Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet moving slowly + most likely google redirect trojan


  • This topic is locked This topic is locked
10 replies to this topic

#1 jets24

jets24

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 14 May 2012 - 05:04 PM

Okay, I hope I'm posting all the logs and such the correct way so please bear with me if I am not I tend to be a clutz when reading instructions

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Ryan at 17:54:56 on 2012-05-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2130 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Ryan\Desktop\Games\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=20120512E05F4DB6A039F29C7DEC8C16&tbp=homepage
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPAdvisorDock] "C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe"
uRun: [AIM] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7F284403-D3DD-4F8F-8F69-D378F0A5D024} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7F284403-D3DD-4F8F-8F69-D378F0A5D024}\05162727F64747F586F6D656 : DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{7F284403-D3DD-4F8F-8F69-D378F0A5D024}\34F62747C616E646D2355636572756 : DhcpNameServer = 137.123.221.100 137.123.221.69 137.123.3.218
TCP: Interfaces\{7F284403-D3DD-4F8F-8F69-D378F0A5D024}\36963736F6D27657563747 : DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.33.1
TCP: Interfaces\{7F284403-D3DD-4F8F-8F69-D378F0A5D024}\36F62747C616E646 : DhcpNameServer = 137.123.3.218 137.123.221.69 137.123.221.100
TCP: Interfaces\{7F284403-D3DD-4F8F-8F69-D378F0A5D024}\7457563747 : DhcpNameServer = 208.67.222.222 208.67.222.220
TCP: Interfaces\{7F284403-D3DD-4F8F-8F69-D378F0A5D024}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\s3ct33b1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - sports.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ryan\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 SMR250;Symantec SMR Utility Service 2.5.0;C:\Windows\system32\drivers\SMR250.SYS --> C:\Windows\system32\drivers\SMR250.SYS [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-24 89600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-10 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-10 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-31 338168]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-25 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-13 654408]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2011-11-21 91456]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-25 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-10 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-13 18:51:26 -------- d-----w- C:\Users\Ryan\AppData\Local\{A5F0C6D6-F2EF-43EE-A64F-134BFF8CE9F9}
2012-05-13 18:51:14 -------- d-----w- C:\Users\Ryan\AppData\Local\{F3BBEA25-8241-46E3-827D-45D36429B846}
2012-05-13 08:59:41 96376 ----a-w- C:\Windows\System32\drivers\SMR250.SYS
2012-05-13 08:59:37 -------- d-----w- C:\Users\Ryan\AppData\Local\NPE
2012-05-13 08:42:07 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes
2012-05-13 08:41:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-13 08:41:58 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-13 08:41:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-13 08:15:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-13 08:09:32 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner
2012-05-13 07:50:48 -------- d-----w- C:\ProgramData\RegAce
2012-05-13 07:19:51 98816 ----a-w- C:\Windows\sed.exe
2012-05-13 07:19:51 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-13 07:19:51 256000 ----a-w- C:\Windows\PEV.exe
2012-05-13 07:19:51 208896 ----a-w- C:\Windows\MBR.exe
2012-05-13 07:08:02 55960 ----a-w- C:\Windows\System32\drivers\fsbts.sys
2012-05-13 06:58:30 116016 ----a-w- C:\Windows\System32\drivers\04145320.sys
2012-05-13 04:45:02 -------- d-----w- C:\Users\Ryan\AppData\Local\{F90FC1B4-CA8B-4BC7-9796-0E9C3D55344C}
2012-05-13 04:44:48 -------- d-----w- C:\Users\Ryan\AppData\Local\{E53FC949-C7B1-410E-9DBB-2B9281697943}
2012-05-13 04:17:22 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-05-12 16:44:16 -------- d-----w- C:\Users\Ryan\AppData\Local\{DE15215C-0FD0-4C4D-AF91-60211EF7A798}
2012-05-12 16:44:04 -------- d-----w- C:\Users\Ryan\AppData\Local\{A97077BB-2F54-4AB9-9B1B-0517BC59225D}
2012-05-12 04:02:06 -------- d-----w- C:\Program Files (x86)\blekkotb_soc
2012-05-12 03:58:17 -------- d-----w- C:\Program Files (x86)\PC Speed Maximizer
2012-05-12 03:58:02 -------- d-----w- C:\Users\Ryan\AppData\Roaming\.purple
2012-05-12 03:57:27 -------- d-----w- C:\ProgramData\blekko toolbars
2012-05-12 03:57:14 -------- d-----w- C:\Program Files (x86)\Chat Messenger
2012-05-12 03:01:03 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\77b3f8391cd2feb01\MeshBetaRemover.exe
2012-05-12 03:00:39 -------- d-----w- C:\Users\Ryan\AppData\Local\{9396F785-18A0-443F-B3D6-6903CC154E9A}
2012-05-12 00:58:40 -------- d-----w- C:\Users\Ryan\AppData\Local\{8527E000-E85D-440D-9399-A88C424690C8}
2012-05-11 12:58:13 -------- d-----w- C:\Users\Ryan\AppData\Local\{1DF21A0C-8DBB-47DA-B346-83C8B2EAD875}
2012-05-11 08:07:25 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A574E57B-7DD6-419A-AEFA-5AA5653C0D10}\offreg.dll
2012-05-11 08:06:08 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A574E57B-7DD6-419A-AEFA-5AA5653C0D10}\mpengine.dll
2012-05-11 00:57:30 -------- d-----w- C:\Users\Ryan\AppData\Local\{EE93460B-FCD6-434B-B613-84538D6DEC81}
2012-05-11 00:57:18 -------- d-----w- C:\Users\Ryan\AppData\Local\{918C1C7F-6B1D-4327-81E2-A28E183F7A1E}
2012-05-11 00:57:04 -------- d-----w- C:\Users\Ryan\Tracing
2012-05-11 00:51:57 -------- d-----w- C:\Users\Ryan\AppData\Local\{3B4AEE9B-6A10-40ED-B5B4-42B0EFF0225C}
2012-05-11 00:51:44 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Windows Live Writer
2012-05-11 00:51:44 -------- d-----w- C:\Users\Ryan\AppData\Local\Windows Live Writer
2012-05-10 20:37:44 -------- d-----w- C:\Windows\en
2012-05-10 20:32:03 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2012-05-10 20:32:03 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-05-10 20:32:03 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2012-05-10 20:32:03 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-05-10 20:30:33 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bf7bb6b41cd2eeb06\DSETUP.dll
2012-05-10 20:30:33 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bf7bb6b41cd2eeb06\DXSETUP.exe
2012-05-10 20:30:33 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bf7bb6b41cd2eeb06\dsetup32.dll
2012-05-10 20:30:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bc1e9c681cd2eeb05\DSETUP.dll
2012-05-10 20:30:29 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bc1e9c681cd2eeb05\DXSETUP.exe
2012-05-10 20:30:29 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bc1e9c681cd2eeb05\dsetup32.dll
2012-05-10 20:29:45 -------- d-----w- C:\Users\Ryan\AppData\Local\Windows Live
2012-05-10 20:08:52 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Avira
2012-05-10 20:03:20 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-05-10 20:03:20 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-05-10 20:03:19 -------- d-----w- C:\ProgramData\Avira
2012-05-10 20:03:19 -------- d-----w- C:\Program Files (x86)\Avira
2012-05-10 19:42:51 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-05-10 04:54:40 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-10 04:54:38 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-10 04:54:38 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-08 21:23:56 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-08 21:23:56 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-08 21:23:54 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-08 21:23:52 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-08 21:23:51 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-08 21:23:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-08 21:22:01 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-08 21:21:34 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-08 21:21:31 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 21:21:31 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-04-22 00:22:14 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Dartfish
2012-04-22 00:22:09 -------- d-----w- C:\Users\Ryan\AppData\Local\Dartfish
2012-04-22 00:21:20 -------- d-----w- C:\ProgramData\SafeNet Sentinel
2012-04-22 00:21:20 -------- d-----w- C:\ProgramData\Dartfish
2012-04-17 23:13:23 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-17 23:13:22 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-17 23:13:22 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-17 23:13:22 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-17 23:13:22 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-17 23:13:22 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-17 23:13:22 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
==================== Find3M ====================
.
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
.
============= FINISH: 17:56:29.24 ===============






GMER


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-13 14:35:37
Windows 6.1.7601 Service Pack 1
Running: w45x81vh.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713c20e4d
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713c20e4d (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 16 May 2012 - 08:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 jets24

jets24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 16 May 2012 - 04:35 PM

I've use TDSS killer before, just noting that as it was recommended as a help for the google redirect error

Also wanted to say thank you so much for reviewing my logs and everyone elses! you guys are really dedicated and its so impressive to do it for free!


17:21:39.0362 9048 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
17:21:39.0622 9048 ============================================================
17:21:39.0622 9048 Current date / time: 2012/05/16 17:21:39.0622
17:21:39.0622 9048 SystemInfo:
17:21:39.0622 9048
17:21:39.0622 9048 OS Version: 6.1.7601 ServicePack: 1.0
17:21:39.0622 9048 Product type: Workstation
17:21:39.0623 9048 ComputerName: RYANS-COMPUTER
17:21:39.0623 9048 UserName: Ryan
17:21:39.0623 9048 Windows directory: C:\Windows
17:21:39.0623 9048 System windows directory: C:\Windows
17:21:39.0623 9048 Running under WOW64
17:21:39.0623 9048 Processor architecture: Intel x64
17:21:39.0623 9048 Number of processors: 4
17:21:39.0623 9048 Page size: 0x1000
17:21:39.0623 9048 Boot type: Normal boot
17:21:39.0623 9048 ============================================================
17:21:40.0532 9048 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:21:40.0539 9048 ============================================================
17:21:40.0539 9048 \Device\Harddisk0\DR0:
17:21:40.0539 9048 MBR partitions:
17:21:40.0539 9048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:21:40.0540 9048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37EE9000
17:21:40.0540 9048 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37F4D000, BlocksNum 0x2405000
17:21:40.0540 9048 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
17:21:40.0540 9048 ============================================================
17:21:40.0564 9048 C: <-> \Device\Harddisk0\DR0\Partition1
17:21:40.0611 9048 D: <-> \Device\Harddisk0\DR0\Partition2
17:21:40.0656 9048 E: <-> \Device\Harddisk0\DR0\Partition3
17:21:40.0656 9048 ============================================================
17:21:40.0656 9048 Initialize success
17:21:40.0656 9048 ============================================================
17:21:42.0383 6336 ============================================================
17:21:42.0383 6336 Scan started
17:21:42.0383 6336 Mode: Manual;
17:21:42.0383 6336 ============================================================
17:21:47.0438 6336 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:21:47.0475 6336 1394ohci - ok
17:21:47.0509 6336 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
17:21:47.0511 6336 Accelerometer - ok
17:21:47.0611 6336 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:21:47.0618 6336 ACPI - ok
17:21:47.0676 6336 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:21:47.0679 6336 AcpiPmi - ok
17:21:47.0906 6336 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:21:47.0942 6336 adp94xx - ok
17:21:48.0109 6336 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:21:48.0117 6336 adpahci - ok
17:21:48.0162 6336 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:21:48.0167 6336 adpu320 - ok
17:21:48.0510 6336 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:21:48.0513 6336 AeLookupSvc - ok
17:21:48.0774 6336 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
17:21:48.0777 6336 AESTFilters - ok
17:21:48.0854 6336 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:21:48.0862 6336 AFD - ok
17:21:48.0920 6336 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:21:48.0944 6336 agp440 - ok
17:21:49.0005 6336 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:21:49.0008 6336 ALG - ok
17:21:49.0045 6336 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:21:49.0047 6336 aliide - ok
17:21:49.0060 6336 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:21:49.0062 6336 amdide - ok
17:21:49.0154 6336 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:21:49.0156 6336 AmdK8 - ok
17:21:49.0259 6336 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:21:49.0261 6336 AmdPPM - ok
17:21:49.0366 6336 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:21:49.0370 6336 amdsata - ok
17:21:49.0430 6336 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:21:49.0435 6336 amdsbs - ok
17:21:49.0461 6336 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:21:49.0463 6336 amdxata - ok
17:21:49.0532 6336 AmUStor (37ea167782af19301af9c05804948bb2) C:\Windows\system32\drivers\AmUStor.SYS
17:21:49.0540 6336 AmUStor - ok
17:21:49.0688 6336 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:21:49.0691 6336 AntiVirSchedulerService - ok
17:21:49.0743 6336 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:21:49.0746 6336 AntiVirService - ok
17:21:49.0859 6336 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:21:49.0869 6336 AppID - ok
17:21:49.0898 6336 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:21:49.0903 6336 AppIDSvc - ok
17:21:49.0956 6336 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:21:49.0958 6336 Appinfo - ok
17:21:50.0055 6336 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:21:50.0058 6336 Apple Mobile Device - ok
17:21:50.0142 6336 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:21:50.0145 6336 arc - ok
17:21:50.0215 6336 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:21:50.0218 6336 arcsas - ok
17:21:50.0259 6336 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:21:50.0266 6336 AsyncMac - ok
17:21:50.0329 6336 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:21:50.0331 6336 atapi - ok
17:21:50.0438 6336 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:21:50.0474 6336 AudioEndpointBuilder - ok
17:21:50.0487 6336 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:21:50.0496 6336 AudioSrv - ok
17:21:50.0552 6336 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
17:21:50.0555 6336 avgntflt - ok
17:21:50.0623 6336 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
17:21:50.0627 6336 avipbb - ok
17:21:50.0667 6336 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
17:21:50.0673 6336 avkmgr - ok
17:21:50.0749 6336 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:21:50.0752 6336 AxInstSV - ok
17:21:50.0841 6336 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:21:50.0851 6336 b06bdrv - ok
17:21:50.0899 6336 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:21:50.0908 6336 b57nd60a - ok
17:21:50.0972 6336 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:21:50.0975 6336 BDESVC - ok
17:21:50.0992 6336 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:21:51.0015 6336 Beep - ok
17:21:51.0148 6336 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:21:51.0165 6336 BFE - ok
17:21:51.0326 6336 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:21:51.0368 6336 BITS - ok
17:21:51.0448 6336 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:21:51.0451 6336 blbdrive - ok
17:21:51.0574 6336 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:21:51.0579 6336 Bonjour Service - ok
17:21:51.0641 6336 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:21:51.0644 6336 bowser - ok
17:21:51.0675 6336 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:21:51.0678 6336 BrFiltLo - ok
17:21:51.0699 6336 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:21:51.0701 6336 BrFiltUp - ok
17:21:51.0778 6336 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:21:51.0803 6336 BridgeMP - ok
17:21:51.0844 6336 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:21:51.0847 6336 Browser - ok
17:21:51.0936 6336 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:21:51.0954 6336 Brserid - ok
17:21:51.0981 6336 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:21:51.0983 6336 BrSerWdm - ok
17:21:51.0996 6336 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:21:51.0998 6336 BrUsbMdm - ok
17:21:52.0038 6336 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:21:52.0040 6336 BrUsbSer - ok
17:21:52.0145 6336 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:21:52.0178 6336 BthEnum - ok
17:21:52.0226 6336 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:21:52.0229 6336 BTHMODEM - ok
17:21:52.0264 6336 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:21:52.0267 6336 BthPan - ok
17:21:52.0365 6336 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
17:21:52.0392 6336 BTHPORT - ok
17:21:52.0460 6336 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:21:52.0463 6336 bthserv - ok
17:21:52.0483 6336 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
17:21:52.0493 6336 BTHUSB - ok
17:21:52.0530 6336 catchme - ok
17:21:52.0566 6336 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:21:52.0578 6336 cdfs - ok
17:21:52.0644 6336 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:21:52.0657 6336 cdrom - ok
17:21:52.0696 6336 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:21:52.0698 6336 CertPropSvc - ok
17:21:52.0891 6336 CinemaNow Service (2c24db5f78f0aca759803001e6b4f320) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
17:21:52.0910 6336 CinemaNow Service - ok
17:21:52.0940 6336 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:21:52.0944 6336 circlass - ok
17:21:53.0037 6336 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:21:53.0044 6336 CLFS - ok
17:21:53.0133 6336 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:21:53.0135 6336 clr_optimization_v2.0.50727_32 - ok
17:21:53.0185 6336 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:21:53.0189 6336 clr_optimization_v2.0.50727_64 - ok
17:21:53.0302 6336 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:21:53.0306 6336 clr_optimization_v4.0.30319_32 - ok
17:21:53.0355 6336 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:21:53.0360 6336 clr_optimization_v4.0.30319_64 - ok
17:21:53.0395 6336 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:21:53.0403 6336 CmBatt - ok
17:21:53.0433 6336 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:21:53.0435 6336 cmdide - ok
17:21:53.0494 6336 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:21:53.0504 6336 CNG - ok
17:21:53.0566 6336 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:21:53.0568 6336 Compbatt - ok
17:21:53.0662 6336 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:21:53.0683 6336 CompositeBus - ok
17:21:53.0713 6336 COMSysApp - ok
17:21:53.0744 6336 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:21:53.0747 6336 crcdisk - ok
17:21:53.0873 6336 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:21:53.0877 6336 CryptSvc - ok
17:21:54.0095 6336 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:21:54.0129 6336 cvhsvc - ok
17:21:54.0279 6336 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:21:54.0305 6336 DcomLaunch - ok
17:21:54.0430 6336 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:21:54.0436 6336 defragsvc - ok
17:21:54.0572 6336 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:21:54.0576 6336 DfsC - ok
17:21:54.0681 6336 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:21:54.0687 6336 Dhcp - ok
17:21:54.0734 6336 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:21:54.0741 6336 discache - ok
17:21:54.0806 6336 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:21:54.0814 6336 Disk - ok
17:21:54.0859 6336 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:21:54.0865 6336 Dnscache - ok
17:21:55.0095 6336 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:21:55.0127 6336 dot3svc - ok
17:21:55.0257 6336 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
17:21:55.0270 6336 Dot4 - ok
17:21:55.0412 6336 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
17:21:55.0451 6336 Dot4Print - ok
17:21:55.0486 6336 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
17:21:55.0495 6336 dot4usb - ok
17:21:55.0611 6336 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:21:55.0623 6336 DPS - ok
17:21:55.0685 6336 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:21:55.0735 6336 drmkaud - ok
17:21:55.0990 6336 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
17:21:55.0993 6336 DVMIO - ok
17:21:56.0162 6336 DvmMDES (b66b5b27c8c9881f90435a1f7fe370c3) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
17:21:56.0166 6336 DvmMDES - ok
17:21:56.0337 6336 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:21:56.0371 6336 DXGKrnl - ok
17:21:56.0461 6336 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:21:56.0465 6336 EapHost - ok
17:21:56.0974 6336 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:21:57.0065 6336 ebdrv - ok
17:21:57.0419 6336 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:21:57.0422 6336 EFS - ok
17:21:57.0874 6336 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:21:57.0923 6336 ehRecvr - ok
17:21:58.0013 6336 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:21:58.0018 6336 ehSched - ok
17:21:58.0215 6336 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:21:58.0227 6336 elxstor - ok
17:21:58.0289 6336 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:21:58.0295 6336 ErrDev - ok
17:21:58.0593 6336 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:21:58.0641 6336 EventSystem - ok
17:21:59.0136 6336 EvtEng (bdf87981c5fea94fd259f110fb8b1a72) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:21:59.0155 6336 EvtEng - ok
17:21:59.0396 6336 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:21:59.0413 6336 exfat - ok
17:21:59.0455 6336 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:21:59.0460 6336 fastfat - ok
17:21:59.0614 6336 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:21:59.0635 6336 Fax - ok
17:21:59.0717 6336 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:21:59.0719 6336 fdc - ok
17:21:59.0817 6336 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:21:59.0818 6336 fdPHost - ok
17:21:59.0838 6336 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:21:59.0841 6336 FDResPub - ok
17:21:59.0879 6336 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:21:59.0881 6336 FileInfo - ok
17:21:59.0904 6336 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:21:59.0910 6336 Filetrace - ok
17:21:59.0946 6336 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:21:59.0947 6336 flpydisk - ok
17:22:00.0018 6336 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:22:00.0025 6336 FltMgr - ok
17:22:00.0254 6336 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:22:00.0292 6336 FontCache - ok
17:22:00.0419 6336 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:22:00.0422 6336 FontCache3.0.0.0 - ok
17:22:00.0499 6336 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:22:00.0509 6336 FsDepends - ok
17:22:00.0582 6336 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:22:00.0590 6336 Fs_Rec - ok
17:22:00.0670 6336 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:22:00.0675 6336 fvevol - ok
17:22:00.0718 6336 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:22:00.0722 6336 gagp30kx - ok
17:22:00.0835 6336 GameConsoleService (1fda0df739234c4023851a282dd28704) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
17:22:00.0841 6336 GameConsoleService - ok
17:22:00.0916 6336 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:22:00.0919 6336 GEARAspiWDM - ok
17:22:01.0055 6336 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:22:01.0071 6336 gpsvc - ok
17:22:01.0143 6336 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:22:01.0145 6336 hcw85cir - ok
17:22:01.0409 6336 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:22:01.0467 6336 HdAudAddService - ok
17:22:01.0517 6336 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:22:01.0535 6336 HDAudBus - ok
17:22:01.0577 6336 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
17:22:01.0579 6336 HECIx64 - ok
17:22:01.0627 6336 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:22:01.0629 6336 HidBatt - ok
17:22:01.0670 6336 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:22:01.0674 6336 HidBth - ok
17:22:01.0717 6336 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:22:01.0720 6336 HidIr - ok
17:22:01.0886 6336 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:22:01.0888 6336 hidserv - ok
17:22:01.0928 6336 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:22:01.0937 6336 HidUsb - ok
17:22:02.0030 6336 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:22:02.0053 6336 hkmsvc - ok
17:22:02.0112 6336 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:22:02.0118 6336 HomeGroupListener - ok
17:22:02.0234 6336 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:22:02.0241 6336 HomeGroupProvider - ok
17:22:02.0424 6336 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:22:02.0427 6336 HP Support Assistant Service - ok
17:22:02.0548 6336 HP Wireless Assistant Service (a2de0a67c77ebc6dfad3d55232790add) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
17:22:02.0552 6336 HP Wireless Assistant Service - ok
17:22:02.0638 6336 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:22:02.0642 6336 HPDrvMntSvc.exe - ok
17:22:02.0698 6336 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
17:22:02.0701 6336 hpdskflt - ok
17:22:02.0907 6336 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:22:02.0913 6336 hpqcxs08 - ok
17:22:02.0963 6336 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:22:02.0967 6336 hpqddsvc - ok
17:22:03.0161 6336 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:22:03.0172 6336 hpqwmiex - ok
17:22:03.0427 6336 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:22:03.0430 6336 HpSAMD - ok
17:22:03.0633 6336 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:22:03.0700 6336 HPSLPSVC - ok
17:22:03.0777 6336 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
17:22:03.0779 6336 hpsrv - ok
17:22:03.0862 6336 HPWMISVC (b6492d01712a22ff3fea25a999dbd321) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
17:22:03.0863 6336 HPWMISVC - ok
17:22:03.0963 6336 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:22:03.0981 6336 HTTP - ok
17:22:04.0025 6336 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:22:04.0027 6336 hwpolicy - ok
17:22:04.0091 6336 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:22:04.0105 6336 i8042prt - ok
17:22:04.0258 6336 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
17:22:04.0264 6336 iaStor - ok
17:22:04.0364 6336 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
17:22:04.0366 6336 IAStorDataMgrSvc - ok
17:22:04.0629 6336 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:22:04.0654 6336 iaStorV - ok
17:22:04.0943 6336 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:22:04.0958 6336 idsvc - ok
17:22:07.0170 6336 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:22:07.0451 6336 igfx - ok
17:22:07.0634 6336 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:22:07.0638 6336 iirsp - ok
17:22:08.0005 6336 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:22:08.0021 6336 IKEEXT - ok
17:22:08.0095 6336 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
17:22:08.0099 6336 Impcd - ok
17:22:08.0198 6336 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:22:08.0203 6336 IntcDAud - ok
17:22:08.0248 6336 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:22:08.0250 6336 intelide - ok
17:22:08.0376 6336 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:22:08.0379 6336 intelppm - ok
17:22:08.0443 6336 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:22:08.0448 6336 IPBusEnum - ok
17:22:08.0543 6336 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:22:08.0575 6336 IpFilterDriver - ok
17:22:08.0667 6336 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:22:08.0678 6336 iphlpsvc - ok
17:22:08.0720 6336 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:22:08.0723 6336 IPMIDRV - ok
17:22:08.0815 6336 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:22:08.0829 6336 IPNAT - ok
17:22:09.0069 6336 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
17:22:09.0087 6336 iPod Service - ok
17:22:09.0145 6336 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:22:09.0174 6336 IRENUM - ok
17:22:09.0237 6336 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:22:09.0251 6336 isapnp - ok
17:22:09.0349 6336 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:22:09.0393 6336 iScsiPrt - ok
17:22:09.0433 6336 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:22:09.0447 6336 kbdclass - ok
17:22:09.0526 6336 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:22:09.0533 6336 kbdhid - ok
17:22:09.0579 6336 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:22:09.0582 6336 KeyIso - ok
17:22:09.0621 6336 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:22:09.0626 6336 KSecDD - ok
17:22:09.0670 6336 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:22:09.0674 6336 KSecPkg - ok
17:22:09.0699 6336 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:22:09.0707 6336 ksthunk - ok
17:22:09.0773 6336 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:22:09.0794 6336 KtmRm - ok
17:22:09.0870 6336 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:22:09.0876 6336 LanmanServer - ok
17:22:09.0937 6336 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:22:09.0945 6336 LanmanWorkstation - ok
17:22:09.0999 6336 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:22:10.0008 6336 lltdio - ok
17:22:10.0050 6336 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:22:10.0064 6336 lltdsvc - ok
17:22:10.0174 6336 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:22:10.0177 6336 lmhosts - ok
17:22:10.0331 6336 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:22:10.0335 6336 LMS - ok
17:22:10.0389 6336 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:22:10.0392 6336 LSI_FC - ok
17:22:10.0411 6336 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:22:10.0414 6336 LSI_SAS - ok
17:22:10.0446 6336 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:22:10.0449 6336 LSI_SAS2 - ok
17:22:10.0471 6336 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:22:10.0474 6336 LSI_SCSI - ok
17:22:10.0517 6336 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:22:10.0520 6336 luafv - ok
17:22:10.0574 6336 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:22:10.0576 6336 MBAMProtector - ok
17:22:10.0746 6336 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:22:10.0778 6336 MBAMService - ok
17:22:10.0979 6336 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
17:22:10.0984 6336 McComponentHostService - ok
17:22:11.0047 6336 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:22:11.0059 6336 Mcx2Svc - ok
17:22:11.0129 6336 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:22:11.0151 6336 megasas - ok
17:22:11.0204 6336 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:22:11.0219 6336 MegaSR - ok
17:22:11.0268 6336 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:22:11.0271 6336 MMCSS - ok
17:22:11.0354 6336 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:22:11.0374 6336 Modem - ok
17:22:11.0421 6336 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:22:11.0437 6336 monitor - ok
17:22:11.0568 6336 MotoConnect Service (be72f68c3e898c6c7dd61afdf28769dd) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
17:22:11.0570 6336 MotoConnect Service - ok
17:22:11.0620 6336 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:22:11.0640 6336 mouclass - ok
17:22:11.0687 6336 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:22:11.0707 6336 mouhid - ok
17:22:11.0748 6336 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:22:11.0750 6336 mountmgr - ok
17:22:11.0869 6336 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:22:11.0872 6336 MozillaMaintenance - ok
17:22:11.0909 6336 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:22:11.0945 6336 mpio - ok
17:22:11.0959 6336 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:22:11.0995 6336 mpsdrv - ok
17:22:12.0111 6336 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:22:12.0122 6336 MpsSvc - ok
17:22:12.0187 6336 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:22:12.0199 6336 MRxDAV - ok
17:22:12.0327 6336 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:22:12.0347 6336 mrxsmb - ok
17:22:12.0403 6336 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:22:12.0448 6336 mrxsmb10 - ok
17:22:12.0487 6336 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:22:12.0492 6336 mrxsmb20 - ok
17:22:12.0521 6336 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:22:12.0537 6336 msahci - ok
17:22:12.0574 6336 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:22:12.0589 6336 msdsm - ok
17:22:12.0646 6336 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:22:12.0681 6336 MSDTC - ok
17:22:12.0721 6336 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:22:12.0724 6336 Msfs - ok
17:22:12.0751 6336 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:22:12.0765 6336 mshidkmdf - ok
17:22:12.0784 6336 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:22:12.0801 6336 msisadrv - ok
17:22:12.0852 6336 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:22:12.0870 6336 MSiSCSI - ok
17:22:12.0879 6336 msiserver - ok
17:22:12.0933 6336 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:22:12.0941 6336 MSKSSRV - ok
17:22:12.0953 6336 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:22:12.0955 6336 MSPCLOCK - ok
17:22:12.0962 6336 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:22:12.0964 6336 MSPQM - ok
17:22:13.0042 6336 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:22:13.0049 6336 MsRPC - ok
17:22:13.0089 6336 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:22:13.0091 6336 mssmbios - ok
17:22:13.0110 6336 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:22:13.0114 6336 MSTEE - ok
17:22:13.0139 6336 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:22:13.0142 6336 MTConfig - ok
17:22:13.0173 6336 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:22:13.0176 6336 Mup - ok
17:22:13.0326 6336 MyWiFiDHCPDNS (59aa4cff0c9eda2252bbf5b6c7c5aa21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
17:22:13.0333 6336 MyWiFiDHCPDNS - ok
17:22:13.0414 6336 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:22:13.0426 6336 napagent - ok
17:22:13.0483 6336 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:22:13.0510 6336 NativeWifiP - ok
17:22:13.0646 6336 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:22:13.0671 6336 NDIS - ok
17:22:13.0865 6336 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:22:13.0873 6336 NdisCap - ok
17:22:13.0897 6336 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:22:13.0904 6336 NdisTapi - ok
17:22:13.0979 6336 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:22:13.0990 6336 Ndisuio - ok
17:22:14.0041 6336 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:22:14.0053 6336 NdisWan - ok
17:22:14.0097 6336 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:22:14.0105 6336 NDProxy - ok
17:22:14.0150 6336 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
17:22:14.0153 6336 Net Driver HPZ12 - ok
17:22:14.0170 6336 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:22:14.0171 6336 NetBIOS - ok
17:22:14.0209 6336 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:22:14.0213 6336 NetBT - ok
17:22:14.0253 6336 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:22:14.0255 6336 Netlogon - ok
17:22:14.0307 6336 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:22:14.0316 6336 Netman - ok
17:22:14.0358 6336 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:22:14.0367 6336 netprofm - ok
17:22:14.0446 6336 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:22:14.0450 6336 NetTcpPortSharing - ok
17:22:15.0418 6336 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
17:22:15.0624 6336 NETw5s64 - ok
17:22:16.0888 6336 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
17:22:17.0063 6336 netw5v64 - ok
17:22:18.0585 6336 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
17:22:18.0833 6336 NETwNs64 - ok
17:22:19.0038 6336 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:22:19.0041 6336 nfrd960 - ok
17:22:19.0122 6336 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:22:19.0129 6336 NlaSvc - ok
17:22:19.0161 6336 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:22:19.0163 6336 Npfs - ok
17:22:19.0213 6336 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:22:19.0217 6336 nsi - ok
17:22:19.0232 6336 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:22:19.0233 6336 nsiproxy - ok
17:22:19.0497 6336 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:22:19.0541 6336 Ntfs - ok
17:22:19.0787 6336 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:22:19.0792 6336 Null - ok
17:22:19.0867 6336 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:22:19.0870 6336 nvraid - ok
17:22:19.0894 6336 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:22:19.0898 6336 nvstor - ok
17:22:19.0936 6336 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:22:19.0939 6336 nv_agp - ok
17:22:19.0966 6336 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:22:19.0978 6336 ohci1394 - ok
17:22:20.0072 6336 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:22:20.0075 6336 ose - ok
17:22:20.0625 6336 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:22:20.0764 6336 osppsvc - ok
17:22:20.0943 6336 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:22:20.0965 6336 p2pimsvc - ok
17:22:21.0038 6336 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:22:21.0048 6336 p2psvc - ok
17:22:21.0091 6336 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:22:21.0094 6336 Parport - ok
17:22:21.0127 6336 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:22:21.0136 6336 partmgr - ok
17:22:21.0161 6336 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:22:21.0173 6336 PcaSvc - ok
17:22:21.0213 6336 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:22:21.0218 6336 pci - ok
17:22:21.0236 6336 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:22:21.0259 6336 pciide - ok
17:22:21.0307 6336 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:22:21.0327 6336 pcmcia - ok
17:22:21.0353 6336 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:22:21.0356 6336 pcw - ok
17:22:21.0408 6336 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:22:21.0443 6336 PEAUTH - ok
17:22:21.0513 6336 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:22:21.0516 6336 PerfHost - ok
17:22:21.0860 6336 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:22:21.0910 6336 pla - ok
17:22:21.0982 6336 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:22:21.0993 6336 PlugPlay - ok
17:22:22.0054 6336 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
17:22:22.0058 6336 Pml Driver HPZ12 - ok
17:22:22.0109 6336 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:22:22.0112 6336 PNRPAutoReg - ok
17:22:22.0157 6336 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:22:22.0164 6336 PNRPsvc - ok
17:22:22.0227 6336 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:22:22.0250 6336 PolicyAgent - ok
17:22:22.0293 6336 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:22:22.0306 6336 Power - ok
17:22:22.0382 6336 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:22:22.0385 6336 PptpMiniport - ok
17:22:22.0420 6336 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:22:22.0423 6336 Processor - ok
17:22:22.0469 6336 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:22:22.0476 6336 ProfSvc - ok
17:22:22.0512 6336 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:22:22.0515 6336 ProtectedStorage - ok
17:22:22.0575 6336 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:22:22.0578 6336 Psched - ok
17:22:22.0679 6336 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:22:22.0722 6336 ql2300 - ok
17:22:22.0898 6336 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:22:22.0916 6336 ql40xx - ok
17:22:22.0963 6336 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:22:22.0971 6336 QWAVE - ok
17:22:22.0995 6336 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:22:23.0027 6336 QWAVEdrv - ok
17:22:23.0045 6336 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:22:23.0063 6336 RasAcd - ok
17:22:23.0096 6336 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:22:23.0125 6336 RasAgileVpn - ok
17:22:23.0151 6336 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:22:23.0156 6336 RasAuto - ok
17:22:23.0181 6336 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:22:23.0199 6336 Rasl2tp - ok
17:22:23.0261 6336 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:22:23.0271 6336 RasMan - ok
17:22:23.0298 6336 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:22:23.0394 6336 RasPppoe - ok
17:22:23.0445 6336 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:22:23.0447 6336 RasSstp - ok
17:22:23.0503 6336 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:22:23.0511 6336 rdbss - ok
17:22:23.0537 6336 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:22:23.0539 6336 rdpbus - ok
17:22:23.0594 6336 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:22:23.0596 6336 RDPCDD - ok
17:22:23.0616 6336 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:22:23.0618 6336 RDPENCDD - ok
17:22:23.0635 6336 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:22:23.0637 6336 RDPREFMP - ok
17:22:23.0686 6336 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:22:23.0702 6336 RDPWD - ok
17:22:23.0761 6336 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:22:23.0766 6336 rdyboost - ok
17:22:24.0010 6336 RegSrvc (2528d733da7f5ac8d3d32c74ee4cff16) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:22:24.0025 6336 RegSrvc - ok
17:22:24.0082 6336 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:22:24.0087 6336 RemoteAccess - ok
17:22:24.0151 6336 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:22:24.0158 6336 RemoteRegistry - ok
17:22:24.0256 6336 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:22:24.0272 6336 RFCOMM - ok
17:22:24.0395 6336 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
17:22:24.0398 6336 RimUsb - ok
17:22:24.0437 6336 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:22:24.0443 6336 RpcEptMapper - ok
17:22:24.0471 6336 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:22:24.0475 6336 RpcLocator - ok
17:22:24.0544 6336 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:22:24.0555 6336 RpcSs - ok
17:22:24.0582 6336 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:22:24.0592 6336 rspndr - ok
17:22:24.0648 6336 RTL8167 (6074829c74c5c72ab65ad2cee9c1bb47) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:22:24.0654 6336 RTL8167 - ok
17:22:24.0695 6336 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:22:24.0699 6336 SamSs - ok
17:22:24.0764 6336 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:22:24.0768 6336 sbp2port - ok
17:22:24.0830 6336 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
17:22:24.0832 6336 SBRE - ok
17:22:24.0923 6336 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:22:24.0938 6336 SCardSvr - ok
17:22:24.0979 6336 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:22:24.0990 6336 scfilter - ok
17:22:25.0087 6336 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:22:25.0109 6336 Schedule - ok
17:22:25.0147 6336 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:22:25.0149 6336 SCPolicySvc - ok
17:22:25.0204 6336 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
17:22:25.0217 6336 sdbus - ok
17:22:25.0267 6336 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:22:25.0274 6336 SDRSVC - ok
17:22:25.0410 6336 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:22:25.0415 6336 SeaPort - ok
17:22:25.0470 6336 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:22:25.0473 6336 secdrv - ok
17:22:25.0513 6336 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:22:25.0517 6336 seclogon - ok
17:22:25.0548 6336 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:22:25.0552 6336 SENS - ok
17:22:25.0591 6336 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:22:25.0594 6336 SensrSvc - ok
17:22:25.0606 6336 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:22:25.0632 6336 Serenum - ok
17:22:25.0655 6336 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:22:25.0672 6336 Serial - ok
17:22:25.0712 6336 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:22:25.0719 6336 sermouse - ok
17:22:25.0799 6336 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:22:25.0805 6336 SessionEnv - ok
17:22:25.0843 6336 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:22:25.0849 6336 sffdisk - ok
17:22:25.0881 6336 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:22:25.0889 6336 sffp_mmc - ok
17:22:25.0918 6336 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:22:25.0924 6336 sffp_sd - ok
17:22:25.0987 6336 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:22:25.0989 6336 sfloppy - ok
17:22:26.0097 6336 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:22:26.0112 6336 Sftfs - ok
17:22:26.0282 6336 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:22:26.0300 6336 sftlist - ok
17:22:26.0333 6336 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:22:26.0361 6336 Sftplay - ok
17:22:26.0386 6336 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:22:26.0466 6336 Sftredir - ok
17:22:26.0478 6336 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:22:26.0480 6336 Sftvol - ok
17:22:26.0536 6336 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:22:26.0541 6336 sftvsa - ok
17:22:26.0591 6336 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:22:26.0599 6336 SharedAccess - ok
17:22:26.0653 6336 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:22:26.0700 6336 ShellHWDetection - ok
17:22:26.0733 6336 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:22:26.0742 6336 SiSRaid2 - ok
17:22:26.0812 6336 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:22:26.0825 6336 SiSRaid4 - ok
17:22:26.0890 6336 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:22:26.0908 6336 Smb - ok
17:22:26.0976 6336 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:22:26.0979 6336 SNMPTRAP - ok
17:22:26.0991 6336 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:22:26.0995 6336 spldr - ok
17:22:27.0081 6336 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:22:27.0094 6336 Spooler - ok
17:22:27.0609 6336 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:22:27.0733 6336 sppsvc - ok
17:22:28.0061 6336 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:22:28.0066 6336 sppuinotify - ok
17:22:28.0162 6336 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:22:28.0172 6336 srv - ok
17:22:28.0231 6336 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:22:28.0240 6336 srv2 - ok
17:22:28.0284 6336 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:22:28.0291 6336 SrvHsfHDA - ok
17:22:28.0471 6336 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:22:28.0496 6336 SrvHsfV92 - ok
17:22:28.0848 6336 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:22:28.0868 6336 SrvHsfWinac - ok
17:22:28.0957 6336 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:22:28.0987 6336 srvnet - ok
17:22:29.0043 6336 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:22:29.0067 6336 SSDPSRV - ok
17:22:29.0094 6336 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:22:29.0099 6336 SstpSvc - ok
17:22:29.0297 6336 STacSV (f8807aaf697e1d20c9d7716a4941e574) C:\Program Files\IDT\WDM\STacSV64.exe
17:22:29.0300 6336 STacSV - ok
17:22:29.0387 6336 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:22:29.0390 6336 stexstor - ok
17:22:29.0466 6336 STHDA (96df19a03d37f8568141612d31f0d035) C:\Windows\system32\DRIVERS\stwrt64.sys
17:22:29.0476 6336 STHDA - ok
17:22:29.0560 6336 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:22:29.0576 6336 stisvc - ok
17:22:29.0614 6336 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:22:29.0617 6336 swenum - ok
17:22:29.0681 6336 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:22:29.0718 6336 swprv - ok
17:22:29.0962 6336 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
17:22:29.0991 6336 SynTP - ok
17:22:30.0419 6336 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:22:30.0484 6336 SysMain - ok
17:22:30.0688 6336 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:22:30.0713 6336 TabletInputService - ok
17:22:30.0782 6336 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:22:30.0800 6336 TapiSrv - ok
17:22:30.0831 6336 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:22:30.0845 6336 TBS - ok
17:22:31.0026 6336 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:22:31.0057 6336 Tcpip - ok
17:22:31.0299 6336 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:22:31.0322 6336 TCPIP6 - ok
17:22:31.0609 6336 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:22:31.0620 6336 tcpipreg - ok
17:22:31.0680 6336 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:22:31.0688 6336 TDPIPE - ok
17:22:31.0743 6336 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:22:31.0755 6336 TDTCP - ok
17:22:31.0824 6336 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:22:31.0835 6336 tdx - ok
17:22:31.0879 6336 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:22:31.0892 6336 TermDD - ok
17:22:31.0987 6336 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:22:32.0005 6336 TermService - ok
17:22:32.0033 6336 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:22:32.0039 6336 Themes - ok
17:22:32.0067 6336 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:22:32.0071 6336 THREADORDER - ok
17:22:32.0090 6336 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:22:32.0096 6336 TrkWks - ok
17:22:32.0170 6336 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:22:32.0172 6336 TrustedInstaller - ok
17:22:32.0228 6336 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:22:32.0237 6336 tssecsrv - ok
17:22:32.0338 6336 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:22:32.0352 6336 TsUsbFlt - ok
17:22:32.0422 6336 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:22:32.0438 6336 tunnel - ok
17:22:32.0474 6336 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:22:32.0477 6336 uagp35 - ok
17:22:32.0518 6336 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:22:32.0537 6336 udfs - ok
17:22:32.0591 6336 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:22:32.0598 6336 UI0Detect - ok
17:22:32.0631 6336 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:22:32.0633 6336 uliagpkx - ok
17:22:32.0683 6336 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:22:32.0695 6336 umbus - ok
17:22:32.0719 6336 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:22:32.0722 6336 UmPass - ok
17:22:33.0051 6336 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:22:33.0115 6336 UNS - ok
17:22:33.0305 6336 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:22:33.0316 6336 upnphost - ok
17:22:33.0371 6336 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:22:33.0373 6336 USBAAPL64 - ok
17:22:33.0417 6336 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:22:33.0430 6336 usbccgp - ok
17:22:33.0493 6336 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:22:33.0497 6336 usbcir - ok
17:22:33.0520 6336 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:22:33.0529 6336 usbehci - ok
17:22:33.0621 6336 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:22:33.0656 6336 usbhub - ok
17:22:33.0678 6336 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:22:33.0687 6336 usbohci - ok
17:22:33.0724 6336 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:22:33.0733 6336 usbprint - ok
17:22:33.0812 6336 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:22:33.0815 6336 usbscan - ok
17:22:33.0852 6336 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:22:33.0868 6336 USBSTOR - ok
17:22:33.0907 6336 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:22:33.0917 6336 usbuhci - ok
17:22:34.0039 6336 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:22:34.0051 6336 usbvideo - ok
17:22:34.0081 6336 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:22:34.0087 6336 UxSms - ok
17:22:34.0153 6336 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:22:34.0156 6336 VaultSvc - ok
17:22:34.0200 6336 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:22:34.0202 6336 vdrvroot - ok
17:22:34.0284 6336 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:22:34.0297 6336 vds - ok
17:22:34.0331 6336 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:22:34.0341 6336 vga - ok
17:22:34.0358 6336 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:22:34.0366 6336 VgaSave - ok
17:22:34.0443 6336 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:22:34.0464 6336 vhdmp - ok
17:22:34.0503 6336 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:22:34.0505 6336 viaide - ok
17:22:34.0523 6336 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:22:34.0525 6336 volmgr - ok
17:22:34.0577 6336 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:22:34.0584 6336 volmgrx - ok
17:22:34.0613 6336 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:22:34.0626 6336 volsnap - ok
17:22:34.0668 6336 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:22:34.0672 6336 vsmraid - ok
17:22:34.0827 6336 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:22:34.0859 6336 VSS - ok
17:22:35.0081 6336 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:22:35.0094 6336 vwifibus - ok
17:22:35.0136 6336 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:22:35.0147 6336 vwififlt - ok
17:22:35.0175 6336 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:22:35.0181 6336 vwifimp - ok
17:22:35.0264 6336 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:22:35.0276 6336 W32Time - ok
17:22:35.0328 6336 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:22:35.0330 6336 WacomPen - ok
17:22:35.0395 6336 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:22:35.0406 6336 WANARP - ok
17:22:35.0415 6336 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:22:35.0417 6336 Wanarpv6 - ok
17:22:35.0618 6336 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:22:35.0661 6336 WatAdminSvc - ok
17:22:35.0871 6336 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:22:35.0918 6336 wbengine - ok
17:22:36.0060 6336 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:22:36.0067 6336 WbioSrvc - ok
17:22:36.0164 6336 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:22:36.0174 6336 wcncsvc - ok
17:22:36.0195 6336 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:22:36.0200 6336 WcsPlugInService - ok
17:22:36.0241 6336 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:22:36.0243 6336 Wd - ok
17:22:36.0321 6336 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:22:36.0334 6336 Wdf01000 - ok
17:22:36.0357 6336 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:22:36.0363 6336 WdiServiceHost - ok
17:22:36.0372 6336 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:22:36.0378 6336 WdiSystemHost - ok
17:22:36.0493 6336 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:22:36.0502 6336 WebClient - ok
17:22:36.0581 6336 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:22:36.0589 6336 Wecsvc - ok
17:22:36.0610 6336 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:22:36.0615 6336 wercplsupport - ok
17:22:36.0752 6336 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:22:36.0757 6336 WerSvc - ok
17:22:36.0838 6336 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:22:36.0843 6336 WfpLwf - ok
17:22:36.0864 6336 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:22:36.0873 6336 WIMMount - ok
17:22:36.0902 6336 WinDefend - ok
17:22:36.0919 6336 WinHttpAutoProxySvc - ok
17:22:37.0014 6336 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:22:37.0019 6336 Winmgmt - ok
17:22:37.0301 6336 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:22:37.0339 6336 WinRM - ok
17:22:37.0575 6336 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:22:37.0589 6336 WinUsb - ok
17:22:37.0852 6336 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:22:37.0871 6336 Wlansvc - ok
17:22:38.0290 6336 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:22:38.0364 6336 wlidsvc - ok
17:22:38.0613 6336 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:22:38.0615 6336 WmiAcpi - ok
17:22:38.0733 6336 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:22:38.0741 6336 wmiApSrv - ok
17:22:38.0796 6336 WMPNetworkSvc - ok
17:22:38.0907 6336 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:22:38.0915 6336 WPCSvc - ok
17:22:38.0969 6336 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:22:38.0976 6336 WPDBusEnum - ok
17:22:39.0000 6336 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:22:39.0001 6336 ws2ifsl - ok
17:22:39.0030 6336 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:22:39.0037 6336 wscsvc - ok
17:22:39.0044 6336 WSearch - ok
17:22:39.0380 6336 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:22:39.0441 6336 wuauserv - ok
17:22:39.0678 6336 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:22:39.0693 6336 WudfPf - ok
17:22:39.0743 6336 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:22:39.0758 6336 WUDFRd - ok
17:22:39.0799 6336 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:22:39.0805 6336 wudfsvc - ok
17:22:39.0844 6336 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:22:39.0852 6336 WwanSvc - ok
17:22:39.0920 6336 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
17:22:39.0929 6336 yukonw7 - ok
17:22:39.0986 6336 MBR (0x1B8) (3cd8f28261a88bbb0cd80d236cbd9e14) \Device\Harddisk0\DR0
17:22:40.0413 6336 \Device\Harddisk0\DR0 - ok
17:22:40.0419 6336 Boot (0x1200) (33a09d347438f120dba3a01ddf82c034) \Device\Harddisk0\DR0\Partition0
17:22:40.0421 6336 \Device\Harddisk0\DR0\Partition0 - ok
17:22:40.0440 6336 Boot (0x1200) (47c42e5d2467b23a7e19f9d945d95698) \Device\Harddisk0\DR0\Partition1
17:22:40.0442 6336 \Device\Harddisk0\DR0\Partition1 - ok
17:22:40.0495 6336 Boot (0x1200) (5af2fad2028360a8c95ec82ebf09f202) \Device\Harddisk0\DR0\Partition2
17:22:40.0498 6336 \Device\Harddisk0\DR0\Partition2 - ok
17:22:40.0759 6336 Boot (0x1200) (d81aa0e3bcc1561b7ec72d03e2430cb3) \Device\Harddisk0\DR0\Partition3
17:22:40.0760 6336 \Device\Harddisk0\DR0\Partition3 - ok
17:22:40.0761 6336 ============================================================
17:22:40.0761 6336 Scan finished
17:22:40.0761 6336 ============================================================
17:22:40.0791 4704 Detected object count: 0
17:22:40.0791 4704 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 17:22:15
-----------------------------
17:22:15.868 OS Version: Windows x64 6.1.7601 Service Pack 1
17:22:15.868 Number of processors: 4 586 0x2502
17:22:15.870 ComputerName: RYANS-COMPUTER UserName: Ryan
17:22:18.916 Initialize success
17:23:59.530 AVAST engine defs: 12051601
17:24:20.672 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:24:20.677 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 3
17:24:20.691 Disk 0 MBR read successfully
17:24:20.695 Disk 0 MBR scan
17:24:20.721 Disk 0 unknown MBR code
17:24:20.742 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
17:24:20.785 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 458194 MB offset 409600
17:24:20.816 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 18442 MB offset 938790912
17:24:20.839 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
17:24:20.894 Disk 0 scanning C:\Windows\system32\drivers
17:24:35.696 Service scanning
17:25:13.759 Modules scanning
17:25:13.775 Disk 0 trace - called modules:
17:25:13.801 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
17:25:13.811 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80052cd060]
17:25:13.822 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80051a1b10]
17:25:13.833 5 hpdskflt.sys[fffff88001bb6289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fcc050]
17:25:15.400 AVAST engine scan C:\Windows
17:25:19.784 AVAST engine scan C:\Windows\system32
17:31:15.052 AVAST engine scan C:\Windows\system32\drivers
17:31:33.736 AVAST engine scan C:\Users\Ryan
17:31:34.360 File: C:\Users\Ryan\AppData\Local\Apple Computer\AIM\jgwrgm.dll **INFECTED** Win32:Tracur-HZ [Trj]
17:34:48.643 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\MBR.dat"
17:34:48.659 The log file has been saved successfully to "C:\Users\Ryan\Desktop\aswMBR.txt"

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 17 May 2012 - 07:11 AM

You have a topic here also.

http://forums.techguy.org/virus-other-malware-removal/1053030-hijackthis-log-some-slow-suspicious.html

I request that you inform them that you are being helped at BleepingComputer.
===

Delete that file in bold.
C:\Users\Ryan\AppData\Local\Apple Computer\AIM\jgwrgm.dll

===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#5 jets24

jets24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 17 May 2012 - 05:33 PM

still getting redirect problems and cannot locate the worm in the aim file that you said to delete

Edit: Correction I located and deleted the file and from the recycle bin


ComboFix 12-05-17.05 - Ryan 05/17/2012 18:15:18.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2377 [GMT -4:00]
Running from: c:\users\Ryan\Desktop\Games\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Previous Run --
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\userinit.exe
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-17 22:25 . 2012-05-17 22:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-17 22:25 . 2012-05-17 22:25 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-16 21:20 . 2012-05-16 21:20 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-16 21:20 . 2012-05-16 21:20 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-16 02:26 . 2012-05-16 02:26 -------- d-----w- c:\users\Ryan\AppData\Roaming\HPAppData
2012-05-15 21:42 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A58F718-8AB3-449E-98DA-B34F4969199C}\mpengine.dll
2012-05-15 03:14 . 2012-05-15 03:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-15 03:13 . 2012-05-15 03:13 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-13 08:59 . 2012-05-13 09:07 -------- d-----w- c:\users\Ryan\AppData\Local\NPE
2012-05-13 08:42 . 2012-05-13 08:42 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes
2012-05-13 08:41 . 2012-05-13 08:41 -------- d-----w- c:\programdata\Malwarebytes
2012-05-13 08:41 . 2012-05-13 08:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-13 08:41 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 08:09 . 2012-05-15 03:16 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2012-05-13 07:50 . 2012-05-13 07:54 -------- d-----w- c:\programdata\RegAce
2012-05-13 07:08 . 2012-05-13 07:08 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-05-13 06:58 . 2012-05-13 06:58 116016 ----a-w- c:\windows\system32\drivers\04145320.sys
2012-05-13 04:17 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-05-12 04:02 . 2012-05-12 04:02 -------- d-----w- c:\program files (x86)\blekkotb_soc
2012-05-12 03:58 . 2012-05-12 04:02 -------- d-----w- c:\program files (x86)\PC Speed Maximizer
2012-05-12 03:58 . 2012-05-12 16:36 -------- d-----w- c:\users\Ryan\AppData\Roaming\.purple
2012-05-12 03:57 . 2012-05-12 04:02 -------- d-----w- c:\programdata\blekko toolbars
2012-05-12 03:57 . 2012-05-12 04:01 -------- d-----w- c:\program files (x86)\Chat Messenger
2012-05-12 03:01 . 2012-05-12 03:01 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\77b3f8391cd2feb01\MeshBetaRemover.exe
2012-05-11 00:57 . 2012-05-17 22:12 -------- d-----w- c:\users\Ryan\Tracing
2012-05-11 00:51 . 2012-05-11 00:51 -------- d-----w- c:\users\Ryan\AppData\Local\Windows Live Writer
2012-05-11 00:51 . 2012-05-11 00:51 -------- d-----w- c:\users\Ryan\AppData\Roaming\Windows Live Writer
2012-05-10 20:37 . 2012-05-10 20:37 -------- d-----w- c:\windows\en
2012-05-10 20:33 . 2012-05-10 20:33 -------- d-----w- c:\program files\Windows Live
2012-05-10 20:32 . 2009-09-04 21:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2012-05-10 20:32 . 2009-09-04 21:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2012-05-10 20:32 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-05-10 20:32 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-05-10 20:30 . 2012-05-10 20:30 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bf7bb6b41cd2eeb06\DSETUP.dll
2012-05-10 20:30 . 2012-05-10 20:30 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bf7bb6b41cd2eeb06\DXSETUP.exe
2012-05-10 20:30 . 2012-05-10 20:30 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bf7bb6b41cd2eeb06\dsetup32.dll
2012-05-10 20:30 . 2012-05-10 20:30 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bc1e9c681cd2eeb05\DSETUP.dll
2012-05-10 20:30 . 2012-05-10 20:30 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bc1e9c681cd2eeb05\DXSETUP.exe
2012-05-10 20:30 . 2012-05-10 20:30 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bc1e9c681cd2eeb05\dsetup32.dll
2012-05-10 20:29 . 2012-05-17 21:26 -------- d-----w- c:\users\Ryan\AppData\Local\Windows Live
2012-05-10 20:08 . 2012-05-10 20:08 -------- d-----w- c:\users\Ryan\AppData\Roaming\Avira
2012-05-10 20:03 . 2012-05-11 20:04 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-10 20:03 . 2012-05-11 20:04 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-10 20:03 . 2011-09-16 20:09 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-10 20:03 . 2012-05-10 20:03 -------- d-----w- c:\programdata\Avira
2012-05-10 20:03 . 2012-05-10 20:03 -------- d-----w- c:\program files (x86)\Avira
2012-05-10 19:42 . 2012-05-13 04:45 -------- d-----w- c:\program files (x86)\BitTorrent
2012-05-10 04:54 . 2012-05-10 04:54 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-22 19:28 . 2012-04-22 19:28 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-04-22 19:28 . 2012-04-22 19:28 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-04-22 19:28 . 2012-05-10 04:54 838584 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2012-04-22 19:28 . 2012-05-10 04:54 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-22 19:28 . 2012-05-10 04:54 449464 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2012-04-22 19:28 . 2012-05-10 04:54 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-22 19:28 . 2012-05-10 04:54 1952696 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2012-04-22 19:28 . 2012-05-10 04:54 16312 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2012-04-22 19:28 . 2012-05-10 04:54 101304 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2012-04-22 19:28 . 2012-04-22 19:28 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-04-22 19:28 . 2012-04-22 19:28 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-04-22 19:28 . 2012-04-22 19:28 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-04-22 00:22 . 2012-04-22 00:22 -------- d-----w- c:\users\Ryan\AppData\Roaming\Dartfish
2012-04-22 00:22 . 2012-04-22 00:22 -------- d-----w- c:\users\Ryan\AppData\Local\Dartfish
2012-04-22 00:21 . 2012-04-22 00:21 -------- d-----w- c:\programdata\SafeNet Sentinel
2012-04-22 00:21 . 2012-04-22 00:21 -------- d-----w- c:\programdata\Dartfish
2012-04-17 23:13 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-17 23:13 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-17 23:13 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-17 23:13 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-17 23:13 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-17 23:13 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-17 23:13 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 03:13 . 2010-07-01 18:29 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-10 20:33 . 2011-03-28 22:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-28 06:39 . 2012-04-12 00:22 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 05:38 . 2012-04-12 00:22 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 04:31 . 2012-04-12 00:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 03:52 . 2012-04-12 00:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-28 00:11 . 2012-02-28 00:11 40960 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-02-28 00:11 . 2012-02-28 00:11 40960 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-02-23 14:18 . 2010-07-01 14:23 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-02-10 1712184]
"AIM"="c:\program files (x86)\AIM\aim.exe" [2010-09-16 4425048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [2009-11-30 240472]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-11 348624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-10 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-01-24 89600]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-11 86224]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-04-01 338168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-04-29 91456]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-23 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4065100185-737892918-4091089676-1001Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 05:06]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4065100185-737892918-4091089676-1001UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 05:06]
.
2012-05-15 c:\windows\Tasks\HPCeeScheduleForRyan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-17 323072]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-24 489472]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1931024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=20120512E05F4DB6A039F29C7DEC8C16&tbp=homepage
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\s3ct33b1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - sports.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-17 18:28:02
ComboFix-quarantined-files.txt 2012-05-17 22:28
ComboFix2.txt 2012-05-13 07:47
.
Pre-Run: 381,921,902,592 bytes free
Post-Run: 382,115,414,016 bytes free
.
- - End Of File - - CC4BC4AF664B37FB37625F764A7ECD04

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira Free Antivirus
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 32
Adobe Flash Player 10.1.82.76 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

Edited by jets24, 17 May 2012 - 06:14 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 18 May 2012 - 07:30 AM

Your ComboFix is clean.

Click the Posted Image button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

If this fails to stop the redirection it could mean that your router is corrupted.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html
===

Critical vulnerabilities have been identified in Adobe Flash Player v11.2.202.233 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

#7 jets24

jets24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 19 May 2012 - 12:25 PM

Thanks for all your help, everything looks good as far as the redirecting is gone.. I do keep getting this error though..

c:\program files (x86)\avira\antivir desktop\ipmGui.exe

Illegal operation attempted on a registry key that has been marked for deletion.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 19 May 2012 - 01:28 PM

Illegal operation attempted on a registry key that has been marked for deletion.


When was the last time you restarted the computer?

#9 jets24

jets24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 20 May 2012 - 08:44 AM

couple of days ago.. if I still have redirect problems, then I'd have to correct my router right?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 20 May 2012 - 12:04 PM

Restart the computer normally.

Connect to the router if you get any redirection it may mean that your router is infected. Reset it.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 26 May 2012 - 09:02 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users