Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects on Win7 64bit


  • This topic is locked This topic is locked
10 replies to this topic

#1 jmose

jmose

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 29 July 2012 - 12:06 AM

Greetings from a first time user.

My wife's computer has had a problem all day with any Google link redirecting to malware sites. Please help me remove this problem.

Thanks, Jim

Here is the full DDS.txt log, created from a 'Safe Mode' session:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Kristen at 0:55:58 on 2012-07-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3872.2775 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ctfmon.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645"
uRun: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000001" /M "WorkForce 645"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Kristen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Kristen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=3169563250
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2D5F9B91-ECD7-45F2-8BA1-F488B869DE0D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8A497C86-7A50-4916-A311-32ED406B0FE4} : DhcpNameServer = 192.168.1.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\bzew5m4j.default\
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
S2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-3 277120]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2012-3-28 136576]
S2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-20 2253120]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-20 2656280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-29 250056]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-10-18 267480]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-28 340240]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2011-4-28 241488]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-29 02:55:45 98816 ----a-w- C:\Windows\sed.exe
2012-07-29 02:55:45 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-29 02:55:45 256000 ----a-w- C:\Windows\PEV.exe
2012-07-29 02:55:45 208896 ----a-w- C:\Windows\MBR.exe
2012-07-29 02:37:05 -------- d-----w- C:\trippriv
2012-07-29 01:23:02 -------- d-----w- C:\Users\Kristen\AppData\Roaming\Malwarebytes
2012-07-29 01:22:45 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-29 01:22:45 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-29 01:22:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-29 01:13:29 -------- d-----w- C:\Windows\pss
2012-07-25 01:04:24 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-12 07:10:02 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 07:03:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-12 07:03:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-07-12 07:03:00 174200 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-07-12 07:03:00 140920 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-07-12 01:36:47 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-12 01:36:47 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-03 02:17:06 -------- d-----w- C:\Users\Kristen\AppData\Local\LogMeIn
2012-07-03 02:17:06 -------- d-----w- C:\ProgramData\LogMeIn
2012-06-29 21:00:25 -------- d-----w- C:\Users\Kristen\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2012-07-27 05:08:34 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 05:08:34 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
.
============= FINISH: 0:56:12.19 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 29 July 2012 - 02:03 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jmose

jmose
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 29 July 2012 - 08:27 AM

Gringo, Thanks for your help!

It seems like the Google redirect is not happening anymore (yay!). I did notice that I can't turn on the Windows Firewall. I didn't even check this last night, so I bet it happened then. The error I get is "Windows Firewall can't change some of your settings. Error coe 0x80070424".

Here is the Security Check checkup.txt file:

====================
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Trend Micro Titanium Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

====================


Here is the ComboFix log file:

====================
ComboFix 12-07-29.02 - Kristen 07/29/2012 9:02.2.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3872.3154 [GMT -4:00]
Running from: c:\users\Kristen\Downloads\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 13:08 . 2012-07-29 13:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-29 13:08 . 2012-07-29 13:08 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-07-29 13:08 . 2012-07-29 13:08 -------- d-----w- c:\users\Jim\AppData\Local\temp
2012-07-29 13:08 . 2012-07-29 13:08 -------- d-----w- c:\users\James\AppData\Local\temp
2012-07-29 13:08 . 2012-07-29 13:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 02:37 . 2012-07-29 02:37 -------- d-----w- C:\trippriv
2012-07-29 01:23 . 2012-07-29 01:23 -------- d-----w- c:\users\Kristen\AppData\Roaming\Malwarebytes
2012-07-29 01:22 . 2012-07-29 01:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 01:22 . 2012-07-29 01:22 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 01:22 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-25 01:04 . 2012-07-25 01:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-24 21:54 . 2012-07-24 21:54 -------- d-----w- c:\windows\Sun
2012-07-12 07:10 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 07:03 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-12 07:03 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-07-12 07:03 . 2012-06-02 12:52 174200 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-12 07:03 . 2012-06-02 11:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-07-12 07:03 . 2012-06-02 09:08 140920 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-07-12 01:36 . 2012-07-12 01:36 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-12 01:36 . 2012-07-12 01:36 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-03 02:17 . 2012-07-03 02:17 -------- d-----w- c:\users\Kristen\AppData\Local\LogMeIn
2012-07-03 02:17 . 2012-07-03 02:17 -------- d-----w- c:\programdata\LogMeIn
2012-06-29 21:00 . 2012-06-29 21:00 -------- d-----w- c:\users\Kristen\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 05:08 . 2012-04-29 12:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 05:08 . 2012-04-29 12:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 07:04 . 2012-05-20 14:17 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-08 20:50 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 20:50 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 20:50 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 20:50 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 20:50 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 20:50 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 20:50 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-08 20:49 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-08 20:49 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 11:06 . 2012-06-13 11:45 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 11:45 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 11:45 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 11:45 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-29_03.03.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-29 02:53 . 2012-07-29 02:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-29 12:44 . 2012-07-29 12:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-29 02:53 . 2012-07-29 02:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-29 12:44 . 2012-07-29 12:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-29 12:48 674496 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-29 02:59 674496 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-29 12:48 126266 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-29 02:59 126266 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE" [2011-04-25 239488]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE" [2011-04-25 239488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-18 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
.
c:\users\Kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-18 549040]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-04 379520]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-03 277120]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2011-04-25 136576]
R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-17 2253120]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-12 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-27 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-17 28992]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-22 130024]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-22 395752]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 05:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-28 416024]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-03 2277992]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Kristen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\bzew5m4j.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:31,b9,f3,d7,c0,67,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-29 09:10:43
ComboFix-quarantined-files.txt 2012-07-29 13:10
ComboFix2.txt 2012-07-29 03:04
.
Pre-Run: 158,726,004,736 bytes free
Post-Run: 158,649,008,128 bytes free
.
- - End Of File - - 2E240BD10E3E9D71F31C76B4920CF7A7

====================


Thanks again,
Jim

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 29 July 2012 - 12:59 PM

Greetings

I see something that is going to need more tools to remove

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jmose

jmose
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 29 July 2012 - 02:26 PM

Gringo,

Again, thanks for the help. I've run both, and it looks like the Google redirect is still solved, but I still can't start the Windows Firewall. I'm in Safe Mode, if that matters.

Here are the logs you needed:

Thanks,
Jim

AswMbr log:
===================
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 14:19:16
-----------------------------
14:19:16.773 OS Version: Windows x64 6.1.7601 Service Pack 1
14:19:16.773 Number of processors: 8 586 0x2A07
14:19:16.788 ComputerName: KRISTENASUS-PC UserName: Kristen
14:19:17.522 Initialize success
14:20:07.645 AVAST engine defs: 12072901
14:20:59.561 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:20:59.561 Disk 0 Vendor: TOSHIBA_ GN00 Size: 715404MB BusType: 3
14:20:59.577 Disk 0 MBR read successfully
14:20:59.577 Disk 0 MBR scan
14:20:59.593 Disk 0 Windows 7 default MBR code
14:20:59.608 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
14:20:59.624 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286161 MB offset 52430848
14:20:59.655 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 403641 MB offset 638488576
14:20:59.671 Disk 0 scanning C:\Windows\system32\drivers
14:21:06.129 Service scanning
14:21:38.218 Modules scanning
14:21:38.218 Disk 0 trace - called modules:
14:21:38.281 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:21:38.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800504f790]
14:21:38.296 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8004af0820]
14:21:38.296 5 ACPI.sys[fffff88000f967a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004e14050]
14:21:38.951 AVAST engine scan C:\Windows
14:21:41.401 AVAST engine scan C:\Windows\system32
14:23:42.940 AVAST engine scan C:\Windows\system32\drivers
14:23:50.772 AVAST engine scan C:\Users\Kristen
14:26:13.106 Disk 0 MBR has been saved successfully to "C:\Users\Kristen\Documents\MBR.dat"
14:26:13.106 The log file has been saved successfully to "C:\Users\Kristen\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 14:19:16
-----------------------------
14:19:16.773 OS Version: Windows x64 6.1.7601 Service Pack 1
14:19:16.773 Number of processors: 8 586 0x2A07
14:19:16.788 ComputerName: KRISTENASUS-PC UserName: Kristen
14:19:17.522 Initialize success
14:20:07.645 AVAST engine defs: 12072901
14:20:59.561 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:20:59.561 Disk 0 Vendor: TOSHIBA_ GN00 Size: 715404MB BusType: 3
14:20:59.577 Disk 0 MBR read successfully
14:20:59.577 Disk 0 MBR scan
14:20:59.593 Disk 0 Windows 7 default MBR code
14:20:59.608 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
14:20:59.624 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286161 MB offset 52430848
14:20:59.655 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 403641 MB offset 638488576
14:20:59.671 Disk 0 scanning C:\Windows\system32\drivers
14:21:06.129 Service scanning
14:21:38.218 Modules scanning
14:21:38.218 Disk 0 trace - called modules:
14:21:38.281 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:21:38.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800504f790]
14:21:38.296 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8004af0820]
14:21:38.296 5 ACPI.sys[fffff88000f967a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004e14050]
14:21:38.951 AVAST engine scan C:\Windows
14:21:41.401 AVAST engine scan C:\Windows\system32
14:23:42.940 AVAST engine scan C:\Windows\system32\drivers
14:23:50.772 AVAST engine scan C:\Users\Kristen
14:26:13.106 Disk 0 MBR has been saved successfully to "C:\Users\Kristen\Documents\MBR.dat"
14:26:13.106 The log file has been saved successfully to "C:\Users\Kristen\Documents\aswMBR.txt"
14:31:31.753 AVAST engine scan C:\ProgramData
14:31:53.000 Scan finished successfully
14:32:02.485 Disk 0 MBR has been saved successfully to "C:\Users\Kristen\Documents\MBR.dat"
14:32:02.485 The log file has been saved successfully to "C:\Users\Kristen\Documents\aswMBR.txt"

===================


TDSSKiller log:
===================
14:13:11.0225 1048 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:13:11.0583 1048 ============================================================
14:13:11.0583 1048 Current date / time: 2012/07/29 14:13:11.0583
14:13:11.0583 1048 SystemInfo:
14:13:11.0583 1048
14:13:11.0583 1048 OS Version: 6.1.7601 ServicePack: 1.0
14:13:11.0583 1048 Product type: Workstation
14:13:11.0583 1048 ComputerName: KRISTENASUS-PC
14:13:11.0583 1048 UserName: Kristen
14:13:11.0583 1048 Windows directory: C:\Windows
14:13:11.0583 1048 System windows directory: C:\Windows
14:13:11.0583 1048 Running under WOW64
14:13:11.0583 1048 Processor architecture: Intel x64
14:13:11.0583 1048 Number of processors: 8
14:13:11.0583 1048 Page size: 0x1000
14:13:11.0583 1048 Boot type: Safe boot with network
14:13:11.0583 1048 ============================================================
14:13:11.0989 1048 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:13:11.0989 1048 ============================================================
14:13:11.0989 1048 \Device\Harddisk0\DR0:
14:13:11.0989 1048 MBR partitions:
14:13:11.0989 1048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x22EE8800
14:13:11.0989 1048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x260E9000, BlocksNum 0x3145C800
14:13:11.0989 1048 ============================================================
14:13:12.0020 1048 C: <-> \Device\Harddisk0\DR0\Partition0
14:13:12.0051 1048 D: <-> \Device\Harddisk0\DR0\Partition1
14:13:12.0051 1048 ============================================================
14:13:12.0051 1048 Initialize success
14:13:12.0051 1048 ============================================================
14:13:29.0570 1380 ============================================================
14:13:29.0570 1380 Scan started
14:13:29.0570 1380 Mode: Manual;
14:13:29.0570 1380 ============================================================
14:13:29.0882 1380 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:13:29.0882 1380 1394ohci - ok
14:13:29.0929 1380 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:13:29.0929 1380 ACPI - ok
14:13:29.0960 1380 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:13:29.0960 1380 AcpiPmi - ok
14:13:30.0054 1380 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:13:30.0054 1380 AdobeARMservice - ok
14:13:30.0241 1380 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:13:30.0257 1380 AdobeFlashPlayerUpdateSvc - ok
14:13:30.0303 1380 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:13:30.0319 1380 adp94xx - ok
14:13:30.0413 1380 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:13:30.0413 1380 adpahci - ok
14:13:30.0444 1380 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:13:30.0444 1380 adpu320 - ok
14:13:30.0475 1380 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:13:30.0506 1380 AeLookupSvc - ok
14:13:30.0584 1380 AFBAgent (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe
14:13:30.0615 1380 AFBAgent - ok
14:13:30.0693 1380 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:13:30.0693 1380 AFD - ok
14:13:30.0740 1380 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:13:30.0740 1380 agp440 - ok
14:13:30.0771 1380 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:13:30.0771 1380 ALG - ok
14:13:30.0803 1380 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:13:30.0803 1380 aliide - ok
14:13:30.0818 1380 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:13:30.0818 1380 amdide - ok
14:13:30.0865 1380 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:13:30.0865 1380 AmdK8 - ok
14:13:30.0881 1380 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:13:30.0881 1380 AmdPPM - ok
14:13:30.0927 1380 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:13:30.0927 1380 amdsata - ok
14:13:30.0990 1380 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:13:30.0990 1380 amdsbs - ok
14:13:31.0021 1380 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:13:31.0021 1380 amdxata - ok
14:13:31.0083 1380 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
14:13:31.0099 1380 AMPPAL - ok
14:13:31.0099 1380 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
14:13:31.0099 1380 AMPPALP - ok
14:13:31.0239 1380 AMPPALR3 (576134e43169810b560f0bb6fdee13f5) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
14:13:31.0255 1380 AMPPALR3 - ok
14:13:31.0349 1380 Amsp (e8494519bcb9e3b1b72e5604993a76e3) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
14:13:31.0349 1380 Amsp - ok
14:13:31.0536 1380 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:13:31.0536 1380 AppID - ok
14:13:31.0567 1380 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:13:31.0567 1380 AppIDSvc - ok
14:13:31.0629 1380 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:13:31.0629 1380 Appinfo - ok
14:13:31.0692 1380 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:13:31.0692 1380 arc - ok
14:13:31.0707 1380 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:13:31.0723 1380 arcsas - ok
14:13:31.0817 1380 ASLDRService (a3626c6d3f2dc95497f3f61842d7fd89) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
14:13:31.0817 1380 ASLDRService - ok
14:13:31.0832 1380 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
14:13:31.0832 1380 ASMMAP64 - ok
14:13:31.0895 1380 asmthub3 (8569af4c73747671194ea9ebb2f2d6cf) C:\Windows\system32\DRIVERS\asmthub3.sys
14:13:31.0895 1380 asmthub3 - ok
14:13:31.0926 1380 asmtxhci (073716fbffac7057cd5ff00a1b558331) C:\Windows\system32\DRIVERS\asmtxhci.sys
14:13:31.0926 1380 asmtxhci - ok
14:13:32.0051 1380 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:13:32.0082 1380 aspnet_state - ok
14:13:32.0160 1380 ASUS InstantOn (edf4b8a072414e43cc3f85f68f4960e7) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
14:13:32.0160 1380 ASUS InstantOn - ok
14:13:32.0175 1380 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:13:32.0175 1380 AsyncMac - ok
14:13:32.0207 1380 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:13:32.0207 1380 atapi - ok
14:13:32.0331 1380 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
14:13:32.0347 1380 athr - ok
14:13:32.0409 1380 ATKGFNEXSrv (dbc598e47e7a382e60e2a4745d41fef9) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
14:13:32.0409 1380 ATKGFNEXSrv - ok
14:13:32.0456 1380 ATKWMIACPIIO_ (41ceaffcf3550785e59e3ec9bee8d97a) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
14:13:32.0456 1380 ATKWMIACPIIO_ - ok
14:13:32.0581 1380 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:13:32.0597 1380 AudioEndpointBuilder - ok
14:13:32.0597 1380 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:13:32.0597 1380 AudioSrv - ok
14:13:32.0628 1380 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:13:32.0628 1380 AxInstSV - ok
14:13:32.0706 1380 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:13:32.0706 1380 b06bdrv - ok
14:13:32.0753 1380 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:13:32.0753 1380 b57nd60a - ok
14:13:32.0831 1380 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:13:32.0831 1380 BBSvc - ok
14:13:32.0846 1380 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:13:32.0862 1380 BDESVC - ok
14:13:32.0877 1380 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:13:32.0877 1380 Beep - ok
14:13:32.0924 1380 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:13:32.0924 1380 BFE - ok
14:13:32.0971 1380 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:13:32.0971 1380 blbdrive - ok
14:13:32.0987 1380 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:13:32.0987 1380 bowser - ok
14:13:33.0002 1380 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:13:33.0002 1380 BrFiltLo - ok
14:13:33.0018 1380 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:13:33.0018 1380 BrFiltUp - ok
14:13:33.0033 1380 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:13:33.0033 1380 BridgeMP - ok
14:13:33.0065 1380 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:13:33.0065 1380 Browser - ok
14:13:33.0080 1380 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:13:33.0080 1380 Brserid - ok
14:13:33.0096 1380 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:13:33.0096 1380 BrSerWdm - ok
14:13:33.0127 1380 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:13:33.0127 1380 BrUsbMdm - ok
14:13:33.0143 1380 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:13:33.0158 1380 BrUsbSer - ok
14:13:33.0189 1380 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:13:33.0189 1380 BthEnum - ok
14:13:33.0205 1380 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:13:33.0205 1380 BTHMODEM - ok
14:13:33.0221 1380 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:13:33.0221 1380 BthPan - ok
14:13:33.0252 1380 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
14:13:33.0267 1380 BTHPORT - ok
14:13:33.0299 1380 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:13:33.0299 1380 bthserv - ok
14:13:33.0361 1380 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
14:13:33.0361 1380 BTHSSecurityMgr - ok
14:13:33.0392 1380 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
14:13:33.0392 1380 BTHUSB - ok
14:13:33.0408 1380 catchme - ok
14:13:33.0439 1380 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:13:33.0439 1380 cdfs - ok
14:13:33.0470 1380 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:13:33.0470 1380 cdrom - ok
14:13:33.0501 1380 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:13:33.0501 1380 CertPropSvc - ok
14:13:33.0533 1380 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:13:33.0533 1380 circlass - ok
14:13:33.0564 1380 CISVC (ff60401f1c659ca2ed4bae85d3fd14da) C:\Windows\system32\CISVC.EXE
14:13:33.0564 1380 CISVC - ok
14:13:33.0579 1380 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:13:33.0595 1380 CLFS - ok
14:13:33.0657 1380 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:13:33.0657 1380 clr_optimization_v2.0.50727_32 - ok
14:13:33.0704 1380 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:13:33.0704 1380 clr_optimization_v2.0.50727_64 - ok
14:13:33.0798 1380 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:13:33.0876 1380 clr_optimization_v4.0.30319_32 - ok
14:13:33.0938 1380 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:13:34.0032 1380 clr_optimization_v4.0.30319_64 - ok
14:13:34.0063 1380 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:13:34.0063 1380 CmBatt - ok
14:13:34.0079 1380 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:13:34.0079 1380 cmdide - ok
14:13:34.0125 1380 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:13:34.0125 1380 CNG - ok
14:13:34.0172 1380 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:13:34.0172 1380 Compbatt - ok
14:13:34.0172 1380 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:13:34.0172 1380 CompositeBus - ok
14:13:34.0188 1380 COMSysApp - ok
14:13:34.0219 1380 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:13:34.0219 1380 crcdisk - ok
14:13:34.0266 1380 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:13:34.0266 1380 CryptSvc - ok
14:13:34.0375 1380 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:13:34.0391 1380 cvhsvc - ok
14:13:34.0422 1380 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:13:34.0484 1380 DcomLaunch - ok
14:13:34.0531 1380 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:13:34.0531 1380 defragsvc - ok
14:13:34.0593 1380 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:13:34.0593 1380 DfsC - ok
14:13:34.0640 1380 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:13:34.0640 1380 Dhcp - ok
14:13:34.0640 1380 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:13:34.0656 1380 discache - ok
14:13:34.0687 1380 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:13:34.0687 1380 Disk - ok
14:13:34.0718 1380 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:13:34.0718 1380 Dnscache - ok
14:13:34.0749 1380 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:13:34.0749 1380 dot3svc - ok
14:13:34.0781 1380 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:13:34.0781 1380 DPS - ok
14:13:34.0812 1380 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:13:34.0812 1380 drmkaud - ok
14:13:34.0843 1380 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:13:34.0859 1380 DXGKrnl - ok
14:13:34.0874 1380 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:13:34.0874 1380 EapHost - ok
14:13:34.0999 1380 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:13:35.0061 1380 ebdrv - ok
14:13:35.0139 1380 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:13:35.0139 1380 EFS - ok
14:13:35.0202 1380 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:13:35.0202 1380 ehRecvr - ok
14:13:35.0217 1380 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:13:35.0217 1380 ehSched - ok
14:13:35.0295 1380 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:13:35.0311 1380 elxstor - ok
14:13:35.0373 1380 EPSON_PM_RPCV4_05 (dfeb7ee15ba8ba03e722c375f7e6a379) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
14:13:35.0373 1380 EPSON_PM_RPCV4_05 - ok
14:13:35.0389 1380 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:13:35.0389 1380 ErrDev - ok
14:13:35.0436 1380 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:13:35.0451 1380 EventSystem - ok
14:13:35.0545 1380 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:13:35.0561 1380 EvtEng - ok
14:13:35.0654 1380 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:13:35.0654 1380 exfat - ok
14:13:35.0685 1380 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:13:35.0685 1380 fastfat - ok
14:13:35.0732 1380 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:13:35.0748 1380 Fax - ok
14:13:35.0795 1380 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:13:35.0795 1380 fdc - ok
14:13:35.0841 1380 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:13:35.0841 1380 fdPHost - ok
14:13:35.0857 1380 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:13:35.0857 1380 FDResPub - ok
14:13:35.0873 1380 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:13:35.0873 1380 FileInfo - ok
14:13:35.0888 1380 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:13:35.0888 1380 Filetrace - ok
14:13:35.0935 1380 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:13:35.0935 1380 flpydisk - ok
14:13:35.0966 1380 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:13:35.0966 1380 FltMgr - ok
14:13:36.0013 1380 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:13:36.0029 1380 FontCache - ok
14:13:36.0091 1380 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:13:36.0091 1380 FontCache3.0.0.0 - ok
14:13:36.0138 1380 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:13:36.0138 1380 FsDepends - ok
14:13:36.0185 1380 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
14:13:36.0185 1380 fssfltr - ok
14:13:36.0325 1380 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:13:36.0325 1380 fsssvc - ok
14:13:36.0419 1380 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:13:36.0419 1380 Fs_Rec - ok
14:13:36.0450 1380 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:13:36.0450 1380 fvevol - ok
14:13:36.0481 1380 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:13:36.0481 1380 gagp30kx - ok
14:13:36.0543 1380 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:13:36.0559 1380 gpsvc - ok
14:13:36.0590 1380 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:13:36.0590 1380 hcw85cir - ok
14:13:36.0621 1380 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:13:36.0621 1380 HdAudAddService - ok
14:13:36.0668 1380 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:13:36.0668 1380 HDAudBus - ok
14:13:36.0684 1380 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:13:36.0684 1380 HidBatt - ok
14:13:36.0699 1380 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:13:36.0715 1380 HidBth - ok
14:13:36.0715 1380 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:13:36.0715 1380 HidIr - ok
14:13:36.0746 1380 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:13:36.0746 1380 hidserv - ok
14:13:36.0762 1380 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:13:36.0777 1380 HidUsb - ok
14:13:36.0824 1380 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:13:36.0824 1380 hkmsvc - ok
14:13:36.0840 1380 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:13:36.0840 1380 HomeGroupListener - ok
14:13:36.0871 1380 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:13:36.0871 1380 HomeGroupProvider - ok
14:13:36.0902 1380 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:13:36.0902 1380 HpSAMD - ok
14:13:36.0949 1380 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:13:36.0965 1380 HTTP - ok
14:13:36.0965 1380 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:13:36.0965 1380 hwpolicy - ok
14:13:37.0011 1380 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:13:37.0011 1380 i8042prt - ok
14:13:37.0043 1380 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
14:13:37.0058 1380 iaStor - ok
14:13:37.0105 1380 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:13:37.0105 1380 iaStorV - ok
14:13:37.0183 1380 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:13:37.0199 1380 idsvc - ok
14:13:37.0604 1380 igfx (10bb0dc3361c9420cc1b0b2128bb89db) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:13:37.0823 1380 igfx - ok
14:13:37.0916 1380 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:13:37.0916 1380 iirsp - ok
14:13:37.0963 1380 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:13:37.0979 1380 IKEEXT - ok
14:13:38.0103 1380 IntcAzAudAddService (c90545464654215b186b3cbe4ad0701d) C:\Windows\system32\drivers\RTKVHD64.sys
14:13:38.0135 1380 IntcAzAudAddService - ok
14:13:38.0244 1380 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:13:38.0244 1380 IntcDAud - ok
14:13:38.0275 1380 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:13:38.0275 1380 intelide - ok
14:13:38.0306 1380 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:13:38.0306 1380 intelppm - ok
14:13:38.0337 1380 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:13:38.0337 1380 IPBusEnum - ok
14:13:38.0353 1380 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:13:38.0369 1380 IpFilterDriver - ok
14:13:38.0400 1380 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:13:38.0415 1380 iphlpsvc - ok
14:13:38.0415 1380 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:13:38.0415 1380 IPMIDRV - ok
14:13:38.0415 1380 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:13:38.0431 1380 IPNAT - ok
14:13:38.0447 1380 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:13:38.0447 1380 IRENUM - ok
14:13:38.0478 1380 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:13:38.0493 1380 isapnp - ok
14:13:38.0525 1380 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:13:38.0525 1380 iScsiPrt - ok
14:13:38.0540 1380 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:13:38.0540 1380 kbdclass - ok
14:13:38.0556 1380 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:13:38.0556 1380 kbdhid - ok
14:13:38.0587 1380 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
14:13:38.0587 1380 kbfiltr - ok
14:13:38.0618 1380 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:13:38.0618 1380 KeyIso - ok
14:13:38.0649 1380 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:13:38.0649 1380 KSecDD - ok
14:13:38.0681 1380 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:13:38.0681 1380 KSecPkg - ok
14:13:38.0727 1380 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:13:38.0727 1380 ksthunk - ok
14:13:38.0774 1380 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:13:38.0774 1380 KtmRm - ok
14:13:38.0821 1380 L1C (fc010c7814ddac17389a7d87ea2ebb39) C:\Windows\system32\DRIVERS\L1C62x64.sys
14:13:38.0821 1380 L1C - ok
14:13:38.0868 1380 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:13:38.0883 1380 LanmanServer - ok
14:13:38.0915 1380 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:13:38.0930 1380 LanmanWorkstation - ok
14:13:38.0977 1380 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:13:38.0977 1380 lltdio - ok
14:13:39.0024 1380 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:13:39.0024 1380 lltdsvc - ok
14:13:39.0039 1380 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:13:39.0039 1380 lmhosts - ok
14:13:39.0117 1380 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:13:39.0117 1380 LMS - ok
14:13:39.0180 1380 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:13:39.0180 1380 LSI_FC - ok
14:13:39.0211 1380 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:13:39.0211 1380 LSI_SAS - ok
14:13:39.0211 1380 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:13:39.0227 1380 LSI_SAS2 - ok
14:13:39.0242 1380 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:13:39.0242 1380 LSI_SCSI - ok
14:13:39.0289 1380 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:13:39.0289 1380 luafv - ok
14:13:39.0351 1380 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
14:13:39.0351 1380 McComponentHostService - ok
14:13:39.0383 1380 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:13:39.0383 1380 Mcx2Svc - ok
14:13:39.0398 1380 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:13:39.0398 1380 megasas - ok
14:13:39.0429 1380 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:13:39.0445 1380 MegaSR - ok
14:13:39.0461 1380 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:13:39.0461 1380 MEIx64 - ok
14:13:39.0492 1380 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:13:39.0492 1380 MMCSS - ok
14:13:39.0523 1380 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:13:39.0523 1380 Modem - ok
14:13:39.0539 1380 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:13:39.0539 1380 monitor - ok
14:13:39.0585 1380 MotoHelper (3bbc6c2402242401f791548aaebf3d39) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
14:13:39.0585 1380 MotoHelper - ok
14:13:39.0617 1380 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:13:39.0617 1380 mouclass - ok
14:13:39.0648 1380 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
14:13:39.0648 1380 mouhid - ok
14:13:39.0663 1380 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:13:39.0663 1380 mountmgr - ok
14:13:39.0710 1380 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:13:39.0710 1380 MozillaMaintenance - ok
14:13:39.0741 1380 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:13:39.0741 1380 mpio - ok
14:13:39.0773 1380 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:13:39.0773 1380 mpsdrv - ok
14:13:39.0788 1380 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:13:39.0788 1380 MRxDAV - ok
14:13:39.0804 1380 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:13:39.0804 1380 mrxsmb - ok
14:13:39.0819 1380 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:13:39.0835 1380 mrxsmb10 - ok
14:13:39.0835 1380 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:13:39.0835 1380 mrxsmb20 - ok
14:13:39.0851 1380 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:13:39.0851 1380 msahci - ok
14:13:39.0882 1380 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:13:39.0882 1380 msdsm - ok
14:13:39.0913 1380 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:13:39.0913 1380 MSDTC - ok
14:13:39.0944 1380 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:13:39.0944 1380 Msfs - ok
14:13:39.0960 1380 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:13:39.0960 1380 mshidkmdf - ok
14:13:39.0975 1380 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:13:39.0975 1380 msisadrv - ok
14:13:40.0007 1380 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:13:40.0007 1380 MSiSCSI - ok
14:13:40.0007 1380 msiserver - ok
14:13:40.0053 1380 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:13:40.0053 1380 MSKSSRV - ok
14:13:40.0069 1380 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:13:40.0069 1380 MSPCLOCK - ok
14:13:40.0069 1380 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:13:40.0069 1380 MSPQM - ok
14:13:40.0100 1380 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:13:40.0100 1380 MsRPC - ok
14:13:40.0116 1380 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:13:40.0116 1380 mssmbios - ok
14:13:40.0131 1380 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:13:40.0131 1380 MSTEE - ok
14:13:40.0147 1380 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:13:40.0147 1380 MTConfig - ok
14:13:40.0163 1380 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:13:40.0163 1380 Mup - ok
14:13:40.0256 1380 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
14:13:40.0272 1380 MyWiFiDHCPDNS - ok
14:13:40.0303 1380 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:13:40.0303 1380 napagent - ok
14:13:40.0350 1380 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:13:40.0350 1380 NativeWifiP - ok
14:13:40.0397 1380 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
14:13:40.0397 1380 NDIS - ok
14:13:40.0412 1380 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:13:40.0412 1380 NdisCap - ok
14:13:40.0428 1380 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:13:40.0428 1380 NdisTapi - ok
14:13:40.0459 1380 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:13:40.0459 1380 Ndisuio - ok
14:13:40.0490 1380 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:13:40.0490 1380 NdisWan - ok
14:13:40.0506 1380 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:13:40.0506 1380 NDProxy - ok
14:13:40.0537 1380 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:13:40.0537 1380 NetBIOS - ok
14:13:40.0553 1380 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:13:40.0553 1380 NetBT - ok
14:13:40.0568 1380 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:13:40.0568 1380 Netlogon - ok
14:13:40.0615 1380 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:13:40.0615 1380 Netman - ok
14:13:40.0724 1380 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:13:40.0755 1380 NetMsmqActivator - ok
14:13:40.0755 1380 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:13:40.0755 1380 NetPipeActivator - ok
14:13:40.0802 1380 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:13:40.0818 1380 netprofm - ok
14:13:40.0833 1380 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:13:40.0833 1380 NetTcpActivator - ok
14:13:40.0833 1380 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:13:40.0833 1380 NetTcpPortSharing - ok
14:13:41.0161 1380 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
14:13:41.0301 1380 NETwNs64 - ok
14:13:41.0411 1380 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:13:41.0411 1380 nfrd960 - ok
14:13:41.0442 1380 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:13:41.0442 1380 NlaSvc - ok
14:13:41.0457 1380 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:13:41.0457 1380 Npfs - ok
14:13:41.0473 1380 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:13:41.0473 1380 nsi - ok
14:13:41.0473 1380 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:13:41.0473 1380 nsiproxy - ok
14:13:41.0551 1380 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:13:41.0567 1380 Ntfs - ok
14:13:41.0660 1380 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:13:41.0660 1380 Null - ok
14:13:42.0128 1380 nvlddmkm (e97e8c80793ef12c994607ca5645799a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:13:42.0331 1380 nvlddmkm - ok
14:13:42.0425 1380 nvpciflt (50612bd6943b9cb20008e9e241dc8b7d) C:\Windows\system32\DRIVERS\nvpciflt.sys
14:13:42.0425 1380 nvpciflt - ok
14:13:42.0471 1380 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:13:42.0471 1380 nvraid - ok
14:13:42.0471 1380 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:13:42.0471 1380 nvstor - ok
14:13:42.0534 1380 nvsvc (f355c26fde46edb911e3e3d749e985ae) C:\Windows\system32\nvvsvc.exe
14:13:42.0565 1380 nvsvc - ok
14:13:42.0690 1380 nvUpdatusService (03aa7307c0d92d38d7af90e181736b8d) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
14:13:42.0705 1380 nvUpdatusService - ok
14:13:42.0799 1380 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:13:42.0799 1380 nv_agp - ok
14:13:42.0908 1380 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:13:42.0908 1380 odserv - ok
14:13:42.0939 1380 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:13:42.0939 1380 ohci1394 - ok
14:13:42.0971 1380 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:13:42.0971 1380 ose - ok
14:13:43.0189 1380 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:13:43.0283 1380 osppsvc - ok
14:13:43.0392 1380 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:13:43.0392 1380 p2pimsvc - ok
14:13:43.0423 1380 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:13:43.0423 1380 p2psvc - ok
14:13:43.0470 1380 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:13:43.0470 1380 Parport - ok
14:13:43.0501 1380 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:13:43.0501 1380 partmgr - ok
14:13:43.0532 1380 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:13:43.0532 1380 PcaSvc - ok
14:13:43.0548 1380 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:13:43.0548 1380 pci - ok
14:13:43.0563 1380 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:13:43.0563 1380 pciide - ok
14:13:43.0595 1380 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:13:43.0610 1380 pcmcia - ok
14:13:43.0626 1380 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:13:43.0626 1380 pcw - ok
14:13:43.0657 1380 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:13:43.0673 1380 PEAUTH - ok
14:13:43.0719 1380 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:13:43.0735 1380 PerfHost - ok
14:13:43.0797 1380 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:13:43.0813 1380 pla - ok
14:13:43.0844 1380 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:13:43.0860 1380 PlugPlay - ok
14:13:43.0875 1380 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:13:43.0875 1380 PNRPAutoReg - ok
14:13:43.0891 1380 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:13:43.0907 1380 PNRPsvc - ok
14:13:43.0938 1380 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:13:43.0938 1380 PolicyAgent - ok
14:13:43.0985 1380 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:13:43.0985 1380 Power - ok
14:13:44.0063 1380 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:13:44.0063 1380 PptpMiniport - ok
14:13:44.0078 1380 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:13:44.0078 1380 Processor - ok
14:13:44.0125 1380 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:13:44.0125 1380 ProfSvc - ok
14:13:44.0156 1380 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:13:44.0156 1380 ProtectedStorage - ok
14:13:44.0187 1380 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:13:44.0187 1380 Psched - ok
14:13:44.0250 1380 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:13:44.0265 1380 ql2300 - ok
14:13:44.0343 1380 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:13:44.0343 1380 ql40xx - ok
14:13:44.0375 1380 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:13:44.0375 1380 QWAVE - ok
14:13:44.0390 1380 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:13:44.0390 1380 QWAVEdrv - ok
14:13:44.0390 1380 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:13:44.0390 1380 RasAcd - ok
14:13:44.0437 1380 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:13:44.0437 1380 RasAgileVpn - ok
14:13:44.0453 1380 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:13:44.0453 1380 RasAuto - ok
14:13:44.0468 1380 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:13:44.0468 1380 Rasl2tp - ok
14:13:44.0484 1380 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:13:44.0499 1380 RasMan - ok
14:13:44.0515 1380 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:13:44.0515 1380 RasPppoe - ok
14:13:44.0546 1380 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:13:44.0546 1380 RasSstp - ok
14:13:44.0562 1380 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:13:44.0562 1380 rdbss - ok
14:13:44.0577 1380 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:13:44.0577 1380 rdpbus - ok
14:13:44.0593 1380 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:13:44.0593 1380 RDPCDD - ok
14:13:44.0609 1380 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:13:44.0609 1380 RDPENCDD - ok
14:13:44.0624 1380 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:13:44.0624 1380 RDPREFMP - ok
14:13:44.0655 1380 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:13:44.0655 1380 RDPWD - ok
14:13:44.0687 1380 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:13:44.0687 1380 rdyboost - ok
14:13:44.0796 1380 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:13:44.0811 1380 RegSrvc - ok
14:13:44.0858 1380 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:13:44.0858 1380 RemoteAccess - ok
14:13:44.0889 1380 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:13:44.0889 1380 RemoteRegistry - ok
14:13:44.0952 1380 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:13:44.0952 1380 RFCOMM - ok
14:13:45.0014 1380 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:13:45.0014 1380 RpcEptMapper - ok
14:13:45.0030 1380 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:13:45.0030 1380 RpcLocator - ok
14:13:45.0061 1380 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:13:45.0061 1380 RpcSs - ok
14:13:45.0092 1380 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:13:45.0092 1380 rspndr - ok
14:13:45.0123 1380 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:13:45.0123 1380 SamSs - ok
14:13:45.0139 1380 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:13:45.0139 1380 sbp2port - ok
14:13:45.0170 1380 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:13:45.0170 1380 SCardSvr - ok
14:13:45.0186 1380 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:13:45.0186 1380 scfilter - ok
14:13:45.0233 1380 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:13:45.0248 1380 Schedule - ok
14:13:45.0264 1380 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:13:45.0264 1380 SCPolicySvc - ok
14:13:45.0311 1380 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:13:45.0311 1380 SDRSVC - ok
14:13:45.0373 1380 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:13:45.0389 1380 SeaPort - ok
14:13:45.0451 1380 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:13:45.0451 1380 secdrv - ok
14:13:45.0482 1380 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:13:45.0482 1380 seclogon - ok
14:13:45.0482 1380 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:13:45.0482 1380 SENS - ok
14:13:45.0498 1380 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:13:45.0498 1380 SensrSvc - ok
14:13:45.0529 1380 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:13:45.0529 1380 Serenum - ok
14:13:45.0560 1380 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:13:45.0560 1380 Serial - ok
14:13:45.0576 1380 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:13:45.0576 1380 sermouse - ok
14:13:45.0591 1380 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:13:45.0591 1380 SessionEnv - ok
14:13:45.0607 1380 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:13:45.0607 1380 sffdisk - ok
14:13:45.0607 1380 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:13:45.0607 1380 sffp_mmc - ok
14:13:45.0607 1380 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:13:45.0607 1380 sffp_sd - ok
14:13:45.0607 1380 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:13:45.0607 1380 sfloppy - ok
14:13:45.0654 1380 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
14:13:45.0669 1380 Sftfs - ok
14:13:45.0732 1380 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:13:45.0747 1380 sftlist - ok
14:13:45.0779 1380 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:13:45.0779 1380 Sftplay - ok
14:13:45.0794 1380 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:13:45.0794 1380 Sftredir - ok
14:13:45.0825 1380 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
14:13:45.0825 1380 Sftvol - ok
14:13:45.0841 1380 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:13:45.0857 1380 sftvsa - ok
14:13:45.0888 1380 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:13:45.0903 1380 SharedAccess - ok
14:13:45.0919 1380 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:13:45.0935 1380 ShellHWDetection - ok
14:13:45.0966 1380 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
14:13:45.0966 1380 SiSGbeLH - ok
14:13:45.0997 1380 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:13:45.0997 1380 SiSRaid2 - ok
14:13:45.0997 1380 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:13:45.0997 1380 SiSRaid4 - ok
14:13:46.0013 1380 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:13:46.0013 1380 Smb - ok
14:13:46.0044 1380 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:13:46.0044 1380 SNMPTRAP - ok
14:13:46.0075 1380 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:13:46.0075 1380 spldr - ok
14:13:46.0106 1380 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:13:46.0106 1380 Spooler - ok
14:13:46.0215 1380 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:13:46.0247 1380 sppsvc - ok
14:13:46.0340 1380 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:13:46.0340 1380 sppuinotify - ok
14:13:46.0403 1380 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:13:46.0403 1380 srv - ok
14:13:46.0418 1380 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:13:46.0418 1380 srv2 - ok
14:13:46.0434 1380 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:13:46.0449 1380 srvnet - ok
14:13:46.0465 1380 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:13:46.0465 1380 SSDPSRV - ok
14:13:46.0481 1380 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:13:46.0481 1380 SstpSvc - ok
14:13:46.0496 1380 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:13:46.0496 1380 stexstor - ok
14:13:46.0543 1380 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:13:46.0559 1380 stisvc - ok
14:13:46.0574 1380 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:13:46.0574 1380 swenum - ok
14:13:46.0621 1380 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:13:46.0621 1380 swprv - ok
14:13:46.0699 1380 SynTP (cc13ee4af170abb99f6449cbb62ab219) C:\Windows\system32\DRIVERS\SynTP.sys
14:13:46.0715 1380 SynTP - ok
14:13:46.0839 1380 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:13:46.0855 1380 SysMain - ok
14:13:46.0933 1380 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:13:46.0949 1380 TabletInputService - ok
14:13:46.0949 1380 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:13:46.0964 1380 TapiSrv - ok
14:13:46.0964 1380 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:13:46.0964 1380 TBS - ok
14:13:47.0089 1380 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:13:47.0105 1380 Tcpip - ok
14:13:47.0261 1380 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:13:47.0276 1380 TCPIP6 - ok
14:13:47.0354 1380 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:13:47.0354 1380 tcpipreg - ok
14:13:47.0385 1380 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:13:47.0385 1380 TDPIPE - ok
14:13:47.0417 1380 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:13:47.0417 1380 TDTCP - ok
14:13:47.0463 1380 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:13:47.0463 1380 tdx - ok
14:13:47.0479 1380 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:13:47.0479 1380 TermDD - ok
14:13:47.0510 1380 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:13:47.0526 1380 TermService - ok
14:13:47.0526 1380 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:13:47.0526 1380 Themes - ok
14:13:47.0541 1380 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:13:47.0557 1380 THREADORDER - ok
14:13:47.0604 1380 TiMiniService (69d76ce06bb629b69165c81d83a4b03e) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
14:13:47.0619 1380 TiMiniService - ok
14:13:47.0651 1380 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
14:13:47.0651 1380 tmactmon - ok
14:13:47.0666 1380 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
14:13:47.0666 1380 tmcomm - ok
14:13:47.0682 1380 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
14:13:47.0682 1380 tmevtmgr - ok
14:13:47.0713 1380 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
14:13:47.0713 1380 tmtdi - ok
14:13:47.0729 1380 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
14:13:47.0729 1380 TPM - ok
14:13:47.0760 1380 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:13:47.0760 1380 TrkWks - ok
14:13:47.0791 1380 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:13:47.0807 1380 TrustedInstaller - ok
14:13:47.0822 1380 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:13:47.0822 1380 tssecsrv - ok
14:13:47.0853 1380 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:13:47.0853 1380 TsUsbFlt - ok
14:13:47.0853 1380 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:13:47.0869 1380 TsUsbGD - ok
14:13:47.0885 1380 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:13:47.0885 1380 tunnel - ok
14:13:47.0916 1380 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
14:13:47.0916 1380 TurboB - ok
14:13:47.0978 1380 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
14:13:47.0978 1380 TurboBoost - ok
14:13:48.0009 1380 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:13:48.0009 1380 uagp35 - ok
14:13:48.0041 1380 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:13:48.0041 1380 udfs - ok
14:13:48.0072 1380 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:13:48.0072 1380 UI0Detect - ok
14:13:48.0103 1380 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:13:48.0103 1380 uliagpkx - ok
14:13:48.0134 1380 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:13:48.0134 1380 umbus - ok
14:13:48.0134 1380 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:13:48.0134 1380 UmPass - ok
14:13:48.0290 1380 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:13:48.0321 1380 UNS - ok
14:13:48.0399 1380 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:13:48.0415 1380 upnphost - ok
14:13:48.0446 1380 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:13:48.0446 1380 usbccgp - ok
14:13:48.0462 1380 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:13:48.0462 1380 usbcir - ok
14:13:48.0477 1380 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:13:48.0477 1380 usbehci - ok
14:13:48.0524 1380 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:13:48.0524 1380 usbhub - ok
14:13:48.0540 1380 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:13:48.0555 1380 usbohci - ok
14:13:48.0571 1380 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:13:48.0571 1380 usbprint - ok
14:13:48.0587 1380 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:13:48.0587 1380 USBSTOR - ok
14:13:48.0587 1380 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:13:48.0587 1380 usbuhci - ok
14:13:48.0618 1380 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:13:48.0618 1380 usbvideo - ok
14:13:48.0649 1380 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:13:48.0649 1380 UxSms - ok
14:13:48.0680 1380 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:13:48.0680 1380 VaultSvc - ok
14:13:48.0711 1380 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:13:48.0711 1380 vdrvroot - ok
14:13:48.0774 1380 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:13:48.0774 1380 vds - ok
14:13:48.0789 1380 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:13:48.0789 1380 vga - ok
14:13:48.0805 1380 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:13:48.0805 1380 VgaSave - ok
14:13:48.0836 1380 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:13:48.0836 1380 vhdmp - ok
14:13:48.0836 1380 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:13:48.0836 1380 viaide - ok
14:13:48.0867 1380 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:13:48.0867 1380 volmgr - ok
14:13:48.0883 1380 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:13:48.0883 1380 volmgrx - ok
14:13:48.0914 1380 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
14:13:48.0930 1380 volsnap - ok
14:13:48.0977 1380 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:13:48.0977 1380 vsmraid - ok
14:13:49.0070 1380 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:13:49.0086 1380 VSS - ok
14:13:49.0179 1380 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:13:49.0195 1380 vwifibus - ok
14:13:49.0211 1380 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:13:49.0211 1380 vwififlt - ok
14:13:49.0211 1380 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:13:49.0211 1380 vwifimp - ok
14:13:49.0242 1380 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:13:49.0242 1380 W32Time - ok
14:13:49.0257 1380 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:13:49.0257 1380 WacomPen - ok
14:13:49.0304 1380 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:13:49.0304 1380 WANARP - ok
14:13:49.0304 1380 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:13:49.0304 1380 Wanarpv6 - ok
14:13:49.0398 1380 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:13:49.0413 1380 WatAdminSvc - ok
14:13:49.0476 1380 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:13:49.0491 1380 wbengine - ok
14:13:49.0585 1380 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:13:49.0585 1380 WbioSrvc - ok
14:13:49.0601 1380 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:13:49.0616 1380 wcncsvc - ok
14:13:49.0616 1380 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:13:49.0616 1380 WcsPlugInService - ok
14:13:49.0663 1380 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:13:49.0663 1380 Wd - ok
14:13:49.0694 1380 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:13:49.0710 1380 Wdf01000 - ok
14:13:49.0725 1380 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:13:49.0725 1380 WdiServiceHost - ok
14:13:49.0741 1380 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:13:49.0741 1380 WdiSystemHost - ok
14:13:49.0772 1380 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:13:49.0772 1380 WebClient - ok
14:13:49.0772 1380 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:13:49.0788 1380 Wecsvc - ok
14:13:49.0788 1380 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:13:49.0788 1380 wercplsupport - ok
14:13:49.0819 1380 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:13:49.0819 1380 WerSvc - ok
14:13:49.0881 1380 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:13:49.0881 1380 WfpLwf - ok
14:13:49.0913 1380 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
14:13:49.0913 1380 WimFltr - ok
14:13:49.0928 1380 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:13:49.0928 1380 WIMMount - ok
14:13:49.0975 1380 WinDefend - ok
14:13:49.0991 1380 WinHttpAutoProxySvc - ok
14:13:50.0037 1380 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:13:50.0037 1380 Winmgmt - ok
14:13:50.0131 1380 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:13:50.0162 1380 WinRM - ok
14:13:50.0287 1380 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:13:50.0303 1380 Wlansvc - ok
14:13:50.0396 1380 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:13:50.0396 1380 wlcrasvc - ok
14:13:50.0521 1380 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:13:50.0552 1380 wlidsvc - ok
14:13:50.0661 1380 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:13:50.0661 1380 WmiAcpi - ok
14:13:50.0708 1380 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:13:50.0708 1380 wmiApSrv - ok
14:13:50.0755 1380 WMPNetworkSvc - ok
14:13:50.0771 1380 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:13:50.0786 1380 WPCSvc - ok
14:13:50.0802 1380 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:13:50.0802 1380 WPDBusEnum - ok
14:13:50.0833 1380 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:13:50.0833 1380 ws2ifsl - ok
14:13:50.0849 1380 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:13:50.0849 1380 wscsvc - ok
14:13:50.0849 1380 WSearch - ok
14:13:50.0942 1380 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:13:50.0973 1380 wuauserv - ok
14:13:51.0067 1380 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:13:51.0067 1380 WudfPf - ok
14:13:51.0098 1380 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:13:51.0098 1380 WUDFRd - ok
14:13:51.0114 1380 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:13:51.0114 1380 wudfsvc - ok
14:13:51.0129 1380 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:13:51.0129 1380 WwanSvc - ok
14:13:51.0176 1380 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:13:51.0223 1380 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:13:51.0223 1380 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:13:51.0223 1380 Boot (0x1200) (6529203816f6377a41eb33fc3d756331) \Device\Harddisk0\DR0\Partition0
14:13:51.0223 1380 \Device\Harddisk0\DR0\Partition0 - ok
14:13:51.0239 1380 Boot (0x1200) (70b934c6ef4840374d309c0457a0f970) \Device\Harddisk0\DR0\Partition1
14:13:51.0254 1380 \Device\Harddisk0\DR0\Partition1 - ok
14:13:51.0254 1380 ============================================================
14:13:51.0254 1380 Scan finished
14:13:51.0254 1380 ============================================================
14:13:51.0254 1792 Detected object count: 1
14:13:51.0254 1792 Actual detected object count: 1
14:14:13.0859 1792 \Device\Harddisk0\DR0\# - copied to quarantine
14:14:13.0859 1792 \Device\Harddisk0\DR0 - copied to quarantine
14:14:13.0921 1792 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:14:13.0921 1792 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:14:13.0921 1792 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:14:13.0937 1792 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:14:13.0937 1792 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:14:13.0937 1792 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:14:13.0937 1792 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:14:13.0937 1792 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:14:13.0937 1792 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:14:13.0952 1792 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:14:13.0952 1792 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:14:13.0952 1792 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:14:13.0952 1792 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:14:13.0999 1792 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:14:13.0999 1792 \Device\Harddisk0\DR0 - ok
14:14:14.0015 1792 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:14:22.0938 1164 Deinitialize success

===================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 29 July 2012 - 02:45 PM

Greetings

start running in normal mode and let me know how things are.

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jmose

jmose
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 29 July 2012 - 07:28 PM

Gringo,

Other than the Windows Firewall not turning on, I can't find any issues. So, thank you very much!

Here is the ComboFix log. Please let me know if you see anything problematic. Otherwise, I think we can close this problem as a great success!

Thanks,
Jim

===========================
ComboFix 12-07-29.02 - Kristen 07/29/2012 20:01:05.3.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3872.2929 [GMT -4:00]
Running from: c:\users\Kristen\Downloads\ComboFix.exe
Command switches used :: c:\users\Kristen\Downloads\CFScript.txt
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 00:05 . 2012-07-30 00:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-30 00:05 . 2012-07-30 00:05 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-07-30 00:05 . 2012-07-30 00:05 -------- d-----w- c:\users\Jim\AppData\Local\temp
2012-07-30 00:05 . 2012-07-30 00:05 -------- d-----w- c:\users\James\AppData\Local\temp
2012-07-30 00:05 . 2012-07-30 00:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 18:14 . 2012-07-29 18:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-29 02:37 . 2012-07-29 02:37 -------- d-----w- C:\trippriv
2012-07-29 01:23 . 2012-07-29 01:23 -------- d-----w- c:\users\Kristen\AppData\Roaming\Malwarebytes
2012-07-29 01:22 . 2012-07-29 01:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 01:22 . 2012-07-29 01:22 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 01:22 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-25 01:04 . 2012-07-25 01:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-24 21:54 . 2012-07-24 21:54 -------- d-----w- c:\windows\Sun
2012-07-12 07:10 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 07:03 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-12 07:03 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-07-12 07:03 . 2012-06-02 12:52 174200 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-12 07:03 . 2012-06-02 11:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-07-12 07:03 . 2012-06-02 09:08 140920 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-07-12 01:36 . 2012-07-12 01:36 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-12 01:36 . 2012-07-12 01:36 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-03 02:17 . 2012-07-03 02:17 -------- d-----w- c:\users\Kristen\AppData\Local\LogMeIn
2012-07-03 02:17 . 2012-07-03 02:17 -------- d-----w- c:\programdata\LogMeIn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 05:08 . 2012-04-29 12:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 05:08 . 2012-04-29 12:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 07:04 . 2012-05-20 14:17 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-08 20:50 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 20:50 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 20:50 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 20:50 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 20:50 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 20:50 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 20:50 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-08 20:49 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-08 20:49 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 11:06 . 2012-06-13 11:45 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 11:45 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 11:45 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 11:45 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-29_03.03.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-29 02:53 . 2012-07-29 02:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-29 18:18 . 2012-07-29 18:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-29 02:53 . 2012-07-29 02:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-29 18:18 . 2012-07-29 18:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-25 00:57 . 2012-07-29 18:16 252396 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-07-29 18:25 674496 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-29 02:59 674496 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-29 18:25 126266 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-29 02:59 126266 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-29 01:14 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-29 18:17 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-24 20:09 . 2012-07-29 01:14 10843216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4159424787-495023056-1787294417-1001-8192.dat
+ 2012-03-24 20:09 . 2012-07-29 18:17 10843216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4159424787-495023056-1787294417-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE" [2011-04-25 239488]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE" [2011-04-25 239488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-18 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-18 549040]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-04 379520]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-03 277120]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2011-04-25 136576]
R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-17 2253120]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-12 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-27 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-17 28992]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-22 130024]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-22 395752]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 05:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-28 416024]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-03 2277992]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Kristen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\bzew5m4j.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:31,b9,f3,d7,c0,67,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-29 20:06:49
ComboFix-quarantined-files.txt 2012-07-30 00:06
ComboFix2.txt 2012-07-29 13:10
ComboFix3.txt 2012-07-29 03:04
.
Pre-Run: 158,503,739,392 bytes free
Post-Run: 158,587,588,608 bytes free
.
- - End Of File - - 356E81EF136BF823B45BCC60D0CEA8C4

===========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 29 July 2012 - 08:35 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Run this first and see if it helps with the firewall - http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 7 Update 4
JavaFX 2.1.0
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 01 August 2012 - 05:51 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 03 August 2012 - 11:57 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 06 August 2012 - 11:15 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users