Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect... and connection issue?


  • This topic is locked This topic is locked
15 replies to this topic

#1 thebigdawg2002

thebigdawg2002

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 20 July 2012 - 06:52 AM

Yesterday, my internet began acting up, losing connection for about 10 seconds at a time roughly every 15-30 minutes. Around the same time, I noticed my computer slowing down, my google search links being redirected and eventually, my firefox just stopped working all together. It wouldn't even open (although Chrome did).
So I uninstalled Firefox and got on Chrome to install it again. When I typed in "www.mozilla.com" it took me to a Hotmail login. When I put it in safe mode, though, everything worked just fine.

I'd love to give you the GMER log as requested, but the step where it tells me to check/uncheck the boxes on the right, most are grayed out and I don't have that option. So the "ark.txt" log attached is only with "Services" "Registry" and "Files" checked above the box... C:\ drive checked and "ADS" checked. That's it.

Anyway... below are the logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by ChrisAnderson at 0:44:59 on 2012-07-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.2497 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\ChrisAnderson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [nutoc] "C:\Windows\System32\rundll32.exe" "C:\Users\ChrisAnderson\AppData\Roaming\nutoc.dll",MatrixShadow
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4C14B532-793E-4951-A97D-32A8DFB80706} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4C14B532-793E-4951-A97D-32A8DFB80706}\34F6D666F6274794E6E61363 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{4C14B532-793E-4951-A97D-32A8DFB80706}\76F6563786 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{4C14B532-793E-4951-A97D-32A8DFB80706}\84967686C616E64602D4162796E616028234162696E602234392 : DhcpNameServer = 66.0.214.14 207.230.75.34
TCP: Interfaces\{4C14B532-793E-4951-A97D-32A8DFB80706}\84F6D656F545F677E656 : DhcpNameServer = 74.128.17.114 74.128.19.102
TCP: Interfaces\{4C14B532-793E-4951-A97D-32A8DFB80706}\B6964637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4C14B532-793E-4951-A97D-32A8DFB80706}\F475E40214 : DhcpNameServer = 68.87.68.162 68.87.74.162
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ChrisAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\sjgeobbl.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ChrisAnderson\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2011-11-30 92800]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-19 44808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-25 2656280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-26 241488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-4-2 267480]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-19 113120]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-9 257696]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-19 19:23:01 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{3E761A62-FBD8-4726-9B76-0887592B9DF5}
2012-07-19 19:22:49 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{CD83C98C-A43B-446D-B0B3-BD3064136C20}
2012-07-19 12:29:14 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-19 12:29:13 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-19 12:29:13 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-19 12:29:01 41224 ----a-w- C:\Windows\avastSS.scr
2012-07-19 12:28:50 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-19 12:28:50 -------- d-----w- C:\Program Files\AVAST Software
2012-07-19 12:05:00 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-18 12:10:24 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{84742948-D0D1-11E1-8270-B8AC6F996F26}
2012-07-18 12:10:24 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{8473F7FD-D0D1-11E1-8270-B8AC6F996F26}
2012-07-18 12:10:20 399872 ----a-w- C:\Users\ChrisAnderson\AppData\Roaming\nutoc.dll
2012-07-09 13:11:16 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\Macromedia
2012-07-09 13:09:04 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-06 21:50:44 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\Win
2012-07-06 21:50:43 -------- d-----w- C:\ProgramData\F4D55F59223F5E79592BCDE3B4EB2367
2012-07-06 21:50:32 -------- d-----w- C:\Users\ChrisAnderson\AppData\Roaming\Ygmofu
2012-07-06 21:50:32 -------- d-----w- C:\Users\ChrisAnderson\AppData\Roaming\Utwu
2012-07-06 21:50:32 -------- d-----w- C:\Users\ChrisAnderson\AppData\Roaming\Orixx
2012-07-05 15:41:58 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{BF79867D-F722-43F8-B1BC-C3FFA8B46B0C}
2012-07-05 15:41:36 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{6259F479-856A-442E-83DC-CFE4933C2E1D}
2012-07-02 14:37:48 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{097A67C9-35AA-4449-B4E3-447541F0F8F6}
2012-07-02 14:37:36 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{10EF94CD-9442-4FA8-AEC3-744D4B6BCC52}
2012-06-26 20:27:23 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{40D9866D-4DBA-4CC6-A2A4-B331D8E58C23}
2012-06-26 20:27:11 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{1CC63362-BCDC-48F0-867E-E9625E5FE200}
2012-06-26 20:18:26 -------- d-----w- C:\Windows\en
2012-06-26 20:15:05 -------- d-----w- C:\Windows\fr
2012-06-26 20:14:51 -------- d-----w- C:\Windows\es
2012-06-26 20:05:40 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-06-26 20:02:41 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-26 19:51:34 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16e0092d1cd53d502\MeshBetaRemover.exe
2012-06-26 19:51:32 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\15c14e8a1cd53d501\DSETUP.dll
2012-06-26 19:51:32 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\15c14e8a1cd53d501\DXSETUP.exe
2012-06-26 19:51:32 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\15c14e8a1cd53d501\dsetup32.dll
2012-06-26 19:49:26 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{6F45B13E-2E54-400C-9450-25121F3E2E4E}
2012-06-26 19:49:14 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{9CE5C33D-90E9-453D-9DFC-08ECE8081EC8}
2012-06-26 19:48:53 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{7F51982F-D2DB-4829-9454-1FDBB59CB109}
2012-06-26 19:48:41 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{327C7DF9-BDF3-47A5-B987-BD2A537B3871}
2012-06-26 19:31:56 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{1931DB64-A9B2-4A72-B270-F7C9264246A0}
2012-06-26 19:31:45 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{ABF51340-CCA9-4C19-8DE5-D98FEA4ED4AE}
2012-06-25 12:28:31 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{775A464D-A12E-4690-8C2E-F61D7201BDEA}
2012-06-25 12:28:08 -------- d-----w- C:\Users\ChrisAnderson\AppData\Local\{50D095A8-7824-46F9-AC04-0B8D685CEA1E}
2012-06-21 11:35:36 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 11:35:00 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 11:34:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 11:34:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-19 13:41:39 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2012-07-19 12:04:51 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-09 13:40:30 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 0:46:39.54 ===============





I'm very appreciative of your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 thebigdawg2002

thebigdawg2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 25 July 2012 - 06:25 AM

Been over five days... anyone around here?

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 AM

Posted 25 July 2012 - 06:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461573 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:02:20 PM

Posted 25 July 2012 - 07:31 AM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.




Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#5 thebigdawg2002

thebigdawg2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 25 July 2012 - 07:39 AM

Update on problems and what I have done over the last five days....

I ran Malware Bytes, both a quick and full scan. It found several items, removed them, but the problem did not stop.

Therefore, I downloaded Avast. I ran a quick and full scan, as well as a "startup" scan. It found several items, but also did nto stop any of my issues.

Looking through the forums, I noticed several people being told to try the ESET Scanner. I went through that, it found one infected file, deleted it and now my google redirect problem seems to have disappeared. I have yet to be redirected since then and just now went through, searched several things and clicked a handful of results for each - and no redirects, although things are going slow.

ALSO... I am still having connectivity issues. Every 20-30 minutes (or less, it seems to be random), my connection drops out for like 10-15 seconds. Typically, this will cause whatever website I was attempting to load not come up, but if I wait a minute, I can reload. I have reset my modem, reset my router and clicked "DIAGNOSE" in the Network and Sharing Center. When I do the "diagnose," it comes up and says it has fixed the "problem with wireless adapter or access point" and has done so by resetting the network adapter. Again, that doesn't make the problem stop.

I've called Comcast and they tell me there are no issues. I've used another computer and it does not happen on that. I had never had this problem and it only came up shortly after I started getting the redirect... so I'm not sure if the virus changed my internet settings somehow, or if it is just dormant on my computer and still screwing with me the only way it can.


Anyways.... this is a Windows 7 Home Premium running on a 64-bit system. I do NOT have the Windows CD.

Logs coming....

#6 thebigdawg2002

thebigdawg2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 25 July 2012 - 07:41 AM

Oops, above post was in reply to the Helpbot.

I will now do what you asked, Larusso.

#7 thebigdawg2002

thebigdawg2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 25 July 2012 - 07:44 AM

No Threats Found:


08:43:24.0610 125228 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
08:43:24.0961 125228 ============================================================
08:43:24.0961 125228 Current date / time: 2012/07/25 08:43:24.0961
08:43:24.0961 125228 SystemInfo:
08:43:24.0961 125228
08:43:24.0961 125228 OS Version: 6.1.7601 ServicePack: 1.0
08:43:24.0961 125228 Product type: Workstation
08:43:24.0962 125228 ComputerName: CHRISANDERSON15
08:43:24.0962 125228 UserName: ChrisAnderson
08:43:24.0962 125228 Windows directory: C:\Windows
08:43:24.0962 125228 System windows directory: C:\Windows
08:43:24.0962 125228 Running under WOW64
08:43:24.0962 125228 Processor architecture: Intel x64
08:43:24.0962 125228 Number of processors: 2
08:43:24.0962 125228 Page size: 0x1000
08:43:24.0962 125228 Boot type: Normal boot
08:43:24.0962 125228 ============================================================
08:43:26.0112 125228 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:43:26.0151 125228 ============================================================
08:43:26.0151 125228 \Device\Harddisk0\DR0:
08:43:26.0152 125228 MBR partitions:
08:43:26.0152 125228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xEE79000
08:43:26.0152 125228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12079800, BlocksNum 0x133B4800
08:43:26.0152 125228 ============================================================
08:43:26.0172 125228 C: <-> \Device\Harddisk0\DR0\Partition0
08:43:26.0206 125228 D: <-> \Device\Harddisk0\DR0\Partition1
08:43:26.0231 125228 ============================================================
08:43:26.0231 125228 Initialize success
08:43:26.0231 125228 ============================================================
08:43:28.0971 123356 ============================================================
08:43:28.0971 123356 Scan started
08:43:28.0971 123356 Mode: Manual;
08:43:28.0972 123356 ============================================================
08:43:31.0503 123356 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:43:31.0520 123356 1394ohci - ok
08:43:31.0569 123356 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:43:31.0580 123356 ACPI - ok
08:43:31.0607 123356 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:43:31.0615 123356 AcpiPmi - ok
08:43:32.0614 123356 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:43:32.0639 123356 AdobeFlashPlayerUpdateSvc - ok
08:43:32.0719 123356 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:43:32.0748 123356 adp94xx - ok
08:43:32.0806 123356 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:43:32.0821 123356 adpahci - ok
08:43:32.0855 123356 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:43:32.0865 123356 adpu320 - ok
08:43:32.0920 123356 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:43:32.0929 123356 AeLookupSvc - ok
08:43:33.0000 123356 AFBAgent (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe
08:43:33.0028 123356 AFBAgent - ok
08:43:33.0120 123356 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:43:33.0168 123356 AFD - ok
08:43:33.0210 123356 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:43:33.0219 123356 agp440 - ok
08:43:33.0235 123356 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:43:33.0243 123356 ALG - ok
08:43:33.0257 123356 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:43:33.0263 123356 aliide - ok
08:43:33.0274 123356 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:43:33.0280 123356 amdide - ok
08:43:33.0310 123356 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:43:33.0319 123356 AmdK8 - ok
08:43:33.0332 123356 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:43:33.0339 123356 AmdPPM - ok
08:43:33.0390 123356 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:43:33.0398 123356 amdsata - ok
08:43:33.0433 123356 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:43:33.0451 123356 amdsbs - ok
08:43:33.0476 123356 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:43:33.0485 123356 amdxata - ok
08:43:33.0625 123356 Amsp (e8494519bcb9e3b1b72e5604993a76e3) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
08:43:33.0640 123356 Amsp - ok
08:43:33.0677 123356 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:43:33.0683 123356 AppID - ok
08:43:33.0717 123356 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:43:33.0724 123356 AppIDSvc - ok
08:43:33.0751 123356 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:43:33.0757 123356 Appinfo - ok
08:43:33.0777 123356 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:43:33.0786 123356 arc - ok
08:43:33.0798 123356 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:43:33.0805 123356 arcsas - ok
08:43:33.0939 123356 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
08:43:33.0945 123356 ASLDRService - ok
08:43:33.0980 123356 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
08:43:33.0986 123356 ASMMAP64 - ok
08:43:34.0039 123356 asmthub3 (c5f36b1087553bac84b493e4dfea9036) C:\Windows\system32\DRIVERS\asmthub3.sys
08:43:34.0055 123356 asmthub3 - ok
08:43:34.0114 123356 asmtxhci (aa6797e04ac24dbac4c239a33f468463) C:\Windows\system32\DRIVERS\asmtxhci.sys
08:43:34.0136 123356 asmtxhci - ok
08:43:34.0191 123356 ASUS InstantOn (8165c8825c726a7d5efdf863a2d1c28f) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
08:43:34.0201 123356 ASUS InstantOn - ok
08:43:34.0257 123356 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
08:43:34.0263 123356 aswFsBlk - ok
08:43:34.0326 123356 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
08:43:34.0333 123356 aswMonFlt - ok
08:43:34.0357 123356 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
08:43:34.0363 123356 aswRdr - ok
08:43:34.0431 123356 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
08:43:34.0485 123356 aswSnx - ok
08:43:34.0528 123356 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
08:43:34.0553 123356 aswSP - ok
08:43:34.0580 123356 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
08:43:34.0587 123356 aswTdi - ok
08:43:34.0620 123356 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:43:34.0628 123356 AsyncMac - ok
08:43:34.0643 123356 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:43:34.0650 123356 atapi - ok
08:43:34.0814 123356 athr (b4174564ad5834a1680610572477878c) C:\Windows\system32\DRIVERS\athrx.sys
08:43:34.0905 123356 athr - ok
08:43:35.0029 123356 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
08:43:35.0037 123356 ATKGFNEXSrv - ok
08:43:35.0110 123356 ATKWMIACPIIO (41ceaffcf3550785e59e3ec9bee8d97a) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
08:43:35.0119 123356 ATKWMIACPIIO - ok
08:43:35.0506 123356 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:43:35.0548 123356 AudioEndpointBuilder - ok
08:43:35.0565 123356 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:43:35.0580 123356 AudioSrv - ok
08:43:35.0713 123356 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:43:35.0719 123356 avast! Antivirus - ok
08:43:35.0791 123356 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:43:35.0807 123356 AxInstSV - ok
08:43:36.0005 123356 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:43:36.0042 123356 b06bdrv - ok
08:43:36.0091 123356 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:43:36.0118 123356 b57nd60a - ok
08:43:36.0226 123356 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
08:43:36.0242 123356 BBSvc - ok
08:43:36.0299 123356 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:43:36.0318 123356 BDESVC - ok
08:43:36.0327 123356 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:43:36.0333 123356 Beep - ok
08:43:36.0416 123356 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:43:36.0475 123356 BFE - ok
08:43:36.0499 123356 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:43:36.0508 123356 blbdrive - ok
08:43:36.0547 123356 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:43:36.0566 123356 bowser - ok
08:43:36.0574 123356 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:43:36.0581 123356 BrFiltLo - ok
08:43:36.0590 123356 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:43:36.0596 123356 BrFiltUp - ok
08:43:36.0646 123356 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:43:36.0661 123356 Browser - ok
08:43:36.0698 123356 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:43:36.0723 123356 Brserid - ok
08:43:36.0732 123356 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:43:36.0742 123356 BrSerWdm - ok
08:43:36.0749 123356 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:43:36.0758 123356 BrUsbMdm - ok
08:43:36.0766 123356 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:43:36.0775 123356 BrUsbSer - ok
08:43:36.0841 123356 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
08:43:36.0847 123356 BthEnum - ok
08:43:36.0863 123356 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:43:36.0871 123356 BTHMODEM - ok
08:43:36.0884 123356 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
08:43:36.0894 123356 BthPan - ok
08:43:36.0981 123356 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
08:43:37.0012 123356 BTHPORT - ok
08:43:37.0030 123356 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:43:37.0045 123356 bthserv - ok
08:43:37.0070 123356 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
08:43:37.0077 123356 BTHUSB - ok
08:43:37.0119 123356 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:43:37.0126 123356 cdfs - ok
08:43:37.0162 123356 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:43:37.0170 123356 cdrom - ok
08:43:37.0223 123356 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:43:37.0231 123356 CertPropSvc - ok
08:43:37.0244 123356 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:43:37.0250 123356 circlass - ok
08:43:37.0308 123356 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:43:37.0330 123356 CLFS - ok
08:43:37.0498 123356 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:43:37.0507 123356 clr_optimization_v2.0.50727_32 - ok
08:43:37.0598 123356 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:43:37.0617 123356 clr_optimization_v2.0.50727_64 - ok
08:43:37.0824 123356 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:43:37.0875 123356 clr_optimization_v4.0.30319_32 - ok
08:43:37.0975 123356 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:43:37.0993 123356 clr_optimization_v4.0.30319_64 - ok
08:43:38.0044 123356 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:43:38.0051 123356 CmBatt - ok
08:43:38.0063 123356 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:43:38.0069 123356 cmdide - ok
08:43:38.0157 123356 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:43:38.0195 123356 CNG - ok
08:43:38.0230 123356 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:43:38.0241 123356 Compbatt - ok
08:43:38.0259 123356 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:43:38.0265 123356 CompositeBus - ok
08:43:38.0280 123356 COMSysApp - ok
08:43:38.0292 123356 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:43:38.0299 123356 crcdisk - ok
08:43:38.0351 123356 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:43:38.0376 123356 CryptSvc - ok
08:43:38.0571 123356 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
08:43:38.0621 123356 cvhsvc - ok
08:43:38.0684 123356 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:43:38.0747 123356 DcomLaunch - ok
08:43:38.0793 123356 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:43:38.0819 123356 defragsvc - ok
08:43:38.0943 123356 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:43:38.0963 123356 DfsC - ok
08:43:39.0014 123356 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:43:39.0035 123356 Dhcp - ok
08:43:39.0049 123356 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:43:39.0059 123356 discache - ok
08:43:39.0103 123356 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:43:39.0114 123356 Disk - ok
08:43:39.0175 123356 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:43:39.0195 123356 Dnscache - ok
08:43:39.0230 123356 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:43:39.0251 123356 dot3svc - ok
08:43:39.0283 123356 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:43:39.0313 123356 DPS - ok
08:43:39.0337 123356 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:43:39.0347 123356 drmkaud - ok
08:43:39.0441 123356 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:43:39.0509 123356 DXGKrnl - ok
08:43:39.0534 123356 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:43:39.0552 123356 EapHost - ok
08:43:39.0739 123356 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:43:39.0860 123356 ebdrv - ok
08:43:40.0233 123356 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:43:40.0254 123356 EFS - ok
08:43:40.0404 123356 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:43:40.0439 123356 ehRecvr - ok
08:43:40.0459 123356 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:43:40.0476 123356 ehSched - ok
08:43:40.0636 123356 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:43:40.0673 123356 elxstor - ok
08:43:40.0681 123356 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:43:40.0688 123356 ErrDev - ok
08:43:40.0772 123356 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:43:40.0806 123356 EventSystem - ok
08:43:40.0838 123356 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:43:40.0862 123356 exfat - ok
08:43:40.0879 123356 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:43:40.0899 123356 fastfat - ok
08:43:40.0975 123356 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:43:41.0028 123356 Fax - ok
08:43:41.0052 123356 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:43:41.0057 123356 fdc - ok
08:43:41.0086 123356 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:43:41.0094 123356 fdPHost - ok
08:43:41.0102 123356 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:43:41.0110 123356 FDResPub - ok
08:43:41.0122 123356 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:43:41.0129 123356 FileInfo - ok
08:43:41.0136 123356 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:43:41.0145 123356 Filetrace - ok
08:43:41.0293 123356 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
08:43:41.0315 123356 FlipShare Service - ok
08:43:41.0421 123356 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
08:43:41.0457 123356 FlipShareServer - ok
08:43:41.0846 123356 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:43:41.0853 123356 flpydisk - ok
08:43:41.0891 123356 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:43:41.0904 123356 FltMgr - ok
08:43:41.0987 123356 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:43:42.0042 123356 FontCache - ok
08:43:42.0121 123356 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:43:42.0128 123356 FontCache3.0.0.0 - ok
08:43:42.0152 123356 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:43:42.0159 123356 FsDepends - ok
08:43:42.0203 123356 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
08:43:42.0211 123356 fssfltr - ok
08:43:42.0405 123356 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:43:42.0486 123356 fsssvc - ok
08:43:42.0911 123356 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:43:42.0918 123356 Fs_Rec - ok
08:43:42.0975 123356 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:43:43.0002 123356 fvevol - ok
08:43:43.0022 123356 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:43:43.0031 123356 gagp30kx - ok
08:43:43.0106 123356 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:43:43.0172 123356 gpsvc - ok
08:43:43.0184 123356 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:43:43.0191 123356 hcw85cir - ok
08:43:43.0271 123356 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:43:43.0297 123356 HdAudAddService - ok
08:43:43.0343 123356 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:43:43.0356 123356 HDAudBus - ok
08:43:43.0375 123356 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:43:43.0382 123356 HidBatt - ok
08:43:43.0401 123356 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:43:43.0409 123356 HidBth - ok
08:43:43.0435 123356 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:43:43.0441 123356 HidIr - ok
08:43:43.0466 123356 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
08:43:43.0488 123356 hidserv - ok
08:43:43.0500 123356 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:43:43.0506 123356 HidUsb - ok
08:43:43.0536 123356 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:43:43.0559 123356 hkmsvc - ok
08:43:43.0609 123356 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:43:43.0633 123356 HomeGroupListener - ok
08:43:43.0671 123356 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:43:43.0696 123356 HomeGroupProvider - ok
08:43:43.0725 123356 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:43:43.0734 123356 HpSAMD - ok
08:43:43.0801 123356 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:43:43.0833 123356 HTTP - ok
08:43:43.0839 123356 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:43:43.0845 123356 hwpolicy - ok
08:43:43.0861 123356 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:43:43.0868 123356 i8042prt - ok
08:43:43.0945 123356 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
08:43:43.0956 123356 iaStor - ok
08:43:44.0004 123356 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:43:44.0035 123356 iaStorV - ok
08:43:44.0167 123356 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:43:44.0200 123356 idsvc - ok
08:43:44.0842 123356 igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:43:45.0250 123356 igfx - ok
08:43:45.0685 123356 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:43:45.0693 123356 iirsp - ok
08:43:45.0774 123356 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:43:45.0836 123356 IKEEXT - ok
08:43:46.0054 123356 IntcAzAudAddService (651972b4061f940dc154c6f7b948b76a) C:\Windows\system32\drivers\RTKVHD64.sys
08:43:46.0150 123356 IntcAzAudAddService - ok
08:43:46.0573 123356 IntcDAud (ae594cc17c33ac146739494615e14851) C:\Windows\system32\DRIVERS\IntcDAud.sys
08:43:46.0597 123356 IntcDAud - ok
08:43:46.0629 123356 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:43:46.0639 123356 intelide - ok
08:43:46.0660 123356 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:43:46.0666 123356 intelppm - ok
08:43:46.0708 123356 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:43:46.0725 123356 IPBusEnum - ok
08:43:46.0748 123356 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:43:46.0758 123356 IpFilterDriver - ok
08:43:46.0809 123356 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:43:46.0871 123356 iphlpsvc - ok
08:43:46.0885 123356 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:43:46.0893 123356 IPMIDRV - ok
08:43:46.0909 123356 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:43:46.0919 123356 IPNAT - ok
08:43:46.0937 123356 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:43:46.0943 123356 IRENUM - ok
08:43:46.0953 123356 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:43:46.0959 123356 isapnp - ok
08:43:46.0996 123356 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:43:47.0018 123356 iScsiPrt - ok
08:43:47.0029 123356 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:43:47.0038 123356 kbdclass - ok
08:43:47.0048 123356 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:43:47.0055 123356 kbdhid - ok
08:43:47.0077 123356 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
08:43:47.0084 123356 kbfiltr - ok
08:43:47.0114 123356 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:43:47.0123 123356 KeyIso - ok
08:43:47.0152 123356 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:43:47.0171 123356 KSecDD - ok
08:43:47.0201 123356 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:43:47.0218 123356 KSecPkg - ok
08:43:47.0234 123356 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:43:47.0242 123356 ksthunk - ok
08:43:47.0296 123356 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:43:47.0325 123356 KtmRm - ok
08:43:47.0357 123356 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
08:43:47.0375 123356 L1C - ok
08:43:47.0438 123356 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
08:43:47.0466 123356 LanmanServer - ok
08:43:47.0503 123356 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:43:47.0533 123356 LanmanWorkstation - ok
08:43:47.0574 123356 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:43:47.0581 123356 lltdio - ok
08:43:47.0618 123356 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:43:47.0642 123356 lltdsvc - ok
08:43:47.0650 123356 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:43:47.0662 123356 lmhosts - ok
08:43:47.0828 123356 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:43:47.0852 123356 LMS - ok
08:43:47.0901 123356 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:43:47.0910 123356 LSI_FC - ok
08:43:47.0930 123356 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:43:47.0942 123356 LSI_SAS - ok
08:43:47.0958 123356 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:43:47.0972 123356 LSI_SAS2 - ok
08:43:48.0012 123356 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:43:48.0026 123356 LSI_SCSI - ok
08:43:48.0051 123356 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:43:48.0074 123356 luafv - ok
08:43:48.0116 123356 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:43:48.0136 123356 Mcx2Svc - ok
08:43:48.0149 123356 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:43:48.0156 123356 megasas - ok
08:43:48.0200 123356 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:43:48.0212 123356 MegaSR - ok
08:43:48.0272 123356 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
08:43:48.0290 123356 MEIx64 - ok
08:43:48.0328 123356 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:43:48.0343 123356 MMCSS - ok
08:43:48.0351 123356 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:43:48.0359 123356 Modem - ok
08:43:48.0377 123356 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:43:48.0382 123356 monitor - ok
08:43:48.0400 123356 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:43:48.0409 123356 mouclass - ok
08:43:48.0446 123356 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
08:43:48.0453 123356 mouhid - ok
08:43:48.0474 123356 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:43:48.0492 123356 mountmgr - ok
08:43:48.0600 123356 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:43:48.0608 123356 MozillaMaintenance - ok
08:43:48.0630 123356 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:43:48.0639 123356 mpio - ok
08:43:48.0650 123356 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:43:48.0657 123356 mpsdrv - ok
08:43:48.0709 123356 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:43:48.0746 123356 MpsSvc - ok
08:43:48.0776 123356 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:43:48.0783 123356 MRxDAV - ok
08:43:48.0835 123356 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:43:48.0855 123356 mrxsmb - ok
08:43:48.0885 123356 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:43:48.0908 123356 mrxsmb10 - ok
08:43:48.0934 123356 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:43:48.0953 123356 mrxsmb20 - ok
08:43:48.0961 123356 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:43:48.0967 123356 msahci - ok
08:43:48.0994 123356 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:43:49.0002 123356 msdsm - ok
08:43:49.0051 123356 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:43:49.0071 123356 MSDTC - ok
08:43:49.0099 123356 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:43:49.0108 123356 Msfs - ok
08:43:49.0127 123356 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:43:49.0132 123356 mshidkmdf - ok
08:43:49.0144 123356 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:43:49.0149 123356 msisadrv - ok
08:43:49.0191 123356 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:43:49.0209 123356 MSiSCSI - ok
08:43:49.0214 123356 msiserver - ok
08:43:49.0225 123356 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:43:49.0230 123356 MSKSSRV - ok
08:43:49.0235 123356 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:43:49.0243 123356 MSPCLOCK - ok
08:43:49.0249 123356 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:43:49.0254 123356 MSPQM - ok
08:43:49.0286 123356 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:43:49.0299 123356 MsRPC - ok
08:43:49.0312 123356 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:43:49.0318 123356 mssmbios - ok
08:43:49.0326 123356 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:43:49.0332 123356 MSTEE - ok
08:43:49.0341 123356 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:43:49.0346 123356 MTConfig - ok
08:43:49.0358 123356 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:43:49.0373 123356 Mup - ok
08:43:49.0412 123356 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:43:49.0436 123356 napagent - ok
08:43:49.0486 123356 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:43:49.0512 123356 NativeWifiP - ok
08:43:49.0604 123356 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
08:43:49.0648 123356 NDIS - ok
08:43:49.0669 123356 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:43:49.0678 123356 NdisCap - ok
08:43:49.0702 123356 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:43:49.0709 123356 NdisTapi - ok
08:43:49.0729 123356 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:43:49.0736 123356 Ndisuio - ok
08:43:49.0762 123356 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:43:49.0772 123356 NdisWan - ok
08:43:49.0795 123356 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:43:49.0803 123356 NDProxy - ok
08:43:49.0818 123356 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:43:49.0825 123356 NetBIOS - ok
08:43:49.0863 123356 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:43:49.0874 123356 NetBT - ok
08:43:49.0929 123356 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:43:49.0939 123356 Netlogon - ok
08:43:50.0009 123356 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:43:50.0033 123356 Netman - ok
08:43:50.0071 123356 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:43:50.0101 123356 netprofm - ok
08:43:50.0209 123356 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:43:50.0227 123356 NetTcpPortSharing - ok
08:43:50.0261 123356 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:43:50.0277 123356 nfrd960 - ok
08:43:50.0310 123356 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:43:50.0335 123356 NlaSvc - ok
08:43:50.0348 123356 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:43:50.0356 123356 Npfs - ok
08:43:50.0397 123356 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:43:50.0415 123356 nsi - ok
08:43:50.0425 123356 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:43:50.0432 123356 nsiproxy - ok
08:43:50.0588 123356 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:43:50.0648 123356 Ntfs - ok
08:43:51.0050 123356 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:43:51.0058 123356 Null - ok
08:43:51.0091 123356 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:43:51.0110 123356 nvraid - ok
08:43:51.0132 123356 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:43:51.0142 123356 nvstor - ok
08:43:51.0180 123356 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:43:51.0187 123356 nv_agp - ok
08:43:51.0202 123356 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:43:51.0210 123356 ohci1394 - ok
08:43:51.0350 123356 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:43:51.0361 123356 ose - ok
08:43:51.0653 123356 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:43:51.0785 123356 osppsvc - ok
08:43:52.0070 123356 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:43:52.0097 123356 p2pimsvc - ok
08:43:52.0145 123356 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:43:52.0182 123356 p2psvc - ok
08:43:52.0312 123356 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:43:52.0330 123356 Parport - ok
08:43:52.0354 123356 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:43:52.0362 123356 partmgr - ok
08:43:52.0385 123356 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:43:52.0400 123356 PcaSvc - ok
08:43:52.0425 123356 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:43:52.0437 123356 pci - ok
08:43:52.0449 123356 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:43:52.0456 123356 pciide - ok
08:43:52.0487 123356 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:43:52.0498 123356 pcmcia - ok
08:43:52.0515 123356 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:43:52.0523 123356 pcw - ok
08:43:52.0592 123356 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:43:52.0622 123356 PEAUTH - ok
08:43:52.0852 123356 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:43:52.0863 123356 PerfHost - ok
08:43:52.0994 123356 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:43:53.0048 123356 pla - ok
08:43:53.0120 123356 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:43:53.0156 123356 PlugPlay - ok
08:43:53.0180 123356 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:43:53.0200 123356 PNRPAutoReg - ok
08:43:53.0231 123356 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:43:53.0250 123356 PNRPsvc - ok
08:43:53.0315 123356 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:43:53.0352 123356 PolicyAgent - ok
08:43:53.0404 123356 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:43:53.0429 123356 Power - ok
08:43:53.0579 123356 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:43:53.0599 123356 PptpMiniport - ok
08:43:53.0621 123356 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:43:53.0628 123356 Processor - ok
08:43:53.0682 123356 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:43:53.0708 123356 ProfSvc - ok
08:43:53.0745 123356 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:43:53.0754 123356 ProtectedStorage - ok
08:43:53.0794 123356 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:43:53.0813 123356 Psched - ok
08:43:53.0911 123356 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:43:53.0978 123356 ql2300 - ok
08:43:54.0352 123356 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:43:54.0371 123356 ql40xx - ok
08:43:54.0409 123356 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:43:54.0434 123356 QWAVE - ok
08:43:54.0444 123356 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:43:54.0450 123356 QWAVEdrv - ok
08:43:54.0458 123356 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:43:54.0464 123356 RasAcd - ok
08:43:54.0525 123356 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:43:54.0532 123356 RasAgileVpn - ok
08:43:54.0553 123356 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:43:54.0570 123356 RasAuto - ok
08:43:54.0589 123356 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:43:54.0601 123356 Rasl2tp - ok
08:43:54.0639 123356 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:43:54.0673 123356 RasMan - ok
08:43:54.0692 123356 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:43:54.0703 123356 RasPppoe - ok
08:43:54.0731 123356 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:43:54.0740 123356 RasSstp - ok
08:43:54.0771 123356 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:43:54.0796 123356 rdbss - ok
08:43:54.0805 123356 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
08:43:54.0814 123356 rdpbus - ok
08:43:54.0832 123356 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:43:54.0839 123356 RDPCDD - ok
08:43:54.0856 123356 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:43:54.0866 123356 RDPENCDD - ok
08:43:54.0888 123356 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:43:54.0896 123356 RDPREFMP - ok
08:43:54.0928 123356 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:43:54.0952 123356 RDPWD - ok
08:43:54.0983 123356 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:43:54.0994 123356 rdyboost - ok
08:43:55.0055 123356 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:43:55.0074 123356 RemoteAccess - ok
08:43:55.0104 123356 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:43:55.0132 123356 RemoteRegistry - ok
08:43:55.0175 123356 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
08:43:55.0185 123356 RFCOMM - ok
08:43:55.0225 123356 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:43:55.0244 123356 RpcEptMapper - ok
08:43:55.0270 123356 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:43:55.0281 123356 RpcLocator - ok
08:43:55.0326 123356 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:43:55.0345 123356 RpcSs - ok
08:43:55.0372 123356 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:43:55.0381 123356 rspndr - ok
08:43:55.0425 123356 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:43:55.0435 123356 SamSs - ok
08:43:55.0456 123356 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:43:55.0467 123356 sbp2port - ok
08:43:55.0510 123356 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:43:55.0537 123356 SCardSvr - ok
08:43:55.0547 123356 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:43:55.0554 123356 scfilter - ok
08:43:55.0645 123356 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:43:55.0708 123356 Schedule - ok
08:43:55.0746 123356 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:43:55.0753 123356 SCPolicySvc - ok
08:43:55.0793 123356 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:43:55.0824 123356 SDRSVC - ok
08:43:55.0944 123356 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
08:43:55.0970 123356 SeaPort - ok
08:43:56.0092 123356 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:43:56.0100 123356 secdrv - ok
08:43:56.0134 123356 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:43:56.0154 123356 seclogon - ok
08:43:56.0186 123356 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:43:56.0213 123356 SENS - ok
08:43:56.0253 123356 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:43:56.0275 123356 SensrSvc - ok
08:43:56.0307 123356 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
08:43:56.0317 123356 Serenum - ok
08:43:56.0356 123356 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
08:43:56.0365 123356 Serial - ok
08:43:56.0375 123356 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:43:56.0384 123356 sermouse - ok
08:43:56.0425 123356 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:43:56.0443 123356 SessionEnv - ok
08:43:56.0452 123356 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:43:56.0457 123356 sffdisk - ok
08:43:56.0473 123356 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:43:56.0478 123356 sffp_mmc - ok
08:43:56.0490 123356 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:43:56.0495 123356 sffp_sd - ok
08:43:56.0509 123356 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:43:56.0516 123356 sfloppy - ok
08:43:56.0606 123356 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
08:43:56.0652 123356 Sftfs - ok
08:43:56.0797 123356 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
08:43:56.0825 123356 sftlist - ok
08:43:56.0892 123356 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
08:43:56.0919 123356 Sftplay - ok
08:43:56.0942 123356 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
08:43:56.0948 123356 Sftredir - ok
08:43:56.0972 123356 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
08:43:56.0978 123356 Sftvol - ok
08:43:57.0044 123356 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
08:43:57.0061 123356 sftvsa - ok
08:43:57.0115 123356 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:43:57.0137 123356 SharedAccess - ok
08:43:57.0194 123356 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:43:57.0228 123356 ShellHWDetection - ok
08:43:57.0272 123356 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
08:43:57.0281 123356 SiSGbeLH - ok
08:43:57.0302 123356 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:43:57.0309 123356 SiSRaid2 - ok
08:43:57.0332 123356 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:43:57.0340 123356 SiSRaid4 - ok
08:43:57.0361 123356 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:43:57.0370 123356 Smb - ok
08:43:57.0416 123356 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:43:57.0438 123356 SNMPTRAP - ok
08:43:57.0448 123356 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:43:57.0455 123356 spldr - ok
08:43:57.0530 123356 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:43:57.0567 123356 Spooler - ok
08:43:57.0751 123356 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:43:57.0858 123356 sppsvc - ok
08:43:58.0150 123356 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:43:58.0172 123356 sppuinotify - ok
08:43:58.0316 123356 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:43:58.0368 123356 srv - ok
08:43:58.0409 123356 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:43:58.0433 123356 srv2 - ok
08:43:58.0472 123356 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:43:58.0482 123356 srvnet - ok
08:43:58.0533 123356 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:43:58.0560 123356 SSDPSRV - ok
08:43:58.0573 123356 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:43:58.0590 123356 SstpSvc - ok
08:43:58.0626 123356 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:43:58.0635 123356 stexstor - ok
08:43:58.0713 123356 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:43:58.0741 123356 stisvc - ok
08:43:58.0749 123356 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:43:58.0755 123356 swenum - ok
08:43:58.0801 123356 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:43:58.0832 123356 swprv - ok
08:43:58.0939 123356 SynTP (7e8902f9929a5d9ffd0f545332ce0f10) C:\Windows\system32\DRIVERS\SynTP.sys
08:43:58.0984 123356 SynTP - ok
08:43:59.0327 123356 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:43:59.0385 123356 SysMain - ok
08:43:59.0681 123356 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:43:59.0709 123356 TabletInputService - ok
08:43:59.0743 123356 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:43:59.0777 123356 TapiSrv - ok
08:43:59.0793 123356 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:43:59.0822 123356 TBS - ok
08:44:00.0058 123356 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:44:00.0143 123356 Tcpip - ok
08:44:00.0713 123356 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:44:00.0818 123356 TCPIP6 - ok
08:44:01.0201 123356 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:44:01.0208 123356 tcpipreg - ok
08:44:01.0231 123356 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:44:01.0240 123356 TDPIPE - ok
08:44:01.0275 123356 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:44:01.0281 123356 TDTCP - ok
08:44:01.0314 123356 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:44:01.0321 123356 tdx - ok
08:44:01.0344 123356 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
08:44:01.0350 123356 TermDD - ok
08:44:01.0480 123356 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:44:01.0544 123356 TermService - ok
08:44:01.0790 123356 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:44:01.0808 123356 Themes - ok
08:44:01.0843 123356 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:44:01.0850 123356 THREADORDER - ok
08:44:01.0977 123356 TiMiniService (69d76ce06bb629b69165c81d83a4b03e) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
08:44:01.0986 123356 TiMiniService - ok
08:44:02.0042 123356 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
08:44:02.0060 123356 tmactmon - ok
08:44:02.0080 123356 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
08:44:02.0157 123356 tmcomm - ok
08:44:02.0203 123356 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
08:44:02.0222 123356 tmevtmgr - ok
08:44:02.0257 123356 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
08:44:02.0277 123356 tmtdi - ok
08:44:02.0315 123356 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:44:02.0344 123356 TrkWks - ok
08:44:02.0415 123356 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:44:02.0439 123356 TrustedInstaller - ok
08:44:02.0482 123356 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:44:02.0492 123356 tssecsrv - ok
08:44:02.0521 123356 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:44:02.0529 123356 TsUsbFlt - ok
08:44:02.0544 123356 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:44:02.0551 123356 TsUsbGD - ok
08:44:02.0590 123356 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:44:02.0599 123356 tunnel - ok
08:44:02.0617 123356 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:44:02.0625 123356 uagp35 - ok
08:44:02.0670 123356 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:44:02.0695 123356 udfs - ok
08:44:02.0727 123356 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:44:02.0749 123356 UI0Detect - ok
08:44:02.0770 123356 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:44:02.0779 123356 uliagpkx - ok
08:44:02.0799 123356 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:44:02.0811 123356 umbus - ok
08:44:02.0820 123356 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:44:02.0831 123356 UmPass - ok
08:44:03.0098 123356 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:44:03.0177 123356 UNS - ok
08:44:03.0478 123356 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:44:03.0502 123356 upnphost - ok
08:44:03.0733 123356 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:44:03.0746 123356 usbccgp - ok
08:44:03.0794 123356 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:44:03.0801 123356 usbcir - ok
08:44:03.0838 123356 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
08:44:03.0844 123356 usbehci - ok
08:44:03.0925 123356 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:44:03.0962 123356 usbhub - ok
08:44:04.0010 123356 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:44:04.0029 123356 usbohci - ok
08:44:04.0131 123356 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:44:04.0149 123356 usbprint - ok
08:44:04.0262 123356 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:44:04.0269 123356 usbscan - ok
08:44:04.0378 123356 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:44:04.0394 123356 USBSTOR - ok
08:44:04.0468 123356 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:44:04.0478 123356 usbuhci - ok
08:44:04.0624 123356 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
08:44:04.0640 123356 usbvideo - ok
08:44:04.0679 123356 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:44:04.0698 123356 UxSms - ok
08:44:04.0724 123356 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:44:04.0731 123356 VaultSvc - ok
08:44:04.0740 123356 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:44:04.0745 123356 vdrvroot - ok
08:44:04.0818 123356 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:44:04.0857 123356 vds - ok
08:44:04.0881 123356 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:44:04.0888 123356 vga - ok
08:44:04.0905 123356 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:44:04.0913 123356 VgaSave - ok
08:44:04.0950 123356 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:44:04.0961 123356 vhdmp - ok
08:44:04.0978 123356 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:44:04.0985 123356 viaide - ok
08:44:05.0007 123356 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:44:05.0017 123356 volmgr - ok
08:44:05.0081 123356 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:44:05.0104 123356 volmgrx - ok
08:44:05.0154 123356 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:44:05.0168 123356 volsnap - ok
08:44:05.0213 123356 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:44:05.0223 123356 vsmraid - ok
08:44:05.0349 123356 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:44:05.0416 123356 VSS - ok
08:44:05.0858 123356 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:44:05.0865 123356 vwifibus - ok
08:44:05.0880 123356 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:44:05.0888 123356 vwififlt - ok
08:44:05.0975 123356 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:44:06.0023 123356 W32Time - ok
08:44:06.0039 123356 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:44:06.0048 123356 WacomPen - ok
08:44:06.0097 123356 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:44:06.0104 123356 WANARP - ok
08:44:06.0116 123356 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:44:06.0123 123356 Wanarpv6 - ok
08:44:06.0243 123356 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:44:06.0303 123356 WatAdminSvc - ok
08:44:06.0410 123356 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:44:06.0491 123356 wbengine - ok
08:44:06.0803 123356 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:44:06.0828 123356 WbioSrvc - ok
08:44:06.0870 123356 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:44:06.0891 123356 wcncsvc - ok
08:44:06.0936 123356 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:44:06.0965 123356 WcsPlugInService - ok
08:44:07.0105 123356 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:44:07.0115 123356 Wd - ok
08:44:07.0186 123356 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:44:07.0203 123356 Wdf01000 - ok
08:44:07.0226 123356 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:44:07.0252 123356 WdiServiceHost - ok
08:44:07.0260 123356 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:44:07.0273 123356 WdiSystemHost - ok
08:44:07.0303 123356 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:44:07.0329 123356 WebClient - ok
08:44:07.0357 123356 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:44:07.0382 123356 Wecsvc - ok
08:44:07.0410 123356 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:44:07.0436 123356 wercplsupport - ok
08:44:07.0461 123356 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:44:07.0474 123356 WerSvc - ok
08:44:07.0618 123356 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:44:07.0626 123356 WfpLwf - ok
08:44:07.0665 123356 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
08:44:07.0683 123356 WimFltr - ok
08:44:07.0694 123356 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:44:07.0701 123356 WIMMount - ok
08:44:07.0778 123356 WinDefend - ok
08:44:07.0804 123356 WinHttpAutoProxySvc - ok
08:44:07.0946 123356 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:44:07.0970 123356 Winmgmt - ok
08:44:08.0135 123356 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:44:08.0220 123356 WinRM - ok
08:44:08.0616 123356 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:44:08.0663 123356 Wlansvc - ok
08:44:08.0796 123356 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:44:08.0819 123356 wlcrasvc - ok
08:44:09.0119 123356 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:44:09.0195 123356 wlidsvc - ok
08:44:09.0598 123356 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:44:09.0605 123356 WmiAcpi - ok
08:44:09.0831 123356 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:44:09.0851 123356 wmiApSrv - ok
08:44:09.0942 123356 WMPNetworkSvc - ok
08:44:10.0009 123356 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:44:10.0049 123356 WPCSvc - ok
08:44:10.0123 123356 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:44:10.0140 123356 WPDBusEnum - ok
08:44:10.0185 123356 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:44:10.0192 123356 ws2ifsl - ok
08:44:10.0219 123356 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
08:44:10.0237 123356 wscsvc - ok
08:44:10.0277 123356 WSearch - ok
08:44:10.0305 123356 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:44:10.0312 123356 WudfPf - ok
08:44:10.0347 123356 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:44:10.0358 123356 WUDFRd - ok
08:44:10.0389 123356 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:44:10.0414 123356 wudfsvc - ok
08:44:10.0442 123356 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:44:10.0470 123356 WwanSvc - ok
08:44:10.0536 123356 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:44:10.0906 123356 \Device\Harddisk0\DR0 - ok
08:44:10.0937 123356 Boot (0x1200) (e14a76216885b5f2297461fd64106ebf) \Device\Harddisk0\DR0\Partition0
08:44:10.0938 123356 \Device\Harddisk0\DR0\Partition0 - ok
08:44:11.0001 123356 Boot (0x1200) (042ad95d7bf5cf6c50a8420b306d752e) \Device\Harddisk0\DR0\Partition1
08:44:11.0005 123356 \Device\Harddisk0\DR0\Partition1 - ok
08:44:11.0013 123356 ============================================================
08:44:11.0013 123356 Scan finished
08:44:11.0013 123356 ============================================================
08:44:11.0062 124200 Detected object count: 0
08:44:11.0062 124200 Actual detected object count: 0
08:44:27.0714 112584 Deinitialize success

#8 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:02:20 PM

Posted 25 July 2012 - 10:14 AM

Download ComboFix from this location:

Link 1



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#9 thebigdawg2002

thebigdawg2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 25 July 2012 - 12:30 PM

ComboFix is running on the laptop, but has been stuck on "Completed Stage_48" for over an hour now.

I am on a different computer right now, not wanting to mess that one up. What should I do? ComboFix said it should only take 10 minutes.

#10 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:02:20 PM

Posted 25 July 2012 - 12:38 PM

Abort Combofix.


Reboot your System in Safe Mode.
  • Restart the computer. The computer begins processing a set of instructions known as BIOS.
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
  • Instead of Windows loading as normal, a menu should appear
  • Use the arrow key to highlight Safe Mode and press Enter.



Run Combofix again and include the C:\Combofix.txt in your next reply
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#11 thebigdawg2002

thebigdawg2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 25 July 2012 - 12:58 PM

ComboFix 12-07-26.03 - ChrisAnderson 07/25/2012 13:43:03.2.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.3025 [GMT -4:00]
Running from: c:\users\ChrisAnderson\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 17:50 . 2012-07-25 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 11:32 . 2012-07-25 11:38 -------- d-----w- C:\True Poker
2012-07-19 12:29 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-19 12:29 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-19 12:29 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-19 12:29 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-19 12:29 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-19 12:29 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-19 12:29 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-19 12:29 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-19 12:29 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-19 12:28 . 2012-07-19 12:28 -------- d-----w- c:\programdata\AVAST Software
2012-07-19 12:28 . 2012-07-19 12:28 -------- d-----w- c:\program files\AVAST Software
2012-07-19 12:05 . 2012-07-19 12:04 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-19 12:04 . 2012-07-19 12:04 -------- d-----w- c:\program files (x86)\Java
2012-07-19 12:02 . 2012-07-19 12:02 -------- d-----w- c:\programdata\McAfee
2012-07-18 12:10 . 2012-07-18 12:10 -------- d-----w- c:\users\ChrisAnderson\AppData\Local\{84742948-D0D1-11E1-8270-B8AC6F996F26}
2012-07-18 12:10 . 2012-07-18 12:10 -------- d-----w- c:\users\ChrisAnderson\AppData\Local\{8473F7FD-D0D1-11E1-8270-B8AC6F996F26}
2012-07-09 13:11 . 2012-07-09 13:11 -------- d-----w- c:\users\ChrisAnderson\AppData\Local\Macromedia
2012-07-09 13:09 . 2012-07-09 13:40 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-06 21:50 . 2012-07-06 22:07 -------- d-----w- c:\users\ChrisAnderson\AppData\Local\Win
2012-07-06 21:50 . 2012-07-06 21:50 -------- d-----w- c:\programdata\F4D55F59223F5E79592BCDE3B4EB2367
2012-07-06 21:50 . 2012-07-19 16:54 -------- d-----w- c:\users\ChrisAnderson\AppData\Roaming\Ygmofu
2012-07-06 21:50 . 2012-07-19 01:33 -------- d-----w- c:\users\ChrisAnderson\AppData\Roaming\Orixx
2012-07-06 21:50 . 2012-07-06 21:50 -------- d-----w- c:\users\ChrisAnderson\AppData\Roaming\Utwu
2012-06-26 20:18 . 2012-06-26 20:18 -------- d-----w- c:\windows\en
2012-06-26 20:15 . 2012-06-26 20:15 -------- d-----w- c:\windows\fr
2012-06-26 20:14 . 2012-06-26 20:14 -------- d-----w- c:\windows\es
2012-06-26 20:05 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-26 20:02 . 2012-06-26 20:02 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-26 19:51 . 2012-06-26 19:51 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\16e0092d1cd53d502\MeshBetaRemover.exe
2012-06-26 19:51 . 2012-06-26 19:51 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\15c14e8a1cd53d501\DSETUP.dll
2012-06-26 19:51 . 2012-06-26 19:51 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\15c14e8a1cd53d501\DXSETUP.exe
2012-06-26 19:51 . 2012-06-26 19:51 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\15c14e8a1cd53d501\dsetup32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-19 13:41 . 2011-11-25 11:40 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2012-07-19 12:04 . 2012-01-16 22:46 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-09 13:40 . 2012-01-11 19:32 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2012-02-10 01:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 11:35 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:35 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:35 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:35 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:35 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:35 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 11:34 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 11:34 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-18 02:47 . 2012-06-13 07:23 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-13 07:23 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-13 07:23 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-13 07:23 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-13 07:23 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-13 07:23 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-13 07:23 237056 ----a-w- c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-13 07:23 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-18 01:55 . 2012-06-13 07:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:55 . 2012-06-13 07:23 818688 ----a-w- c:\windows\system32\jscript.dll
2012-05-18 01:54 . 2012-06-13 07:23 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-05-18 01:51 . 2012-06-13 07:23 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-05-18 01:51 . 2012-06-13 07:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-18 01:47 . 2012-06-13 07:23 248320 ----a-w- c:\windows\system32\ieui.dll
2012-05-17 22:45 . 2012-06-13 07:23 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-13 07:23 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-13 07:23 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-13 07:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-13 07:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32 . 2012-06-13 06:18 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 11:06 . 2012-06-13 06:18 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 06:18 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 06:18 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 06:17 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 06:17 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-2 548528]
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2011-11-25 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-04 379520]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2011-11-30 92800]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-09 1255736]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 257696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-10-03 129512]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-10-03 394728]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 13:40]
.
2012-07-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-19 16:21]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097866783-3656520848-2474357547-1001Core.job
- c:\users\ChrisAnderson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-19 12:08]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097866783-3656520848-2474357547-1001UA.job
- c:\users\ChrisAnderson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-19 12:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-03 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://news.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ChrisAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\sjgeobbl.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-25 13:54:45
ComboFix-quarantined-files.txt 2012-07-25 17:54
.
Pre-Run: 64,396,886,016 bytes free
Post-Run: 64,556,711,936 bytes free
.
- - End Of File - - BAED50956C7B3550BF7C36CC2A3903A0

#12 thebigdawg2002

thebigdawg2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 25 July 2012 - 04:59 PM

Since running the combofix, my internet has not dropped. That's the longest I've gone since the virus first popped up.

#13 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:02:20 PM

Posted 26 July 2012 - 07:17 AM

Sounds great :)


I see more than one Anti Virus Programm installed. In your case Avast and Trend Micro
Having 2 AVs may sound great but they can cause conflicts with each other, can lead to system slow-downs, instability, crashes and will provide less protection, not more.

So I highly recommend to uninstall one of them via Start > Control Panel > Add / Remove Programs and let me know which one you have removed.



Open notepad and copy/paste the text in the Code-box below into it:

Folder::
c:\users\ChrisAnderson\AppData\Roaming\Ygmofu
c:\users\ChrisAnderson\AppData\Roaming\Orixx
c:\users\ChrisAnderson\AppData\Roaming\Utwu
c:\programdata\F4D55F59223F5E79592BCDE3B4EB2367

DirLook::
c:\users\ChrisAnderson\AppData\Local\Win


  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#14 thebigdawg2002

thebigdawg2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 26 July 2012 - 08:03 AM

I deleted the Trend Micro Utility. I had no idea what that was. It must have come with the computer because I never downloaded it.

Below is the new log.

ComboFix 12-07-27.01 - ChrisAnderson 07/26/2012 8:47.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.2610 [GMT -4:00]
Running from: c:\users\ChrisAnderson\Downloads\ComboFix.exe
Command switches used :: c:\users\ChrisAnderson\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\F4D55F59223F5E79592BCDE3B4EB2367
c:\programdata\F4D55F59223F5E79592BCDE3B4EB2367\F4D55F59223F5E79592BCDE3B4EB2367
c:\users\ChrisAnderson\AppData\Roaming\Orixx
c:\users\ChrisAnderson\AppData\Roaming\Utwu
c:\users\ChrisAnderson\AppData\Roaming\Utwu\sief.tio
c:\users\ChrisAnderson\AppData\Roaming\Ygmofu
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 12:57 . 2012-07-26 12:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-26 12:41 . 2010-09-17 08:52 525792 ----a-w- c:\windows\DIFxAPI.dll
2012-07-26 12:41 . 2010-09-17 08:52 232272 ----a-w- c:\windows\TmNSCIns.dll
2012-07-25 11:32 . 2012-07-25 11:38 -------- d-----w- C:\True Poker
2012-07-19 12:29 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-19 12:29 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-19 12:29 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-19 12:29 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-19 12:29 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-19 12:29 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-19 12:29 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-19 12:29 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-19 12:29 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-19 12:28 . 2012-07-19 12:28 -------- d-----w- c:\programdata\AVAST Software
2012-07-19 12:28 . 2012-07-19 12:28 -------- d-----w- c:\program files\AVAST Software
2012-07-19 12:05 . 2012-07-19 12:04 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-19 12:04 . 2012-07-19 12:04 -------- d-----w- c:\program files (x86)\Java
2012-07-19 12:02 . 2012-07-19 12:02 -------- d-----w- c:\programdata\McAfee
2012-07-18 12:10 . 2012-07-18 12:10 -------- d-----w- c:\users\ChrisAnderson\AppData\Local\{84742948-D0D1-11E1-8270-B8AC6F996F26}
2012-07-18 12:10 . 2012-07-18 12:10 -------- d-----w- c:\users\ChrisAnderson\AppData\Local\{8473F7FD-D0D1-11E1-8270-B8AC6F996F26}
2012-07-09 13:11 . 2012-07-09 13:11 -------- d-----w- c:\users\ChrisAnderson\AppData\Local\Macromedia
2012-07-09 13:09 . 2012-07-09 13:40 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-06 21:50 . 2012-07-06 22:07 -------- d-----w- c:\users\ChrisAnderson\AppData\Local\Win
2012-06-26 20:18 . 2012-06-26 20:18 -------- d-----w- c:\windows\en
2012-06-26 20:15 . 2012-06-26 20:15 -------- d-----w- c:\windows\fr
2012-06-26 20:14 . 2012-06-26 20:14 -------- d-----w- c:\windows\es
2012-06-26 20:05 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-26 20:02 . 2012-06-26 20:02 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-26 19:51 . 2012-06-26 19:51 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\16e0092d1cd53d502\MeshBetaRemover.exe
2012-06-26 19:51 . 2012-06-26 19:51 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\15c14e8a1cd53d501\DSETUP.dll
2012-06-26 19:51 . 2012-06-26 19:51 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\15c14e8a1cd53d501\DXSETUP.exe
2012-06-26 19:51 . 2012-06-26 19:51 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\15c14e8a1cd53d501\dsetup32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 12:44 . 2011-11-25 11:40 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2012-07-19 12:04 . 2012-01-16 22:46 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-09 13:40 . 2012-01-11 19:32 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2012-02-10 01:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 11:35 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:35 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:35 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:35 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:35 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:35 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 11:34 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 11:34 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-18 02:47 . 2012-06-13 07:23 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-13 07:23 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-13 07:23 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-13 07:23 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-13 07:23 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-13 07:23 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-13 07:23 237056 ----a-w- c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-13 07:23 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-18 01:55 . 2012-06-13 07:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:55 . 2012-06-13 07:23 818688 ----a-w- c:\windows\system32\jscript.dll
2012-05-18 01:54 . 2012-06-13 07:23 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-05-18 01:51 . 2012-06-13 07:23 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-05-18 01:51 . 2012-06-13 07:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-18 01:47 . 2012-06-13 07:23 248320 ----a-w- c:\windows\system32\ieui.dll
2012-05-17 22:45 . 2012-06-13 07:23 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-13 07:23 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-13 07:23 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-13 07:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-13 07:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32 . 2012-06-13 06:18 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 11:06 . 2012-06-13 06:18 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 06:18 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 06:18 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 06:17 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 06:17 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\ChrisAnderson\AppData\Local\Win ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-25_17.52.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-26 12:42 . 2012-07-26 12:42 13384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-07-25 17:40 . 2012-07-25 17:40 13384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-07-25 14:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-26 12:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-25 14:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-26 12:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-26 12:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-25 14:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-18 20:13 . 2012-07-25 17:58 35066 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-26 12:45 40282 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-07 17:22 . 2012-07-26 12:45 7698 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3097866783-3656520848-2474357547-1001_UserData.bin
- 2012-07-25 17:41 . 2012-07-25 17:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-26 12:44 . 2012-07-26 12:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-25 17:41 . 2012-07-25 17:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-26 12:44 . 2012-07-26 12:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-08 06:51 . 2012-07-26 11:37 216054 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-02-19 03:18 . 2012-07-25 22:48 699602 c:\windows\system32\prfh0816.dat
- 2011-02-19 03:18 . 2012-07-05 15:28 699602 c:\windows\system32\prfh0816.dat
+ 2011-02-19 03:29 . 2012-07-25 22:48 382028 c:\windows\system32\prfh0804.dat
- 2011-02-19 03:29 . 2012-07-05 15:28 382028 c:\windows\system32\prfh0804.dat
- 2011-02-19 03:23 . 2012-07-05 15:28 405580 c:\windows\system32\prfh0404.dat
+ 2011-02-19 03:23 . 2012-07-25 22:48 405580 c:\windows\system32\prfh0404.dat
+ 2011-02-19 03:18 . 2012-07-25 22:48 138058 c:\windows\system32\prfc0816.dat
- 2011-02-19 03:18 . 2012-07-05 15:28 138058 c:\windows\system32\prfc0816.dat
+ 2011-02-19 03:29 . 2012-07-25 22:48 108554 c:\windows\system32\prfc0804.dat
- 2011-02-19 03:29 . 2012-07-05 15:28 108554 c:\windows\system32\prfc0804.dat
- 2011-02-19 03:23 . 2012-07-05 15:28 110694 c:\windows\system32\prfc0404.dat
+ 2011-02-19 03:23 . 2012-07-25 22:48 110694 c:\windows\system32\prfc0404.dat
+ 2011-02-19 03:08 . 2012-07-25 22:48 714690 c:\windows\system32\perfh00C.dat
- 2011-02-19 03:08 . 2012-07-05 15:28 714690 c:\windows\system32\perfh00C.dat
+ 2011-02-19 03:13 . 2012-07-25 22:48 713714 c:\windows\system32\perfh00A.dat
- 2011-02-19 03:13 . 2012-07-05 15:28 713714 c:\windows\system32\perfh00A.dat
- 2009-07-14 02:36 . 2012-07-05 15:28 636268 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-25 22:48 636268 c:\windows\system32\perfh009.dat
- 2011-02-19 03:08 . 2012-07-05 15:28 134446 c:\windows\system32\perfc00C.dat
+ 2011-02-19 03:08 . 2012-07-25 22:48 134446 c:\windows\system32\perfc00C.dat
- 2011-02-19 03:13 . 2012-07-05 15:28 141368 c:\windows\system32\perfc00A.dat
+ 2011-02-19 03:13 . 2012-07-25 22:48 141368 c:\windows\system32\perfc00A.dat
- 2009-07-14 02:36 . 2012-07-05 15:28 110694 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-25 22:48 110694 c:\windows\system32\perfc009.dat
- 2012-07-18 04:06 . 2012-07-25 17:40 139688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-18 04:06 . 2012-07-26 12:42 139688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-07-26 12:42 230264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-25 17:39 230264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-09 01:06 . 2012-07-25 17:40 1743608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3097866783-3656520848-2474357547-1001-4096.dat
+ 2012-01-09 01:06 . 2012-07-26 12:42 1743608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3097866783-3656520848-2474357547-1001-4096.dat
- 2012-01-09 01:06 . 2012-07-25 17:40 55420836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3097866783-3656520848-2474357547-1001-8192.dat
+ 2012-01-09 01:06 . 2012-07-26 12:42 55420836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3097866783-3656520848-2474357547-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-2 548528]
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2011-11-25 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-09 1255736]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 257696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-04 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2011-11-30 92800]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-10-03 129512]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-10-03 394728]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 13:40]
.
2012-07-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-19 16:21]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097866783-3656520848-2474357547-1001Core.job
- c:\users\ChrisAnderson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-19 12:08]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097866783-3656520848-2474357547-1001UA.job
- c:\users\ChrisAnderson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-19 12:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-03 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://news.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ChrisAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\sjgeobbl.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-26 09:02:14
ComboFix-quarantined-files.txt 2012-07-26 13:02
ComboFix2.txt 2012-07-25 17:54
.
Pre-Run: 64,871,948,288 bytes free
Post-Run: 64,354,275,328 bytes free
.
- - End Of File - - DB27510009CE7F852E875F41042B969B

#15 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:02:20 PM

Posted 27 July 2012 - 07:49 AM

Hy.
Yes, sometimes a Trial Version of an AVP comes pre-installed.


How is your system behaving now ?


I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Enviroment 7 Update 5 and save it to your desktop.
  • Scroll down to where it says Java SE 7 Update 5
  • Click the red Download JRE button on the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586 to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Make sure all are checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.




Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name.
  • Push the Back button.
  • Push Finish

Please post this logfile in your next reply





Posted Image
Download DDS and save it to your desktop from here or here
Double click dds to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop and post them in your next reply

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users