Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random redirects after clicking google results


  • This topic is locked This topic is locked
29 replies to this topic

#1 Sup3rFly

Sup3rFly

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 06 August 2012 - 02:59 AM

Hi Guys,

Really hope I'm posting this in the right spot, if I have messed up, I'm sorry!

I have been getting random redirects when doing searches with google, the results are fine, but after clicking on a result sometimes I'm taken to a random site, always varies on what type of sites they are as well, never the same.

Hope someone can help. :wacko:


attached files from DDS below:-

Attached Files



BC AdBot (Login to Remove)

 


#2 Sup3rFly

Sup3rFly
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 07 August 2012 - 03:47 AM

Anyone able to help me ?

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 08 August 2012 - 08:18 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 11 August 2012 - 12:33 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 14 August 2012 - 12:14 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 14 August 2012 - 07:27 AM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Sup3rFly

Sup3rFly
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 15 August 2012 - 03:18 AM

Security Check:
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 27
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


Combo Fix:
ComboFix 12-08-14.05 - Aaron 15/08/2012 17:37:49.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4095.2587 [GMT 10:00]
Running from: c:\users\Aaron\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 07:51 . 2012-08-15 07:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 00:19 . 2012-07-29 00:20 -------- d-----w- c:\users\Aaron\AppData\Roaming\avidemux
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-24 11:10 . 2012-07-24 11:10 -------- d-----w- c:\program files (x86)\MSECache
2012-07-19 19:20 . 2012-07-19 19:20 -------- d-----w- c:\users\Aaron\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 23:37 . 2012-04-11 08:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-28 23:37 . 2011-09-14 00:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 19:28 . 2011-09-14 00:46 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-28 22:39 . 2011-09-14 01:10 82816 ----a-w- c:\users\Aaron\AppData\Roaming\pcouffin.sys
2012-06-28 07:14 . 2011-09-14 00:35 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-06-28 07:14 . 2011-09-14 00:35 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-06-28 07:14 . 2011-09-14 00:35 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2012-06-28 07:14 . 2011-09-14 00:35 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-06-12 03:08 . 2012-07-11 19:32 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 03:50 . 2012-06-11 03:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 03:50 . 2012-06-11 03:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 03:50 . 2012-06-11 03:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 03:50 . 2012-06-11 03:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 03:50 . 2012-06-11 03:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 03:49 . 2012-06-11 03:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 03:48 . 2012-06-11 03:48 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-11 03:48 . 2012-06-11 03:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-09 05:43 . 2012-07-11 19:25 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 19:25 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 19:25 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 19:24 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 19:25 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 19:25 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 19:24 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 23:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 23:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 23:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 23:59 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 23:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 23:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 23:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-11 19:27 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 19:26 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 19:27 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 19:27 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 19:27 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 19:27 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 19:27 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 19:27 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 19:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 19:27 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 19:27 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 19:27 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 19:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 19:27 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 19:27 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 19:27 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 19:27 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 19:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 19:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 19:25 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 19:25 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 19:25 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 19:25 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 19:25 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 05:19 . 2012-06-21 23:58 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:15 . 2012-06-21 23:58 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:40 . 2012-07-11 19:25 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 19:25 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 19:25 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 19:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-24 07:15 . 2012-05-24 07:15 187392 ----a-w- c:\windows\system32\clinfo.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-21 233984]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-03-25 129648]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-09-14 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-14 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-21 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-18 383808]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-23 55424]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2677160]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2011-03-25 81008]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-17 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 cmudaxp;ASUS Xonar D2X Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-12-20 2727936]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2010-09-08 28928]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-09-30 13312]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-27 395264]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8790016]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\tgk6d5jz.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ACFinder - c:\users\Aaron\AppData\Local\AppCore\ACFinder\ACFinder.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1548323858-3306093878-3414209844-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1548323858-3306093878-3414209844-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-1548323858-3306093878-3414209844-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-1548323858-3306093878-3414209844-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_USERS\S-1-5-21-1548323858-3306093878-3414209844-1000_Classes\Wow6432Node\CLSID\{2985d42d-6c30-401a-a61a-8c38039e6613}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000156
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1548323858-3306093878-3414209844-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7e,42,a8,a1,d7,fe,24,79,89,97,21,42,57,2c,be,52,01,28,f6,8d,39,
44,89,ce,a2,ca,8a,bd,1b,06,34,09,77,d3,f6,5c,65,00,35,a9,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1548323858-3306093878-3414209844-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c5,49,08,64,1a,60,84,e0,5a,8f,2e,0d,a2,05,19,74,3f,0e,17,8c,b4,
05,ca,a6,ec,bf,bc,b4,6a,f7,eb,d2,52,2e,94,5b,b7,e3,d0,b3,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1548323858-3306093878-3414209844-1000_Classes\Wow6432Node\CLSID\{a1c1722c-e378-4579-a4a9-95d2f321e5aa}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000116
"Therad"=dword:00000017
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-15 18:12:51
ComboFix-quarantined-files.txt 2012-08-15 08:12
.
Pre-Run: 889,473,110,016 bytes free
Post-Run: 889,320,968,192 bytes free
.
- - End Of File - - A8D7C63D25A19F47DDE7A891C6FF6AD7

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 15 August 2012 - 09:11 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Sup3rFly

Sup3rFly
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 15 August 2012 - 06:19 PM

TDSSKiller:
07:01:55.0460 1228 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
07:01:56.0329 1228 ============================================================
07:01:56.0329 1228 Current date / time: 2012/08/16 07:01:56.0329
07:01:56.0329 1228 SystemInfo:
07:01:56.0329 1228
07:01:56.0329 1228 OS Version: 6.1.7601 ServicePack: 1.0
07:01:56.0329 1228 Product type: Workstation
07:01:56.0329 1228 ComputerName: AARON-PC
07:01:56.0329 1228 UserName: Aaron
07:01:56.0329 1228 Windows directory: C:\Windows
07:01:56.0329 1228 System windows directory: C:\Windows
07:01:56.0329 1228 Running under WOW64
07:01:56.0330 1228 Processor architecture: Intel x64
07:01:56.0330 1228 Number of processors: 4
07:01:56.0330 1228 Page size: 0x1000
07:01:56.0330 1228 Boot type: Normal boot
07:01:56.0330 1228 ============================================================
07:01:57.0315 1228 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
07:01:57.0335 1228 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:01:57.0336 1228 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:01:57.0336 1228 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:01:57.0346 1228 ============================================================
07:01:57.0346 1228 \Device\Harddisk0\DR0:
07:01:57.0346 1228 MBR partitions:
07:01:57.0346 1228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
07:01:57.0346 1228 \Device\Harddisk1\DR1:
07:01:57.0346 1228 MBR partitions:
07:01:57.0346 1228 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
07:01:57.0346 1228 \Device\Harddisk2\DR2:
07:01:57.0346 1228 MBR partitions:
07:01:57.0346 1228 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
07:01:57.0346 1228 \Device\Harddisk3\DR3:
07:01:57.0346 1228 MBR partitions:
07:01:57.0346 1228 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
07:01:57.0346 1228 ============================================================
07:01:57.0364 1228 C: <-> \Device\Harddisk0\DR0\Partition1
07:01:57.0385 1228 E: <-> \Device\Harddisk2\DR2\Partition1
07:01:57.0406 1228 G: <-> \Device\Harddisk1\DR1\Partition1
07:01:57.0426 1228 F: <-> \Device\Harddisk3\DR3\Partition1
07:01:57.0426 1228 ============================================================
07:01:57.0426 1228 Initialize success
07:01:57.0426 1228 ============================================================
07:02:14.0799 3416 ============================================================
07:02:14.0799 3416 Scan started
07:02:14.0799 3416 Mode: Manual;
07:02:14.0799 3416 ============================================================
07:02:15.0909 3416 ================ Scan services =============================
07:02:16.0042 3416 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:02:16.0045 3416 1394ohci - ok
07:02:16.0084 3416 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:02:16.0089 3416 ACPI - ok
07:02:16.0117 3416 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:02:16.0118 3416 AcpiPmi - ok
07:02:16.0209 3416 [ d19c4ee2ac7c47b8f5f84fff1a789d8a ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:02:16.0210 3416 AdobeARMservice - ok
07:02:16.0235 3416 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:02:16.0242 3416 adp94xx - ok
07:02:16.0268 3416 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:02:16.0273 3416 adpahci - ok
07:02:16.0287 3416 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:02:16.0289 3416 adpu320 - ok
07:02:16.0308 3416 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:02:16.0309 3416 AeLookupSvc - ok
07:02:16.0347 3416 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
07:02:16.0354 3416 AFD - ok
07:02:16.0383 3416 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:02:16.0384 3416 agp440 - ok
07:02:16.0409 3416 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
07:02:16.0412 3416 ALG - ok
07:02:16.0422 3416 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
07:02:16.0423 3416 aliide - ok
07:02:16.0470 3416 [ b5e2434fc851698c1f119cf1c3935a50 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
07:02:16.0474 3416 AMD External Events Utility - ok
07:02:16.0528 3416 AMD FUEL Service - ok
07:02:16.0538 3416 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
07:02:16.0539 3416 amdide - ok
07:02:16.0563 3416 [ 6a2eeb0c4133b20773bb3dd0b7b377b4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
07:02:16.0565 3416 amdiox64 - ok
07:02:16.0585 3416 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:02:16.0593 3416 AmdK8 - ok
07:02:16.0808 3416 [ 9e3b4946f7e1bca0b763e19d81edbf2c ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
07:02:16.0997 3416 amdkmdag - ok
07:02:17.0048 3416 [ b9e1c7b7f1865f99b16ff2e1bb94edb6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
07:02:17.0053 3416 amdkmdap - ok
07:02:17.0069 3416 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:02:17.0070 3416 AmdPPM - ok
07:02:17.0098 3416 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:02:17.0099 3416 amdsata - ok
07:02:17.0118 3416 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:02:17.0122 3416 amdsbs - ok
07:02:17.0137 3416 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:02:17.0138 3416 amdxata - ok
07:02:17.0157 3416 [ f312fad7dbd49ed21a194ac71b497832 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
07:02:17.0158 3416 AODDriver4.01 - ok
07:02:17.0198 3416 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
07:02:17.0200 3416 AppID - ok
07:02:17.0227 3416 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:02:17.0228 3416 AppIDSvc - ok
07:02:17.0260 3416 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
07:02:17.0263 3416 Appinfo - ok
07:02:17.0315 3416 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:02:17.0317 3416 Apple Mobile Device - ok
07:02:17.0343 3416 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
07:02:17.0347 3416 AppMgmt - ok
07:02:17.0360 3416 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
07:02:17.0363 3416 arc - ok
07:02:17.0375 3416 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:02:17.0378 3416 arcsas - ok
07:02:17.0465 3416 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:02:17.0468 3416 aspnet_state - ok
07:02:17.0492 3416 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:02:17.0494 3416 AsyncMac - ok
07:02:17.0523 3416 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
07:02:17.0524 3416 atapi - ok
07:02:17.0567 3416 [ 230cf51113cd4b830b3bfd09b0d4c066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
07:02:17.0569 3416 AtiHDAudioService - ok
07:02:17.0764 3416 [ 9e3b4946f7e1bca0b763e19d81edbf2c ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
07:02:17.0847 3416 atikmdag - ok
07:02:17.0888 3416 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:02:17.0897 3416 AudioEndpointBuilder - ok
07:02:17.0909 3416 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:02:17.0915 3416 AudioSrv - ok
07:02:18.0068 3416 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
07:02:18.0160 3416 AVGIDSAgent - ok
07:02:18.0193 3416 [ 1b2e9fcdc26dc7c81d4131430e2dc936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
07:02:18.0195 3416 AVGIDSDriver - ok
07:02:18.0205 3416 [ 0f293406f64b48d5d2f0d3a1117f3a83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
07:02:18.0207 3416 AVGIDSFilter - ok
07:02:18.0244 3416 [ cffc3a4a638f462e0561cb368b9a7a3a ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
07:02:18.0244 3416 AVGIDSHA - ok
07:02:18.0259 3416 [ 59955b4c288dd2a8b9fd2cd5158355c5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
07:02:18.0263 3416 Avgldx64 - ok
07:02:18.0270 3416 [ a6aec362aae5e2dda7445e7690cb0f33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
07:02:18.0272 3416 Avgmfx64 - ok
07:02:18.0283 3416 [ 645c7f0a0e39758a0024a9b1748273c0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
07:02:18.0284 3416 Avgrkx64 - ok
07:02:18.0317 3416 [ 1bee674ad792b1c63bb0dac5fa724b23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
07:02:18.0322 3416 Avgtdia - ok
07:02:18.0350 3416 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
07:02:18.0354 3416 avgwd - ok
07:02:18.0390 3416 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:02:18.0393 3416 AxInstSV - ok
07:02:18.0415 3416 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
07:02:18.0422 3416 b06bdrv - ok
07:02:18.0443 3416 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:02:18.0447 3416 b57nd60a - ok
07:02:18.0480 3416 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
07:02:18.0483 3416 BDESVC - ok
07:02:18.0497 3416 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
07:02:18.0498 3416 Beep - ok
07:02:18.0543 3416 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
07:02:18.0552 3416 BFE - ok
07:02:18.0580 3416 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\system32\qmgr.dll
07:02:18.0592 3416 BITS - ok
07:02:18.0608 3416 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:02:18.0612 3416 blbdrive - ok
07:02:18.0675 3416 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:02:18.0680 3416 Bonjour Service - ok
07:02:18.0707 3416 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:02:18.0708 3416 bowser - ok
07:02:18.0720 3416 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:02:18.0720 3416 BrFiltLo - ok
07:02:18.0735 3416 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:02:18.0737 3416 BrFiltUp - ok
07:02:18.0758 3416 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
07:02:18.0760 3416 BridgeMP - ok
07:02:18.0797 3416 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
07:02:18.0799 3416 Browser - ok
07:02:18.0821 3416 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:02:18.0826 3416 Brserid - ok
07:02:18.0846 3416 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:02:18.0847 3416 BrSerWdm - ok
07:02:18.0859 3416 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:02:18.0859 3416 BrUsbMdm - ok
07:02:18.0873 3416 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:02:18.0873 3416 BrUsbSer - ok
07:02:18.0932 3416 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
07:02:18.0933 3416 BthEnum - ok
07:02:18.0947 3416 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:02:18.0949 3416 BTHMODEM - ok
07:02:18.0962 3416 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
07:02:18.0964 3416 BthPan - ok
07:02:18.0989 3416 [ 64c198198501f7560ee41d8d1efa7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
07:02:18.0997 3416 BTHPORT - ok
07:02:19.0027 3416 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
07:02:19.0029 3416 bthserv - ok
07:02:19.0053 3416 [ f188b7394d81010767b6df3178519a37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
07:02:19.0054 3416 BTHUSB - ok
07:02:19.0072 3416 catchme - ok
07:02:19.0086 3416 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:02:19.0088 3416 cdfs - ok
07:02:19.0118 3416 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:02:19.0121 3416 cdrom - ok
07:02:19.0159 3416 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
07:02:19.0162 3416 CertPropSvc - ok
07:02:19.0176 3416 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:02:19.0178 3416 circlass - ok
07:02:19.0196 3416 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
07:02:19.0201 3416 CLFS - ok
07:02:19.0244 3416 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:02:19.0246 3416 clr_optimization_v2.0.50727_32 - ok
07:02:19.0271 3416 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:02:19.0273 3416 clr_optimization_v2.0.50727_64 - ok
07:02:19.0341 3416 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:02:19.0343 3416 clr_optimization_v4.0.30319_32 - ok
07:02:19.0353 3416 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:02:19.0356 3416 clr_optimization_v4.0.30319_64 - ok
07:02:19.0369 3416 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:02:19.0371 3416 CmBatt - ok
07:02:19.0382 3416 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:02:19.0383 3416 cmdide - ok
07:02:19.0446 3416 [ 6b56a1437913c1dea2ee1f8b5db1ed74 ] cmudaxp C:\Windows\system32\drivers\cmudaxp.sys
07:02:19.0493 3416 cmudaxp - ok
07:02:19.0529 3416 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
07:02:19.0534 3416 CNG - ok
07:02:19.0546 3416 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:02:19.0547 3416 Compbatt - ok
07:02:19.0587 3416 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:02:19.0594 3416 CompositeBus - ok
07:02:19.0603 3416 COMSysApp - ok
07:02:19.0619 3416 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:02:19.0621 3416 crcdisk - ok
07:02:19.0657 3416 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:02:19.0659 3416 CryptSvc - ok
07:02:19.0693 3416 [ 54da3dfd29ed9f1619b6f53f3ce55e49 ] CSC C:\Windows\system32\drivers\csc.sys
07:02:19.0699 3416 CSC - ok
07:02:19.0718 3416 [ 3ab183ab4d2c79dcf459cd2c1266b043 ] CscService C:\Windows\System32\cscsvc.dll
07:02:19.0727 3416 CscService - ok
07:02:19.0769 3416 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:02:19.0776 3416 DcomLaunch - ok
07:02:19.0797 3416 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
07:02:19.0802 3416 defragsvc - ok
07:02:19.0826 3416 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:02:19.0828 3416 DfsC - ok
07:02:19.0846 3416 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
07:02:19.0851 3416 Dhcp - ok
07:02:19.0867 3416 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
07:02:19.0869 3416 discache - ok
07:02:19.0892 3416 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:02:19.0893 3416 Disk - ok
07:02:19.0923 3416 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:02:19.0927 3416 Dnscache - ok
07:02:19.0958 3416 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
07:02:19.0962 3416 dot3svc - ok
07:02:19.0993 3416 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
07:02:19.0996 3416 DPS - ok
07:02:20.0021 3416 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:02:20.0022 3416 drmkaud - ok
07:02:20.0057 3416 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:02:20.0069 3416 DXGKrnl - ok
07:02:20.0093 3416 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
07:02:20.0097 3416 EapHost - ok
07:02:20.0168 3416 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
07:02:20.0222 3416 ebdrv - ok
07:02:20.0250 3416 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
07:02:20.0253 3416 EFS - ok
07:02:20.0290 3416 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:02:20.0300 3416 ehRecvr - ok
07:02:20.0318 3416 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
07:02:20.0320 3416 ehSched - ok
07:02:20.0344 3416 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:02:20.0353 3416 elxstor - ok
07:02:20.0377 3416 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:02:20.0378 3416 ErrDev - ok
07:02:20.0407 3416 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
07:02:20.0410 3416 EventSystem - ok
07:02:20.0429 3416 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
07:02:20.0433 3416 exfat - ok
07:02:20.0459 3416 [ f7a7da530618c3700a449fe7971db924 ] ezplay C:\Windows\system32\Drivers\ezplay.sys
07:02:20.0462 3416 ezplay - ok
07:02:20.0473 3416 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:02:20.0475 3416 fastfat - ok
07:02:20.0519 3416 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
07:02:20.0528 3416 Fax - ok
07:02:20.0543 3416 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:02:20.0544 3416 fdc - ok
07:02:20.0555 3416 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
07:02:20.0557 3416 fdPHost - ok
07:02:20.0572 3416 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
07:02:20.0574 3416 FDResPub - ok
07:02:20.0592 3416 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:02:20.0593 3416 FileInfo - ok
07:02:20.0609 3416 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:02:20.0610 3416 Filetrace - ok
07:02:20.0619 3416 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:02:20.0622 3416 flpydisk - ok
07:02:20.0648 3416 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:02:20.0652 3416 FltMgr - ok
07:02:20.0697 3416 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
07:02:20.0724 3416 FontCache - ok
07:02:20.0760 3416 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:02:20.0762 3416 FontCache3.0.0.0 - ok
07:02:20.0775 3416 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:02:20.0777 3416 FsDepends - ok
07:02:20.0803 3416 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:02:20.0804 3416 Fs_Rec - ok
07:02:20.0838 3416 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:02:20.0842 3416 fvevol - ok
07:02:20.0858 3416 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:02:20.0859 3416 gagp30kx - ok
07:02:20.0893 3416 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:02:20.0894 3416 GEARAspiWDM - ok
07:02:20.0932 3416 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
07:02:20.0942 3416 gpsvc - ok
07:02:20.0982 3416 [ d5fa01185a7d5a65724fd87b34e53f5b ] hcmon C:\Windows\system32\drivers\hcmon.sys
07:02:20.0983 3416 hcmon - ok
07:02:20.0999 3416 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:02:21.0002 3416 hcw85cir - ok
07:02:21.0035 3416 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:02:21.0040 3416 HdAudAddService - ok
07:02:21.0062 3416 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:02:21.0064 3416 HDAudBus - ok
07:02:21.0078 3416 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:02:21.0079 3416 HidBatt - ok
07:02:21.0088 3416 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:02:21.0090 3416 HidBth - ok
07:02:21.0097 3416 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:02:21.0099 3416 HidIr - ok
07:02:21.0122 3416 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
07:02:21.0123 3416 hidserv - ok
07:02:21.0142 3416 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
07:02:21.0143 3416 HidUsb - ok
07:02:21.0173 3416 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:02:21.0177 3416 hkmsvc - ok
07:02:21.0209 3416 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:02:21.0213 3416 HomeGroupListener - ok
07:02:21.0245 3416 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:02:21.0250 3416 HomeGroupProvider - ok
07:02:21.0258 3416 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:02:21.0259 3416 HpSAMD - ok
07:02:21.0282 3416 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:02:21.0290 3416 HTTP - ok
07:02:21.0308 3416 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:02:21.0309 3416 hwpolicy - ok
07:02:21.0349 3416 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:02:21.0352 3416 i8042prt - ok
07:02:21.0375 3416 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:02:21.0380 3416 iaStorV - ok
07:02:21.0414 3416 [ 71359fc89451bf54fa06f049d3a87adf ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
07:02:21.0417 3416 IDMWFP - ok
07:02:21.0449 3416 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:02:21.0460 3416 idsvc - ok
07:02:21.0480 3416 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:02:21.0482 3416 iirsp - ok
07:02:21.0508 3416 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
07:02:21.0519 3416 IKEEXT - ok
07:02:21.0547 3416 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
07:02:21.0548 3416 intelide - ok
07:02:21.0565 3416 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:02:21.0568 3416 intelppm - ok
07:02:21.0584 3416 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:02:21.0592 3416 IPBusEnum - ok
07:02:21.0608 3416 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:02:21.0609 3416 IpFilterDriver - ok
07:02:21.0644 3416 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:02:21.0652 3416 iphlpsvc - ok
07:02:21.0682 3416 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:02:21.0684 3416 IPMIDRV - ok
07:02:21.0695 3416 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:02:21.0698 3416 IPNAT - ok
07:02:21.0767 3416 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:02:21.0774 3416 iPod Service - ok
07:02:21.0795 3416 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:02:21.0797 3416 IRENUM - ok
07:02:21.0814 3416 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:02:21.0815 3416 isapnp - ok
07:02:21.0833 3416 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:02:21.0837 3416 iScsiPrt - ok
07:02:21.0855 3416 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:02:21.0857 3416 kbdclass - ok
07:02:21.0869 3416 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:02:21.0870 3416 kbdhid - ok
07:02:21.0883 3416 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
07:02:21.0884 3416 KeyIso - ok
07:02:21.0912 3416 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:02:21.0914 3416 KSecDD - ok
07:02:21.0928 3416 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:02:21.0930 3416 KSecPkg - ok
07:02:21.0942 3416 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:02:21.0943 3416 ksthunk - ok
07:02:21.0973 3416 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
07:02:21.0978 3416 KtmRm - ok
07:02:22.0014 3416 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
07:02:22.0019 3416 LanmanServer - ok
07:02:22.0047 3416 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:02:22.0050 3416 LanmanWorkstation - ok
07:02:22.0075 3416 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:02:22.0077 3416 lltdio - ok
07:02:22.0099 3416 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:02:22.0104 3416 lltdsvc - ok
07:02:22.0119 3416 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:02:22.0120 3416 lmhosts - ok
07:02:22.0138 3416 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:02:22.0140 3416 LSI_FC - ok
07:02:22.0152 3416 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:02:22.0154 3416 LSI_SAS - ok
07:02:22.0165 3416 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:02:22.0168 3416 LSI_SAS2 - ok
07:02:22.0178 3416 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:02:22.0182 3416 LSI_SCSI - ok
07:02:22.0189 3416 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
07:02:22.0192 3416 luafv - ok
07:02:22.0222 3416 [ beb897ce49f7c991845d3aea0d298e53 ] Lycosa C:\Windows\system32\drivers\Lycosa.sys
07:02:22.0223 3416 Lycosa - ok
07:02:22.0259 3416 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:02:22.0263 3416 Mcx2Svc - ok
07:02:22.0280 3416 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:02:22.0283 3416 megasas - ok
07:02:22.0298 3416 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:02:22.0302 3416 MegaSR - ok
07:02:22.0348 3416 Microsoft SharePoint Workspace Audit Service - ok
07:02:22.0364 3416 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
07:02:22.0368 3416 MMCSS - ok
07:02:22.0385 3416 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
07:02:22.0388 3416 Modem - ok
07:02:22.0403 3416 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:02:22.0405 3416 monitor - ok
07:02:22.0433 3416 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:02:22.0434 3416 mouclass - ok
07:02:22.0445 3416 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:02:22.0447 3416 mouhid - ok
07:02:22.0484 3416 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:02:22.0485 3416 mountmgr - ok
07:02:22.0532 3416 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:02:22.0533 3416 MozillaMaintenance - ok
07:02:22.0588 3416 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
07:02:22.0595 3416 mpio - ok
07:02:22.0609 3416 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:02:22.0610 3416 mpsdrv - ok
07:02:22.0657 3416 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:02:22.0668 3416 MpsSvc - ok
07:02:22.0705 3416 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:02:22.0708 3416 MRxDAV - ok
07:02:22.0738 3416 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:02:22.0740 3416 mrxsmb - ok
07:02:22.0758 3416 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:02:22.0762 3416 mrxsmb10 - ok
07:02:22.0777 3416 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:02:22.0779 3416 mrxsmb20 - ok
07:02:22.0792 3416 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
07:02:22.0793 3416 msahci - ok
07:02:22.0808 3416 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:02:22.0809 3416 msdsm - ok
07:02:22.0839 3416 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
07:02:22.0843 3416 MSDTC - ok
07:02:22.0864 3416 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:02:22.0865 3416 Msfs - ok
07:02:22.0887 3416 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:02:22.0888 3416 mshidkmdf - ok
07:02:22.0898 3416 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:02:22.0899 3416 msisadrv - ok
07:02:22.0907 3416 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:02:22.0910 3416 MSiSCSI - ok
07:02:22.0917 3416 msiserver - ok
07:02:22.0938 3416 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:02:22.0939 3416 MSKSSRV - ok
07:02:22.0948 3416 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:02:22.0949 3416 MSPCLOCK - ok
07:02:22.0955 3416 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:02:22.0955 3416 MSPQM - ok
07:02:22.0992 3416 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:02:22.0995 3416 MsRPC - ok
07:02:23.0013 3416 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:02:23.0014 3416 mssmbios - ok
07:02:23.0020 3416 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:02:23.0022 3416 MSTEE - ok
07:02:23.0039 3416 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:02:23.0039 3416 MTConfig - ok
07:02:23.0064 3416 [ 03b7145c889603537e9ffeabb1ad1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
07:02:23.0065 3416 MTsensor - ok
07:02:23.0083 3416 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
07:02:23.0085 3416 Mup - ok
07:02:23.0123 3416 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
07:02:23.0132 3416 napagent - ok
07:02:23.0159 3416 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:02:23.0163 3416 NativeWifiP - ok
07:02:23.0199 3416 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
07:02:23.0212 3416 NDIS - ok
07:02:23.0230 3416 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:02:23.0232 3416 NdisCap - ok
07:02:23.0248 3416 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:02:23.0249 3416 NdisTapi - ok
07:02:23.0279 3416 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:02:23.0282 3416 Ndisuio - ok
07:02:23.0307 3416 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:02:23.0309 3416 NdisWan - ok
07:02:23.0340 3416 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:02:23.0344 3416 NDProxy - ok
07:02:23.0357 3416 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:02:23.0359 3416 NetBIOS - ok
07:02:23.0375 3416 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:02:23.0379 3416 NetBT - ok
07:02:23.0389 3416 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
07:02:23.0392 3416 Netlogon - ok
07:02:23.0425 3416 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
07:02:23.0430 3416 Netman - ok
07:02:23.0460 3416 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:02:23.0462 3416 NetMsmqActivator - ok
07:02:23.0469 3416 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:02:23.0470 3416 NetPipeActivator - ok
07:02:23.0493 3416 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
07:02:23.0499 3416 netprofm - ok
07:02:23.0507 3416 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:02:23.0508 3416 NetTcpActivator - ok
07:02:23.0514 3416 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:02:23.0517 3416 NetTcpPortSharing - ok
07:02:23.0528 3416 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:02:23.0529 3416 nfrd960 - ok
07:02:23.0543 3416 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:02:23.0548 3416 NlaSvc - ok
07:02:23.0560 3416 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:02:23.0563 3416 Npfs - ok
07:02:23.0578 3416 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
07:02:23.0580 3416 nsi - ok
07:02:23.0592 3416 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:02:23.0594 3416 nsiproxy - ok
07:02:23.0647 3416 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:02:23.0683 3416 Ntfs - ok
07:02:23.0768 3416 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
07:02:23.0769 3416 Null - ok
07:02:23.0797 3416 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:02:23.0799 3416 nvraid - ok
07:02:23.0814 3416 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:02:23.0818 3416 nvstor - ok
07:02:23.0839 3416 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:02:23.0842 3416 nv_agp - ok
07:02:23.0854 3416 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:02:23.0857 3416 ohci1394 - ok
07:02:23.0902 3416 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:02:23.0904 3416 ose - ok
07:02:24.0018 3416 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:02:24.0099 3416 osppsvc - ok
07:02:24.0127 3416 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:02:24.0132 3416 p2pimsvc - ok
07:02:24.0154 3416 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
07:02:24.0160 3416 p2psvc - ok
07:02:24.0180 3416 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:02:24.0182 3416 Parport - ok
07:02:24.0218 3416 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:02:24.0219 3416 partmgr - ok
07:02:24.0235 3416 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:02:24.0239 3416 PcaSvc - ok
07:02:24.0249 3416 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
07:02:24.0252 3416 pci - ok
07:02:24.0285 3416 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
07:02:24.0285 3416 pciide - ok
07:02:24.0310 3416 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:02:24.0313 3416 pcmcia - ok
07:02:24.0337 3416 [ af7ce12c4f3dc8cb2b07685c916bbcfe ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
07:02:24.0339 3416 pcouffin - ok
07:02:24.0352 3416 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
07:02:24.0353 3416 pcw - ok
07:02:24.0375 3416 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:02:24.0384 3416 PEAUTH - ok
07:02:24.0424 3416 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
07:02:24.0452 3416 PeerDistSvc - ok
07:02:24.0507 3416 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:02:24.0508 3416 PerfHost - ok
07:02:24.0574 3416 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
07:02:24.0610 3416 pla - ok
07:02:24.0650 3416 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:02:24.0657 3416 PlugPlay - ok
07:02:24.0673 3416 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:02:24.0675 3416 PNRPAutoReg - ok
07:02:24.0693 3416 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:02:24.0697 3416 PNRPsvc - ok
07:02:24.0715 3416 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:02:24.0723 3416 PolicyAgent - ok
07:02:24.0739 3416 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
07:02:24.0743 3416 Power - ok
07:02:24.0784 3416 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:02:24.0787 3416 PptpMiniport - ok
07:02:24.0798 3416 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:02:24.0799 3416 Processor - ok
07:02:24.0837 3416 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
07:02:24.0842 3416 ProfSvc - ok
07:02:24.0872 3416 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:02:24.0873 3416 ProtectedStorage - ok
07:02:24.0902 3416 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:02:24.0904 3416 Psched - ok
07:02:24.0938 3416 [ 4712cc14e720ecccc0aa16949d18aaf1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
07:02:24.0939 3416 PxHlpa64 - ok
07:02:24.0987 3416 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:02:25.0013 3416 ql2300 - ok
07:02:25.0027 3416 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:02:25.0029 3416 ql40xx - ok
07:02:25.0049 3416 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
07:02:25.0054 3416 QWAVE - ok
07:02:25.0065 3416 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:02:25.0067 3416 QWAVEdrv - ok
07:02:25.0084 3416 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:02:25.0084 3416 RasAcd - ok
07:02:25.0109 3416 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:02:25.0110 3416 RasAgileVpn - ok
07:02:25.0120 3416 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
07:02:25.0124 3416 RasAuto - ok
07:02:25.0149 3416 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:02:25.0153 3416 Rasl2tp - ok
07:02:25.0172 3416 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
07:02:25.0179 3416 RasMan - ok
07:02:25.0195 3416 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:02:25.0197 3416 RasPppoe - ok
07:02:25.0207 3416 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:02:25.0208 3416 RasSstp - ok
07:02:25.0238 3416 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:02:25.0243 3416 rdbss - ok
07:02:25.0255 3416 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:02:25.0257 3416 rdpbus - ok
07:02:25.0267 3416 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:02:25.0268 3416 RDPCDD - ok
07:02:25.0302 3416 [ 1b6163c503398b23ff8b939c67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
07:02:25.0304 3416 RDPDR - ok
07:02:25.0310 3416 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:02:25.0312 3416 RDPENCDD - ok
07:02:25.0330 3416 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:02:25.0332 3416 RDPREFMP - ok
07:02:25.0392 3416 [ 70cba1a0c98600a2aa1863479b35cb90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:02:25.0393 3416 RdpVideoMiniport - ok
07:02:25.0422 3416 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:02:25.0424 3416 RDPWD - ok
07:02:25.0444 3416 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:02:25.0448 3416 rdyboost - ok
07:02:25.0478 3416 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:02:25.0480 3416 RemoteAccess - ok
07:02:25.0494 3416 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:02:25.0498 3416 RemoteRegistry - ok
07:02:25.0537 3416 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
07:02:25.0539 3416 RFCOMM - ok
07:02:25.0557 3416 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:02:25.0560 3416 RpcEptMapper - ok
07:02:25.0570 3416 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
07:02:25.0572 3416 RpcLocator - ok
07:02:25.0605 3416 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
07:02:25.0612 3416 RpcSs - ok
07:02:25.0642 3416 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:02:25.0644 3416 rspndr - ok
07:02:25.0667 3416 [ e60c0a09f997826c7627b244195ab581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
07:02:25.0668 3416 s3cap - ok
07:02:25.0687 3416 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
07:02:25.0689 3416 SamSs - ok
07:02:25.0703 3416 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:02:25.0705 3416 sbp2port - ok
07:02:25.0718 3416 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:02:25.0722 3416 SCardSvr - ok
07:02:25.0753 3416 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:02:25.0755 3416 scfilter - ok
07:02:25.0779 3416 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
07:02:25.0799 3416 Schedule - ok
07:02:25.0827 3416 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
07:02:25.0829 3416 SCPolicySvc - ok
07:02:25.0854 3416 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:02:25.0858 3416 SDRSVC - ok
07:02:25.0869 3416 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:02:25.0870 3416 secdrv - ok
07:02:25.0903 3416 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
07:02:25.0905 3416 seclogon - ok
07:02:25.0918 3416 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
07:02:25.0920 3416 SENS - ok
07:02:25.0937 3416 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:02:25.0939 3416 SensrSvc - ok
07:02:25.0954 3416 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:02:25.0955 3416 Serenum - ok
07:02:25.0965 3416 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:02:25.0968 3416 Serial - ok
07:02:25.0984 3416 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:02:25.0987 3416 sermouse - ok
07:02:26.0048 3416 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
07:02:26.0052 3416 SessionEnv - ok
07:02:26.0074 3416 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:02:26.0074 3416 sffdisk - ok
07:02:26.0087 3416 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:02:26.0088 3416 sffp_mmc - ok
07:02:26.0102 3416 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:02:26.0103 3416 sffp_sd - ok
07:02:26.0120 3416 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:02:26.0122 3416 sfloppy - ok
07:02:26.0139 3416 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:02:26.0145 3416 SharedAccess - ok
07:02:26.0160 3416 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:02:26.0164 3416 ShellHWDetection - ok
07:02:26.0179 3416 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:02:26.0182 3416 SiSRaid2 - ok
07:02:26.0193 3416 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:02:26.0195 3416 SiSRaid4 - ok
07:02:26.0214 3416 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:02:26.0215 3416 Smb - ok
07:02:26.0233 3416 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:02:26.0235 3416 SNMPTRAP - ok
07:02:26.0253 3416 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
07:02:26.0253 3416 spldr - ok
07:02:26.0280 3416 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
07:02:26.0289 3416 Spooler - ok
07:02:26.0372 3416 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
07:02:26.0398 3416 sppsvc - ok
07:02:26.0434 3416 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:02:26.0437 3416 sppuinotify - ok
07:02:26.0507 3416 [ a6cff1af7664627a296b6a0a96cf876e ] sptd C:\Windows\System32\Drivers\sptd.sys
07:02:26.0508 3416 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: a6cff1af7664627a296b6a0a96cf876e
07:02:26.0509 3416 sptd ( LockedFile.Multi.Generic ) - warning
07:02:26.0509 3416 sptd - detected LockedFile.Multi.Generic (1)
07:02:26.0549 3416 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
07:02:26.0555 3416 srv - ok
07:02:26.0593 3416 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:02:26.0598 3416 srv2 - ok
07:02:26.0634 3416 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:02:26.0638 3416 srvnet - ok
07:02:26.0654 3416 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:02:26.0658 3416 SSDPSRV - ok
07:02:26.0674 3416 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:02:26.0678 3416 SstpSvc - ok
07:02:26.0689 3416 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:02:26.0690 3416 stexstor - ok
07:02:26.0714 3416 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
07:02:26.0723 3416 stisvc - ok
07:02:26.0755 3416 [ 7785dc213270d2fc066538daf94087e7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
07:02:26.0758 3416 storflt - ok
07:02:26.0773 3416 [ d34e4943d5ac096c8edeebfd80d76e23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
07:02:26.0774 3416 storvsc - ok
07:02:26.0784 3416 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
07:02:26.0785 3416 swenum - ok
07:02:26.0869 3416 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
07:02:26.0875 3416 SwitchBoard - ok
07:02:26.0888 3416 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
07:02:26.0897 3416 swprv - ok
07:02:26.0902 3416 Synth3dVsc - ok
07:02:26.0959 3416 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
07:02:26.0994 3416 SysMain - ok
07:02:27.0032 3416 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:02:27.0035 3416 TabletInputService - ok
07:02:27.0052 3416 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
07:02:27.0057 3416 TapiSrv - ok
07:02:27.0073 3416 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
07:02:27.0075 3416 TBS - ok
07:02:27.0150 3416 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:02:27.0185 3416 Tcpip - ok
07:02:27.0234 3416 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:02:27.0248 3416 TCPIP6 - ok
07:02:27.0284 3416 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:02:27.0285 3416 tcpipreg - ok
07:02:27.0319 3416 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:02:27.0319 3416 TDPIPE - ok
07:02:27.0344 3416 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:02:27.0344 3416 TDTCP - ok
07:02:27.0374 3416 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:02:27.0377 3416 tdx - ok
07:02:27.0482 3416 [ b1ce840c2405e8fa499dc62090f5db06 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
07:02:27.0502 3416 TeamViewer7 - ok
07:02:27.0540 3416 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
07:02:27.0542 3416 TermDD - ok
07:02:27.0567 3416 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
07:02:27.0577 3416 TermService - ok
07:02:27.0597 3416 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
07:02:27.0600 3416 Themes - ok
07:02:27.0625 3416 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
07:02:27.0627 3416 THREADORDER - ok
07:02:27.0638 3416 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
07:02:27.0642 3416 TrkWks - ok
07:02:27.0695 3416 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:02:27.0699 3416 TrustedInstaller - ok
07:02:27.0732 3416 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:02:27.0733 3416 tssecsrv - ok
07:02:27.0749 3416 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:02:27.0752 3416 TsUsbFlt - ok
07:02:27.0757 3416 tsusbhub - ok
07:02:27.0799 3416 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:02:27.0802 3416 tunnel - ok
07:02:27.0825 3416 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:02:27.0827 3416 uagp35 - ok
07:02:27.0863 3416 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:02:27.0868 3416 udfs - ok
07:02:27.0925 3416 [ 215462ae7e6a897d675e84dd1e3b3b56 ] ufad-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
07:02:27.0929 3416 ufad-ws60 - ok
07:02:27.0955 3416 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:02:27.0959 3416 UI0Detect - ok
07:02:27.0975 3416 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:02:27.0978 3416 uliagpkx - ok
07:02:28.0003 3416 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
07:02:28.0004 3416 umbus - ok
07:02:28.0030 3416 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:02:28.0032 3416 UmPass - ok
07:02:28.0048 3416 [ a293dcd756d04d8492a750d03b9a297c ] UmRdpService C:\Windows\System32\umrdp.dll
07:02:28.0053 3416 UmRdpService - ok
07:02:28.0072 3416 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
07:02:28.0078 3416 upnphost - ok
07:02:28.0114 3416 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
07:02:28.0115 3416 USBAAPL64 - ok
07:02:28.0133 3416 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:02:28.0135 3416 usbccgp - ok
07:02:28.0153 3416 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:02:28.0154 3416 usbcir - ok
07:02:28.0168 3416 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:02:28.0170 3416 usbehci - ok
07:02:28.0189 3416 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:02:28.0194 3416 usbhub - ok
07:02:28.0210 3416 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
07:02:28.0213 3416 usbohci - ok
07:02:28.0229 3416 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:02:28.0230 3416 usbprint - ok
07:02:28.0247 3416 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:02:28.0249 3416 USBSTOR - ok
07:02:28.0263 3416 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
07:02:28.0265 3416 usbuhci - ok
07:02:28.0279 3416 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
07:02:28.0284 3416 UxSms - ok
07:02:28.0293 3416 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
07:02:28.0294 3416 VaultSvc - ok
07:02:28.0304 3416 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:02:28.0305 3416 vdrvroot - ok
07:02:28.0350 3416 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
07:02:28.0359 3416 vds - ok
07:02:28.0375 3416 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:02:28.0378 3416 vga - ok
07:02:28.0394 3416 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
07:02:28.0395 3416 VgaSave - ok
07:02:28.0402 3416 VGPU - ok
07:02:28.0425 3416 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:02:28.0428 3416 vhdmp - ok
07:02:28.0442 3416 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
07:02:28.0443 3416 viaide - ok
07:02:28.0480 3416 [ 3b59bb6d10cf969dbe4db93d9ead7fb4 ] VKbms C:\Windows\system32\DRIVERS\VKbms.sys
07:02:28.0482 3416 VKbms - ok
07:02:28.0517 3416 [ 7ac6239c65dade55defd573b98616c3f ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
07:02:28.0518 3416 VMAuthdService - ok
07:02:28.0537 3416 [ 86ea3e79ae350fea5331a1303054005f ] vmbus C:\Windows\system32\drivers\vmbus.sys
07:02:28.0540 3416 vmbus - ok
07:02:28.0552 3416 [ 7de90b48f210d29649380545db45a187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
07:02:28.0554 3416 VMBusHID - ok
07:02:28.0580 3416 [ 312aec23a85424543af898a59209b479 ] vmci C:\Windows\system32\drivers\vmci.sys
07:02:28.0582 3416 vmci - ok
07:02:28.0593 3416 [ ffc30caeeb2fc5fee8568cff74edeaed ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
07:02:28.0594 3416 vmkbd - ok
07:02:28.0618 3416 [ 9d54f1339e78c95bf3d9939ebcb66378 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
07:02:28.0619 3416 VMnetAdapter - ok
07:02:28.0629 3416 [ fb54ef3aa613d2832fd3812e7cb2fc75 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
07:02:28.0632 3416 VMnetBridge - ok
07:02:28.0647 3416 VMnetDHCP - ok
07:02:28.0667 3416 [ 56d547bfc3f1619fa82ec9ef5d24e802 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
07:02:28.0668 3416 VMnetuserif - ok
07:02:28.0695 3416 [ 19368f7c4dc6ef444b826249fc8a0e30 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
07:02:28.0699 3416 VMUSBArbService - ok
07:02:28.0709 3416 VMware NAT Service - ok
07:02:28.0735 3416 [ 62cd5a87fde14701506d4e0dd8f13d2e ] vmx86 C:\Windows\system32\drivers\vmx86.sys
07:02:28.0738 3416 vmx86 - ok
07:02:28.0762 3416 [ 93f279a2c172562050700a18fa84be2e ] vncmirror C:\Windows\system32\DRIVERS\vncmirror.sys
07:02:28.0763 3416 vncmirror - ok
07:02:28.0775 3416 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:02:28.0778 3416 volmgr - ok
07:02:28.0814 3416 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:02:28.0819 3416 volmgrx - ok
07:02:28.0838 3416 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:02:28.0843 3416 volsnap - ok
07:02:28.0868 3416 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:02:28.0870 3416 vsmraid - ok
07:02:28.0925 3416 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
07:02:28.0960 3416 VSS - ok
07:02:28.0985 3416 [ e61c910e2ddf4797c1b1f9239636e894 ] vstor2-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
07:02:28.0987 3416 vstor2-ws60 - ok
07:02:28.0999 3416 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
07:02:29.0000 3416 vwifibus - ok
07:02:29.0033 3416 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
07:02:29.0039 3416 W32Time - ok
07:02:29.0053 3416 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:02:29.0055 3416 WacomPen - ok
07:02:29.0069 3416 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:02:29.0073 3416 WANARP - ok
07:02:29.0078 3416 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:02:29.0079 3416 Wanarpv6 - ok
07:02:29.0138 3416 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:02:29.0165 3416 WatAdminSvc - ok
07:02:29.0214 3416 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
07:02:29.0249 3416 wbengine - ok
07:02:29.0263 3416 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:02:29.0268 3416 WbioSrvc - ok
07:02:29.0288 3416 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:02:29.0295 3416 wcncsvc - ok
07:02:29.0309 3416 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:02:29.0312 3416 WcsPlugInService - ok
07:02:29.0324 3416 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:02:29.0325 3416 Wd - ok
07:02:29.0350 3416 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:02:29.0359 3416 Wdf01000 - ok
07:02:29.0367 3416 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:02:29.0370 3416 WdiServiceHost - ok
07:02:29.0377 3416 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:02:29.0379 3416 WdiSystemHost - ok
07:02:29.0410 3416 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
07:02:29.0415 3416 WebClient - ok
07:02:29.0429 3416 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:02:29.0434 3416 Wecsvc - ok
07:02:29.0445 3416 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:02:29.0449 3416 wercplsupport - ok
07:02:29.0459 3416 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
07:02:29.0462 3416 WerSvc - ok
07:02:29.0473 3416 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:02:29.0474 3416 WfpLwf - ok
07:02:29.0487 3416 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:02:29.0488 3416 WIMMount - ok
07:02:29.0503 3416 WinDefend - ok
07:02:29.0523 3416 WinHttpAutoProxySvc - ok
07:02:29.0558 3416 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:02:29.0562 3416 Winmgmt - ok
07:02:29.0609 3416 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
07:02:29.0645 3416 WinRM - ok
07:02:29.0687 3416 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:02:29.0688 3416 WinUsb - ok
07:02:29.0713 3416 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
07:02:29.0725 3416 Wlansvc - ok
07:02:29.0838 3416 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:02:29.0855 3416 wlidsvc - ok
07:02:29.0883 3416 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:02:29.0884 3416 WmiAcpi - ok
07:02:29.0905 3416 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:02:29.0909 3416 wmiApSrv - ok
07:02:29.0922 3416 WMPNetworkSvc - ok
07:02:29.0930 3416 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:02:29.0933 3416 WPCSvc - ok
07:02:29.0960 3416 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:02:29.0964 3416 WPDBusEnum - ok
07:02:29.0984 3416 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:02:29.0985 3416 ws2ifsl - ok
07:02:29.0999 3416 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
07:02:30.0003 3416 wscsvc - ok
07:02:30.0008 3416 WSearch - ok
07:02:30.0079 3416 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
07:02:30.0124 3416 wuauserv - ok
07:02:30.0139 3416 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:02:30.0142 3416 WudfPf - ok
07:02:30.0177 3416 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:02:30.0179 3416 WUDFRd - ok
07:02:30.0192 3416 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:02:30.0195 3416 wudfsvc - ok
07:02:30.0210 3416 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
07:02:30.0215 3416 WwanSvc - ok
07:02:30.0262 3416 [ 64f88af327aa74e03658ae32b48ccb8b ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
07:02:30.0267 3416 yukonw7 - ok
07:02:30.0285 3416 ================ Scan global ===============================
07:02:30.0314 3416 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
07:02:30.0352 3416 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
07:02:30.0362 3416 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
07:02:30.0385 3416 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
07:02:30.0402 3416 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
07:02:30.0407 3416 [Global] - ok
07:02:30.0407 3416 ================ Scan MBR ==================================
07:02:30.0415 3416 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:02:30.0617 3416 \Device\Harddisk0\DR0 - ok
07:02:30.0622 3416 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
07:02:30.0627 3416 \Device\Harddisk1\DR1 - ok
07:02:30.0630 3416 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
07:02:30.0635 3416 \Device\Harddisk2\DR2 - ok
07:02:30.0640 3416 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
07:02:30.0644 3416 \Device\Harddisk3\DR3 - ok
07:02:30.0645 3416 ================ Scan VBR ==================================
07:02:30.0649 3416 Boot (0x1200) (e6ed822040dec918339ed59e45dcc269) \Device\Harddisk0\DR0\Partition1
07:02:30.0650 3416 \Device\Harddisk0\DR0\Partition1 - ok
07:02:30.0657 3416 Boot (0x1200) (0afc332b7735dec33049a62c2a352af7) \Device\Harddisk1\DR1\Partition1
07:02:30.0659 3416 \Device\Harddisk1\DR1\Partition1 - ok
07:02:30.0663 3416 Boot (0x1200) (4c5bdadb6667a458ca182d23c365b96a) \Device\Harddisk2\DR2\Partition1
07:02:30.0665 3416 \Device\Harddisk2\DR2\Partition1 - ok
07:02:30.0670 3416 Boot (0x1200) (cb3ec3606001fe611d6d0e9d0bb1f850) \Device\Harddisk3\DR3\Partition1
07:02:30.0672 3416 \Device\Harddisk3\DR3\Partition1 - ok
07:02:30.0674 3416 ============================================================
07:02:30.0674 3416 Scan finished
07:02:30.0674 3416 ============================================================
07:02:30.0689 5124 Detected object count: 1
07:02:30.0689 5124 Actual detected object count: 1
07:02:46.0634 5124 sptd ( LockedFile.Multi.Generic ) - skipped by user
07:02:46.0634 5124 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
07:02:49.0091 5628 Deinitialize success


awsMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-16 07:02:57
-----------------------------
07:02:57.984 OS Version: Windows x64 6.1.7601 Service Pack 1
07:02:57.984 Number of processors: 4 586 0x202
07:02:57.986 ComputerName: AARON-PC UserName: Aaron
07:02:59.640 Initialize success
07:04:53.100 AVAST engine defs: 12081503
07:14:31.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
07:14:31.572 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
07:14:31.576 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T1L0-5
07:14:31.579 Disk 1 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
07:14:31.583 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-6
07:14:31.586 Disk 2 Vendor: ST31000525SV CV11 Size: 953869MB BusType: 3
07:14:31.590 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP5T1L0-7
07:14:31.593 Disk 3 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
07:14:31.612 Disk 0 MBR read successfully
07:14:31.617 Disk 0 MBR scan
07:14:31.623 Disk 0 Windows 7 default MBR code
07:14:31.631 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953767 MB offset 206848
07:14:31.647 Disk 0 scanning C:\Windows\system32\drivers
07:14:43.628 Service scanning
07:15:12.852 Modules scanning
07:15:12.861 Disk 0 trace - called modules:
07:15:12.886 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003d852c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
07:15:12.894 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d7a060]
07:15:12.901 3 CLASSPNP.SYS[fffff88001b9a43f] -> nt!IofCallDriver -> [0xfffffa8004abdcf0]
07:15:12.908 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8004b00680]
07:15:12.914 \Driver\atapi[0xfffffa8003e045b0] -> IRP_MJ_CREATE -> 0xfffffa8003d852c0
07:15:28.285 AVAST engine scan C:\Windows
07:15:32.498 AVAST engine scan C:\Windows\system32
07:20:03.059 AVAST engine scan C:\Windows\system32\drivers
07:20:30.998 AVAST engine scan C:\Users\Aaron
08:13:22.182 AVAST engine scan C:\ProgramData
08:18:28.686 Scan finished successfully
09:15:52.846 Disk 0 MBR has been saved successfully to "C:\Users\Aaron\Desktop\MBR.dat"
09:15:52.856 The log file has been saved successfully to "C:\Users\Aaron\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 15 August 2012 - 06:43 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Sup3rFly

Sup3rFly
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 17 August 2012 - 03:50 AM

Hi Gringo,

It hasn't done any random redirects as of yet, can we leave this open for a few days to test?


ComboFix 12-08-17.01 - Aaron 17/08/2012 18:00:50.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4095.2697 [GMT 10:00]
Running from: c:\users\Aaron\Downloads\ComboFix.exe
Command switches used :: c:\users\Aaron\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 08:14 . 2012-08-17 08:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 20:57 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 20:50 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 20:50 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 20:50 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 20:50 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 20:50 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 20:50 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 20:50 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 20:50 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 20:50 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 20:50 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 20:50 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 20:50 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-07-29 00:19 . 2012-07-29 00:20 -------- d-----w- c:\users\Aaron\AppData\Roaming\avidemux
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-24 11:10 . 2012-07-24 11:10 -------- d-----w- c:\program files (x86)\MSECache
2012-07-19 19:20 . 2012-07-19 19:20 -------- d-----w- c:\users\Aaron\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 20:51 . 2011-09-14 00:46 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-28 23:37 . 2012-04-11 08:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-28 23:37 . 2011-09-14 00:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-28 22:39 . 2011-09-14 01:10 82816 ----a-w- c:\users\Aaron\AppData\Roaming\pcouffin.sys
2012-06-28 07:14 . 2011-09-14 00:35 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-06-28 07:14 . 2011-09-14 00:35 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-06-28 07:14 . 2011-09-14 00:35 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2012-06-28 07:14 . 2011-09-14 00:35 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-06-11 03:50 . 2012-06-11 03:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 03:50 . 2012-06-11 03:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 03:50 . 2012-06-11 03:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 03:50 . 2012-06-11 03:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 03:50 . 2012-06-11 03:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 03:49 . 2012-06-11 03:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 03:48 . 2012-06-11 03:48 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-11 03:48 . 2012-06-11 03:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-09 05:43 . 2012-07-11 19:25 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 19:25 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 19:25 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 19:24 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 19:25 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 19:25 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 19:24 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-05 22:49 . 2012-06-05 22:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-02 22:19 . 2012-06-21 23:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 23:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 23:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 23:59 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 23:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 23:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 23:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 19:25 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 19:25 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 19:25 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 19:25 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 19:25 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 05:19 . 2012-06-21 23:58 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:15 . 2012-06-21 23:58 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:40 . 2012-07-11 19:25 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 19:25 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 19:25 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 19:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-24 07:15 . 2012-05-24 07:15 187392 ----a-w- c:\windows\system32\clinfo.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_07.52.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-15 20:50 . 2012-07-04 21:16 57344 c:\windows\SysWOW64\netapi32.dll
+ 2012-08-15 20:54 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-07-11 19:27 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-15 20:54 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-07-11 19:27 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-08-15 20:54 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-07-11 19:27 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-09-14 02:14 . 2012-08-16 19:20 41708 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-16 19:20 33410 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-14 00:13 . 2012-08-16 19:20 15558 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1548323858-3306093878-3414209844-1000_UserData.bin
- 2012-07-11 19:27 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll
+ 2012-08-15 20:54 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll
- 2012-07-11 19:27 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-08-15 20:54 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-08-15 20:54 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll
- 2012-07-11 19:27 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll
- 2009-07-14 05:30 . 2012-07-16 10:47 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-08-15 23:22 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-09-14 03:06 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys
+ 2009-07-14 04:46 . 2012-08-16 19:24 87424 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-09-15 00:59 . 2012-07-11 19:30 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-09-15 00:59 . 2012-08-15 20:56 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-09-15 00:59 . 2012-08-15 20:56 43608 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-09-15 00:59 . 2012-07-11 19:30 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-09-15 00:59 . 2012-08-15 20:56 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-08-17 07:00 . 2012-08-17 07:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 07:07 . 2012-08-15 07:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-17 07:00 . 2012-08-17 07:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-15 07:07 . 2012-08-15 07:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-11 19:27 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-15 20:54 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-15 20:54 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll
+ 2012-08-15 20:54 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-07-11 19:27 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-07-11 19:27 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-08-15 20:54 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll
- 2012-07-11 19:27 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll
+ 2012-08-15 20:54 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-08-17 07:05 667232 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-15 07:12 667232 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-17 07:05 126494 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-15 07:12 126494 c:\windows\system32\perfc009.dat
+ 2012-08-15 20:54 . 2012-06-29 03:44 816640 c:\windows\system32\jscript.dll
+ 2012-08-15 20:54 . 2012-06-29 03:43 173056 c:\windows\system32\ieUnatt.exe
- 2012-07-11 19:27 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe
+ 2012-08-15 20:54 . 2012-06-29 03:35 248320 c:\windows\system32\ieui.dll
- 2012-07-11 19:27 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll
- 2009-07-14 05:30 . 2012-07-16 10:47 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-08-15 23:22 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-08-15 23:22 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-07-08 10:05 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-09-14 03:06 . 2010-11-20 13:24 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe
+ 2012-08-15 20:57 . 2012-07-06 20:07 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys
+ 2009-07-14 05:31 . 2012-08-15 23:22 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2011-09-14 04:42 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:01 . 2012-08-16 19:56 489932 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-03 21:59 . 2012-07-03 21:59 261120 c:\windows\Installer\83bfe.msp
- 2011-09-15 00:59 . 2012-07-11 19:30 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-09-15 00:59 . 2012-08-15 20:56 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-09-15 00:59 . 2012-08-15 20:56 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-09-15 00:59 . 2012-07-11 19:30 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-09-15 00:59 . 2012-07-11 19:30 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-09-15 00:59 . 2012-08-15 20:56 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-09-15 00:59 . 2012-08-15 20:56 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2011-09-15 00:59 . 2012-07-11 19:30 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-09-15 00:59 . 2012-08-15 20:56 470616 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-09-15 00:59 . 2012-07-11 19:30 470616 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-09-15 00:59 . 2012-08-15 20:56 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
- 2011-09-15 00:59 . 2012-07-11 19:30 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-01-07 00:38 . 2011-01-07 00:38 121208 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\MSCONV97.DLL
+ 2012-08-15 20:54 . 2012-06-29 00:09 1129472 c:\windows\SysWOW64\wininet.dll
- 2012-07-11 19:27 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-08-15 20:54 . 2012-06-29 00:09 1103872 c:\windows\SysWOW64\urlmon.dll
- 2012-07-11 19:27 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-15 20:54 . 2012-06-29 00:16 1800704 c:\windows\SysWOW64\jscript9.dll
+ 2012-08-15 20:54 . 2012-06-29 00:01 1793024 c:\windows\SysWOW64\iertutil.dll
- 2012-07-11 19:27 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll
- 2012-07-11 19:26 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-08-15 20:54 . 2012-06-29 00:27 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-08-15 20:54 . 2012-06-29 03:49 1392128 c:\windows\system32\wininet.dll
- 2012-07-11 19:27 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll
+ 2012-08-15 20:54 . 2012-06-29 03:49 1346048 c:\windows\system32\urlmon.dll
- 2012-07-11 19:27 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll
+ 2012-08-15 20:54 . 2012-06-29 03:56 2312704 c:\windows\system32\jscript9.dll
- 2012-07-11 19:27 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll
+ 2012-08-15 20:54 . 2012-06-29 03:42 2144768 c:\windows\system32\iertutil.dll
+ 2009-07-14 04:45 . 2012-08-16 08:16 4974256 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-07-12 00:06 4974256 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-08-16 08:18 6018805 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-07-12 00:08 6018805 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-09-14 02:06 . 2012-08-16 19:56 3034416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-18 16:45 . 2012-07-18 16:45 3464704 c:\windows\Installer\83c93.msp
+ 2012-07-03 22:04 . 2012-07-03 22:04 1292288 c:\windows\Installer\83c7a.msp
+ 2012-07-03 22:12 . 2012-07-03 22:12 4772352 c:\windows\Installer\83c6e.msp
+ 2012-07-03 22:09 . 2012-07-03 22:09 1284096 c:\windows\Installer\83c54.msp
+ 2012-07-03 22:01 . 2012-07-03 22:01 9082368 c:\windows\Installer\83c3b.msp
+ 2012-07-03 21:58 . 2012-07-03 21:58 6163456 c:\windows\Installer\83c18.msp
+ 2011-09-15 00:59 . 2012-08-15 20:56 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-09-15 00:59 . 2012-07-11 19:30 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-09-15 00:59 . 2012-08-15 20:56 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-09-15 00:59 . 2012-07-11 19:30 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-09-15 00:59 . 2012-08-15 20:56 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-09-15 00:59 . 2012-07-11 19:30 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-09-15 00:59 . 2012-07-11 19:30 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-09-15 00:59 . 2012-08-15 20:56 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-08-15 20:54 . 2012-06-29 00:52 12317184 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-08-15 23:22 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-07-11 19:56 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-08-15 20:54 . 2012-06-29 04:55 17809920 c:\windows\system32\mshtml.dll
+ 2012-08-15 20:54 . 2012-06-29 04:09 10925568 c:\windows\system32\ieframe.dll
+ 2011-09-14 00:10 . 2012-08-16 19:56 27793836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1548323858-3306093878-3414209844-1000-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-21 233984]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-03-25 129648]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-09-14 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-14 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-21 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-18 383808]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-23 55424]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2677160]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2011-03-25 81008]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-17 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 cmudaxp;ASUS Xonar D2X Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-12-20 2727936]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2010-09-08 28928]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-09-30 13312]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-27 395264]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8790016]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\tgk6d5jz.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1548323858-3306093878-3414209844-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1548323858-3306093878-3414209844-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-1548323858-3306093878-3414209844-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-1548323858-3306093878-3414209844-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_USERS\S-1-5-21-1548323858-3306093878-3414209844-1000_Classes\Wow6432Node\CLSID\{2985d42d-6c30-401a-a61a-8c38039e6613}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000156
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1548323858-3306093878-3414209844-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7e,42,a8,a1,d7,fe,24,79,89,97,21,42,57,2c,be,52,01,28,f6,8d,39,
44,89,ce,a2,ca,8a,bd,1b,06,34,09,77,d3,f6,5c,65,00,35,a9,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1548323858-3306093878-3414209844-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c5,49,08,64,1a,60,84,e0,5a,8f,2e,0d,a2,05,19,74,3f,0e,17,8c,b4,
05,ca,a6,ec,bf,bc,b4,6a,f7,eb,d2,52,2e,94,5b,b7,e3,d0,b3,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1548323858-3306093878-3414209844-1000_Classes\Wow6432Node\CLSID\{a1c1722c-e378-4579-a4a9-95d2f321e5aa}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000116
"Therad"=dword:00000017
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-17 18:35:21
ComboFix-quarantined-files.txt 2012-08-17 08:35
ComboFix2.txt 2012-08-15 08:13
.
Pre-Run: 889,154,916,352 bytes free
Post-Run: 889,215,569,920 bytes free
.
- - End Of File - - AFE97BDB773E0EDB0E34D344F58C4D2E

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 17 August 2012 - 05:17 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 27 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Sup3rFly

Sup3rFly
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 17 August 2012 - 06:57 PM

MBAM Log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.17.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Aaron :: AARON-PC [administrator]

18/08/2012 9:49:57 AM
mbam-log-2012-08-18 (09-49-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198695
Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hijackthis Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:55:37 AM, on 18/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Program Files (x86)\Internet Download Manager\idman.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Users\Aaron\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11516 bytes


Doesn't seem to be doing any redirects any more, but as I mentioned it was very random and didn't happen every single time, but other times it would be on every search.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 17 August 2012 - 08:34 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Sup3rFly

Sup3rFly
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 19 August 2012 - 02:48 PM

Gringo, I be able to do this for you later today.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users