hpdskflt.sys[fffff880019d9289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800472a060]
21:24:49.089 AVAST engine scan C:\Windows
21:24:58.872 AVAST engine scan C:\Windows\system32
21:34:45.078 AVAST engine scan C:\Windows\system32\drivers
21:35:20.850 AVAST engine scan C:\Users\Ethan
22:35:55.429 AVAST engine scan C:\ProgramData
00:14:08.948 Disk 0 MBR has been saved successfully to "C:\Users\Ethan\Desktop\MBR.dat"
00:14:09.052 The log file has been saved successfully to "C:\Users\Ethan\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 PM

Posted 01 May 2012 - 12:38 AM

Greetings

I want you to uninstall FireFox and when asked about user data or settings then I want those removed also

Restart the computer and reinstall firefox and check if it is still rdirecting



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ethaniel

ethaniel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 01 May 2012 - 01:42 AM

If it's no longer redirecting, would you still like me to run Combofix?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 PM

Posted 01 May 2012 - 02:17 AM

Hello ethaniel


Yes I would - that script will remove files that are not needed on the computer and double check that there is nothing on the computer



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ethaniel

ethaniel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 01 May 2012 - 04:47 PM

Hi,

Combofix does not run. I get an error saying

C:\32788R22FWJFW\pv.com

Click abort to stop the installation, retry to try again, or ignore to skip this file.

I click ignore, and then Combofix disappears.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 PM

Posted 01 May 2012 - 10:12 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.3
Java™ 6 Update 31
Vuze
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ethaniel

ethaniel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 02 May 2012 - 12:00 AM

Hi,

Computer so far has no issues with Google redirects. When I run Hijackthis, this message appears:

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this fale, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click start, run and type:

notepad c:\windows\system32\drivers\etc\hosts

and press enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.

I click ok, it finishes running, and an empty notepad comes up.



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ethan :: ETHAN-NOTEBOOK [administrator]

5/1/2012 11:39:50 PM
mbam-log-2012-05-01 (23-39-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246011
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users