Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Youtube Downloader malware


  • This topic is locked This topic is locked
16 replies to this topic

#1 geraldthemole

geraldthemole

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 02 May 2012 - 11:14 AM

I made the mistake of downloading You Tube Downloader (YTD) with its associated Toolbar and some hidden Spigot software. I normally use Google Chrome as my default browser and when I opened it after a restart a message came up saying that something was trying to change my search settings but that Chrome had blocked it. I also occasionally use IE9 and when I tried to do a search using that browser by entering the search item in the address bar the results came back from Yahoo despite Google being my default search engine. I tried to change the default setting using Internet Options but the buttons are greyed out.

Using HiJackThis I found references to YouTube Downloader and also Spigot software. I tried to uninstall them but with limited success then deleted the program files and used CCleaner to clean up the registry but without success, although some keys were found and removed there are still problems. I am concerned that the HiJackThis log shows a number of entries with file missing against them although the names appear to refer to standard Windows 7 files.

I have done full scans with Kaspersky, Malwarebytes and Microsoft Security scanner but no malware was identified.

I also ran System Restore in Safe Mode to revert to a date before the YTD installation but its still there.

I have been looking at the instructions given in a thread posted by gian0819 as Topic 452151 and guided by Gringo.

I attach a HJT log having used Defogger, Security Check 317 and DDS, the logs follow from HJT.

Your advice please.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:45, on 02/05/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [StopDefragment] Install\StopDefragment.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Master2\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2609960304-3476416714-2663016794-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2609960304-3476416714-2663016794-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel® Turbo Boost Technology Monitor (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13688 bytes
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:38 on 02/05/2012 (Master2)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Kaspersky Internet Security 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java™ 6 Update 31
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Master2 at 16:47:01 on 2012-05-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8103.6329 [GMT 1:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://asus.msn.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://asus.msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [dualmonitor]
uRun: [Google Update] "C:\Users\Master2\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [StopDefragment] Install\StopDefragment.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Conime] %windir%\system32\conime.exe
StartupFolder: C:\Users\Master2\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{65326BBD-88C4-4971-8D63-7BCC389B6AB1} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [StopDefragment] Install\StopDefragment.exe
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
============= SERVICES / DRIVERS ===============
.
R0 assd;assd;C:\Windows\system32\drivers\assd.sys --> C:\Windows\system32\drivers\assd.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 hugoio64;hugoio64;C:\Program Files (x86)\i-Menu\hugoio64.sys [2012-3-9 13856]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-3-11 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-3-11 55056]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-3-22 1136128]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-2-24 134928]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-3-16 389120]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-1-9 517632]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-25 1997416]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]
S3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\system32\drivers\btmaud.sys --> C:\Windows\system32\drivers\btmaud.sys [?]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 253088]
S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-9 135664]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-9 135664]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-05-02 08:02:10 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DCAC06BE-D412-4A3E-9FF1-7B3E2D8B1780}\mpengine.dll
2012-05-01 10:35:00 -------- d-----w- C:\Users\Master2\AppData\Roaming\Malwarebytes
2012-05-01 10:34:52 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-01 10:34:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-30 15:39:12 -------- d-----w- C:\Program Files (x86)\Common Files\SWF Studio
2012-04-30 15:26:05 -------- d-----w- C:\Users\Master2\AppData\Local\Windows Live
2012-04-30 15:26:05 -------- d-----w- C:\Users\Master2\AppData\Local\{E5DA3E49-3072-4ACB-8641-E53FE9F19DF8}
2012-04-30 15:25:40 -------- d-----w- C:\Users\Master2\AppData\Local\{4827B4F6-7E9B-4169-9C46-B65B0F504920}
2012-04-30 14:59:02 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-04-28 10:51:57 -------- d-----w- C:\Users\Master2\Google Drive
2012-04-13 14:37:55 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-04-13 14:37:55 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-04-10 18:39:54 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-10 18:39:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-10 18:39:52 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-10 18:27:19 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-10 18:27:19 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-10 18:27:18 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-10 18:27:17 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-10 18:27:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-10 18:27:16 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-10 18:27:16 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-08 10:42:31 0 ----a-w- C:\SDTD220.tmp
2012-04-04 15:26:46 -------- d-----w- C:\Windows\System32\kodak
2012-04-04 15:25:25 -------- d-----w- C:\Users\Master2\AppData\Local\Eastman_Kodak_Company
2012-04-04 15:23:24 -------- d-----w- C:\Users\Master2\AppData\Local\Eastman Kodak Company
2012-04-04 15:22:47 -------- d-----w- C:\Windows\SysWow64\kodak
2012-04-04 15:21:07 -------- d-----w- C:\Program Files (x86)\Kodak
2012-04-04 15:18:42 -------- d-----w- C:\Users\Master2\AppData\Roaming\Temp
2012-04-04 15:18:41 -------- d-----w- C:\ProgramData\Kodak
2012-04-03 08:25:24 -------- d-----w- C:\Windows\pss
2012-04-03 08:13:06 -------- d-----w- C:\Program Files (x86)\Trend Micro
.
==================== Find3M ====================
.
2012-05-02 15:36:05 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-04-17 07:45:49 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-17 07:45:49 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-16 13:02:38 1058304 ----a-w- C:\Windows\System32\EKAiO2MON.dll
2012-03-16 13:02:06 177664 ----a-w- C:\Windows\System32\EKAiO2COI08.dll
2012-03-11 13:48:52 63760 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-03-08 09:02:47 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-06 19:24:31 0 ----a-w- C:\SDT7D3C.tmp
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 09:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-19 18:04:19 0 ----a-w- C:\SDT3271.tmp
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-16 09:33:20 745354 ----a-w- C:\Windows\unins000.exe
2012-02-14 18:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 18:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe
2012-02-14 18:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-02-14 18:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe
2012-02-14 18:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe
2012-02-14 18:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe
2012-02-14 18:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-02-14 18:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe
2012-02-14 18:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll
2012-02-14 18:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll
2012-02-14 18:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-02-14 18:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin
2012-02-14 18:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin
2012-02-14 18:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll
2012-02-14 18:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin
2012-02-14 18:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin
2012-02-14 18:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-02-14 18:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-02-14 18:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-02-14 18:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-02-14 18:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-02-14 17:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-02-14 17:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-02-14 17:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-02-14 17:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll
2012-02-14 17:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-02-14 17:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-02-14 17:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-02-14 17:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-02-14 17:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-02-14 17:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-02-14 17:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-02-14 17:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-02-14 17:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-02-14 17:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-02-14 17:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-02-14 17:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-02-14 17:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-02-14 17:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-02-14 11:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-13 09:31:04 122368 ----a-w- C:\Windows\System32\EKaio2WiaCoInst.dll
2012-02-13 09:31:02 10240 ----a-w- C:\Windows\System32\EKaio2WiaCoInstRes.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 16:48:24.52 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 03 May 2012 - 01:03 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 geraldthemole

geraldthemole
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 03 May 2012 - 03:51 AM

Hello Gringo

Thank you for agreeing to help me with my problem.

I attach logs from checkup and Combibox:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Kaspersky Internet Security 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java™ 6 Update 31
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

ComboFix 12-05-02.02 - Master2 03/05/2012 9:20.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8103.6162 [GMT 1:00]
Running from: c:\users\Master2\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Roaming
C:\SDT3271.tmp
C:\SDT7D3C.tmp
C:\SDTD220.tmp
c:\windows\AsPatch10430001.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))
.
.
2012-05-02 08:02 . 2012-04-18 02:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCAC06BE-D412-4A3E-9FF1-7B3E2D8B1780}\mpengine.dll
2012-05-01 10:35 . 2012-05-01 10:35 -------- d-----w- c:\users\Master2\AppData\Roaming\Malwarebytes
2012-05-01 10:34 . 2012-05-01 10:34 -------- d-----w- c:\programdata\Malwarebytes
2012-05-01 10:34 . 2012-05-02 07:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-30 15:39 . 2012-04-30 15:39 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2012-04-30 15:26 . 2012-04-30 15:26 -------- d-----w- c:\users\Master2\AppData\Local\Windows Live
2012-04-30 14:59 . 2012-05-02 07:47 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-04-28 16:23 . 2012-04-28 16:23 -------- d-----w- c:\windows\Sun
2012-04-28 10:51 . 2012-05-02 07:47 -------- d-----w- c:\users\Master2\Google Drive
2012-04-13 14:37 . 2012-05-02 13:56 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-13 14:37 . 2012-04-13 14:37 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-04-10 18:39 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 18:39 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-10 18:39 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-10 18:27 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 18:27 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 18:27 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 18:27 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 18:27 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 18:27 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 18:27 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-08 09:18 . 2012-04-08 09:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-04 15:26 . 2012-05-02 07:47 -------- d-----w- c:\windows\system32\kodak
2012-04-04 15:25 . 2012-05-02 07:47 -------- d-----w- c:\users\Master2\AppData\Local\Eastman_Kodak_Company
2012-04-04 15:23 . 2012-04-04 15:23 -------- d-----w- c:\users\Master2\AppData\Local\Eastman Kodak Company
2012-04-04 15:22 . 2012-05-02 07:46 -------- d-----w- c:\windows\SysWow64\kodak
2012-04-04 15:21 . 2012-05-02 07:44 -------- d-----w- c:\program files (x86)\Kodak
2012-04-04 15:18 . 2012-05-03 08:12 -------- d-----w- c:\programdata\Kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-02 15:36 . 2011-12-30 22:52 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-04-17 07:45 . 2012-04-02 07:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-17 07:45 . 2012-01-01 15:14 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-16 13:02 . 2012-03-16 13:02 1058304 ----a-w- c:\windows\system32\EKAiO2MON.dll
2012-03-16 13:02 . 2012-03-16 13:02 177664 ----a-w- c:\windows\system32\EKAiO2COI08.dll
2012-03-11 13:48 . 2012-02-04 20:52 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-03-08 09:02 . 2012-03-08 09:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 09:18 . 2012-02-12 13:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 17:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 17:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 17:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 17:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 09:33 . 2012-02-16 09:33 745354 ----a-w- c:\windows\unins000.exe
2012-02-14 18:55 . 2012-02-14 18:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 18:55 . 2012-02-14 18:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-14 18:55 . 2012-02-14 18:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-14 18:55 . 2012-02-14 18:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-14 18:55 . 2012-02-14 18:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-14 18:55 . 2012-02-14 18:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-14 18:55 . 2012-02-14 18:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-14 18:55 . 2012-02-14 18:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-14 18:53 . 2012-02-14 18:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-14 18:47 . 2012-02-14 18:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-14 18:47 . 2012-02-14 18:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-14 18:47 . 2012-02-14 18:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-14 18:47 . 2012-02-14 18:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-14 18:47 . 2012-02-14 18:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-14 18:44 . 2011-10-21 17:25 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-14 18:44 . 2012-02-14 18:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-14 18:42 . 2011-10-21 17:19 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-14 18:35 . 2012-02-14 18:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-14 18:07 . 2012-02-14 18:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-14 17:59 . 2012-02-14 17:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-14 17:57 . 2012-02-14 17:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-14 17:57 . 2012-02-14 17:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-14 17:57 . 2012-02-14 17:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-14 17:57 . 2012-02-14 17:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-14 17:57 . 2012-02-14 17:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-14 17:57 . 2012-02-14 17:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-14 17:57 . 2012-02-14 17:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-14 17:57 . 2012-02-14 17:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-14 17:57 . 2012-02-14 17:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-14 17:57 . 2012-02-14 17:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-14 17:57 . 2012-02-14 17:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-14 17:57 . 2012-02-14 17:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-14 17:57 . 2012-02-14 17:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-14 17:57 . 2012-02-14 17:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-14 17:57 . 2012-02-14 17:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-14 17:57 . 2011-07-15 08:14 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-14 17:56 . 2011-07-15 08:14 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-14 17:56 . 2012-02-14 17:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-14 17:56 . 2012-02-14 17:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-14 17:56 . 2012-02-14 17:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-14 17:56 . 2012-02-14 17:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-14 17:56 . 2012-02-14 17:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-14 17:56 . 2011-07-15 08:14 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-14 17:55 . 2012-02-14 17:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-14 17:54 . 2012-02-14 17:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-14 17:53 . 2012-02-14 17:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-14 17:53 . 2012-02-14 17:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-14 17:53 . 2012-02-14 17:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-14 17:53 . 2012-02-14 17:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 17:53 . 2012-02-14 17:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 17:53 . 2012-02-14 17:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-14 17:53 . 2012-02-14 17:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-14 17:53 . 2012-02-14 17:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-14 11:09 . 2012-02-14 11:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-13 09:31 . 2012-02-13 09:31 122368 ----a-w- c:\windows\system32\EKaio2WiaCoInst.dll
2012-02-13 09:31 . 2012-02-13 09:31 10240 ----a-w- c:\windows\system32\EKaio2WiaCoInstRes.dll
2012-02-10 06:36 . 2012-03-14 17:35 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 17:35 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-09 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Master2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-9 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]
R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 135664]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 assd;assd; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 hugoio64;hugoio64;c:\program files (x86)\i-Menu\hugoio64.sys [2008-04-29 13856]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-03-11 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-03-11 55056]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-03-22 1136128]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-02-24 134928]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-03-16 389120]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-03-23 517632]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-04 1997416]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-11 931640]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 07:45]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 18:41]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 18:41]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2609960304-3476416714-2663016794-1001Core.job
- c:\users\Master2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 16:29]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2609960304-3476416714-2663016794-1001UA.job
- c:\users\Master2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 16:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2012-03-16 3240448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-dualmonitor - (no file)
Wow6432Node-HKLM-Run-StopDefragment - Install\StopDefragment.exe
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-03 09:43:56
ComboFix-quarantined-files.txt 2012-05-03 08:43
.
Pre-Run: 109,762,666,496 bytes free
Post-Run: 109,265,645,568 bytes free
.
- - End Of File - - 75827876A819911E6E1FA222955A9228

The computer appears to be running reasonably but I have not connected to the Internet and Kaspersky is still disabled.

I look forward to your response.

Gerald

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 03 May 2012 - 06:37 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 geraldthemole

geraldthemole
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 03 May 2012 - 08:11 AM

I have run the rootkit scanners as requested. Here are the logs:


13:27:51.0061 5492 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:27:51.0217 5492 ============================================================
13:27:51.0217 5492 Current date / time: 2012/05/03 13:27:51.0217
13:27:51.0217 5492 SystemInfo:
13:27:51.0217 5492
13:27:51.0217 5492 OS Version: 6.1.7601 ServicePack: 1.0
13:27:51.0217 5492 Product type: Workstation
13:27:51.0217 5492 ComputerName: MASTER2-PC
13:27:51.0217 5492 UserName: Master2
13:27:51.0217 5492 Windows directory: C:\Windows
13:27:51.0217 5492 System windows directory: C:\Windows
13:27:51.0217 5492 Running under WOW64
13:27:51.0217 5492 Processor architecture: Intel x64
13:27:51.0217 5492 Number of processors: 4
13:27:51.0217 5492 Page size: 0x1000
13:27:51.0217 5492 Boot type: Normal boot
13:27:51.0217 5492 ============================================================
13:27:54.0462 5492 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:27:54.0477 5492 ============================================================
13:27:54.0477 5492 \Device\Harddisk0\DR0:
13:27:54.0477 5492 MBR partitions:
13:27:54.0477 5492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
13:27:54.0509 5492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
13:27:54.0509 5492 ============================================================
13:27:54.0540 5492 C: <-> \Device\Harddisk0\DR0\Partition0
13:27:54.0711 5492 D: <-> \Device\Harddisk0\DR0\Partition1
13:27:54.0711 5492 ============================================================
13:27:54.0711 5492 Initialize success
13:27:54.0711 5492 ============================================================
13:28:10.0280 5724 ============================================================
13:28:10.0280 5724 Scan started
13:28:10.0280 5724 Mode: Manual;
13:28:10.0280 5724 ============================================================
13:28:11.0247 5724 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:28:11.0279 5724 1394ohci - ok
13:28:11.0341 5724 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:28:11.0357 5724 ACPI - ok
13:28:11.0388 5724 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:28:11.0388 5724 AcpiPmi - ok
13:28:11.0700 5724 AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
13:28:11.0715 5724 AdobeActiveFileMonitor9.0 - ok
13:28:12.0012 5724 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:28:12.0074 5724 AdobeARMservice - ok
13:28:12.0464 5724 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:28:12.0495 5724 AdobeFlashPlayerUpdateSvc - ok
13:28:12.0605 5724 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:28:12.0636 5724 adp94xx - ok
13:28:12.0698 5724 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:28:12.0714 5724 adpahci - ok
13:28:12.0745 5724 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:28:12.0761 5724 adpu320 - ok
13:28:12.0792 5724 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:28:12.0792 5724 AeLookupSvc - ok
13:28:12.0870 5724 AFBAgent (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe
13:28:12.0901 5724 AFBAgent - ok
13:28:12.0995 5724 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:28:13.0026 5724 AFD - ok
13:28:13.0057 5724 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:28:13.0073 5724 agp440 - ok
13:28:13.0104 5724 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:28:13.0119 5724 ALG - ok
13:28:13.0135 5724 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:28:13.0151 5724 aliide - ok
13:28:13.0151 5724 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:28:13.0151 5724 amdide - ok
13:28:13.0166 5724 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:28:13.0182 5724 AmdK8 - ok
13:28:13.0197 5724 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:28:13.0197 5724 AmdPPM - ok
13:28:13.0229 5724 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:28:13.0244 5724 amdsata - ok
13:28:13.0275 5724 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:28:13.0291 5724 amdsbs - ok
13:28:13.0322 5724 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:28:13.0322 5724 amdxata - ok
13:28:13.0431 5724 AMPPAL (8c290fd44f687c1799b55823ffcf553d) C:\Windows\system32\DRIVERS\AMPPAL.sys
13:28:13.0431 5724 AMPPAL - ok
13:28:13.0447 5724 AMPPALP (8c290fd44f687c1799b55823ffcf553d) C:\Windows\system32\DRIVERS\amppal.sys
13:28:13.0447 5724 AMPPALP - ok
13:28:14.0258 5724 AMPPALR3 (4977534658cdbcd8f376ba276a115f66) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
13:28:14.0305 5724 AMPPALR3 - ok
13:28:14.0820 5724 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:28:14.0820 5724 AppID - ok
13:28:14.0882 5724 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:28:14.0882 5724 AppIDSvc - ok
13:28:14.0913 5724 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:28:14.0913 5724 Appinfo - ok
13:28:14.0976 5724 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:28:14.0976 5724 AppMgmt - ok
13:28:15.0023 5724 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:28:15.0038 5724 arc - ok
13:28:15.0054 5724 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:28:15.0054 5724 arcsas - ok
13:28:15.0194 5724 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
13:28:15.0194 5724 ASLDRService - ok
13:28:15.0225 5724 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
13:28:15.0225 5724 ASMMAP64 - ok
13:28:15.0288 5724 assd (a7e7ae771a2fcdbd5f28910a38d9a82c) C:\Windows\system32\drivers\assd.sys
13:28:15.0303 5724 assd - ok
13:28:15.0350 5724 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:28:15.0350 5724 AsyncMac - ok
13:28:15.0397 5724 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:28:15.0413 5724 atapi - ok
13:28:15.0522 5724 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
13:28:15.0584 5724 athr - ok
13:28:15.0662 5724 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
13:28:15.0662 5724 ATKGFNEXSrv - ok
13:28:15.0678 5724 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
13:28:15.0693 5724 ATKWMIACPIIO - ok
13:28:15.0834 5724 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:28:15.0881 5724 AudioEndpointBuilder - ok
13:28:15.0896 5724 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:28:15.0896 5724 AudioSrv - ok
13:28:16.0021 5724 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
13:28:16.0021 5724 AVP - ok
13:28:16.0099 5724 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:28:16.0099 5724 AxInstSV - ok
13:28:16.0208 5724 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:28:16.0239 5724 b06bdrv - ok
13:28:16.0317 5724 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:28:16.0333 5724 b57nd60a - ok
13:28:16.0427 5724 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:28:16.0427 5724 BDESVC - ok
13:28:16.0458 5724 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:28:16.0458 5724 Beep - ok
13:28:16.0551 5724 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:28:16.0583 5724 BFE - ok
13:28:16.0676 5724 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:28:16.0707 5724 BITS - ok
13:28:16.0770 5724 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:28:16.0770 5724 blbdrive - ok
13:28:17.0690 5724 Bluetooth Device Monitor (55b0c8441de7d91a819a39d0351154a2) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
13:28:17.0737 5724 Bluetooth Device Monitor - ok
13:28:18.0080 5724 Bluetooth Media Service (7e262330df0c4be4ece853b59b9cbe4c) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
13:28:18.0143 5724 Bluetooth Media Service - ok
13:28:18.0236 5724 Bluetooth OBEX Service (8bf4b9956e13871a88a3810074e2e110) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
13:28:18.0283 5724 Bluetooth OBEX Service - ok
13:28:18.0501 5724 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:28:18.0501 5724 bowser - ok
13:28:18.0579 5724 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:28:18.0579 5724 BrFiltLo - ok
13:28:18.0579 5724 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:28:18.0579 5724 BrFiltUp - ok
13:28:18.0735 5724 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:28:18.0735 5724 BridgeMP - ok
13:28:19.0047 5724 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:28:19.0094 5724 Browser - ok
13:28:19.0453 5724 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:28:19.0484 5724 Brserid - ok
13:28:19.0562 5724 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:28:19.0562 5724 BrSerWdm - ok
13:28:19.0578 5724 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:28:19.0593 5724 BrUsbMdm - ok
13:28:19.0609 5724 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:28:19.0609 5724 BrUsbSer - ok
13:28:19.0703 5724 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:28:19.0718 5724 BthEnum - ok
13:28:19.0905 5724 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:28:19.0937 5724 BTHMODEM - ok
13:28:20.0108 5724 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:28:20.0139 5724 BthPan - ok
13:28:21.0060 5724 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
13:28:21.0122 5724 BTHPORT - ok
13:28:21.0247 5724 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:28:21.0263 5724 bthserv - ok
13:28:21.0777 5724 BTHSSecurityMgr (377ad2480462a72371ba7322352d19ec) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
13:28:21.0777 5724 BTHSSecurityMgr - ok
13:28:21.0996 5724 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
13:28:21.0996 5724 BTHUSB - ok
13:28:22.0136 5724 btmaudio (0a6cd4c79c92eec0fa60b1eea2677b37) C:\Windows\system32\drivers\btmaud.sys
13:28:22.0245 5724 btmaudio - ok
13:28:22.0448 5724 btmaux (270fba230e78e25726d065a924589a72) C:\Windows\system32\DRIVERS\btmaux.sys
13:28:22.0464 5724 btmaux - ok
13:28:23.0228 5724 btmhsf (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\Windows\system32\DRIVERS\btmhsf.sys
13:28:23.0259 5724 btmhsf - ok
13:28:23.0337 5724 catchme - ok
13:28:23.0556 5724 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:28:23.0603 5724 cdfs - ok
13:28:23.0759 5724 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:28:23.0774 5724 cdrom - ok
13:28:24.0008 5724 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:28:24.0024 5724 CertPropSvc - ok
13:28:24.0133 5724 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:28:24.0149 5724 circlass - ok
13:28:24.0601 5724 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:28:24.0632 5724 CLFS - ok
13:28:25.0053 5724 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:28:25.0053 5724 clr_optimization_v2.0.50727_32 - ok
13:28:25.0272 5724 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:28:25.0412 5724 clr_optimization_v2.0.50727_64 - ok
13:28:26.0021 5724 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:28:26.0099 5724 clr_optimization_v4.0.30319_32 - ok
13:28:26.0676 5724 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:28:26.0707 5724 clr_optimization_v4.0.30319_64 - ok
13:28:26.0816 5724 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:28:26.0816 5724 CmBatt - ok
13:28:26.0847 5724 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:28:26.0847 5724 cmdide - ok
13:28:27.0222 5724 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:28:27.0253 5724 CNG - ok
13:28:27.0315 5724 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:28:27.0331 5724 Compbatt - ok
13:28:27.0393 5724 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:28:27.0393 5724 CompositeBus - ok
13:28:27.0425 5724 COMSysApp - ok
13:28:27.0596 5724 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:28:27.0612 5724 cphs - ok
13:28:27.0643 5724 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:28:27.0659 5724 crcdisk - ok
13:28:27.0721 5724 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:28:27.0737 5724 CryptSvc - ok
13:28:27.0783 5724 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:28:27.0815 5724 CSC - ok
13:28:27.0893 5724 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:28:27.0924 5724 CscService - ok
13:28:27.0986 5724 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
13:28:27.0986 5724 dc3d - ok
13:28:28.0064 5724 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:28:28.0095 5724 DcomLaunch - ok
13:28:28.0158 5724 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:28:28.0173 5724 defragsvc - ok
13:28:28.0267 5724 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:28:28.0267 5724 DfsC - ok
13:28:28.0345 5724 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:28:28.0361 5724 Dhcp - ok
13:28:28.0407 5724 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:28:28.0407 5724 discache - ok
13:28:28.0470 5724 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:28:28.0470 5724 Disk - ok
13:28:28.0501 5724 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
13:28:28.0501 5724 dmvsc - ok
13:28:28.0579 5724 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:28:28.0595 5724 Dnscache - ok
13:28:28.0688 5724 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:28:28.0719 5724 dot3svc - ok
13:28:28.0751 5724 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:28:28.0751 5724 DPS - ok
13:28:28.0813 5724 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:28:28.0813 5724 drmkaud - ok
13:28:28.0891 5724 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:28:28.0907 5724 DXGKrnl - ok
13:28:28.0969 5724 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:28:28.0969 5724 EapHost - ok
13:28:29.0312 5724 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:28:29.0453 5724 ebdrv - ok
13:28:29.0531 5724 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:28:29.0531 5724 EFS - ok
13:28:29.0640 5724 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:28:29.0702 5724 ehRecvr - ok
13:28:29.0718 5724 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:28:29.0733 5724 ehSched - ok
13:28:29.0858 5724 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:28:29.0889 5724 elxstor - ok
13:28:29.0936 5724 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:28:29.0936 5724 ErrDev - ok
13:28:30.0045 5724 ETD (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys
13:28:30.0045 5724 ETD - ok
13:28:30.0139 5724 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:28:30.0170 5724 EventSystem - ok
13:28:30.0467 5724 EvtEng (54fc81b0162478a72a93dbbeafb35671) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:28:30.0513 5724 EvtEng - ok
13:28:31.0621 5724 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:28:31.0637 5724 exfat - ok
13:28:31.0683 5724 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:28:31.0699 5724 fastfat - ok
13:28:33.0165 5724 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:28:33.0197 5724 Fax - ok
13:28:33.0290 5724 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:28:33.0306 5724 fdc - ok
13:28:33.0415 5724 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:28:33.0415 5724 fdPHost - ok
13:28:33.0524 5724 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:28:33.0540 5724 FDResPub - ok
13:28:33.0680 5724 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:28:33.0680 5724 FileInfo - ok
13:28:33.0758 5724 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:28:33.0789 5724 Filetrace - ok
13:28:33.0836 5724 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:28:33.0852 5724 flpydisk - ok
13:28:34.0320 5724 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:28:34.0351 5724 FltMgr - ok
13:28:34.0710 5724 FLxHCIc (7de8a770487fc4b5e3a168ad97e1d370) C:\Windows\system32\DRIVERS\FLxHCIc.sys
13:28:34.0741 5724 FLxHCIc - ok
13:28:34.0850 5724 FLxHCIh (2d54a3319fc955029e4b371cdc088ff4) C:\Windows\system32\DRIVERS\FLxHCIh.sys
13:28:34.0881 5724 FLxHCIh - ok
13:28:36.0566 5724 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:28:36.0613 5724 FontCache - ok
13:28:36.0863 5724 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:28:36.0894 5724 FontCache3.0.0.0 - ok
13:28:37.0097 5724 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:28:37.0112 5724 FsDepends - ok
13:28:37.0268 5724 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
13:28:37.0284 5724 fssfltr - ok
13:28:39.0390 5724 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:28:39.0468 5724 fsssvc - ok
13:28:40.0763 5724 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:28:40.0763 5724 Fs_Rec - ok
13:28:41.0137 5724 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:28:41.0137 5724 fvevol - ok
13:28:41.0324 5724 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:28:41.0324 5724 gagp30kx - ok
13:28:41.0621 5724 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:28:41.0667 5724 gpsvc - ok
13:28:41.0808 5724 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:28:41.0823 5724 gupdate - ok
13:28:41.0886 5724 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:28:41.0886 5724 gupdatem - ok
13:28:42.0213 5724 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:28:42.0229 5724 gusvc - ok
13:28:42.0307 5724 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:28:42.0323 5724 hcw85cir - ok
13:28:42.0666 5724 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:28:42.0697 5724 HdAudAddService - ok
13:28:42.0884 5724 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:28:42.0884 5724 HDAudBus - ok
13:28:42.0947 5724 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:28:42.0947 5724 HidBatt - ok
13:28:43.0103 5724 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:28:43.0103 5724 HidBth - ok
13:28:43.0227 5724 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:28:43.0259 5724 HidIr - ok
13:28:43.0368 5724 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:28:43.0383 5724 hidserv - ok
13:28:43.0602 5724 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:28:43.0617 5724 HidUsb - ok
13:28:43.0789 5724 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:28:43.0805 5724 hkmsvc - ok
13:28:44.0241 5724 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:28:44.0257 5724 HomeGroupListener - ok
13:28:44.0522 5724 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:28:44.0538 5724 HomeGroupProvider - ok
13:28:44.0600 5724 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:28:44.0600 5724 HpSAMD - ok
13:28:44.0850 5724 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:28:44.0865 5724 HTTP - ok
13:28:45.0037 5724 hugoio64 (129128e192f9470eb92db28b6730b06b) C:\Program Files (x86)\i-Menu\hugoio64.sys
13:28:45.0037 5724 hugoio64 - ok
13:28:45.0068 5724 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:28:45.0068 5724 hwpolicy - ok
13:28:45.0146 5724 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:28:45.0146 5724 i8042prt - ok
13:28:45.0396 5724 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
13:28:45.0396 5724 iaStor - ok
13:28:45.0661 5724 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:28:45.0677 5724 iaStorV - ok
13:28:45.0755 5724 iBtFltCoex (fc47f5cf561bf0fd897efd1a9604dccf) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
13:28:45.0786 5724 iBtFltCoex - ok
13:28:46.0082 5724 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:28:46.0129 5724 idsvc - ok
13:28:47.0673 5724 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:28:48.0095 5724 igfx - ok
13:28:48.0219 5724 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:28:48.0235 5724 iirsp - ok
13:28:48.0313 5724 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:28:48.0360 5724 IKEEXT - ok
13:28:48.0407 5724 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
13:28:48.0407 5724 intaud_WaveExtensible - ok
13:28:48.0843 5724 IntcAzAudAddService (718a4008ee5da174400396b27509ef82) C:\Windows\system32\drivers\RTKVHD64.sys
13:28:48.0906 5724 IntcAzAudAddService - ok
13:28:49.0093 5724 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:28:49.0124 5724 IntcDAud - ok
13:28:49.0155 5724 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:28:49.0155 5724 intelide - ok
13:28:49.0187 5724 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:28:49.0202 5724 intelppm - ok
13:28:49.0233 5724 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:28:49.0265 5724 IPBusEnum - ok
13:28:49.0280 5724 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:28:49.0280 5724 IpFilterDriver - ok
13:28:49.0343 5724 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:28:49.0358 5724 iphlpsvc - ok
13:28:49.0421 5724 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:28:49.0421 5724 IPMIDRV - ok
13:28:49.0483 5724 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:28:49.0483 5724 IPNAT - ok
13:28:49.0514 5724 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:28:49.0514 5724 IRENUM - ok
13:28:49.0530 5724 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:28:49.0530 5724 isapnp - ok
13:28:49.0608 5724 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:28:49.0623 5724 iScsiPrt - ok
13:28:49.0670 5724 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
13:28:49.0670 5724 iwdbus - ok
13:28:49.0717 5724 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:28:49.0717 5724 kbdclass - ok
13:28:49.0779 5724 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:28:49.0779 5724 kbdhid - ok
13:28:49.0811 5724 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
13:28:49.0826 5724 kbfiltr - ok
13:28:49.0873 5724 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:28:49.0873 5724 KeyIso - ok
13:28:49.0982 5724 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
13:28:50.0013 5724 KL1 - ok
13:28:50.0060 5724 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
13:28:50.0060 5724 kl2 - ok
13:28:50.0169 5724 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
13:28:50.0185 5724 KLIF - ok
13:28:50.0263 5724 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
13:28:50.0263 5724 KLIM6 - ok
13:28:50.0310 5724 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
13:28:50.0325 5724 klmouflt - ok
13:28:50.0513 5724 Kodak AiO Network Discovery Service (221b2f551a4990056866ec73d21d3f96) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
13:28:50.0528 5724 Kodak AiO Network Discovery Service - ok
13:28:50.0606 5724 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:28:50.0622 5724 KSecDD - ok
13:28:50.0669 5724 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:28:50.0669 5724 KSecPkg - ok
13:28:50.0762 5724 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:28:50.0762 5724 ksthunk - ok
13:28:50.0809 5724 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:28:50.0825 5724 KtmRm - ok
13:28:50.0903 5724 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
13:28:50.0903 5724 L1C - ok
13:28:51.0027 5724 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:28:51.0043 5724 LanmanServer - ok
13:28:51.0074 5724 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:28:51.0105 5724 LanmanWorkstation - ok
13:28:51.0152 5724 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:28:51.0152 5724 lltdio - ok
13:28:51.0199 5724 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:28:51.0215 5724 lltdsvc - ok
13:28:51.0246 5724 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:28:51.0246 5724 lmhosts - ok
13:28:51.0324 5724 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:28:51.0339 5724 LSI_FC - ok
13:28:51.0355 5724 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:28:51.0371 5724 LSI_SAS - ok
13:28:51.0386 5724 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:28:51.0402 5724 LSI_SAS2 - ok
13:28:51.0417 5724 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:28:51.0417 5724 LSI_SCSI - ok
13:28:51.0480 5724 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:28:51.0480 5724 luafv - ok
13:28:51.0620 5724 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
13:28:51.0636 5724 McciCMService - ok
13:28:51.0761 5724 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
13:28:51.0792 5724 McciCMService64 - ok
13:28:51.0823 5724 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:28:51.0823 5724 Mcx2Svc - ok
13:28:51.0870 5724 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:28:51.0870 5724 megasas - ok
13:28:51.0917 5724 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:28:51.0932 5724 MegaSR - ok
13:28:51.0979 5724 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
13:28:51.0979 5724 MEIx64 - ok
13:28:52.0026 5724 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:28:52.0026 5724 MMCSS - ok
13:28:52.0073 5724 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:28:52.0073 5724 Modem - ok
13:28:52.0119 5724 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:28:52.0119 5724 monitor - ok
13:28:52.0166 5724 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:28:52.0166 5724 mouclass - ok
13:28:52.0229 5724 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:28:52.0229 5724 mouhid - ok
13:28:52.0291 5724 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:28:52.0291 5724 mountmgr - ok
13:28:52.0322 5724 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:28:52.0338 5724 mpio - ok
13:28:52.0353 5724 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:28:52.0369 5724 mpsdrv - ok
13:28:52.0494 5724 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:28:52.0525 5724 MpsSvc - ok
13:28:52.0619 5724 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
13:28:52.0634 5724 MREMP50 - ok
13:28:52.0697 5724 MREMP50a64 - ok
13:28:52.0712 5724 MREMPR5 - ok
13:28:52.0712 5724 MRENDIS5 - ok
13:28:52.0743 5724 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
13:28:52.0743 5724 MRESP50 - ok
13:28:52.0759 5724 MRESP50a64 - ok
13:28:52.0790 5724 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:28:52.0790 5724 MRxDAV - ok
13:28:52.0853 5724 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:28:52.0853 5724 mrxsmb - ok
13:28:52.0899 5724 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:28:52.0915 5724 mrxsmb10 - ok
13:28:52.0946 5724 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:28:52.0962 5724 mrxsmb20 - ok
13:28:53.0009 5724 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:28:53.0009 5724 msahci - ok
13:28:53.0102 5724 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:28:53.0102 5724 msdsm - ok
13:28:53.0227 5724 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:28:53.0258 5724 MSDTC - ok
13:28:53.0274 5724 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:28:53.0289 5724 Msfs - ok
13:28:53.0305 5724 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:28:53.0305 5724 mshidkmdf - ok
13:28:53.0336 5724 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:28:53.0336 5724 msisadrv - ok
13:28:53.0399 5724 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:28:53.0414 5724 MSiSCSI - ok
13:28:53.0414 5724 msiserver - ok
13:28:53.0445 5724 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:28:53.0445 5724 MSKSSRV - ok
13:28:53.0461 5724 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:28:53.0461 5724 MSPCLOCK - ok
13:28:53.0477 5724 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:28:53.0477 5724 MSPQM - ok
13:28:53.0523 5724 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:28:53.0539 5724 MsRPC - ok
13:28:53.0570 5724 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:28:53.0570 5724 mssmbios - ok
13:28:53.0586 5724 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:28:53.0586 5724 MSTEE - ok
13:28:53.0601 5724 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:28:53.0601 5724 MTConfig - ok
13:28:53.0633 5724 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:28:53.0633 5724 Mup - ok
13:28:53.0757 5724 MyWiFiDHCPDNS (4bbb9d9c4df259fae2d172c5bb25ddd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:28:53.0773 5724 MyWiFiDHCPDNS - ok
13:28:53.0835 5724 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:28:53.0851 5724 napagent - ok
13:28:53.0929 5724 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:28:53.0945 5724 NativeWifiP - ok
13:28:54.0147 5724 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
13:28:54.0179 5724 NDIS - ok
13:28:54.0225 5724 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:28:54.0225 5724 NdisCap - ok
13:28:54.0257 5724 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:28:54.0257 5724 NdisTapi - ok
13:28:54.0288 5724 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:28:54.0288 5724 Ndisuio - ok
13:28:54.0319 5724 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:28:54.0335 5724 NdisWan - ok
13:28:54.0366 5724 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:28:54.0381 5724 NDProxy - ok
13:28:54.0475 5724 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
13:28:54.0475 5724 Net Driver HPZ12 - ok
13:28:54.0522 5724 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:28:54.0522 5724 NetBIOS - ok
13:28:54.0553 5724 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:28:54.0569 5724 NetBT - ok
13:28:54.0615 5724 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:28:54.0631 5724 Netlogon - ok
13:28:54.0725 5724 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:28:54.0740 5724 Netman - ok
13:28:54.0787 5724 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:28:54.0818 5724 netprofm - ok
13:28:54.0912 5724 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:28:54.0912 5724 NetTcpPortSharing - ok
13:28:55.0567 5724 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
13:28:55.0817 5724 NETwNs64 - ok
13:28:55.0957 5724 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:28:55.0957 5724 nfrd960 - ok
13:28:56.0019 5724 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:28:56.0035 5724 NlaSvc - ok
13:28:56.0066 5724 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:28:56.0066 5724 Npfs - ok
13:28:56.0097 5724 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:28:56.0097 5724 nsi - ok
13:28:56.0113 5724 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:28:56.0113 5724 nsiproxy - ok
13:28:56.0253 5724 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:28:56.0316 5724 Ntfs - ok
13:28:56.0441 5724 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
13:28:56.0441 5724 NuidFltr - ok
13:28:56.0472 5724 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:28:56.0472 5724 Null - ok
13:28:57.0174 5724 nvlddmkm (70e89a21827b2669af906b703c7c48b5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:28:57.0377 5724 nvlddmkm - ok
13:28:57.0657 5724 nvpciflt (4b9c0c2bf78289513101eb0d44834701) C:\Windows\system32\DRIVERS\nvpciflt.sys
13:28:57.0657 5724 nvpciflt - ok
13:28:57.0704 5724 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:28:57.0720 5724 nvraid - ok
13:28:57.0767 5724 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:28:57.0782 5724 nvstor - ok
13:28:57.0891 5724 NVSvc (e04fce1d149cf05c3449e3171f9c3e41) C:\Windows\system32\nvvsvc.exe
13:28:57.0938 5724 NVSvc - ok
13:28:58.0110 5724 nvUpdatusService (d96ddea6c699a99832e0186057801971) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:28:58.0172 5724 nvUpdatusService - ok
13:28:58.0328 5724 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:28:58.0328 5724 nv_agp - ok
13:28:58.0344 5724 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:28:58.0359 5724 ohci1394 - ok
13:28:58.0453 5724 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:28:58.0453 5724 ose - ok
13:28:58.0812 5724 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:28:58.0952 5724 osppsvc - ok
13:28:59.0077 5724 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:28:59.0108 5724 p2pimsvc - ok
13:28:59.0155 5724 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:28:59.0186 5724 p2psvc - ok
13:28:59.0295 5724 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:28:59.0311 5724 Parport - ok
13:28:59.0327 5724 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:28:59.0327 5724 partmgr - ok
13:28:59.0389 5724 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:28:59.0405 5724 PcaSvc - ok
13:28:59.0436 5724 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:28:59.0451 5724 pci - ok
13:28:59.0467 5724 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:28:59.0467 5724 pciide - ok
13:28:59.0514 5724 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:28:59.0529 5724 pcmcia - ok
13:28:59.0561 5724 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:28:59.0561 5724 pcw - ok
13:28:59.0607 5724 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:28:59.0639 5724 PEAUTH - ok
13:28:59.0748 5724 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:28:59.0795 5724 PeerDistSvc - ok
13:28:59.0888 5724 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:28:59.0904 5724 PerfHost - ok
13:29:00.0091 5724 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:29:00.0153 5724 pla - ok
13:29:00.0231 5724 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:29:00.0263 5724 PlugPlay - ok
13:29:00.0341 5724 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
13:29:00.0356 5724 Pml Driver HPZ12 - ok
13:29:00.0372 5724 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:29:00.0387 5724 PNRPAutoReg - ok
13:29:00.0419 5724 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:29:00.0434 5724 PNRPsvc - ok
13:29:00.0512 5724 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
13:29:00.0512 5724 Point64 - ok
13:29:00.0575 5724 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:29:00.0590 5724 PolicyAgent - ok
13:29:00.0637 5724 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:29:00.0653 5724 Power - ok
13:29:00.0699 5724 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:29:00.0715 5724 PptpMiniport - ok
13:29:00.0746 5724 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:29:00.0746 5724 Processor - ok
13:29:00.0793 5724 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:29:00.0809 5724 ProfSvc - ok
13:29:00.0824 5724 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:29:00.0840 5724 ProtectedStorage - ok
13:29:00.0887 5724 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:29:00.0887 5724 Psched - ok
13:29:00.0949 5724 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:29:00.0949 5724 PxHlpa64 - ok
13:29:01.0058 5724 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:29:01.0121 5724 ql2300 - ok
13:29:01.0230 5724 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:29:01.0230 5724 ql40xx - ok
13:29:01.0277 5724 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:29:01.0308 5724 QWAVE - ok
13:29:01.0323 5724 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:29:01.0323 5724 QWAVEdrv - ok
13:29:01.0448 5724 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys
13:29:01.0464 5724 RapportCerberus_34302 - ok
13:29:01.0557 5724 RapportEI64 (06917b0649e334c43bfd529afcdc6c1c) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
13:29:01.0557 5724 RapportEI64 - ok
13:29:01.0604 5724 RapportKE64 (49dec9bb40555db653c4e1ab9a087403) C:\Windows\system32\Drivers\RapportKE64.sys
13:29:01.0604 5724 RapportKE64 - ok
13:29:01.0698 5724 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
13:29:01.0729 5724 RapportMgmtService - ok
13:29:01.0776 5724 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:29:01.0791 5724 RasAcd - ok
13:29:01.0838 5724 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:29:01.0854 5724 RasAgileVpn - ok
13:29:01.0885 5724 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:29:01.0885 5724 RasAuto - ok
13:29:01.0916 5724 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:29:01.0932 5724 Rasl2tp - ok
13:29:01.0994 5724 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:29:02.0010 5724 RasMan - ok
13:29:02.0057 5724 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:29:02.0057 5724 RasPppoe - ok
13:29:02.0103 5724 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:29:02.0103 5724 RasSstp - ok
13:29:02.0181 5724 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:29:02.0213 5724 rdbss - ok
13:29:02.0244 5724 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:29:02.0244 5724 rdpbus - ok
13:29:02.0259 5724 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:29:02.0259 5724 RDPCDD - ok
13:29:02.0306 5724 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:29:02.0322 5724 RDPDR - ok
13:29:02.0337 5724 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:29:02.0337 5724 RDPENCDD - ok
13:29:02.0369 5724 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:29:02.0400 5724 RDPREFMP - ok
13:29:02.0431 5724 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:29:02.0447 5724 RDPWD - ok
13:29:02.0509 5724 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:29:02.0525 5724 rdyboost - ok
13:29:02.0681 5724 RegSrvc (a436f5e7d80bbdbb0826d0f176d5bea8) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:29:02.0743 5724 RegSrvc - ok
13:29:02.0790 5724 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:29:02.0790 5724 RemoteAccess - ok
13:29:02.0837 5724 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:29:02.0852 5724 RemoteRegistry - ok
13:29:02.0930 5724 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:29:02.0946 5724 RFCOMM - ok
13:29:02.0993 5724 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:29:02.0993 5724 RpcEptMapper - ok
13:29:03.0039 5724 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:29:03.0039 5724 RpcLocator - ok
13:29:03.0102 5724 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:29:03.0117 5724 RpcSs - ok
13:29:03.0164 5724 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:29:03.0164 5724 rspndr - ok
13:29:03.0180 5724 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:29:03.0195 5724 s3cap - ok
13:29:03.0211 5724 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:29:03.0227 5724 SamSs - ok
13:29:03.0242 5724 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:29:03.0242 5724 sbp2port - ok
13:29:03.0289 5724 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:29:03.0305 5724 SCardSvr - ok
13:29:03.0336 5724 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:29:03.0336 5724 scfilter - ok
13:29:03.0414 5724 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:29:03.0476 5724 Schedule - ok
13:29:03.0507 5724 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:29:03.0507 5724 SCPolicySvc - ok
13:29:03.0539 5724 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:29:03.0554 5724 SDRSVC - ok
13:29:03.0617 5724 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:29:03.0617 5724 secdrv - ok
13:29:03.0648 5724 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:29:03.0663 5724 seclogon - ok
13:29:03.0710 5724 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:29:03.0710 5724 SENS - ok
13:29:03.0726 5724 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:29:03.0741 5724 SensrSvc - ok
13:29:03.0757 5724 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:29:03.0757 5724 Serenum - ok
13:29:03.0804 5724 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:29:03.0819 5724 Serial - ok
13:29:03.0835 5724 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:29:03.0835 5724 sermouse - ok
13:29:03.0882 5724 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:29:03.0897 5724 SessionEnv - ok
13:29:03.0897 5724 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:29:03.0913 5724 sffdisk - ok
13:29:03.0913 5724 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:29:03.0913 5724 sffp_mmc - ok
13:29:03.0929 5724 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:29:03.0929 5724 sffp_sd - ok
13:29:03.0960 5724 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:29:03.0975 5724 sfloppy - ok
13:29:04.0069 5724 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:29:04.0085 5724 SharedAccess - ok
13:29:04.0131 5724 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:29:04.0163 5724 ShellHWDetection - ok
13:29:04.0209 5724 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
13:29:04.0225 5724 SiSGbeLH - ok
13:29:04.0241 5724 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:29:04.0241 5724 SiSRaid2 - ok
13:29:04.0272 5724 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:29:04.0272 5724 SiSRaid4 - ok
13:29:04.0365 5724 SkypeUpdate (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:29:04.0381 5724 SkypeUpdate - ok
13:29:04.0412 5724 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:29:04.0428 5724 Smb - ok
13:29:04.0506 5724 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:29:04.0521 5724 SNMPTRAP - ok
13:29:04.0631 5724 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:29:04.0631 5724 spldr - ok
13:29:04.0693 5724 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:29:04.0740 5724 Spooler - ok
13:29:05.0130 5724 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:29:05.0239 5724 sppsvc - ok
13:29:05.0785 5724 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:29:05.0801 5724 sppuinotify - ok
13:29:05.0894 5724 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:29:05.0925 5724 srv - ok
13:29:06.0191 5724 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:29:06.0206 5724 srv2 - ok
13:29:06.0253 5724 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:29:06.0253 5724 srvnet - ok
13:29:06.0315 5724 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
13:29:06.0331 5724 ssadbus - ok
13:29:06.0378 5724 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
13:29:06.0393 5724 ssadmdfl - ok
13:29:06.0425 5724 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
13:29:06.0440 5724 ssadmdm - ok
13:29:06.0503 5724 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:29:06.0518 5724 SSDPSRV - ok
13:29:06.0549 5724 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:29:06.0549 5724 SstpSvc - ok
13:29:06.0612 5724 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:29:06.0627 5724 stexstor - ok
13:29:06.0674 5724 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
13:29:06.0674 5724 StillCam - ok
13:29:06.0939 5724 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:29:06.0986 5724 stisvc - ok
13:29:07.0017 5724 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:29:07.0017 5724 storflt - ok
13:29:07.0064 5724 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:29:07.0064 5724 StorSvc - ok
13:29:07.0095 5724 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:29:07.0095 5724 storvsc - ok
13:29:07.0189 5724 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:29:07.0205 5724 swenum - ok
13:29:07.0314 5724 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:29:07.0329 5724 swprv - ok
13:29:07.0532 5724 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:29:07.0595 5724 SysMain - ok
13:29:07.0766 5724 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:29:07.0782 5724 TabletInputService - ok
13:29:07.0829 5724 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:29:07.0844 5724 TapiSrv - ok
13:29:07.0875 5724 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:29:07.0875 5724 TBS - ok
13:29:08.0187 5724 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:29:08.0265 5724 Tcpip - ok
13:29:08.0546 5724 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:29:08.0577 5724 TCPIP6 - ok
13:29:08.0733 5724 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:29:08.0733 5724 tcpipreg - ok
13:29:08.0749 5724 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:29:08.0749 5724 TDPIPE - ok
13:29:08.0780 5724 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:29:08.0780 5724 TDTCP - ok
13:29:08.0811 5724 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:29:08.0827 5724 tdx - ok
13:29:08.0843 5724 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:29:08.0843 5724 TermDD - ok
13:29:08.0936 5724 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:29:08.0967 5724 TermService - ok
13:29:08.0999 5724 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:29:08.0999 5724 Themes - ok
13:29:09.0108 5724 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:29:09.0108 5724 THREADORDER - ok
13:29:09.0170 5724 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:29:09.0186 5724 TrkWks - ok
13:29:09.0389 5724 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:29:09.0435 5724 TrustedInstaller - ok
13:29:09.0529 5724 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:29:09.0529 5724 tssecsrv - ok
13:29:09.0591 5724 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:29:09.0591 5724 TsUsbFlt - ok
13:29:09.0872 5724 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:29:09.0966 5724 TsUsbGD - ok
13:29:10.0418 5724 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:29:10.0434 5724 tunnel - ok
13:29:10.0465 5724 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
13:29:10.0465 5724 TurboB - ok
13:29:10.0730 5724 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
13:29:10.0746 5724 TurboBoost - ok
13:29:10.0871 5724 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:29:10.0871 5724 uagp35 - ok
13:29:11.0011 5724 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:29:11.0042 5724 udfs - ok
13:29:11.0089 5724 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:29:11.0105 5724 UI0Detect - ok
13:29:11.0183 5724 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:29:11.0214 5724 uliagpkx - ok
13:29:11.0276 5724 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:29:11.0276 5724 umbus - ok
13:29:11.0307 5724 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:29:11.0307 5724 UmPass - ok
13:29:11.0354 5724 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:29:11.0385 5724 UmRdpService - ok
13:29:11.0432 5724 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:29:11.0463 5724 upnphost - ok
13:29:11.0526 5724 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:29:11.0526 5724 usbccgp - ok
13:29:11.0791 5724 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:29:11.0822 5724 usbcir - ok
13:29:11.0900 5724 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:29:11.0900 5724 usbehci - ok
13:29:11.0978 5724 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:29:11.0994 5724 usbhub - ok
13:29:12.0041 5724 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:29:12.0041 5724 usbohci - ok
13:29:12.0087 5724 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
13:29:12.0103 5724 usbprint - ok
13:29:12.0134 5724 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:29:12.0134 5724 USBSTOR - ok
13:29:12.0181 5724 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:29:12.0197 5724 usbuhci - ok
13:29:12.0290 5724 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
13:29:12.0290 5724 usbvideo - ok
13:29:12.0337 5724 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:29:12.0353 5724 UxSms - ok
13:29:12.0415 5724 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:29:12.0415 5724 VaultSvc - ok
13:29:12.0493 5724 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:29:12.0493 5724 vdrvroot - ok
13:29:12.0587 5724 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:29:12.0618 5724 vds - ok
13:29:12.0712 5724 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:29:12.0712 5724 vga - ok
13:29:12.0743 5724 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:29:12.0743 5724 VgaSave - ok
13:29:12.0774 5724 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:29:12.0790 5724 vhdmp - ok
13:29:12.0805 5724 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:29:12.0805 5724 viaide - ok
13:29:12.0836 5724 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:29:12.0852 5724 vmbus - ok
13:29:12.0868 5724 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:29:12.0868 5724 VMBusHID - ok
13:29:12.0899 5724 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:29:12.0914 5724 volmgr - ok
13:29:13.0055 5724 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:29:13.0070 5724 volmgrx - ok
13:29:13.0102 5724 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:29:13.0117 5724 volsnap - ok
13:29:13.0211 5724 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:29:13.0226 5724 vsmraid - ok
13:29:13.0492 5724 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:29:13.0585 5724 VSS - ok
13:29:13.0757 5724 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:29:13.0757 5724 vwifibus - ok
13:29:13.0804 5724 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:29:13.0804 5724 vwififlt - ok
13:29:13.0850 5724 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:29:13.0850 5724 vwifimp - ok
13:29:13.0960 5724 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:29:13.0991 5724 W32Time - ok
13:29:14.0006 5724 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:29:14.0022 5724 WacomPen - ok
13:29:14.0053 5724 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:29:14.0069 5724 WANARP - ok
13:29:14.0131 5724 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:29:14.0131 5724 Wanarpv6 - ok
13:29:14.0350 5724 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:29:14.0412 5724 WatAdminSvc - ok
13:29:14.0662 5724 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:29:14.0708 5724 wbengine - ok
13:29:15.0098 5724 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:29:15.0114 5724 WbioSrvc - ok
13:29:15.0520 5724 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:29:15.0551 5724 wcncsvc - ok
13:29:15.0598 5724 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:29:15.0613 5724 WcsPlugInService - ok
13:29:15.0754 5724 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:29:15.0754 5724 Wd - ok
13:29:15.0847 5724 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:29:15.0863 5724 Wdf01000 - ok
13:29:15.0956 5724 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:29:15.0972 5724 WdiServiceHost - ok
13:29:15.0988 5724 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:29:15.0988 5724 WdiSystemHost - ok
13:29:16.0050 5724 wdkmd (63ce387483e74a0bd79ee4e5eba1fd2e) C:\Windows\system32\DRIVERS\WDKMD.sys
13:29:16.0050 5724 wdkmd - ok
13:29:16.0128 5724 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:29:16.0144 5724 WebClient - ok
13:29:16.0284 5724 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:29:16.0315 5724 Wecsvc - ok
13:29:16.0362 5724 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:29:16.0378 5724 wercplsupport - ok
13:29:16.0409 5724 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:29:16.0424 5724 WerSvc - ok
13:29:16.0487 5724 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:29:16.0487 5724 WfpLwf - ok
13:29:16.0580 5724 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
13:29:16.0596 5724 WimFltr - ok
13:29:16.0627 5724 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:29:16.0627 5724 WIMMount - ok
13:29:16.0783 5724 WinDefend - ok
13:29:16.0799 5724 WinHttpAutoProxySvc - ok
13:29:16.0939 5724 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:29:16.0955 5724 Winmgmt - ok
13:29:17.0251 5724 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:29:17.0329 5724 WinRM - ok
13:29:17.0563 5724 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:29:17.0563 5724 WinUsb - ok
13:29:17.0750 5724 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:29:17.0782 5724 Wlansvc - ok
13:29:17.0969 5724 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:29:17.0984 5724 wlcrasvc - ok
13:29:18.0437 5724 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:29:18.0515 5724 wlidsvc - ok
13:29:18.0998 5724 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:29:18.0998 5724 WmiAcpi - ok
13:29:19.0076 5724 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:29:19.0092 5724 wmiApSrv - ok
13:29:19.0170 5724 WMPNetworkSvc - ok
13:29:19.0232 5724 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:29:19.0232 5724 WPCSvc - ok
13:29:19.0264 5724 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:29:19.0279 5724 WPDBusEnum - ok
13:29:19.0310 5724 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:29:19.0310 5724 ws2ifsl - ok
13:29:19.0342 5724 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:29:19.0357 5724 wscsvc - ok
13:29:19.0357 5724 WSearch - ok
13:29:19.0576 5724 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:29:19.0654 5724 wuauserv - ok
13:29:19.0794 5724 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:29:19.0810 5724 WudfPf - ok
13:29:19.0856 5724 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:29:19.0872 5724 WUDFRd - ok
13:29:19.0919 5724 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:29:19.0919 5724 wudfsvc - ok
13:29:19.0966 5724 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:29:19.0981 5724 WwanSvc - ok
13:29:20.0075 5724 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:29:20.0168 5724 \Device\Harddisk0\DR0 - ok
13:29:20.0168 5724 Boot (0x1200) (1ac1a0df5506c185b97e5e631af78847) \Device\Harddisk0\DR0\Partition0
13:29:20.0184 5724 \Device\Harddisk0\DR0\Partition0 - ok
13:29:20.0200 5724 Boot (0x1200) (f346a60a16bab6a18af25b3b1058455e) \Device\Harddisk0\DR0\Partition1
13:29:20.0200 5724 \Device\Harddisk0\DR0\Partition1 - ok
13:29:20.0200 5724 ============================================================
13:29:20.0200 5724 Scan finished
13:29:20.0200 5724 ============================================================
13:29:20.0215 5716 Detected object count: 0
13:29:20.0215 5716 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-03 13:48:02
-----------------------------
13:48:02.967 OS Version: Windows x64 6.1.7601 Service Pack 1
13:48:02.967 Number of processors: 4 586 0x2A07
13:48:02.983 ComputerName: MASTER2-PC UserName: Master2
13:48:04.496 Initialize success
13:49:42.550 AVAST engine defs: 12050300
13:49:48.198 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:49:48.213 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
13:49:48.244 Disk 0 MBR read successfully
13:49:48.244 Disk 0 MBR scan
13:49:48.260 Disk 0 Windows 7 default MBR code
13:49:48.276 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
13:49:48.307 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 190776 MB offset 52430848
13:49:48.322 Disk 0 Partition - 00 0F Extended LBA 260562 MB offset 443140096
13:49:48.354 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 260561 MB offset 443142144
13:49:48.432 Disk 0 scanning C:\Windows\system32\drivers
13:50:04.656 Service scanning
13:50:41.019 Modules scanning
13:50:41.035 Disk 0 trace - called modules:
13:50:41.113 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
13:50:41.128 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80081c3060]
13:50:41.144 3 CLASSPNP.SYS[fffff8800205143f] -> nt!IofCallDriver -> [0xfffffa8007f71ad0]
13:50:41.144 5 ACPI.sys[fffff88000fac7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007afc050]
13:50:42.267 AVAST engine scan C:\Windows
13:50:48.304 AVAST engine scan C:\Windows\system32
13:55:23.695 AVAST engine scan C:\Windows\system32\drivers
13:55:42.134 AVAST engine scan C:\Users\Master2
13:58:23.251 AVAST engine scan C:\ProgramData
14:04:56.537 Scan finished successfully
14:05:18.705 Disk 0 MBR has been saved successfully to "C:\General\MBR.dat"
14:05:18.720 The log file has been saved successfully to "C:\General\aswMBR.txt"
14:05:29.743 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
14:05:29.774 The log file has been saved successfully to "G:\aswMBR.txt"

I had to reconnect to the Internet and start Kaspesky before I could allow aswMBR to update itself. ASWMBR took a long time to start but that might have been because Kaspersky had just started and was doing its own scan.

Thank you for your advice and guidance.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 03 May 2012 - 08:36 AM

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\YouTube Downloader Toolbar

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 geraldthemole

geraldthemole
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 03 May 2012 - 09:31 AM

Combibox report deleting YouTube toolbar.

Combibox took a long time to start.


ComboFix 12-05-02.02 - Master2 03/05/2012 14:58:47.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8103.6120 [GMT 1:00]
Running from: c:\users\Master2\Desktop\ComboFix.exe
Command switches used :: c:\users\Master2\Desktop\CFScript.txt.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\YouTube Downloader Toolbar
c:\program files (x86)\YouTube Downloader Toolbar\Res\amazon.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\dailymotion.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\dropinsavings.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\dropinsavingsabt.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ebay.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\facebook.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\googleplus.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\hulu.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\icon_settings.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\metacafe.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\radio-close.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\radio-minimize.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\radiobeta.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-button-hover.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-button.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-chevron.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_amazon.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_baidu.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_ebay.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_yahoo.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_yandex.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_youtube.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\twitter.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\veoh.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\widgets.xml
c:\program files (x86)\YouTube Downloader Toolbar\Res\youtube.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd_logo.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd_logo_hover.gif
.
.
((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))
.
.
2012-05-03 14:16 . 2012-05-03 14:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-03 14:16 . 2012-05-03 14:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-03 13:12 . 2012-05-03 13:54 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCAC06BE-D412-4A3E-9FF1-7B3E2D8B1780}\offreg.dll
2012-05-02 08:02 . 2012-04-18 02:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCAC06BE-D412-4A3E-9FF1-7B3E2D8B1780}\mpengine.dll
2012-05-01 10:35 . 2012-05-01 10:35 -------- d-----w- c:\users\Master2\AppData\Roaming\Malwarebytes
2012-05-01 10:34 . 2012-05-01 10:34 -------- d-----w- c:\programdata\Malwarebytes
2012-05-01 10:34 . 2012-05-02 07:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-30 15:39 . 2012-04-30 15:39 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2012-04-30 15:26 . 2012-04-30 15:26 -------- d-----w- c:\users\Master2\AppData\Local\Windows Live
2012-04-28 16:23 . 2012-04-28 16:23 -------- d-----w- c:\windows\Sun
2012-04-28 10:51 . 2012-05-02 07:47 -------- d-----w- c:\users\Master2\Google Drive
2012-04-13 14:37 . 2012-05-03 13:45 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-13 14:37 . 2012-04-13 14:37 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-04-10 18:39 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 18:39 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-10 18:39 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-10 18:27 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 18:27 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 18:27 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 18:27 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 18:27 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 18:27 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 18:27 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-08 09:18 . 2012-04-08 09:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-04 15:26 . 2012-05-02 07:47 -------- d-----w- c:\windows\system32\kodak
2012-04-04 15:25 . 2012-05-02 07:47 -------- d-----w- c:\users\Master2\AppData\Local\Eastman_Kodak_Company
2012-04-04 15:23 . 2012-04-04 15:23 -------- d-----w- c:\users\Master2\AppData\Local\Eastman Kodak Company
2012-04-04 15:22 . 2012-05-02 07:46 -------- d-----w- c:\windows\SysWow64\kodak
2012-04-04 15:21 . 2012-05-02 07:44 -------- d-----w- c:\program files (x86)\Kodak
2012-04-04 15:18 . 2012-05-03 13:43 -------- d-----w- c:\programdata\Kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-03 13:43 . 2011-12-30 22:52 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-04-17 07:45 . 2012-04-02 07:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-17 07:45 . 2012-01-01 15:14 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-16 13:02 . 2012-03-16 13:02 1058304 ----a-w- c:\windows\system32\EKAiO2MON.dll
2012-03-16 13:02 . 2012-03-16 13:02 177664 ----a-w- c:\windows\system32\EKAiO2COI08.dll
2012-03-11 13:48 . 2012-02-04 20:52 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-03-08 09:02 . 2012-03-08 09:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 09:18 . 2012-02-12 13:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 17:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 17:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 17:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 17:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 09:33 . 2012-02-16 09:33 745354 ----a-w- c:\windows\unins000.exe
2012-02-14 18:55 . 2012-02-14 18:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 18:55 . 2012-02-14 18:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-14 18:55 . 2012-02-14 18:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-14 18:55 . 2012-02-14 18:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-14 18:55 . 2012-02-14 18:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-14 18:55 . 2012-02-14 18:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-14 18:55 . 2012-02-14 18:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-14 18:55 . 2012-02-14 18:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-14 18:53 . 2012-02-14 18:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-14 18:47 . 2012-02-14 18:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-14 18:47 . 2012-02-14 18:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-14 18:47 . 2012-02-14 18:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-14 18:47 . 2012-02-14 18:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-14 18:47 . 2012-02-14 18:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-14 18:44 . 2011-10-21 17:25 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-14 18:44 . 2012-02-14 18:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-14 18:42 . 2011-10-21 17:19 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-14 18:35 . 2012-02-14 18:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-14 18:07 . 2012-02-14 18:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-14 17:59 . 2012-02-14 17:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-14 17:57 . 2012-02-14 17:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-14 17:57 . 2012-02-14 17:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-14 17:57 . 2012-02-14 17:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-14 17:57 . 2012-02-14 17:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-14 17:57 . 2012-02-14 17:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-14 17:57 . 2012-02-14 17:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-14 17:57 . 2012-02-14 17:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-14 17:57 . 2012-02-14 17:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-14 17:57 . 2012-02-14 17:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-14 17:57 . 2012-02-14 17:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-14 17:57 . 2012-02-14 17:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-14 17:57 . 2012-02-14 17:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-14 17:57 . 2012-02-14 17:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-14 17:57 . 2012-02-14 17:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-14 17:57 . 2012-02-14 17:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-14 17:57 . 2011-07-15 08:14 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-14 17:56 . 2011-07-15 08:14 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-14 17:56 . 2012-02-14 17:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-14 17:56 . 2012-02-14 17:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-14 17:56 . 2012-02-14 17:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-14 17:56 . 2012-02-14 17:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-14 17:56 . 2012-02-14 17:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-14 17:56 . 2011-07-15 08:14 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-14 17:55 . 2012-02-14 17:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-14 17:54 . 2012-02-14 17:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-14 17:53 . 2012-02-14 17:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-14 17:53 . 2012-02-14 17:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-14 17:53 . 2012-02-14 17:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-14 17:53 . 2012-02-14 17:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 17:53 . 2012-02-14 17:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 17:53 . 2012-02-14 17:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-14 17:53 . 2012-02-14 17:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-14 17:53 . 2012-02-14 17:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-14 11:09 . 2012-02-14 11:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-13 09:31 . 2012-02-13 09:31 122368 ----a-w- c:\windows\system32\EKaio2WiaCoInst.dll
2012-02-13 09:31 . 2012-02-13 09:31 10240 ----a-w- c:\windows\system32\EKaio2WiaCoInstRes.dll
2012-02-10 06:36 . 2012-03-14 17:35 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 17:35 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-03_08.38.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-03 08:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-03 13:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-03 08:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-03 13:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-03 08:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-03 13:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-18 20:33 . 2012-05-02 15:37 55148 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2011-02-18 20:33 . 2012-05-03 12:28 55148 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-03 13:45 42218 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-30 16:26 . 2012-05-03 13:45 10652 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2609960304-3476416714-2663016794-1001_UserData.bin
- 2012-05-03 08:10 . 2012-05-03 08:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-03 12:26 . 2012-05-03 13:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-03 12:26 . 2012-05-03 13:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-03 08:10 . 2012-05-03 08:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-05-03 08:15 639872 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-03 13:47 639872 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-03 13:47 114364 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-03 08:15 114364 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-02 18:28 390096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-03 09:31 390096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-30 16:22 . 2012-05-02 18:28 18538688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2609960304-3476416714-2663016794-1001-8192.dat
+ 2011-12-30 16:22 . 2012-05-03 09:31 18538688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2609960304-3476416714-2663016794-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-09 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Conime"="c:\windows\system32\conime.exe" [BU]
.
c:\users\Master2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-9 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]
R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 135664]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 assd;assd; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 hugoio64;hugoio64;c:\program files (x86)\i-Menu\hugoio64.sys [2008-04-29 13856]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-03-11 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-03-11 55056]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-03-22 1136128]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-02-24 134928]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-03-16 389120]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-03-23 517632]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-04 1997416]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-11 931640]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 07:45]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 18:41]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 18:41]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2609960304-3476416714-2663016794-1001Core.job
- c:\users\Master2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 16:29]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2609960304-3476416714-2663016794-1001UA.job
- c:\users\Master2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 16:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2012-03-16 3240448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-03 15:22:27
ComboFix-quarantined-files.txt 2012-05-03 14:22
ComboFix2.txt 2012-05-03 08:43
.
Pre-Run: 109,332,643,840 bytes free
Post-Run: 109,150,674,944 bytes free
.
- - End Of File - - 0476C1D07662BD6E766EEFAFFDA49314

I still have the machine offline but it seems to be running well when using general applications.
I look forward to your reply.

Gerald

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 03 May 2012 - 12:19 PM

Hello

go ahead and put it online and start checking things out

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 geraldthemole

geraldthemole
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 03 May 2012 - 02:34 PM

For the first time this is sent direct from the computer with the problem, previously I have been transferring the output to another machine:


???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 9
Adobe Reader X (10.1.3)
aioscnnr
Alcor Micro USB Card Reader
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS U Series ScreenSaver
ASUS Virtual Camera
ASUS WebStorage
AsusVibe2.0
ATK Package
Bookworm Deluxe
BT Broadband Desktop Help
C4USelfUpdater
center
Cooking Dash
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dual Monitor 1.12
Elements 9 Organizer
Elements STI Installer
essentials
Family Tree Maker 2009
FreeKapture 2.00 - Freeware
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Game Park Console
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Governor of Poker
HijackThis 2.0.2
Hotel Dash Suite Success
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
i-Menu 2.2
Intel PROSet Wireless
Intel® Control Center
Intel® Processor Graphics
Intel® WiDi
Java Auto Updater
Java™ 6 Update 31
Jewel Quest 3
Junk Mail filter update
Kaspersky Internet Security 2012
KODAK AiO Software
Luxor 3
Mahjongg dimensions
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Thunderbird 11.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
Nuance PDF Reader
ocr
Picasa 3
Plants vs Zombies
PreReq
Raccolta foto di Windows Live
Rapport
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Samsung Kies
Scan2PDF 1.6
SceneSwitch
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype Click to Call
Skype™ 5.8
Sonic Focus
syncables desktop SE
TotalCAD 2 Manual
TotalCAD 2D-3D
TreeSize Free V2.7
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
World of Goo

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 03 May 2012 - 02:45 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 geraldthemole

geraldthemole
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 03 May 2012 - 04:57 PM

MalwareBytes log:


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.03.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Master2 :: MASTER2-PC [administrator]

Protection: Enabled

03/05/2012 22:40:44
mbam-log-2012-05-03 (22-40-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224722
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:17, on 03/05/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-2609960304-3476416714-2663016794-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2609960304-3476416714-2663016794-1000\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2609960304-3476416714-2663016794-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel® Turbo Boost Technology Monitor (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14499 bytes

HJT log still has a number of FILE MISSING entries, but perhaps that is OK?

Generally the computer is running well but web pages are still a bit slow to load about 6 seconds a page. My broadband download speed is 6.6Mb/s at the moment, so possibly that and the AV software cause the delay.

Gerald

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 03 May 2012 - 10:36 PM

Greetings
+

HJT log still has a number of FILE MISSING entries, but perhaps that is OK?

this is normal reading from hijackthis from 64bit computers


Generally the computer is running well but web pages are still a bit slow to load about 6 seconds a page. My broadband download speed is 6.6Mb/s at the moment, so possibly that and the AV software cause the delay.

in what browser is this happening?


These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
      O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKUS\S-1-5-21-2609960304-3476416714-2663016794-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-2609960304-3476416714-2663016794-1000\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-2609960304-3476416714-2663016794-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 geraldthemole

geraldthemole
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 04 May 2012 - 06:25 AM

I made the HiJack This changes as recommended.

The Eset scanner ran for nearly three hours but did not find anything malicious.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-04 11:05:47
# local_time=2012-05-04 12:05:47 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 2678121 2678121 0 0
# compatibility_mode=1280 16777215 100 0 1791032 1791032 0 0
# compatibility_mode=5893 16776573 100 94 1161 88583957 0 0
# compatibility_mode=8192 67108863 100 0 309 309 0 0
# scanned=188917
# found=0
# cleaned=0
# scan_time=10640

Your query about which browser I am using: I use Google Chrome for most of my work but occasionally I use IE9. The slowish loading of web pages occurs in both. I waited over 20 seconds just now in IE9 for a large Wikipedia page to open.

At the beginning of this repair I had to disable a CD Emulator (or something similar), presumably I have to re enable it.

I greatly appreciate your assistance with this problem.

Gerald

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 04 May 2012 - 07:36 AM

Hello

go here and click on the fixit button - http://support.microsoft.com/kb/923737



Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 geraldthemole

geraldthemole
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 04 May 2012 - 11:38 AM

I was little confused by the removal of ComboFix which ran another scan but then I presume uninstalled itself, and it was not clear when some of the programs had finished. The OTCleanIT has left awsMBR and Security Check icons on my desktop but everything else has gone.

Thank you so much for your help, I found your instructions easy to follow and it was reassuring to feel that I was following such confident advice.

I will certainly make a donation as soon as PayPal lets me in to my account!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users