Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast reports Win32: hupigon-ONX [trj] and PUPs and rootkit warning


  • This topic is locked This topic is locked
16 replies to this topic

#1 fedup14

fedup14

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 08 August 2012 - 03:13 AM

I reformatted my hard drive yesterday after win32 infections were reported by avast (it was time to reformat anyway). Immediately after doing that I reinstalled avast did another boot scan - everything was clear. Then later the same day I got a warning from avast that it had detected a rootkit. I selected delete / remove or whatever option there was to take care of it. Then I did another boot scan and... the same infections from before reformatting were reported. It only picks these up during boot scans. I could delete / move the win32 PUPs to virus vault but when I tried to do the same with the Win32trojan, each time it said that the files could not be opened "because the share access flags are incompatible"...? When I look at the boot scan results from avast it says File name - c:\hiberfil.sys Satus - Win32: hupigon-ONX [trj] Action - Repair Result - the system cannot find the files specified [2].

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Andrea at 16:27:42 on 2012-08-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2038.853 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\ASScrPro.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\ifxuagui.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PowerForPhone] "c:\program files\p4p\P4P.exe"
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{59628241-8850-4B47-813F-976F1CABC535} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\andrea\appdata\roaming\mozilla\firefox\profiles\y69s8v28.default\
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-7 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-7 353688]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-25 39080]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-7 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-8-7 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-7 44808]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-7 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-7 113120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-08 03:40:45 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-08-08 03:33:06 -------- d-----w- c:\program files\PeerBlock
2012-08-08 03:28:40 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-08-08 03:28:39 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-08-08 03:28:38 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-08-08 03:28:38 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-08-08 03:28:37 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-08-08 03:28:37 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-08-08 03:28:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-08-08 03:20:15 -------- d-----w- c:\users\andrea\appdata\local\{07FED62D-80F0-4846-8C95-301B9D41595E}
2012-08-08 03:20:04 -------- d-----w- c:\users\andrea\appdata\local\{09BAF3BA-4E1D-4D43-8223-9FBFE47FDF17}
2012-08-08 03:19:49 -------- d-----w- c:\users\andrea\Tracing
2012-08-08 02:49:50 -------- d-----w- c:\windows\PCHEALTH
2012-08-08 02:46:03 6260088 ----a-w- c:\program files\common files\windows live\.cache\ee1289e01cd750f06\Silverlight.4.0.exe
2012-08-08 02:44:18 -------- d-----w- c:\users\andrea\appdata\local\Windows Live
2012-08-07 23:52:26 -------- d-----w- c:\programdata\Infineon
2012-08-07 23:52:04 -------- d-----w- c:\program files\Infineon
2012-08-07 23:49:35 172032 ----a-w- c:\windows\system32\igfxres.dll
2012-08-07 23:49:10 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-08-07 23:28:32 37232 ----a-w- c:\windows\ASScrProlog.exe
2012-08-07 23:28:31 503808 ----a-w- c:\windows\Asus_Camera_ScreenSaver.scr
2012-08-07 23:28:31 4499453 ----a-w- c:\windows\ASUS Camera ScreenSaver.exe
2012-08-07 23:28:31 274800 ----a-w- c:\windows\ASUS Camera ScreenSaver Uninstaller.exe
2012-08-07 23:28:29 606848 ----a-w- c:\windows\flashax.exe
2012-08-07 23:28:29 12288 ----a-w- c:\windows\impborl.dll
2012-08-07 23:28:29 -------- d-----w- c:\windows\Asus_Camera_ScreenSaver dir
2012-08-07 23:27:58 33136 ----a-w- c:\windows\ASScrPro.exe
2012-08-07 23:24:53 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2012-08-07 23:24:53 -------- d-----w- c:\program files\P4P
2012-08-07 23:24:52 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2012-08-07 23:24:52 182456 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-08-07 23:24:52 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-08-07 23:24:52 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-08-07 23:24:51 163840 ----a-w- c:\windows\system32\SynCOM.dll
2012-08-07 23:22:00 -------- d-----w- c:\program files\Synaptics
2012-08-07 23:20:07 -------- d-----w- c:\programdata\P4G
2012-08-07 23:20:07 -------- d-----w- c:\program files\Power4Gear eXtreme
2012-08-07 23:20:07 -------- d-----w- c:\program files\P4G
2012-08-07 23:17:45 155648 ----a-w- c:\windows\system32\ACEngSvr.exe
2012-08-07 23:09:12 -------- d-----w- c:\programdata\ASUS
2012-08-07 23:04:29 743424 ----a-w- c:\windows\system32\athr.sys
2012-08-07 23:04:29 -------- d-----w- c:\windows\Options
2012-08-07 23:04:29 -------- d-----w- c:\program files\Atheros
2012-08-07 23:04:13 -------- d-----w- c:\programdata\Atheros
2012-08-07 23:03:08 -------- d-----w- c:\program files\Wireless Console 2
2012-08-07 23:01:25 29752 ----a-w- c:\windows\system32\drivers\AsDsm.sys
2012-08-07 23:00:03 -------- d-----w- c:\program files\ATKGFNEX
2012-08-07 22:58:16 -------- d-----w- c:\windows\system32\RTCOM
2012-08-07 22:49:54 -------- d-----w- c:\programdata\Symantec
2012-08-07 22:49:41 -------- d-----w- c:\program files\common files\Symantec Shared
2012-08-07 22:49:39 -------- d-sh--w- c:\windows\Installer
2012-08-07 22:49:14 -------- d-----w- c:\program files\ATKOSD2
2012-08-07 22:48:41 -------- d-----w- c:\program files\ATK Hotkey
2012-08-07 22:48:00 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-08-07 22:48:00 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-08-07 22:48:00 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2012-08-07 22:48:00 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-08-07 22:47:59 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-08-07 22:47:23 -------- d-----w- c:\program files\ASUS
2012-08-07 22:45:47 400152 ----a-w- c:\windows\system32\igxpun.exe
2012-08-07 22:45:47 319456 ----a-w- c:\windows\system32\difxapi.dll
2012-08-07 22:45:47 -------- d-----w- c:\windows\system32\Lang
2012-08-07 22:42:13 -------- d-----w- C:\Intel
2012-08-07 22:38:57 -------- d-----w- c:\program files\Motorola
2012-08-07 17:16:40 -------- d-----w- c:\windows\system32\drivers\umdf\zh-HK
2012-08-07 17:16:40 -------- d-----w- c:\program files\Windows Portable Devices
2012-08-07 16:40:28 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-07 16:39:39 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-08-07 16:39:36 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-08-07 16:39:35 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-08-07 16:32:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-07 16:32:00 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-08-07 16:32:00 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-07 16:32:00 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-07 16:23:28 98816 ----a-w- c:\windows\system32\mfps.dll
2012-08-07 16:22:44 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-08-07 16:22:44 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-08-07 16:22:44 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-08-07 16:22:44 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-08-07 16:22:43 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-08-07 16:22:43 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-08-07 16:22:43 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-08-07 16:15:10 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-08-07 16:06:26 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-07 16:06:01 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-07 15:53:26 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-08-07 15:42:07 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-07 15:41:40 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-07 15:41:30 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-07 15:41:30 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-07 15:40:34 -------- d-----w- c:\program files\common files\Windows Live
2012-08-07 15:40:23 -------- d-----w- c:\users\andrea\appdata\local\{B769A927-18B6-496A-9EAB-DFBFCC9B15B9}
2012-08-07 15:09:21 -------- d-----w- c:\windows\system32\vi-VN
2012-08-07 15:09:21 -------- d-----w- c:\windows\system32\eu-ES
2012-08-07 15:09:21 -------- d-----w- c:\windows\system32\drivers\zh-HK
2012-08-07 15:09:21 -------- d-----w- c:\windows\system32\ca-ES
2012-08-07 14:06:15 -------- d-----w- c:\windows\system32\EventProviders
2012-08-07 13:50:59 407552 ----a-w- c:\windows\system32\MPSSVC.dll
2012-08-07 13:49:59 311808 ----a-w- c:\windows\system32\swprv.dll
2012-08-07 13:48:59 90112 ----a-w- c:\windows\system32\wshext.dll
2012-08-07 13:47:59 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2012-08-07 13:46:55 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2012-08-07 13:46:36 218624 ----a-w- c:\windows\system32\wdscore.dll
2012-08-07 13:46:36 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2012-08-07 13:45:27 247808 ----a-w- c:\windows\system32\drvstore.dll
2012-08-07 11:01:54 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-08-07 10:55:06 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-08-07 10:55:06 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-08-07 10:55:06 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-08-07 10:55:06 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-08-07 10:55:06 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-08-07 10:51:58 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2012-08-07 10:51:57 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2012-08-07 10:51:57 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2012-08-07 10:51:57 241152 ----a-w- c:\windows\system32\winrscmd.dll
2012-08-07 10:51:57 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2012-08-07 10:51:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2012-08-07 10:49:52 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-08-07 10:49:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-08-07 10:49:44 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-08-07 10:49:42 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-08-07 10:49:36 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-08-07 10:49:34 17920 ----a-w- c:\windows\system32\netevent.dll
2012-08-07 10:49:11 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-08-07 10:49:10 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-08-07 10:48:49 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-08-07 10:48:49 518144 ----a-w- c:\windows\system32\RMActivate.exe
2012-08-07 10:48:47 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2012-08-07 10:48:47 471552 ----a-w- c:\windows\system32\secproc.dll
2012-08-07 10:48:47 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-08-07 10:48:46 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-08-07 10:48:46 332288 ----a-w- c:\windows\system32\msdrm.dll
2012-08-07 10:48:45 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-08-07 10:48:45 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-08-07 10:38:41 -------- d-----w- c:\program files\Oracle
2012-08-07 10:37:52 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-07 10:37:52 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-07 10:20:18 -------- d-----w- c:\users\andrea\appdata\local\Macromedia
2012-08-07 10:19:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-07 10:19:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 09:18:10 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-08-07 09:18:02 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{08e0e9e2-01cb-411b-8a19-33025c6823ee}\mpengine.dll
2012-08-07 09:18:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-08-07 09:02:28 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-08-07 09:02:24 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-08-07 09:02:24 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-08-07 09:00:28 36864 ----a-w- c:\windows\system32\rtutils.dll
2012-08-07 08:58:13 105984 ----a-w- c:\windows\system32\netiohlp.dll
2012-08-07 08:58:11 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-08-07 08:58:11 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-08-07 08:58:10 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-08-07 08:58:10 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-08-07 08:58:10 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-08-07 08:58:10 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-08-07 08:58:10 10240 ----a-w- c:\windows\system32\finger.exe
2012-08-07 08:57:29 6656 ----a-w- c:\windows\system32\kbd106n.dll
2012-08-07 08:57:04 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-08-07 08:57:04 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-08-07 08:57:04 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-08-07 08:57:04 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2012-08-07 08:57:04 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2012-08-07 08:57:04 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2012-08-07 08:57:03 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2012-08-07 08:55:58 954752 ----a-w- c:\windows\system32\mfc40.dll
2012-08-07 08:54:58 502272 ----a-w- c:\windows\system32\usp10.dll
2012-08-07 08:54:57 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-08-07 08:54:56 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-08-07 08:54:55 157184 ----a-w- c:\windows\system32\t2embed.dll
2012-08-07 08:54:54 67072 ----a-w- c:\windows\system32\asycfilt.dll
2012-08-07 08:54:53 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2012-08-07 08:54:36 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-08-07 08:54:36 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-08-07 08:54:17 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-07 08:54:15 867328 ----a-w- c:\windows\system32\wmpmde.dll
2012-08-07 08:54:00 322560 ----a-w- c:\windows\system32\sbe.dll
2012-08-07 08:53:59 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2012-08-07 08:53:58 153088 ----a-w- c:\windows\system32\sbeio.dll
2012-08-07 08:53:22 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-08-07 08:53:22 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-08-07 08:53:05 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-08-07 08:53:05 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-08-07 08:38:40 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2012-08-07 08:38:36 43520 ----a-w- c:\windows\system32\msdxm.tlb
2012-08-07 08:38:36 18432 ----a-w- c:\windows\system32\amcompat.tlb
2012-08-07 08:38:34 601600 ----a-w- c:\windows\system32\schedsvc.dll
2012-08-07 08:38:33 352768 ----a-w- c:\windows\system32\taskschd.dll
2012-08-07 08:38:32 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-08-07 08:38:32 270336 ----a-w- c:\windows\system32\taskcomp.dll
2012-08-07 08:38:32 171520 ----a-w- c:\windows\system32\taskeng.exe
2012-08-07 08:38:29 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-08-07 08:37:54 739328 ----a-w- c:\windows\system32\inetcomm.dll
2012-08-07 08:37:36 60928 ----a-w- c:\windows\system32\msasn1.dll
2012-08-07 08:37:34 81920 ----a-w- c:\windows\system32\consent.exe
2012-08-07 08:35:19 2067968 ----a-w- c:\windows\system32\mstscax.dll
2012-08-07 08:35:18 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-08-07 08:35:18 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2012-08-07 08:35:18 53248 ----a-w- c:\windows\system32\tsgqec.dll
2012-08-07 08:35:18 136192 ----a-w- c:\windows\system32\aaclient.dll
2012-08-07 08:30:33 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-08-07 08:27:43 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2012-08-07 08:27:39 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2012-08-07 08:27:38 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2012-08-07 08:27:38 31744 ----a-w- c:\windows\system32\msvidc32.dll
2012-08-07 08:27:38 22528 ----a-w- c:\windows\system32\msyuv.dll
2012-08-07 08:27:38 13312 ----a-w- c:\windows\system32\msrle32.dll
2012-08-07 08:27:37 91136 ----a-w- c:\windows\system32\avifil32.dll
2012-08-07 08:27:37 82944 ----a-w- c:\windows\system32\mciavi32.dll
2012-08-07 08:27:36 123904 ----a-w- c:\windows\system32\msvfw32.dll
2012-08-07 08:27:34 355328 ----a-w- c:\windows\system32\WSDApi.dll
2012-08-07 08:27:30 243712 ----a-w- c:\windows\system32\rastls.dll
2012-08-07 08:27:17 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-08-07 08:24:42 98304 ----a-w- c:\windows\system32\cabview.dll
2012-08-07 07:36:23 -------- d-----w- c:\users\andrea\appdata\local\Google
2012-08-07 07:36:19 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-07 07:36:18 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-07 07:35:40 41224 ----a-w- c:\windows\avastSS.scr
2012-08-07 07:35:16 -------- d-----w- c:\programdata\AVAST Software
2012-08-07 07:35:16 -------- d-----w- c:\program files\AVAST Software
2012-08-07 07:21:15 -------- d-----w- c:\users\andrea\appdata\roaming\Infineon
2012-08-07 07:20:05 -------- d-----w- c:\users\andrea\appdata\local\VirtualStore
.
==================== Find3M ====================
.
2012-08-07 22:57:43 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-08-07 22:57:19 315392 ----a-w- c:\windows\HideWin.exe
2012-08-07 16:23:28 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-08-07 16:22:44 4096 ----a-w- c:\windows\system32\drivers\zh-tw\dxgkrnl.sys.mui
2012-08-07 16:22:44 4096 ----a-w- c:\windows\system32\drivers\zh-cn\dxgkrnl.sys.mui
2012-08-07 16:22:44 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 16:29:06.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 13 August 2012 - 03:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464351 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 PM

Posted 14 August 2012 - 12:45 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 fedup14

fedup14
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 15 August 2012 - 03:27 AM

I'm having trouble here with what you requested. I managed to get another DDS output, but when I ran the GMR scan, each time I did it it took hours. Twice my computer fell asleep or avast turned itself on so I had to redo it. The the third time I made sure my computer did not fall asleep... The scanning went on for 7 hours. Yes. And then it gave me a message saying "The scan was stopped". That's it. I don't know how to proceed. I will try to run it again after restarting.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Andrea at 14:37:37 on 2012-08-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2038.880 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\ASScrPro.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\ifxuagui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PowerForPhone] "c:\program files\p4p\P4P.exe"
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12
TCP: Interfaces\{59628241-8850-4B47-813F-976F1CABC535} : DhcpNameServer = 211.31.138.11 211.29.132.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\andrea\appdata\roaming\mozilla\firefox\profiles\y69s8v28.default\
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-7 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-7 353688]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-25 39080]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-7 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-8-7 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-7 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-7 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-7 113120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-13 16:17:18 -------- d-----w- c:\users\andrea\appdata\local\{8BF9E399-659F-4ADE-B852-8717D4EF3957}
2012-08-13 16:17:05 -------- d-----w- c:\users\andrea\appdata\local\{90EA2580-0E32-40C8-9647-37A66C70E0A6}
2012-08-13 04:16:42 -------- d-----w- c:\users\andrea\appdata\local\{0C78F549-412C-46AB-B45F-BA86B20C11D6}
2012-08-13 04:16:26 -------- d-----w- c:\users\andrea\appdata\local\{1BB6A4F0-0D3E-4EEA-BBA6-77C7BAB5F648}
2012-08-12 16:16:13 -------- d-----w- c:\users\andrea\appdata\local\{670918BC-36F9-4133-8AEE-A568F8C04ACD}
2012-08-12 16:16:00 -------- d-----w- c:\users\andrea\appdata\local\{88BADBE3-367F-4C61-92A9-BDEE17483C6D}
2012-08-12 04:15:43 -------- d-----w- c:\users\andrea\appdata\local\{FBA15AC1-4BF7-4B21-8696-60CE87CAC10C}
2012-08-12 04:14:56 -------- d-----w- c:\users\andrea\appdata\local\{7EC446A8-D13F-4C77-BD54-97303DFB9F0A}
2012-08-11 13:49:00 -------- d-----w- c:\users\andrea\appdata\local\{9F02640F-8C72-4B31-A56B-A9FA66C47232}
2012-08-11 13:48:48 -------- d-----w- c:\users\andrea\appdata\local\{596BEAEE-4148-40DF-B20B-BD4E890A7573}
2012-08-11 11:14:50 -------- d-----w- c:\users\andrea\appdata\local\{DADFEC16-9BB5-4526-B3B7-BE3542985695}
2012-08-11 02:09:33 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{147f9b26-da0f-4947-8316-1f0aa9cb8d66}\mpengine.dll
2012-08-11 01:48:22 -------- d-----w- c:\users\andrea\appdata\local\{122B04AE-9A6F-4B88-9EC0-E6F618268A70}
2012-08-10 11:40:04 -------- d-----w- c:\users\andrea\appdata\local\Adobe
2012-08-10 10:17:40 -------- d-----w- c:\users\andrea\appdata\local\{368463B3-B4AE-45D3-9555-4E60CDE75D58}
2012-08-10 10:17:29 -------- d-----w- c:\users\andrea\appdata\local\{417D78C8-AA20-410D-B354-8DEBC75EA284}
2012-08-09 15:21:58 -------- d-----w- c:\users\andrea\appdata\local\{5C11760A-B638-4DC1-8FC1-A4A201161C41}
2012-08-09 15:21:46 -------- d-----w- c:\users\andrea\appdata\local\{65380940-A299-499C-B619-EA4B65D896DF}
2012-08-09 03:21:34 -------- d-----w- c:\users\andrea\appdata\local\{F051A0E4-F137-4E5A-80EE-9A8699F26FD9}
2012-08-09 03:21:24 -------- d-----w- c:\users\andrea\appdata\local\{E29B28C0-24E7-4166-B277-14087BD6C96F}
2012-08-08 15:21:11 -------- d-----w- c:\users\andrea\appdata\local\{3B01BDCD-43DA-487B-BFC2-042A712B4B22}
2012-08-08 15:21:00 -------- d-----w- c:\users\andrea\appdata\local\{8C0362A0-30B6-4E21-B245-FE623C475611}
2012-08-08 03:40:45 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-08-08 03:33:06 -------- d-----w- c:\program files\PeerBlock
2012-08-08 03:28:40 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-08-08 03:28:39 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-08-08 03:28:38 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-08-08 03:28:38 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-08-08 03:28:37 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-08-08 03:28:37 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-08-08 03:28:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-08-08 03:20:15 -------- d-----w- c:\users\andrea\appdata\local\{07FED62D-80F0-4846-8C95-301B9D41595E}
2012-08-08 03:20:04 -------- d-----w- c:\users\andrea\appdata\local\{09BAF3BA-4E1D-4D43-8223-9FBFE47FDF17}
2012-08-08 03:19:49 -------- d-----w- c:\users\andrea\Tracing
2012-08-08 02:49:50 -------- d-----w- c:\windows\PCHEALTH
2012-08-08 02:46:03 6260088 ----a-w- c:\program files\common files\windows live\.cache\ee1289e01cd750f06\Silverlight.4.0.exe
2012-08-08 02:44:18 -------- d-----w- c:\users\andrea\appdata\local\Windows Live
2012-08-07 23:52:26 -------- d-----w- c:\programdata\Infineon
2012-08-07 23:52:04 -------- d-----w- c:\program files\Infineon
2012-08-07 23:49:35 172032 ----a-w- c:\windows\system32\igfxres.dll
2012-08-07 23:49:10 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-08-07 23:28:32 37232 ----a-w- c:\windows\ASScrProlog.exe
2012-08-07 23:28:31 503808 ----a-w- c:\windows\Asus_Camera_ScreenSaver.scr
2012-08-07 23:28:31 4499453 ----a-w- c:\windows\ASUS Camera ScreenSaver.exe
2012-08-07 23:28:31 274800 ----a-w- c:\windows\ASUS Camera ScreenSaver Uninstaller.exe
2012-08-07 23:28:29 606848 ----a-w- c:\windows\flashax.exe
2012-08-07 23:28:29 12288 ----a-w- c:\windows\impborl.dll
2012-08-07 23:28:29 -------- d-----w- c:\windows\Asus_Camera_ScreenSaver dir
2012-08-07 23:27:58 33136 ----a-w- c:\windows\ASScrPro.exe
2012-08-07 23:24:53 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2012-08-07 23:24:53 -------- d-----w- c:\program files\P4P
2012-08-07 23:24:52 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2012-08-07 23:24:52 182456 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-08-07 23:24:52 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-08-07 23:24:52 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-08-07 23:24:51 163840 ----a-w- c:\windows\system32\SynCOM.dll
2012-08-07 23:22:00 -------- d-----w- c:\program files\Synaptics
2012-08-07 23:20:07 -------- d-----w- c:\programdata\P4G
2012-08-07 23:20:07 -------- d-----w- c:\program files\Power4Gear eXtreme
2012-08-07 23:20:07 -------- d-----w- c:\program files\P4G
2012-08-07 23:17:45 155648 ----a-w- c:\windows\system32\ACEngSvr.exe
2012-08-07 23:09:12 -------- d-----w- c:\programdata\ASUS
2012-08-07 23:04:29 743424 ----a-w- c:\windows\system32\athr.sys
2012-08-07 23:04:29 -------- d-----w- c:\windows\Options
2012-08-07 23:04:29 -------- d-----w- c:\program files\Atheros
2012-08-07 23:04:13 -------- d-----w- c:\programdata\Atheros
2012-08-07 23:03:08 -------- d-----w- c:\program files\Wireless Console 2
2012-08-07 23:01:25 29752 ----a-w- c:\windows\system32\drivers\AsDsm.sys
2012-08-07 23:00:03 -------- d-----w- c:\program files\ATKGFNEX
2012-08-07 22:58:16 -------- d-----w- c:\windows\system32\RTCOM
2012-08-07 22:49:54 -------- d-----w- c:\programdata\Symantec
2012-08-07 22:49:41 -------- d-----w- c:\program files\common files\Symantec Shared
2012-08-07 22:49:39 -------- d-sh--w- c:\windows\Installer
2012-08-07 22:49:14 -------- d-----w- c:\program files\ATKOSD2
2012-08-07 22:48:41 -------- d-----w- c:\program files\ATK Hotkey
2012-08-07 22:48:00 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-08-07 22:48:00 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-08-07 22:48:00 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2012-08-07 22:48:00 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-08-07 22:47:59 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-08-07 22:47:23 -------- d-----w- c:\program files\ASUS
2012-08-07 22:45:47 400152 ----a-w- c:\windows\system32\igxpun.exe
2012-08-07 22:45:47 319456 ----a-w- c:\windows\system32\difxapi.dll
2012-08-07 22:45:47 -------- d-----w- c:\windows\system32\Lang
2012-08-07 22:42:13 -------- d-----w- C:\Intel
2012-08-07 22:38:57 -------- d-----w- c:\program files\Motorola
2012-08-07 17:16:40 -------- d-----w- c:\program files\Windows Portable Devices
2012-08-07 16:40:28 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-07 16:39:39 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-08-07 16:39:36 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-08-07 16:39:35 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-08-07 16:32:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-07 16:32:00 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-08-07 16:32:00 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-07 16:32:00 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-07 16:23:28 98816 ----a-w- c:\windows\system32\mfps.dll
2012-08-07 16:22:44 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-08-07 16:22:44 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-08-07 16:22:44 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-08-07 16:22:44 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-08-07 16:22:43 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-08-07 16:22:43 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-08-07 16:22:43 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-08-07 16:15:10 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-08-07 16:06:26 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-07 16:06:01 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-07 15:53:26 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-08-07 15:42:07 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-07 15:41:40 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-07 15:41:30 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-07 15:41:30 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-07 15:40:34 -------- d-----w- c:\program files\common files\Windows Live
2012-08-07 15:40:23 -------- d-----w- c:\users\andrea\appdata\local\{B769A927-18B6-496A-9EAB-DFBFCC9B15B9}
2012-08-07 15:09:21 -------- d-----w- c:\windows\system32\vi-VN
2012-08-07 15:09:21 -------- d-----w- c:\windows\system32\eu-ES
2012-08-07 15:09:21 -------- d-----w- c:\windows\system32\ca-ES
2012-08-07 14:06:15 -------- d-----w- c:\windows\system32\EventProviders
2012-08-07 13:50:59 407552 ----a-w- c:\windows\system32\MPSSVC.dll
2012-08-07 13:49:59 311808 ----a-w- c:\windows\system32\swprv.dll
2012-08-07 13:48:59 90112 ----a-w- c:\windows\system32\wshext.dll
2012-08-07 13:47:59 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2012-08-07 13:46:55 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2012-08-07 13:46:36 218624 ----a-w- c:\windows\system32\wdscore.dll
2012-08-07 13:46:36 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2012-08-07 13:45:27 247808 ----a-w- c:\windows\system32\drvstore.dll
2012-08-07 11:01:54 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-08-07 10:55:06 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-08-07 10:55:06 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-08-07 10:55:06 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-08-07 10:55:06 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-08-07 10:55:06 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-08-07 10:51:58 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2012-08-07 10:51:57 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2012-08-07 10:51:57 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2012-08-07 10:51:57 241152 ----a-w- c:\windows\system32\winrscmd.dll
2012-08-07 10:51:57 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2012-08-07 10:51:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2012-08-07 10:49:52 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-08-07 10:49:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-08-07 10:49:44 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-08-07 10:49:42 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-08-07 10:49:36 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-08-07 10:49:34 17920 ----a-w- c:\windows\system32\netevent.dll
2012-08-07 10:49:11 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-08-07 10:49:10 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-08-07 10:48:49 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-08-07 10:48:49 518144 ----a-w- c:\windows\system32\RMActivate.exe
2012-08-07 10:48:47 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2012-08-07 10:48:47 471552 ----a-w- c:\windows\system32\secproc.dll
2012-08-07 10:48:47 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-08-07 10:48:46 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-08-07 10:48:46 332288 ----a-w- c:\windows\system32\msdrm.dll
2012-08-07 10:48:45 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-08-07 10:48:45 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-08-07 10:38:41 -------- d-----w- c:\program files\Oracle
2012-08-07 10:37:52 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-07 10:37:52 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-07 10:20:18 -------- d-----w- c:\users\andrea\appdata\local\Macromedia
2012-08-07 10:19:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-07 10:19:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 09:18:10 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-08-07 09:18:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-08-07 09:02:28 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-08-07 09:02:24 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-08-07 09:02:24 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-08-07 09:00:28 36864 ----a-w- c:\windows\system32\rtutils.dll
2012-08-07 08:58:13 105984 ----a-w- c:\windows\system32\netiohlp.dll
2012-08-07 08:58:11 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-08-07 08:58:11 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-08-07 08:58:10 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-08-07 08:58:10 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-08-07 08:58:10 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-08-07 08:58:10 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-08-07 08:58:10 10240 ----a-w- c:\windows\system32\finger.exe
2012-08-07 08:57:29 6656 ----a-w- c:\windows\system32\kbd106n.dll
2012-08-07 08:57:04 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-08-07 08:57:04 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-08-07 08:57:04 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-08-07 08:57:04 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2012-08-07 08:57:04 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2012-08-07 08:57:04 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2012-08-07 08:57:03 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2012-08-07 08:55:58 954752 ----a-w- c:\windows\system32\mfc40.dll
2012-08-07 08:54:58 502272 ----a-w- c:\windows\system32\usp10.dll
2012-08-07 08:54:57 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-08-07 08:54:56 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-08-07 08:54:55 157184 ----a-w- c:\windows\system32\t2embed.dll
2012-08-07 08:54:54 67072 ----a-w- c:\windows\system32\asycfilt.dll
2012-08-07 08:54:53 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2012-08-07 08:54:36 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-08-07 08:54:36 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-08-07 08:54:17 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-07 08:54:15 867328 ----a-w- c:\windows\system32\wmpmde.dll
2012-08-07 08:54:00 322560 ----a-w- c:\windows\system32\sbe.dll
2012-08-07 08:53:59 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2012-08-07 08:53:58 153088 ----a-w- c:\windows\system32\sbeio.dll
2012-08-07 08:53:22 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-08-07 08:53:22 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-08-07 08:53:05 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-08-07 08:53:05 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-08-07 08:38:40 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2012-08-07 08:38:36 43520 ----a-w- c:\windows\system32\msdxm.tlb
2012-08-07 08:38:36 18432 ----a-w- c:\windows\system32\amcompat.tlb
2012-08-07 08:38:34 601600 ----a-w- c:\windows\system32\schedsvc.dll
2012-08-07 08:38:33 352768 ----a-w- c:\windows\system32\taskschd.dll
2012-08-07 08:38:32 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-08-07 08:38:32 270336 ----a-w- c:\windows\system32\taskcomp.dll
2012-08-07 08:38:32 171520 ----a-w- c:\windows\system32\taskeng.exe
2012-08-07 08:38:29 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-08-07 08:37:54 739328 ----a-w- c:\windows\system32\inetcomm.dll
2012-08-07 08:37:36 60928 ----a-w- c:\windows\system32\msasn1.dll
2012-08-07 08:37:34 81920 ----a-w- c:\windows\system32\consent.exe
2012-08-07 08:35:19 2067968 ----a-w- c:\windows\system32\mstscax.dll
2012-08-07 08:35:18 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-08-07 08:35:18 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2012-08-07 08:35:18 53248 ----a-w- c:\windows\system32\tsgqec.dll
2012-08-07 08:35:18 136192 ----a-w- c:\windows\system32\aaclient.dll
2012-08-07 08:30:33 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-08-07 08:27:43 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2012-08-07 08:27:39 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2012-08-07 08:27:38 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2012-08-07 08:27:38 31744 ----a-w- c:\windows\system32\msvidc32.dll
2012-08-07 08:27:38 22528 ----a-w- c:\windows\system32\msyuv.dll
2012-08-07 08:27:38 13312 ----a-w- c:\windows\system32\msrle32.dll
2012-08-07 08:27:37 91136 ----a-w- c:\windows\system32\avifil32.dll
2012-08-07 08:27:37 82944 ----a-w- c:\windows\system32\mciavi32.dll
2012-08-07 08:27:36 123904 ----a-w- c:\windows\system32\msvfw32.dll
2012-08-07 08:27:34 355328 ----a-w- c:\windows\system32\WSDApi.dll
2012-08-07 08:27:30 243712 ----a-w- c:\windows\system32\rastls.dll
2012-08-07 08:27:17 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-08-07 08:24:42 98304 ----a-w- c:\windows\system32\cabview.dll
2012-08-07 07:36:23 -------- d-----w- c:\users\andrea\appdata\local\Google
2012-08-07 07:36:19 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-07 07:36:18 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-07 07:35:40 41224 ----a-w- c:\windows\avastSS.scr
2012-08-07 07:35:16 -------- d-----w- c:\programdata\AVAST Software
2012-08-07 07:35:16 -------- d-----w- c:\program files\AVAST Software
2012-08-07 07:21:15 -------- d-----w- c:\users\andrea\appdata\roaming\Infineon
2012-08-07 07:20:05 -------- d-----w- c:\users\andrea\appdata\local\VirtualStore
.
==================== Find3M ====================
.
2012-08-07 22:57:43 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-08-07 22:57:19 315392 ----a-w- c:\windows\HideWin.exe
2012-08-07 16:23:28 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-08-07 16:22:44 4096 ----a-w- c:\windows\system32\drivers\zh-tw\dxgkrnl.sys.mui
2012-08-07 16:22:44 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 14:44:11.55 ===============

#5 fedup14

fedup14
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 15 August 2012 - 06:46 AM

Finally managed to get a GMER scan after restarting computer:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-15 21:39:36
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FB2O
Running: gmer.exe; Driver: C:\Users\Andrea\AppData\Local\Temp\kwliqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90C18536]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8D7B67BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x90C18F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90C23D7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90C23DC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90C23F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90C23CE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8D7B6BAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90C23D30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x90C19146]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90C23F02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x90C198CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90C18584]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8D7B689E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90C181EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90C185D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90C1D2A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90C1A292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90C23DA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90C23DE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90C23F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90C23D0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90C23E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90C23D58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90C23F26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8D7B6A1E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90C1A15E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x90C19D08]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90C18620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90C1866E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x90C1974A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90C18276]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90C18426]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90C183CC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90C19A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x90C19B88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90C18496]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8D7B6AE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x90C195CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90C186BC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8D7B6954]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x90C192CE]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D7CE744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 826B67D0 4 Bytes [36, 85, C1, 90]
.text ntkrnlpa.exe!KeSetEvent + 131 826B67F4 4 Bytes [BA, 67, 7B, 8D]
.text ntkrnlpa.exe!KeSetEvent + 191 826B6854 4 Bytes [52, 8F, C1, 90] {PUSH EDX; POP ECX; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1D1 826B6894 8 Bytes [7A, 3D, C2, 90, C6, 3D, C2, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 826B68A0 4 Bytes [48, 3F, C2, 90]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 827E162F 5 Bytes JMP 8D7CB61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 8283A543 5 Bytes JMP 8D7CD0FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82843E68 4 Bytes CALL 90C1A959 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82847ADC 4 Bytes CALL 90C1A96F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 8289BDF6 7 Bytes JMP 8D7CE748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00170600
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00171014
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00170804
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00170A08
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00170C0C
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00170E10
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001701F8
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00180600
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00180804
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Infineon\Security Platform Software\PSDrt.exe[308] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00170600
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00170804
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00180600
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00181014
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00180804
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00180A08
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00180C0C
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00180E10
.text C:\Program Files\Infineon\Security Platform Software\SpTna.exe[376] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[444] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\ifxspmgt.exe[616] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\csrss.exe[648] KERNEL32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[692] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\csrss.exe[704] KERNEL32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text ...
.text C:\Windows\system32\ifxuagui.exe[1404] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Windows\system32\ifxuagui.exe[1404] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Windows\system32\ifxuagui.exe[1404] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\ifxuagui.exe[1404] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\ifxuagui.exe[1404] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00180600
.text C:\Windows\system32\ifxuagui.exe[1404] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\ifxuagui.exe[1404] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\ifxuagui.exe[1404] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\ifxuagui.exe[1404] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\ifxuagui.exe[1404] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\ifxuagui.exe[1404] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\ifxuagui.exe[1404] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00190600
.text C:\Windows\system32\ifxuagui.exe[1404] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00190804
.text C:\Windows\system32\ifxuagui.exe[1404] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00190A08
.text C:\Windows\system32\ifxuagui.exe[1404] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001901F8
.text C:\Windows\system32\ifxuagui.exe[1404] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001903FC
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1568] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1584] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\IfxPsdSv.exe[1608] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1700] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1760] kernel32.dll!SetUnhandledExceptionFilter 76EEA8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1760] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1856] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1864] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1888] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1936] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text ...
.text C:\Windows\system32\svchost.exe[2092] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2092] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2092] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[2124] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[2204] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxsrvc.exe[2204] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxsrvc.exe[2204] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[2204] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00170600
.text C:\Windows\system32\igfxsrvc.exe[2204] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00170804
.text C:\Windows\system32\igfxsrvc.exe[2204] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\igfxsrvc.exe[2204] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxsrvc.exe[2204] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\igfxsrvc.exe[2204] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[2204] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxsrvc.exe[2204] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\igfxsrvc.exe[2204] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxsrvc.exe[2204] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxsrvc.exe[2204] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\igfxsrvc.exe[2204] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\igfxsrvc.exe[2204] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\SearchIndexer.exe[2208] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2276] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 68E2B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 000503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] kernel32.dll!LockResource + C 76F06B0B 7 Bytes JMP 690DB6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] kernel32.dll!VirtualAllocEx + 54 76F0AF70 7 Bytes JMP 690DB6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00070600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00070804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] GDI32.dll!SetStretchBltMode + 256 77E1745C 7 Bytes JMP 690DB653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00080600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00081014
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00080804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00080A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00080C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00080E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 000801F8
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2500] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\ASScrPro.exe[2588] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001401F8
.text C:\Windows\ASScrPro.exe[2588] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001403FC
.text C:\Windows\ASScrPro.exe[2588] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\ASScrPro.exe[2588] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00160600
.text C:\Windows\ASScrPro.exe[2588] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00160804
.text C:\Windows\ASScrPro.exe[2588] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00160A08
.text C:\Windows\ASScrPro.exe[2588] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001601F8
.text C:\Windows\ASScrPro.exe[2588] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001603FC
.text C:\Windows\ASScrPro.exe[2588] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001703FC
.text C:\Windows\ASScrPro.exe[2588] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00170600
.text C:\Windows\ASScrPro.exe[2588] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00171014
.text C:\Windows\ASScrPro.exe[2588] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00170804
.text C:\Windows\ASScrPro.exe[2588] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00170A08
.text C:\Windows\ASScrPro.exe[2588] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00170C0C
.text C:\Windows\ASScrPro.exe[2588] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00170E10
.text C:\Windows\ASScrPro.exe[2588] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2768] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] USER32.dll!SetWindowsHookExA 767D6322 3 Bytes JMP 00090600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] USER32.dll!SetWindowsHookExA + 4 767D6326 1 Byte [89]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] USER32.dll!SetWindowsHookExW 767D87AD 3 Bytes JMP 00090804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] USER32.dll!SetWindowsHookExW + 4 767D87B1 1 Byte [89]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] USER32.dll!SetWinEventHook 767D9F3A 3 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] USER32.dll!SetWinEventHook + 4 767D9F3E 1 Byte [89]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2924] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2936] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 000803FC
.text C:\Program Files\P4P\P4P.exe[3100] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Program Files\P4P\P4P.exe[3100] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Program Files\P4P\P4P.exe[3100] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\P4P\P4P.exe[3100] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\P4P\P4P.exe[3100] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00170600
.text C:\Program Files\P4P\P4P.exe[3100] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00171014
.text C:\Program Files\P4P\P4P.exe[3100] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00170804
.text C:\Program Files\P4P\P4P.exe[3100] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00170A08
.text C:\Program Files\P4P\P4P.exe[3100] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00170C0C
.text C:\Program Files\P4P\P4P.exe[3100] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00170E10
.text C:\Program Files\P4P\P4P.exe[3100] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001701F8
.text C:\Program Files\P4P\P4P.exe[3100] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00180600
.text C:\Program Files\P4P\P4P.exe[3100] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00180804
.text C:\Program Files\P4P\P4P.exe[3100] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00180A08
.text C:\Program Files\P4P\P4P.exe[3100] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\P4P\P4P.exe[3100] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3104] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001801F8
.text C:\Windows\servicing\TrustedInstaller.exe[3140] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 000401F8
.text C:\Windows\servicing\TrustedInstaller.exe[3140] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 000403FC
.text C:\Windows\servicing\TrustedInstaller.exe[3140] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\servicing\TrustedInstaller.exe[3140] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 000603FC
.text C:\Windows\servicing\TrustedInstaller.exe[3140] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00060600
.text C:\Windows\servicing\TrustedInstaller.exe[3140] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00061014
.text C:\Windows\servicing\TrustedInstaller.exe[3140] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00060804
.text C:\Windows\servicing\TrustedInstaller.exe[3140] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00060A08
.text C:\Windows\servicing\TrustedInstaller.exe[3140] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00060C0C
.text C:\Windows\servicing\TrustedInstaller.exe[3140] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00060E10
.text C:\Windows\servicing\TrustedInstaller.exe[3140] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 000601F8
.text C:\Windows\servicing\TrustedInstaller.exe[3140] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00070600
.text C:\Windows\servicing\TrustedInstaller.exe[3140] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00070804
.text C:\Windows\servicing\TrustedInstaller.exe[3140] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00070A08
.text C:\Windows\servicing\TrustedInstaller.exe[3140] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 000701F8
.text C:\Windows\servicing\TrustedInstaller.exe[3140] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] USER32.dll!SetWindowsHookExA 767D6322 3 Bytes JMP 00090600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] USER32.dll!SetWindowsHookExA + 4 767D6326 1 Byte [89]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] USER32.dll!SetWindowsHookExW 767D87AD 3 Bytes JMP 00090804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] USER32.dll!SetWindowsHookExW + 4 767D87B1 1 Byte [89]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] USER32.dll!SetWinEventHook 767D9F3A 3 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] USER32.dll!SetWinEventHook + 4 767D9F3E 1 Byte [89]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\taskeng.exe[3176] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3176] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3176] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3176] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3176] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3176] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3176] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3176] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3176] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3176] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3176] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3176] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3176] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3176] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[3176] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3176] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[3344] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3344] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3344] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3344] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3344] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3344] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3344] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3344] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3344] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3344] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3344] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3344] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3344] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3344] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[3344] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3344] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[3364] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[3364] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[3364] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3364] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[3364] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[3364] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[3364] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[3364] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[3364] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[3364] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[3364] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[3364] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[3364] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[3364] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[3364] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[3364] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 000803FC
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00170600
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00171014
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00170804
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00170A08
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00170C0C
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00170E10
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001701F8
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00180600
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00180804
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00180A08
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[3516] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001803FC
.text C:\Windows\Explorer.EXE[3532] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[3532] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[3532] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\Explorer.EXE[3532] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[3532] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[3532] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[3532] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[3532] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[3532] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[3532] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[3532] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[3532] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[3532] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[3532] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[3532] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[3532] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00170600
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00170804
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00180600
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00181014
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00180804
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00180A08
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00180C0C
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00180E10
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3664] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001801F8
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] ADVAPI32.dll!CreateServiceW 76BC9EB4 3 Bytes JMP 001D03FC
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] ADVAPI32.dll!CreateServiceW + 4 76BC9EB8 1 Byte [89]
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 001D0600
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 001D1014
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 001D0804
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 001D0A08
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 001D0C0C
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 001D0E10
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001D01F8
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 001E0600
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 001E0804
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 001E0A08
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001E01F8
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3692] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001E03FC
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00170600
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00170804
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00170A08
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001703FC
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 002803FC
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00280600
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00281014
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00280804
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00280A08
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00280C0C
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00280E10
.text C:\Program Files\ATKOSD2\ATKOSD2.exe[3704] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 002801F8
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00170600
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00170804
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00180600
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00181014
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00180804
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00180A08
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00180C0C
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00180E10
.text C:\Program Files\Wireless Console 2\wcourier.exe[3716] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001801F8
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 001A0600
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 001A0804
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 001A0A08
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001A01F8
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001A03FC
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001B03FC
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 001B0600
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 001B1014
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 001B0804
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 001B0A08
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 001B0C0C
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 001B0E10
.text C:\Program Files\ASUS\Splendid\ACMON.exe[3732] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001B01F8
.text C:\Program Files\P4G\BatteryLife.exe[3764] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Program Files\P4G\BatteryLife.exe[3764] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Program Files\P4G\BatteryLife.exe[3764] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\P4G\BatteryLife.exe[3764] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00170600
.text C:\Program Files\P4G\BatteryLife.exe[3764] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00170804
.text C:\Program Files\P4G\BatteryLife.exe[3764] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00170A08
.text C:\Program Files\P4G\BatteryLife.exe[3764] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\P4G\BatteryLife.exe[3764] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001703FC
.text C:\Program Files\P4G\BatteryLife.exe[3764] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001903FC
.text C:\Program Files\P4G\BatteryLife.exe[3764] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00190600
.text C:\Program Files\P4G\BatteryLife.exe[3764] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00191014
.text C:\Program Files\P4G\BatteryLife.exe[3764] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00190804
.text C:\Program Files\P4G\BatteryLife.exe[3764] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00190A08
.text C:\Program Files\P4G\BatteryLife.exe[3764] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00190C0C
.text C:\Program Files\P4G\BatteryLife.exe[3764] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00190E10
.text C:\Program Files\P4G\BatteryLife.exe[3764] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001901F8
.text C:\Windows\System32\ACEngSvr.exe[3816] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001401F8
.text C:\Windows\System32\ACEngSvr.exe[3816] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001403FC
.text C:\Windows\System32\ACEngSvr.exe[3816] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\System32\ACEngSvr.exe[3816] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001603FC
.text C:\Windows\System32\ACEngSvr.exe[3816] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00160600
.text C:\Windows\System32\ACEngSvr.exe[3816] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00161014
.text C:\Windows\System32\ACEngSvr.exe[3816] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00160804
.text C:\Windows\System32\ACEngSvr.exe[3816] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00160A08
.text C:\Windows\System32\ACEngSvr.exe[3816] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00160C0C
.text C:\Windows\System32\ACEngSvr.exe[3816] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00160E10
.text C:\Windows\System32\ACEngSvr.exe[3816] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001601F8
.text C:\Windows\System32\ACEngSvr.exe[3816] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00170600
.text C:\Windows\System32\ACEngSvr.exe[3816] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00170804
.text C:\Windows\System32\ACEngSvr.exe[3816] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\ACEngSvr.exe[3816] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\ACEngSvr.exe[3816] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3880] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001401F8
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001403FC
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00260600
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00260804
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00260A08
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 002601F8
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 002603FC
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 002703FC
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00270600
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00271014
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00270804
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00270A08
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00270C0C
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00270E10
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3888] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 002701F8
.text C:\Windows\System32\igfxtray.exe[3896] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxtray.exe[3896] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxtray.exe[3896] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[3896] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxtray.exe[3896] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxtray.exe[3896] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxtray.exe[3896] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\igfxtray.exe[3896] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxtray.exe[3896] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\igfxtray.exe[3896] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00190600
.text C:\Windows\System32\igfxtray.exe[3896] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\igfxtray.exe[3896] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxtray.exe[3896] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\igfxtray.exe[3896] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\igfxtray.exe[3896] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\igfxtray.exe[3896] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001901F8
.text C:\Windows\System32\hkcmd.exe[3904] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Windows\System32\hkcmd.exe[3904] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Windows\System32\hkcmd.exe[3904] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[3904] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00180600
.text C:\Windows\System32\hkcmd.exe[3904] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00180804
.text C:\Windows\System32\hkcmd.exe[3904] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\hkcmd.exe[3904] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\hkcmd.exe[3904] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\hkcmd.exe[3904] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[3904] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00190600
.text C:\Windows\System32\hkcmd.exe[3904] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\hkcmd.exe[3904] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\hkcmd.exe[3904] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\hkcmd.exe[3904] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\hkcmd.exe[3904] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\hkcmd.exe[3904] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001901F8
.text C:\Windows\System32\igfxpers.exe[3924] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxpers.exe[3924] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxpers.exe[3924] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[3924] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00170600
.text C:\Windows\System32\igfxpers.exe[3924] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00170804
.text C:\Windows\System32\igfxpers.exe[3924] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\igfxpers.exe[3924] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\igfxpers.exe[3924] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001703FC
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00181014
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00180C0C
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00180E10
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001801F8
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00170600
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00170804
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00170A08
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001703FC
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00180600
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00181014
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00180804
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00180A08
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00180C0C
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00180E10
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[3932] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001801F8
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001401F8
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001403FC
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00160600
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00160804
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00160A08
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001603FC
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00170600
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00171014
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00170804
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00170A08
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00170C0C
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00170E10
.text C:\Program Files\ASUS\ATK Media\DMedia.exe[3948] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001701F8
.text C:\Windows\RtHDVCpl.exe[3976] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[3976] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[3976] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[3976] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001703FC
.text C:\Windows\RtHDVCpl.exe[3976] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00170600
.text C:\Windows\RtHDVCpl.exe[3976] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00171014
.text C:\Windows\RtHDVCpl.exe[3976] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00170804
.text C:\Windows\RtHDVCpl.exe[3976] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00170A08
.text C:\Windows\RtHDVCpl.exe[3976] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00170C0C
.text C:\Windows\RtHDVCpl.exe[3976] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00170E10
.text C:\Windows\RtHDVCpl.exe[3976] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001701F8
.text C:\Windows\RtHDVCpl.exe[3976] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00180600
.text C:\Windows\RtHDVCpl.exe[3976] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00180804
.text C:\Windows\RtHDVCpl.exe[3976] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00180A08
.text C:\Windows\RtHDVCpl.exe[3976] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[3976] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001803FC
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] ntdll.dll!LdrLoadDll 77C79378 5 Bytes JMP 001501F8
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] ntdll.dll!LdrUnloadDll 77C8B680 5 Bytes JMP 001503FC
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] USER32.dll!SetWindowsHookExA 767D6322 5 Bytes JMP 00170600
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 00170804
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 00170A08
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] USER32.dll!SetWinEventHook 767D9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] USER32.dll!UnhookWinEvent 767DC06F 5 Bytes JMP 001703FC
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] ADVAPI32.dll!CreateServiceW 76BC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] ADVAPI32.dll!DeleteService 76BCA07E 5 Bytes JMP 00180600
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] ADVAPI32.dll!SetServiceObjectSecurity 76C06CD9 5 Bytes JMP 00181014
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] ADVAPI32.dll!ChangeServiceConfigA 76C06DD9 5 Bytes JMP 00180804
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] ADVAPI32.dll!ChangeServiceConfigW 76C06F81 5 Bytes JMP 00180A08
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] ADVAPI32.dll!ChangeServiceConfig2A 76C07099 5 Bytes JMP 00180C0C
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] ADVAPI32.dll!ChangeServiceConfig2W 76C071E1 5 Bytes JMP 00180E10
.text C:\Program Files\ATK Hotkey\KBFiltr.exe[4040] ADVAPI32.dll!CreateServiceA 76C072A1 5 Bytes JMP 001801F8
.text C:\Users\Andrea\Desktop\gmer\gmer.exe[4596] kernel32.dll!GetBinaryTypeW + 70 76F12467 1 Byte [62]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows ® Codename Longhorn DDK provider)

Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes

---- EOF - GMER 1.0.15 ----






Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 11.3.300.271
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 PM

Posted 15 August 2012 - 09:42 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 fedup14

fedup14
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 17 August 2012 - 01:42 AM

ComboFix 12-08-17.01 - Andrea 17/08/2012 15:43:04.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2038.1007 [GMT 10:00]
Running from: c:\users\Andrea\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 06:08 . 2012-08-17 06:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 16:01 . 2012-08-16 16:01 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51B68150-0367-4D46-BB54-00B821A68B6B}\offreg.dll
2012-08-15 13:13 . 2012-08-15 13:13 -------- d-----w- c:\programdata\Last.fm
2012-08-15 13:12 . 2012-08-15 13:12 -------- d-----w- c:\program files\Last.fm
2012-08-15 12:01 . 2012-08-15 12:01 -------- dc----w- c:\windows\system32\DRVSTORE
2012-08-15 12:01 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-15 12:01 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-15 12:00 . 2012-08-15 12:00 -------- d-----w- c:\program files\iPod
2012-08-15 12:00 . 2012-08-15 13:13 -------- d-----w- c:\program files\iTunes
2012-08-15 12:00 . 2012-08-15 12:01 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-15 12:00 . 2012-08-15 12:00 -------- d-----w- c:\programdata\Apple Computer
2012-08-15 11:58 . 2012-08-15 11:58 -------- d-----w- c:\program files\Apple Software Update
2012-08-15 10:26 . 2012-08-15 10:26 -------- d-----w- c:\program files\Bonjour
2012-08-15 10:24 . 2012-08-15 12:00 -------- d-----w- c:\program files\Common Files\Apple
2012-08-15 10:24 . 2012-08-15 11:58 -------- d-----w- c:\programdata\Apple
2012-08-15 08:27 . 2012-07-15 16:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51B68150-0367-4D46-BB54-00B821A68B6B}\mpengine.dll
2012-08-15 08:25 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-08 03:50 . 2012-08-08 03:50 -------- d-----w- c:\program files\Microsoft.NET
2012-08-08 03:40 . 2012-08-08 03:40 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-08-08 03:33 . 2012-08-15 17:20 -------- d-----w- c:\program files\PeerBlock
2012-08-08 03:28 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-08-08 03:28 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-08-08 03:28 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-08-08 03:28 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-08-08 03:28 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-08-08 03:28 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-08-08 03:28 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-08-08 02:49 . 2012-08-08 02:49 -------- d-----w- c:\windows\PCHEALTH
2012-08-08 02:48 . 2012-08-08 02:51 -------- d-----w- c:\program files\Windows Live
2012-08-08 02:46 . 2012-08-08 03:43 -------- d-----w- c:\program files\Microsoft Silverlight
2012-08-07 23:52 . 2012-08-07 23:52 -------- d-----w- c:\programdata\Infineon
2012-08-07 23:52 . 2012-08-07 23:52 -------- d-----w- c:\program files\Infineon
2012-08-07 23:49 . 2007-06-01 10:00 172032 ----a-w- c:\windows\system32\igfxres.dll
2012-08-07 23:49 . 2012-08-17 05:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-08-07 23:32 . 2012-08-07 23:32 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-07 23:28 . 2012-08-07 23:28 37232 ----a-w- c:\windows\ASScrProlog.exe
2012-08-07 23:28 . 2012-08-07 23:28 4499453 ----a-w- c:\windows\ASUS Camera ScreenSaver.exe
2012-08-07 23:28 . 2012-08-07 23:28 503808 ----a-w- c:\windows\Asus_Camera_ScreenSaver.scr
2012-08-07 23:28 . 2012-08-07 23:28 274800 ----a-w- c:\windows\ASUS Camera ScreenSaver Uninstaller.exe
2012-08-07 23:28 . 2012-08-07 23:28 -------- d-----w- c:\windows\system32\Macromed
2012-08-07 23:28 . 2012-08-07 23:28 -------- d-----w- c:\windows\Asus_Camera_ScreenSaver dir
2012-08-07 23:28 . 2012-08-07 23:28 606848 ----a-w- c:\windows\flashax.exe
2012-08-07 23:28 . 2012-08-07 23:28 12288 ----a-w- c:\windows\impborl.dll
2012-08-07 23:27 . 2012-08-07 23:27 33136 ----a-w- c:\windows\ASScrPro.exe
2012-08-07 23:24 . 2012-08-07 23:24 -------- d-----w- c:\program files\P4P
2012-08-07 23:24 . 2006-03-10 18:58 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2012-08-07 23:24 . 2007-03-03 05:24 182456 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-08-07 23:24 . 2007-03-03 05:22 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-08-07 23:24 . 2007-03-03 04:37 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-08-07 23:24 . 2007-03-03 04:30 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2012-08-07 23:24 . 2007-03-03 04:29 163840 ----a-w- c:\windows\system32\SynCOM.dll
2012-08-07 23:22 . 2012-08-07 23:22 -------- d-----w- c:\program files\Synaptics
2012-08-07 23:20 . 2012-08-07 23:20 -------- d-----w- c:\programdata\P4G
2012-08-07 23:20 . 2012-08-07 23:20 -------- d-----w- c:\program files\P4G
2012-08-07 23:20 . 2012-08-07 23:20 -------- d-----w- c:\program files\Power4Gear eXtreme
2012-08-07 23:17 . 2005-07-06 22:43 155648 ----a-w- c:\windows\system32\ACEngSvr.exe
2012-08-07 23:09 . 2012-08-07 23:09 -------- d-----w- c:\programdata\ASUS
2012-08-07 23:04 . 2012-08-07 23:04 -------- d-----w- c:\windows\Options
2012-08-07 23:04 . 2012-08-07 23:04 -------- d-----w- c:\program files\Atheros
2012-08-07 23:04 . 2007-07-31 05:13 743424 ----a-w- c:\windows\system32\athr.sys
2012-08-07 23:04 . 2012-08-07 23:04 -------- d-----w- c:\programdata\Atheros
2012-08-07 23:03 . 2012-08-07 23:03 -------- d-----w- c:\program files\Wireless Console 2
2012-08-07 23:01 . 2007-08-11 03:19 29752 ----a-w- c:\windows\system32\drivers\AsDsm.sys
2012-08-07 23:00 . 2012-08-07 23:00 -------- d-----w- c:\program files\ATKGFNEX
2012-08-07 22:58 . 2012-08-07 15:08 -------- d-----w- c:\windows\system32\RTCOM
2012-08-07 22:49 . 2012-08-07 07:48 -------- d-----w- c:\programdata\Symantec
2012-08-07 22:49 . 2012-08-07 07:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-08-07 22:49 . 2012-08-15 12:03 -------- d-sh--w- c:\windows\Installer
2012-08-07 22:49 . 2012-08-07 22:49 -------- d-----w- c:\program files\ATKOSD2
2012-08-07 22:48 . 2012-08-07 22:48 -------- d-----w- c:\program files\ATK Hotkey
2012-08-07 22:48 . 2012-08-07 23:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-08-07 22:47 . 2012-08-07 22:57 -------- d-----w- c:\program files\Common Files\InstallShield
2012-08-07 22:47 . 2012-08-07 23:23 -------- d-----w- c:\program files\ASUS
2012-08-07 22:45 . 2012-08-07 22:45 -------- d-----w- c:\windows\system32\Lang
2012-08-07 22:45 . 2007-06-07 11:52 400152 ----a-w- c:\windows\system32\igxpun.exe
2012-08-07 22:45 . 2006-11-11 09:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2012-08-07 22:42 . 2012-08-07 22:42 -------- d-----w- c:\program files\Intel
2012-08-07 22:42 . 2012-08-07 22:42 -------- d-----w- C:\Intel
2012-08-07 22:38 . 2012-08-07 22:38 -------- d-----w- c:\program files\Motorola
2012-08-07 17:16 . 2012-08-07 17:16 -------- d-----w- c:\program files\Windows Portable Devices
2012-08-07 16:39 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-08-07 16:39 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-08-07 16:39 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-08-07 16:37 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2012-08-07 16:37 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2012-08-07 16:37 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2012-08-07 16:37 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2012-08-07 16:37 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2012-08-07 16:37 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-08-07 16:37 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2012-08-07 16:37 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2012-08-07 16:37 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2012-08-07 16:37 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2012-08-07 16:37 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2012-08-07 16:37 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2012-08-07 16:32 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-07 16:32 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-08-07 16:32 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-07 16:32 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-07 16:23 . 2012-08-07 16:23 98816 ----a-w- c:\windows\system32\mfps.dll
2012-08-07 16:22 . 2012-08-07 16:22 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-08-07 16:22 . 2012-08-07 16:22 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-08-07 16:22 . 2012-08-07 16:22 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-08-07 16:22 . 2012-08-07 16:22 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-08-07 16:22 . 2012-08-07 16:22 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-08-07 16:22 . 2012-08-07 16:22 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-08-07 16:22 . 2012-08-07 16:22 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-08-07 16:15 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-08-07 16:06 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-07 16:06 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-07 15:53 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-08-07 15:42 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-07 15:42 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-08-07 15:42 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-07 15:42 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-07 15:41 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-08-07 15:41 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-08-07 15:41 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-07 15:41 . 2012-06-02 05:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-07 15:41 . 2012-06-02 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-07 15:40 . 2012-08-07 15:40 -------- d-----w- c:\program files\Common Files\Windows Live
2012-08-07 15:09 . 2012-08-07 15:09 -------- d-----w- c:\windows\system32\ca-ES
2012-08-07 15:09 . 2012-08-07 15:09 -------- d-----w- c:\windows\system32\eu-ES
2012-08-07 15:09 . 2012-08-07 15:09 -------- d-----w- c:\windows\system32\vi-VN
2012-08-07 14:06 . 2012-08-07 14:06 -------- d-----w- c:\windows\system32\EventProviders
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 02:48 . 2011-03-28 08:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-07 16:22 . 2012-08-07 16:22 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-07-14 00:17 . 2012-08-07 07:28 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-24 630784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-07 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-07 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-07 138008]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-26 4444160]
"Skytel"="Skytel.exe" [2007-04-14 1822720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-03 857648]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-07-19 778240]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2012-08-07 33136]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2012-08-07 37232]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-27 677408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 23:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\y69s8v28.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-17 16:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4580)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Completion time: 2012-08-17 16:11:30
ComboFix-quarantined-files.txt 2012-08-17 06:11
ComboFix2.txt 2012-08-17 05:24
.
Pre-Run: 57,033,699,328 bytes free
Post-Run: 56,997,183,488 bytes free
.
- - End Of File - - 74665A71F0ADD98633BA7F523E565C07



I had to run combofix twice since the first time I could not save / open anything as I was getting "illegal operation attempted on registry key that has been marked for deletion". Second time I fiddled more and managed to save a log despite still getting the errors.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 PM

Posted 17 August 2012 - 05:18 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 fedup14

fedup14
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 18 August 2012 - 02:02 AM

16:45:14.0738 6196 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
16:45:15.0978 6196 ============================================================
16:45:15.0978 6196 Current date / time: 2012/08/18 16:45:15.0978
16:45:15.0979 6196 SystemInfo:
16:45:15.0979 6196
16:45:15.0979 6196 OS Version: 6.0.6002 ServicePack: 2.0
16:45:15.0979 6196 Product type: Workstation
16:45:15.0979 6196 ComputerName: ANDREA-PC
16:45:15.0979 6196 UserName: Andrea
16:45:15.0979 6196 Windows directory: C:\Windows
16:45:15.0979 6196 System windows directory: C:\Windows
16:45:15.0979 6196 Processor architecture: Intel x86
16:45:15.0979 6196 Number of processors: 2
16:45:15.0979 6196 Page size: 0x1000
16:45:15.0979 6196 Boot type: Normal boot
16:45:15.0979 6196 ============================================================
16:45:17.0001 6196 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:45:17.0004 6196 ============================================================
16:45:17.0004 6196 \Device\Harddisk0\DR0:
16:45:17.0004 6196 MBR partitions:
16:45:17.0004 6196 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C4800, BlocksNum 0xAD00000
16:45:17.0027 6196 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB6C5000, BlocksNum 0x7354000
16:45:17.0027 6196 ============================================================
16:45:17.0101 6196 C: <-> \Device\Harddisk0\DR0\Partition1
16:45:17.0230 6196 D: <-> \Device\Harddisk0\DR0\Partition2
16:45:17.0230 6196 ============================================================
16:45:17.0230 6196 Initialize success
16:45:17.0230 6196 ============================================================
16:45:38.0636 6964 ============================================================
16:45:38.0637 6964 Scan started
16:45:38.0637 6964 Mode: Manual;
16:45:38.0637 6964 ============================================================
16:45:39.0419 6964 ================ Scan services =============================
16:45:39.0664 6964 [ 82b296ae1892fe3dbee00c9cf92f8ac7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:45:39.0671 6964 ACPI - ok
16:45:39.0764 6964 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:45:39.0766 6964 AdobeFlashPlayerUpdateSvc - ok
16:45:39.0814 6964 [ 04f0fcac69c7c71a3ac4eb97fafc8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:45:39.0824 6964 adp94xx - ok
16:45:39.0854 6964 [ 60505e0041f7751bdbb80f88bf45c2ce ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:45:39.0861 6964 adpahci - ok
16:45:39.0894 6964 [ 8a42779b02aec986eab64ecfc98f8bd7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:45:39.0899 6964 adpu160m - ok
16:45:39.0926 6964 [ 241c9e37f8ce45ef51c3de27515ca4e5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:45:39.0931 6964 adpu320 - ok
16:45:40.0032 6964 [ 609a6f49b6af0f25837f8a0edddb0745 ] ADSMService C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
16:45:40.0035 6964 ADSMService - ok
16:45:40.0068 6964 [ 9d1fda9e086ba64e3c93c9de32461bcf ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:45:40.0072 6964 AeLookupSvc - ok
16:45:40.0124 6964 [ 3911b972b55fea0478476b2e777b29fa ] AFD C:\Windows\system32\drivers\afd.sys
16:45:40.0131 6964 AFD - ok
16:45:40.0187 6964 [ 13f9e33747e6b41a3ff305c37db0d360 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:45:40.0191 6964 agp440 - ok
16:45:40.0221 6964 [ ae1fdf7bf7bb6c6a70f67699d880592a ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:45:40.0227 6964 aic78xx - ok
16:45:40.0248 6964 [ a1545b731579895d8cc44fc0481c1192 ] ALG C:\Windows\System32\alg.exe
16:45:40.0252 6964 ALG - ok
16:45:40.0279 6964 [ 9eaef5fc9b8e351afa7e78a6fae91f91 ] aliide C:\Windows\system32\drivers\aliide.sys
16:45:40.0282 6964 aliide - ok
16:45:40.0309 6964 [ c47344bc706e5f0b9dce369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:45:40.0313 6964 amdagp - ok
16:45:40.0342 6964 [ 9b78a39a4c173fdbc1321e0dd659b34c ] amdide C:\Windows\system32\drivers\amdide.sys
16:45:40.0345 6964 amdide - ok
16:45:40.0362 6964 [ 18f29b49ad23ecee3d2a826c725c8d48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:45:40.0365 6964 AmdK7 - ok
16:45:40.0408 6964 [ 93ae7f7dd54ab986a6f1a1b37be7442d ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:45:40.0412 6964 AmdK8 - ok
16:45:40.0448 6964 [ c6d704c7f0434dc791aac37cac4b6e14 ] Appinfo C:\Windows\System32\appinfo.dll
16:45:40.0453 6964 Appinfo - ok
16:45:40.0525 6964 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:45:40.0529 6964 Apple Mobile Device - ok
16:45:40.0572 6964 [ 5d2888182fb46632511acee92fdad522 ] arc C:\Windows\system32\drivers\arc.sys
16:45:40.0577 6964 arc - ok
16:45:40.0622 6964 [ 5e2a321bd7c8b3624e41fdec3e244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:45:40.0626 6964 arcsas - ok
16:45:40.0664 6964 [ 4385e371c25c94c804e9d3152bd9e1f7 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
16:45:40.0666 6964 AsDsm - ok
16:45:40.0726 6964 [ 66597ad6098352d11239c0c42100b176 ] ASLDRService C:\Program Files\ATK Hotkey\ASLDRSrv.exe
16:45:40.0730 6964 ASLDRService - ok
16:45:40.0758 6964 [ 7b4d08d2017ac06689d422e06c43f0aa ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys
16:45:40.0760 6964 ASMMAP - ok
16:45:40.0802 6964 [ 1c1f3d6dddc046c920c493a779649f66 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
16:45:40.0805 6964 aswFsBlk - ok
16:45:40.0813 6964 [ a48d8015af2a0d8b4937613ffbfd28de ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:45:40.0817 6964 aswMonFlt - ok
16:45:40.0831 6964 [ 982e275d1c5801042fe94209fb0160fb ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
16:45:40.0834 6964 AswRdr - ok
16:45:40.0874 6964 [ 73dbcf808e00580f2a47f93dd9b03876 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:45:40.0889 6964 aswSnx - ok
16:45:40.0912 6964 [ 6cbd7d3a33f498d09c831cdd732da2e0 ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:45:40.0921 6964 aswSP - ok
16:45:40.0944 6964 [ 7109a9aa551f37cd168c02368465957e ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
16:45:40.0947 6964 aswTdi - ok
16:45:40.0979 6964 [ 53b202abee6455406254444303e87be1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:45:40.0982 6964 AsyncMac - ok
16:45:41.0016 6964 [ 1f05b78ab91c9075565a9d8a4b880bc4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:45:41.0019 6964 atapi - ok
16:45:41.0101 6964 [ 44362605f5fff00c9b7696b47680a8c5 ] athr C:\Windows\system32\DRIVERS\athr.sys
16:45:41.0122 6964 athr - ok
16:45:41.0152 6964 [ 7c157574a181b19b9dcf5f339e25337e ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
16:45:41.0154 6964 ATKGFNEXSrv - ok
16:45:41.0201 6964 [ 68e2a1a0407a66cf50da0300852424ab ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:45:41.0214 6964 AudioEndpointBuilder - ok
16:45:41.0224 6964 [ 68e2a1a0407a66cf50da0300852424ab ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:45:41.0233 6964 Audiosrv - ok
16:45:41.0279 6964 [ 2f7c0f3e39c45e0127fb78b2f18a41f3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:45:41.0282 6964 avast! Antivirus - ok
16:45:41.0324 6964 [ 67e506b75bd5326a3ec7b70bd014dfb6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:45:41.0326 6964 Beep - ok
16:45:41.0373 6964 [ c789af0f724fda5852fb9a7d3a432381 ] BFE C:\Windows\System32\bfe.dll
16:45:41.0386 6964 BFE - ok
16:45:41.0437 6964 [ 93952506c6d67330367f7e7934b6a02f ] BITS C:\Windows\system32\qmgr.dll
16:45:41.0522 6964 BITS - ok
16:45:41.0549 6964 [ d4df28447741fd3d953526e33a617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:45:41.0552 6964 blbdrive - ok
16:45:41.0658 6964 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:45:41.0676 6964 Bonjour Service - ok
16:45:41.0719 6964 [ 35f376253f687bde63976ccb3f2108ca ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:45:41.0725 6964 bowser - ok
16:45:41.0760 6964 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:45:41.0766 6964 BrFiltLo - ok
16:45:41.0788 6964 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:45:41.0792 6964 BrFiltUp - ok
16:45:41.0832 6964 [ a3629a0c4226f9e9c72faaeebc3ad33c ] Browser C:\Windows\System32\browser.dll
16:45:41.0843 6964 Browser - ok
16:45:41.0881 6964 [ b304e75cff293029eddf094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:45:41.0888 6964 Brserid - ok
16:45:41.0908 6964 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:45:41.0914 6964 BrSerWdm - ok
16:45:41.0937 6964 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:45:41.0942 6964 BrUsbMdm - ok
16:45:41.0975 6964 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:45:41.0980 6964 BrUsbSer - ok
16:45:42.0011 6964 [ ad07c1ec6665b8b35741ab91200c6b68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:45:42.0016 6964 BTHMODEM - ok
16:45:42.0105 6964 catchme - ok
16:45:42.0132 6964 [ 7add03e75beb9e6dd102c3081d29840a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:45:42.0137 6964 cdfs - ok
16:45:42.0185 6964 [ 6b4bffb9becd728097024276430db314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:45:42.0190 6964 cdrom - ok
16:45:42.0263 6964 [ 312ec3e37a0a1f2006534913e37b4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:45:42.0273 6964 CertPropSvc - ok
16:45:42.0311 6964 [ e5d4133f37219dbcfe102bc61072589d ] circlass C:\Windows\system32\drivers\circlass.sys
16:45:42.0315 6964 circlass - ok
16:45:42.0357 6964 [ d7659d3b5b92c31e84e53c1431f35132 ] CLFS C:\Windows\system32\CLFS.sys
16:45:42.0369 6964 CLFS - ok
16:45:42.0462 6964 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:45:42.0595 6964 clr_optimization_v2.0.50727_32 - ok
16:45:42.0676 6964 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:45:42.0748 6964 clr_optimization_v4.0.30319_32 - ok
16:45:42.0770 6964 CLTNetCnService - ok
16:45:42.0831 6964 [ 99afc3795b58cc478fbbbcdc658fcb56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:45:42.0837 6964 CmBatt - ok
16:45:42.0856 6964 [ 0ca25e686a4928484e9fdabd168ab629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:45:42.0862 6964 cmdide - ok
16:45:42.0888 6964 [ 6afef0b60fa25de07c0968983ee4f60a ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:45:42.0893 6964 Compbatt - ok
16:45:42.0906 6964 COMSysApp - ok
16:45:42.0925 6964 [ 741e9dff4f42d2d8477d0fc1dc0df871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:45:42.0930 6964 crcdisk - ok
16:45:42.0954 6964 [ 1f07becdca750766a96cda811ba86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:45:42.0958 6964 Crusoe - ok
16:45:42.0996 6964 [ 75c6a297e364014840b48eccd7525e30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:45:43.0010 6964 CryptSvc - ok
16:45:43.0082 6964 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:45:43.0171 6964 DcomLaunch - ok
16:45:43.0212 6964 [ 622c41a07ca7e6dd91770f50d532cb6c ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:45:43.0217 6964 DfsC - ok
16:45:43.0289 6964 [ 2cc3dcfb533a1035b13dcab6160ab38b ] DFSR C:\Windows\system32\DFSR.exe
16:45:43.0345 6964 DFSR - ok
16:45:43.0397 6964 [ 9028559c132146fb75eb7acf384b086a ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:45:43.0420 6964 Dhcp - ok
16:45:43.0458 6964 [ 5d4aefc3386920236a548271f8f1af6a ] disk C:\Windows\system32\drivers\disk.sys
16:45:43.0463 6964 disk - ok
16:45:43.0493 6964 [ 57d762f6f5974af0da2be88a3349baaa ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:45:43.0523 6964 Dnscache - ok
16:45:43.0590 6964 [ 324fd74686b1ef5e7c19a8af49e748f6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:45:43.0635 6964 dot3svc - ok
16:45:43.0657 6964 [ a622e888f8aa2f6b49e9bc466f0e5def ] DPS C:\Windows\system32\dps.dll
16:45:43.0690 6964 DPS - ok
16:45:43.0723 6964 [ 97fef831ab90bee128c9af390e243f80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:45:43.0727 6964 drmkaud - ok
16:45:43.0794 6964 [ c68ac676b0ef30cfbb1080adce49eb1f ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:45:43.0813 6964 DXGKrnl - ok
16:45:43.0855 6964 [ 5425f74ac0c1dbd96a1e04f17d63f94c ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:45:43.0861 6964 E1G60 - ok
16:45:43.0907 6964 [ c0b95e40d85cd807d614e264248a45b9 ] EapHost C:\Windows\System32\eapsvc.dll
16:45:43.0936 6964 EapHost - ok
16:45:44.0034 6964 [ 7f64ea048dcfac7acf8b4d7b4e6fe371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:45:44.0039 6964 Ecache - ok
16:45:44.0122 6964 [ 9be3744d295a7701eb425332014f0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:45:44.0131 6964 ehRecvr - ok
16:45:44.0146 6964 [ ad1870c8e5d6dd340c829e6074bf3c3f ] ehSched C:\Windows\ehome\ehsched.exe
16:45:44.0155 6964 ehSched - ok
16:45:44.0175 6964 [ c27c4ee8926e74aa72efcab24c5242c3 ] ehstart C:\Windows\ehome\ehstart.dll
16:45:44.0180 6964 ehstart - ok
16:45:44.0237 6964 [ 23b62471681a124889978f6295b3f4c6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:45:44.0246 6964 elxstor - ok
16:45:44.0315 6964 [ 4e6b23dfc917ea39306b529b773950f4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:45:44.0361 6964 EMDMgmt - ok
16:45:44.0383 6964 [ 3db974f3935483555d7148663f726c61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:45:44.0387 6964 ErrDev - ok
16:45:44.0459 6964 [ 67058c46504bc12d821f38cf99b7b28f ] EventSystem C:\Windows\system32\es.dll
16:45:44.0501 6964 EventSystem - ok
16:45:44.0545 6964 [ 22b408651f9123527bcee54b4f6c5cae ] exfat C:\Windows\system32\drivers\exfat.sys
16:45:44.0552 6964 exfat - ok
16:45:44.0601 6964 [ 1e9b9a70d332103c52995e957dc09ef8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:45:44.0616 6964 fastfat - ok
16:45:44.0678 6964 [ afe1e8b9782a0dd7fb46bbd88e43f89a ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:45:44.0683 6964 fdc - ok
16:45:44.0720 6964 [ 6629b5f0e98151f4afdd87567ea32ba3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:45:44.0758 6964 fdPHost - ok
16:45:44.0780 6964 [ 89ed56dce8e47af40892778a5bd31fd2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:45:44.0820 6964 FDResPub - ok
16:45:44.0848 6964 [ a8c0139a884861e3aae9cfe73b208a9f ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:45:44.0855 6964 FileInfo - ok
16:45:44.0881 6964 [ 0ae429a696aecbc5970e3cf2c62635ae ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:45:44.0894 6964 Filetrace - ok
16:45:44.0915 6964 [ 85b7cf99d532820495d68d747fda9ebd ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:45:44.0920 6964 flpydisk - ok
16:45:44.0956 6964 [ 01334f9ea68e6877c4ef05d3ea8abb05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:45:44.0969 6964 FltMgr - ok
16:45:45.0019 6964 [ 8ce364388c8eca59b14b539179276d44 ] FontCache C:\Windows\system32\FntCache.dll
16:45:45.0060 6964 FontCache - ok
16:45:45.0207 6964 [ c7fbdd1ed42f82bfa35167a5c9803ea3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:45:45.0210 6964 FontCache3.0.0.0 - ok
16:45:45.0233 6964 [ b972a66758577e0bfd1de0f91aaa27b5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:45:45.0238 6964 Fs_Rec - ok
16:45:45.0267 6964 [ 34582a6e6573d54a07ece5fe24a126b5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:45:45.0273 6964 gagp30kx - ok
16:45:45.0305 6964 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:45:45.0312 6964 GEARAspiWDM - ok
16:45:45.0370 6964 [ 31b40f40e09513addc460f6a297ad474 ] ghaio C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
16:45:45.0373 6964 ghaio - ok
16:45:45.0422 6964 [ cd5d0aeee35dfd4e986a5aa1500a6e66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:45:45.0470 6964 gpsvc - ok
16:45:45.0520 6964 [ cb04c744be0a61b1d648faed182c3b59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:45:45.0530 6964 HdAudAddService - ok
16:45:45.0569 6964 [ 062452b7ffd68c8c042a6261fe8dff4a ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:45:45.0585 6964 HDAudBus - ok
16:45:45.0624 6964 [ 1338520e78d90154ed6be8f84de5fceb ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:45:45.0630 6964 HidBth - ok
16:45:45.0649 6964 [ ff3160c3a2445128c5a6d9b076da519e ] HidIr C:\Windows\system32\drivers\hidir.sys
16:45:45.0654 6964 HidIr - ok
16:45:45.0710 6964 [ 84067081f3318162797385e11a8f0582 ] hidserv C:\Windows\System32\hidserv.dll
16:45:45.0754 6964 hidserv - ok
16:45:45.0795 6964 [ cca4b519b17e23a00b826c55716809cc ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:45:45.0832 6964 HidUsb - ok
16:45:45.0914 6964 [ d8ad255b37da92434c26e4876db7d418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:45:45.0975 6964 hkmsvc - ok
16:45:46.0018 6964 [ 16ee7b23a009e00d835cdb79574a91a6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:45:46.0031 6964 HpCISSs - ok
16:45:46.0128 6964 [ f870aa3e254628ebeafe754108d664de ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:45:46.0251 6964 HTTP - ok
16:45:46.0300 6964 [ c6b032d69650985468160fc9937cf5b4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:45:46.0325 6964 i2omp - ok
16:45:46.0396 6964 [ 22d56c8184586b7a1f6fa60be5f5a2bd ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:45:46.0410 6964 i8042prt - ok
16:45:46.0526 6964 [ 5df93509037399b53d3ecaa8a67b6c58 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:45:46.0532 6964 iaStor - ok
16:45:46.0588 6964 [ 54155ea1b0df185878e0fc9ec3ac3a14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:45:46.0604 6964 iaStorV - ok
16:45:46.0801 6964 [ 98477b08e61945f974ed9fdc4cb6bdab ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:45:47.0026 6964 idsvc - ok
16:45:47.0180 6964 [ c6a1f4407a1c79f9f3c1c96f7baf59ac ] IFXSpMgtSrv C:\Windows\system32\ifxspmgt.exe
16:45:47.0396 6964 IFXSpMgtSrv - ok
16:45:47.0533 6964 [ 5cd59dae129b4d4ca9eee2ef7e0511ba ] IFXTCS C:\Windows\system32\ifxtcs.exe
16:45:48.0172 6964 IFXTCS - ok
16:45:48.0627 6964 [ b3bf4555e6bc33b3ade8d7d7c2aa9b39 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:45:49.0174 6964 igfx - ok
16:45:49.0202 6964 [ 2d077bf86e843f901d8db709c95b49a5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:45:49.0209 6964 iirsp - ok
16:45:49.0258 6964 [ 9908d8a397b76cd8d31d0d383c5773c9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:45:49.0310 6964 IKEEXT - ok
16:45:49.0402 6964 [ b84732d9f8459abf6323d28a3270dc19 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:45:49.0468 6964 IntcAzAudAddService - ok
16:45:49.0501 6964 [ 83aa759f3189e6370c30de5dc5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
16:45:49.0506 6964 intelide - ok
16:45:49.0550 6964 [ 224191001e78c89dfa78924c3ea595ff ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:45:49.0555 6964 intelppm - ok
16:45:49.0593 6964 [ 9ac218c6e6105477484c6fdbe7d409a4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:45:49.0632 6964 IPBusEnum - ok
16:45:49.0642 6964 [ 62c265c38769b864cb25b4bcf62df6c3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:45:49.0647 6964 IpFilterDriver - ok
16:45:49.0676 6964 [ 1998bd97f950680bb55f55a7244679c2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:45:49.0725 6964 iphlpsvc - ok
16:45:49.0732 6964 IpInIp - ok
16:45:49.0756 6964 [ b25aaf203552b7b3491139d582b39ad1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:45:49.0764 6964 IPMIDRV - ok
16:45:49.0784 6964 [ 8793643a67b42cec66490b2a0cf92d68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:45:49.0794 6964 IPNAT - ok
16:45:49.0859 6964 [ e6be7a41a28d8f2db174957454d32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:45:49.0876 6964 iPod Service - ok
16:45:49.0898 6964 [ 109c0dfb82c3632fbd11949b73aeeac9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:45:49.0905 6964 IRENUM - ok
16:45:49.0918 6964 [ 6c70698a3e5c4376c6ab5c7c17fb0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:45:49.0930 6964 isapnp - ok
16:45:49.0973 6964 [ 232fa340531d940aac623b121a595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:45:49.0986 6964 iScsiPrt - ok
16:45:50.0020 6964 [ bced60d16156e428f8df8cf27b0df150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:45:50.0029 6964 iteatapi - ok
16:45:50.0071 6964 [ 06fa654504a498c30adca8bec4e87e7e ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:45:50.0079 6964 iteraid - ok
16:45:50.0119 6964 [ 37605e0a8cf00cbba538e753e4344c6e ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:45:50.0126 6964 kbdclass - ok
16:45:50.0148 6964 [ 18247836959ba67e3511b62846b9c2e0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:45:50.0155 6964 kbdhid - ok
16:45:50.0190 6964 [ cc2a86d7bbf14977340dca61bbcba771 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
16:45:50.0197 6964 kbfiltr - ok
16:45:50.0236 6964 [ a3e186b4b935905b829219502557314e ] KeyIso C:\Windows\system32\lsass.exe
16:45:50.0310 6964 KeyIso - ok
16:45:50.0383 6964 [ 4a1445efa932a3baf5bdb02d7131ee20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:45:50.0396 6964 KSecDD - ok
16:45:50.0454 6964 [ 8078f8f8f7a79e2e6b494523a828c585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:45:50.0515 6964 KtmRm - ok
16:45:50.0547 6964 [ 1bf5eebfd518dd7298434d8c862f825d ] LanmanServer C:\Windows\System32\srvsvc.dll
16:45:50.0638 6964 LanmanServer - ok
16:45:50.0666 6964 [ 1db69705b695b987082c8baec0c6b34f ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:45:50.0769 6964 LanmanWorkstation - ok
16:45:50.0807 6964 [ d1c5883087a0c3f1344d9d55a44901f6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:45:50.0814 6964 lltdio - ok
16:45:50.0850 6964 [ 2d5a428872f1442631d0959a34abff63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:45:50.0900 6964 lltdsvc - ok
16:45:50.0924 6964 [ 35d40113e4a5b961b6ce5c5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:45:50.0975 6964 lmhosts - ok
16:45:51.0010 6964 [ c7e15e82879bf3235b559563d4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:45:51.0017 6964 LSI_FC - ok
16:45:51.0055 6964 [ ee01ebae8c9bf0fa072e0ff68718920a ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:45:51.0062 6964 LSI_SAS - ok
16:45:51.0100 6964 [ 912a04696e9ca30146a62afa1463dd5c ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:45:51.0107 6964 LSI_SCSI - ok
16:45:51.0128 6964 [ 8f5c7426567798e62a3b3614965d62cc ] luafv C:\Windows\system32\drivers\luafv.sys
16:45:51.0135 6964 luafv - ok
16:45:51.0173 6964 [ aef9babb8a506bc4ce0451a64aaded46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:45:51.0227 6964 Mcx2Svc - ok
16:45:51.0258 6964 [ 0001ce609d66632fa17b84705f658879 ] megasas C:\Windows\system32\drivers\megasas.sys
16:45:51.0264 6964 megasas - ok
16:45:51.0318 6964 [ c252f32cd9a49dbfc25ecf26ebd51a99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:45:51.0330 6964 MegaSR - ok
16:45:51.0366 6964 [ 1076ffcffaae8385fd62dfcb25ac4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:45:51.0418 6964 MMCSS - ok
16:45:51.0452 6964 [ e13b5ea0f51ba5b1512ec671393d09ba ] Modem C:\Windows\system32\drivers\modem.sys
16:45:51.0457 6964 Modem - ok
16:45:51.0491 6964 [ cbb59c41f19efea1a000793e08070a62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
16:45:51.0496 6964 MODEMCSA - ok
16:45:51.0527 6964 [ 0a9bb33b56e294f686abb7c1e4e2d8a8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:45:51.0533 6964 monitor - ok
16:45:51.0549 6964 [ 5bf6a1326a335c5298477754a506d263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:45:51.0555 6964 mouclass - ok
16:45:51.0580 6964 [ 93b8d4869e12cfbe663915502900876f ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:45:51.0586 6964 mouhid - ok
16:45:51.0603 6964 [ bdafc88aa6b92f7842416ea6a48e1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:45:51.0610 6964 MountMgr - ok
16:45:51.0690 6964 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:45:51.0693 6964 MozillaMaintenance - ok
16:45:51.0739 6964 [ 511d011289755dd9f9a7579fb0b064e6 ] mpio C:\Windows\system32\drivers\mpio.sys
16:45:51.0746 6964 mpio - ok
16:45:51.0761 6964 [ 22241feba9b2defa669c8cb0a8dd7d2e ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:45:51.0768 6964 mpsdrv - ok
16:45:51.0807 6964 [ 5de62c6e9108f14f6794060a9bdecaec ] MpsSvc C:\Windows\system32\mpssvc.dll
16:45:51.0881 6964 MpsSvc - ok
16:45:51.0918 6964 [ 4fbbb70d30fd20ec51f80061703b001e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:45:51.0924 6964 Mraid35x - ok
16:45:51.0965 6964 [ 82cea0395524aacfeb58ba1448e8325c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:45:51.0972 6964 MRxDAV - ok
16:45:52.0020 6964 [ 1e94971c4b446ab2290deb71d01cf0c2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:45:52.0027 6964 mrxsmb - ok
16:45:52.0037 6964 [ 4fccb34d793b116423209c0f8b7a3b03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:45:52.0046 6964 mrxsmb10 - ok
16:45:52.0055 6964 [ c3cb1b40ad4a0124d617a1199b0b9d7c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:45:52.0062 6964 mrxsmb20 - ok
16:45:52.0095 6964 [ 28023e86f17001f7cd9b15a5bc9ae07d ] msahci C:\Windows\system32\drivers\msahci.sys
16:45:52.0101 6964 msahci - ok
16:45:52.0121 6964 [ 4468b0f385a86ecddaf8d3ca662ec0e7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:45:52.0129 6964 msdsm - ok
16:45:52.0162 6964 [ fd7520cc3a80c5fc8c48852bb24c6ded ] MSDTC C:\Windows\System32\msdtc.exe
16:45:52.0221 6964 MSDTC - ok
16:45:52.0265 6964 [ a9927f4a46b816c92f461acb90cf8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:45:52.0273 6964 Msfs - ok
16:45:52.0302 6964 [ 0f400e306f385c56317357d6dea56f62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:45:52.0309 6964 msisadrv - ok
16:45:52.0342 6964 [ 85466c0757a23d9a9aecdc0755203cb2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:45:52.0382 6964 MSiSCSI - ok
16:45:52.0401 6964 msiserver - ok
16:45:52.0430 6964 [ d8c63d34d9c9e56c059e24ec7185cc07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:45:52.0438 6964 MSKSSRV - ok
16:45:52.0474 6964 [ 1d373c90d62ddb641d50e55b9e78d65e ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:45:52.0480 6964 MSPCLOCK - ok
16:45:52.0529 6964 [ b572da05bf4e098d4bba3a4734fb505b ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:45:52.0536 6964 MSPQM - ok
16:45:52.0574 6964 [ b49456d70555de905c311bcda6ec6adb ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:45:52.0583 6964 MsRPC - ok
16:45:52.0598 6964 [ e384487cb84be41d09711c30ca79646c ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:45:52.0605 6964 mssmbios - ok
16:45:52.0623 6964 [ 7199c1eec1e4993caf96b8c0a26bd58a ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:45:52.0630 6964 MSTEE - ok
16:45:52.0648 6964 [ 97affa9d95ffe20eee6229bc6be166cf ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
16:45:52.0651 6964 MTsensor - ok
16:45:52.0690 6964 [ 6a57b5733d4cb702c8ea4542e836b96c ] Mup C:\Windows\system32\Drivers\mup.sys
16:45:52.0698 6964 Mup - ok
16:45:52.0745 6964 [ e4eaf0c5c1b41b5c83386cf212ca9584 ] napagent C:\Windows\system32\qagentRT.dll
16:45:52.0823 6964 napagent - ok
16:45:52.0879 6964 [ 85c44fdff9cf7e72a40dcb7ec06a4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:45:52.0888 6964 NativeWifiP - ok
16:45:52.0948 6964 [ 1357274d1883f68300aeadd15d7bbb42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:45:52.0964 6964 NDIS - ok
16:45:52.0994 6964 [ 0e186e90404980569fb449ba7519ae61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:45:53.0001 6964 NdisTapi - ok
16:45:53.0017 6964 [ d6973aa34c4d5d76c0430b181c3cd389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:45:53.0024 6964 Ndisuio - ok
16:45:53.0056 6964 [ 818f648618ae34f729fdb47ec68345c3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:45:53.0064 6964 NdisWan - ok
16:45:53.0082 6964 [ 71dab552b41936358f3b541ae5997fb3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:45:53.0089 6964 NDProxy - ok
16:45:53.0097 6964 [ bcd093a5a6777cf626434568dc7dba78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:45:53.0105 6964 NetBIOS - ok
16:45:53.0136 6964 [ ecd64230a59cbd93c85f1cd1cab9f3f6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:45:53.0146 6964 netbt - ok
16:45:53.0158 6964 [ a3e186b4b935905b829219502557314e ] Netlogon C:\Windows\system32\lsass.exe
16:45:53.0210 6964 Netlogon - ok
16:45:53.0269 6964 [ c8052711daecc48b982434c5116ca401 ] Netman C:\Windows\System32\netman.dll
16:45:53.0337 6964 Netman - ok
16:45:53.0360 6964 [ 2ef3bbe22e5a5acd1428ee387a0d0172 ] netprofm C:\Windows\System32\netprofm.dll
16:45:53.0425 6964 netprofm - ok
16:45:53.0467 6964 [ d6c4e4a39a36029ac0813d476fbd0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:45:53.0472 6964 NetTcpPortSharing - ok
16:45:53.0514 6964 [ 2e7fb731d4790a1bc6270accefacb36e ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:45:53.0521 6964 nfrd960 - ok
16:45:53.0540 6964 [ 2997b15415f9bbe05b5a4c1c85e0c6a2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:45:53.0618 6964 NlaSvc - ok
16:45:53.0653 6964 [ d36f239d7cce1931598e8fb90a0dbc26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:45:53.0659 6964 Npfs - ok
16:45:53.0691 6964 [ 8bb86f0c7eea2bded6fe095d0b4ca9bd ] nsi C:\Windows\system32\nsisvc.dll
16:45:53.0759 6964 nsi - ok
16:45:53.0772 6964 [ 609773e344a97410ce4ebf74a8914fcf ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:45:53.0778 6964 nsiproxy - ok
16:45:53.0835 6964 [ 6a4a98cee84cf9e99564510dda4baa47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:45:53.0879 6964 Ntfs - ok
16:45:53.0901 6964 [ e875c093aec0c978a90f30c9e0dfbb72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:45:53.0909 6964 ntrigdigi - ok
16:45:53.0928 6964 [ c5dbbcda07d780bda9b685df333bb41e ] Null C:\Windows\system32\drivers\Null.sys
16:45:53.0934 6964 Null - ok
16:45:53.0967 6964 [ 2edf9e7751554b42cbb60116de727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:45:53.0976 6964 nvraid - ok
16:45:53.0999 6964 [ abed0c09758d1d97db0042dbb2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:45:54.0008 6964 nvstor - ok
16:45:54.0029 6964 [ 18bbdf913916b71bd54575bdb6eeac0b ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:45:54.0039 6964 nv_agp - ok
16:45:54.0046 6964 NwlnkFlt - ok
16:45:54.0058 6964 NwlnkFwd - ok
16:45:54.0124 6964 [ 6f310e890d46e246e0e261a63d9b36b4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:45:54.0132 6964 ohci1394 - ok
16:45:54.0186 6964 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:45:54.0288 6964 p2pimsvc - ok
16:45:54.0303 6964 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:45:54.0378 6964 p2psvc - ok
16:45:54.0406 6964 [ 0fa9b5055484649d63c303fe404e5f4d ] Parport C:\Windows\system32\drivers\parport.sys
16:45:54.0414 6964 Parport - ok
16:45:54.0452 6964 [ b9c2b89f08670e159f7181891e449cd9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:45:54.0461 6964 partmgr - ok
16:45:54.0475 6964 [ 4f9a6a8a31413180d0fcb279ad5d8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:45:54.0483 6964 Parvdm - ok
16:45:54.0551 6964 [ 2f6e885c432927a186c2e352c8a1cbf4 ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
16:45:54.0553 6964 pbfilter - ok
16:45:54.0576 6964 [ c6276ad11f4bb49b58aa1ed88537f14a ] PcaSvc C:\Windows\System32\pcasvc.dll
16:45:54.0646 6964 PcaSvc - ok
16:45:54.0688 6964 [ 941dc1d19e7e8620f40bbc206981efdb ] pci C:\Windows\system32\drivers\pci.sys
16:45:54.0699 6964 pci - ok
16:45:54.0719 6964 [ fc175f5ddab666d7f4d17449a547626f ] pciide C:\Windows\system32\drivers\pciide.sys
16:45:54.0728 6964 pciide - ok
16:45:54.0767 6964 [ e6f3fb1b86aa519e7698ad05e58b04e5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:45:54.0776 6964 pcmcia - ok
16:45:54.0826 6964 [ 6349f6ed9c623b44b52ea3c63c831a92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:45:54.0848 6964 PEAUTH - ok
16:45:54.0921 6964 [ 0d8848fbe1765a3e27b69b5bef6d429f ] PersonalSecureDrive C:\Windows\System32\drivers\psd.sys
16:45:54.0929 6964 PersonalSecureDrive - ok
16:45:54.0972 6964 [ fedd3f668e0f61f47057657b64645cd7 ] PersonalSecureDriveService C:\Windows\system32\IfxPsdSv.exe
16:45:55.0008 6964 PersonalSecureDriveService - ok
16:45:55.0071 6964 [ b1689df169143f57053f795390c99db3 ] pla C:\Windows\system32\pla.dll
16:45:55.0165 6964 pla - ok
16:45:55.0202 6964 [ c5e7f8a996ec0a82d508fd9064a5569e ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:45:55.0299 6964 PlugPlay - ok
16:45:55.0340 6964 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:45:55.0415 6964 PNRPAutoReg - ok
16:45:55.0430 6964 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:45:55.0509 6964 PNRPsvc - ok
16:45:55.0546 6964 [ d0494460421a03cd5225cca0059aa146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:45:55.0590 6964 PolicyAgent - ok
16:45:55.0629 6964 [ ecfffaec0c1ecd8dbc77f39070ea1db1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:45:55.0637 6964 PptpMiniport - ok
16:45:55.0663 6964 [ 2027293619dd0f047c584cf2e7df4ffd ] Processor C:\Windows\system32\drivers\processr.sys
16:45:55.0671 6964 Processor - ok
16:45:55.0719 6964 [ 0508faa222d28835310b7bfca7a77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:45:55.0793 6964 ProfSvc - ok
16:45:55.0814 6964 [ a3e186b4b935905b829219502557314e ] ProtectedStorage C:\Windows\system32\lsass.exe
16:45:55.0862 6964 ProtectedStorage - ok
16:45:55.0906 6964 [ 99514faa8df93d34b5589187db3aa0ba ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:45:55.0912 6964 PSched - ok
16:45:55.0992 6964 [ 0a6db55afb7820c99aa1f3a1d270f4f6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:45:56.0022 6964 ql2300 - ok
16:45:56.0053 6964 [ 81a7e5c076e59995d54bc1ed3a16e60b ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:45:56.0064 6964 ql40xx - ok
16:45:56.0104 6964 [ e9ecae663f47e6cb43962d18ab18890f ] QWAVE C:\Windows\system32\qwave.dll
16:45:56.0203 6964 QWAVE - ok
16:45:56.0232 6964 [ 9f5e0e1926014d17486901c88eca2db7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:45:56.0242 6964 QWAVEdrv - ok
16:45:56.0299 6964 [ 147d7f9c556d259924351feb0de606c3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:45:56.0309 6964 RasAcd - ok
16:45:56.0318 6964 [ f6a452eb4ceadbb51c9e0ee6b3ecef0f ] RasAuto C:\Windows\System32\rasauto.dll
16:45:56.0413 6964 RasAuto - ok
16:45:56.0435 6964 [ a214adbaf4cb47dd2728859ef31f26b0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:45:56.0444 6964 Rasl2tp - ok
16:45:56.0477 6964 [ 75d47445d70ca6f9f894b032fbc64fcf ] RasMan C:\Windows\System32\rasmans.dll
16:45:56.0558 6964 RasMan - ok
16:45:56.0597 6964 [ 509a98dd18af4375e1fc40bc175f1def ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:45:56.0605 6964 RasPppoe - ok
16:45:56.0641 6964 [ 2005f4a1e05fa09389ac85840f0a9e4d ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:45:56.0649 6964 RasSstp - ok
16:45:56.0680 6964 [ b14c9d5b9add2f84f70570bbbfaa7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:45:56.0690 6964 rdbss - ok
16:45:56.0713 6964 [ 89e59be9a564262a3fb6c4f4f1cd9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:45:56.0720 6964 RDPCDD - ok
16:45:56.0747 6964 [ fbc0bacd9c3d7f6956853f64a66e252d ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:45:56.0758 6964 rdpdr - ok
16:45:56.0765 6964 [ 9d91fe5286f748862ecffa05f8a0710c ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:45:56.0773 6964 RDPENCDD - ok
16:45:56.0821 6964 [ c127ebd5afab31524662c48dfceb773a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:45:56.0831 6964 RDPWD - ok
16:45:56.0872 6964 [ bcdd6b4804d06b1f7ebf29e53a57ece9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:45:56.0926 6964 RemoteAccess - ok
16:45:56.0953 6964 [ 9e6894ea18daff37b63e1005f83ae4ab ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:45:57.0034 6964 RemoteRegistry - ok
16:45:57.0068 6964 [ 355aac141b214bef1dbc1483afd9bd50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
16:45:57.0076 6964 rimmptsk - ok
16:45:57.0085 6964 [ a4216c71dd4f60b26418ccfd99cd0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
16:45:57.0093 6964 rimsptsk - ok
16:45:57.0122 6964 [ d231b577024aa324af13a42f3a807d10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
16:45:57.0131 6964 rismxdp - ok
16:45:57.0147 6964 [ 5123f83cbc4349d065534eeb6bbdc42b ] RpcLocator C:\Windows\system32\locator.exe
16:45:57.0196 6964 RpcLocator - ok
16:45:57.0225 6964 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] RpcSs C:\Windows\system32\rpcss.dll
16:45:57.0309 6964 RpcSs - ok
16:45:57.0335 6964 [ 9c508f4074a39e8b4b31d27198146fad ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:45:57.0343 6964 rspndr - ok
16:45:57.0398 6964 [ 904fd29ec1ff2709099ae2cd1c09a913 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
16:45:57.0406 6964 RTL8169 - ok
16:45:57.0416 6964 [ a3e186b4b935905b829219502557314e ] SamSs C:\Windows\system32\lsass.exe
16:45:57.0468 6964 SamSs - ok
16:45:57.0486 6964 [ 3ce8f073a557e172b330109436984e30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:45:57.0494 6964 sbp2port - ok
16:45:57.0531 6964 [ 77b7a11a0c3d78d3386398fbbea1b632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:45:57.0610 6964 SCardSvr - ok
16:45:57.0654 6964 [ 1a58069db21d05eb2ab58ee5753ebe8d ] Schedule C:\Windows\system32\schedsvc.dll
16:45:57.0744 6964 Schedule - ok
16:45:57.0762 6964 [ 312ec3e37a0a1f2006534913e37b4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:45:57.0772 6964 SCPolicySvc - ok
16:45:57.0805 6964 [ 8f36b54688c31eed4580129040c6a3d3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:45:57.0831 6964 sdbus - ok
16:45:57.0867 6964 [ 716313d9f6b0529d03f726d5aaf6f191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:45:57.0949 6964 SDRSVC - ok
16:45:57.0961 6964 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:45:57.0971 6964 secdrv - ok
16:45:57.0987 6964 [ fd5199d4d8a521005e4b5ee7fe00fa9b ] seclogon C:\Windows\system32\seclogon.dll
16:45:58.0067 6964 seclogon - ok
16:45:58.0104 6964 [ a9bbab5759771e523f55563d6cbe140f ] SENS C:\Windows\system32\sens.dll
16:45:58.0184 6964 SENS - ok
16:45:58.0197 6964 [ 68e44e331d46f0fb38f0863a84cd1a31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:45:58.0206 6964 Serenum - ok
16:45:58.0219 6964 [ c70d69a918b178d3c3b06339b40c2e1b ] Serial C:\Windows\system32\drivers\serial.sys
16:45:58.0229 6964 Serial - ok
16:45:58.0247 6964 [ 8af3d28a879bf75db53a0ee7a4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:45:58.0256 6964 sermouse - ok
16:45:58.0302 6964 [ d2193326f729b163125610dbf3e17d57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:45:58.0383 6964 SessionEnv - ok
16:45:58.0411 6964 [ 3efa810bdca87f6ecc24f9832243fe86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:45:58.0420 6964 sffdisk - ok
16:45:58.0434 6964 [ e95d451f7ea3e583aec75f3b3ee42dc5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:45:58.0443 6964 sffp_mmc - ok
16:45:58.0460 6964 [ 3d0ea348784b7ac9ea9bd9f317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:45:58.0470 6964 sffp_sd - ok
16:45:58.0488 6964 [ 46ed8e91793b2e6f848015445a0ac188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:45:58.0497 6964 sfloppy - ok
16:45:58.0531 6964 [ e1499bd0ff76b1b2fbbf1af339d91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:45:58.0587 6964 SharedAccess - ok
16:45:58.0634 6964 [ c7230fbee14437716701c15be02c27b8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:45:58.0722 6964 ShellHWDetection - ok
16:45:58.0757 6964 [ 1d76624a09a054f682d746b924e2dbc3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:45:58.0766 6964 sisagp - ok
16:45:58.0787 6964 [ 43cb7aa756c7db280d01da9b676cfde2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:45:58.0796 6964 SiSRaid2 - ok
16:45:58.0811 6964 [ a99c6c8b0baa970d8aa59ddc50b57f94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:45:58.0821 6964 SiSRaid4 - ok
16:45:58.0947 6964 [ 862bb4cbc05d80c5b45be430e5ef872f ] slsvc C:\Windows\system32\SLsvc.exe
16:45:59.0140 6964 slsvc - ok
16:45:59.0169 6964 [ 6edc422215cd78aa8a9cde6b30abbd35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:45:59.0255 6964 SLUINotify - ok
16:45:59.0292 6964 [ 7b75299a4d201d6a6533603d6914ab04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:45:59.0303 6964 Smb - ok
16:45:59.0359 6964 [ d9bfd2298f5cf116d8eaae3b02dcee2e ] smserial C:\Windows\system32\DRIVERS\smserial.sys
16:45:59.0384 6964 smserial - ok
16:45:59.0418 6964 [ 2a146a055b4401c16ee62d18b8e2a032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:45:59.0503 6964 SNMPTRAP - ok
16:45:59.0574 6964 [ 750771bb0f0eda12bbc93f223fe682d4 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
16:45:59.0612 6964 SNP2UVC - ok
16:45:59.0640 6964 [ 7aebdeef071fe28b0eef2cdd69102bff ] spldr C:\Windows\system32\drivers\spldr.sys
16:45:59.0648 6964 spldr - ok
16:45:59.0675 6964 [ 739db668dbd812285ecc553e64a5e212 ] spmgr C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
16:45:59.0678 6964 spmgr - ok
16:45:59.0737 6964 [ 8554097e5136c3bf9f69fe578a1b35f4 ] Spooler C:\Windows\System32\spoolsv.exe
16:45:59.0823 6964 Spooler - ok
16:45:59.0850 6964 [ 41987f9fc0e61adf54f581e15029ad91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:45:59.0863 6964 srv - ok
16:45:59.0882 6964 [ ff33aff99564b1aa534f58868cbe41ef ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:45:59.0893 6964 srv2 - ok
16:45:59.0901 6964 [ 7605c0e1d01a08f3ecd743f38b834a44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:45:59.0912 6964 srvnet - ok
16:45:59.0944 6964 [ 03d50b37234967433a5ea5ba72bc0b62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:46:00.0034 6964 SSDPSRV - ok
16:46:00.0067 6964 [ 6f1a32e7b7b30f004d9a20afadb14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:46:00.0154 6964 SstpSvc - ok
16:46:00.0207 6964 [ 5de7d67e49b88f5f07f3e53c4b92a352 ] stisvc C:\Windows\System32\wiaservc.dll
16:46:00.0322 6964 stisvc - ok
16:46:00.0356 6964 [ 7ba58ecf0c0a9a69d44b3dca62becf56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:46:00.0365 6964 swenum - ok
16:46:00.0394 6964 [ f21fd248040681cca1fb6c9a03aaa93d ] swprv C:\Windows\System32\swprv.dll
16:46:00.0494 6964 swprv - ok
16:46:00.0528 6964 [ 192aa3ac01df071b541094f251deed10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:46:00.0537 6964 Symc8xx - ok
16:46:00.0551 6964 [ 8c8eb8c76736ebaf3b13b633b2e64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:46:00.0561 6964 Sym_hi - ok
16:46:00.0573 6964 [ 8072af52b5fd103bbba387a1e49f62cb ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:46:00.0582 6964 Sym_u3 - ok
16:46:00.0636 6964 [ 760e4f5a1e754bbe4a1bd2a0b54f6aa6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:46:00.0658 6964 SynTP - ok
16:46:00.0752 6964 [ 9a51b04e9886aa4ee90093586b0ba88d ] SysMain C:\Windows\system32\sysmain.dll
16:46:00.0895 6964 SysMain - ok
16:46:00.0914 6964 [ 2dca225eae15f42c0933e998ee0231c3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:46:01.0030 6964 TabletInputService - ok
16:46:01.0070 6964 [ d7673e4b38ce21ee54c59eeeb65e2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:46:01.0188 6964 TapiSrv - ok
16:46:01.0209 6964 [ cb05822cd9cc6c688168e113c603dbe7 ] TBS C:\Windows\System32\tbssvc.dll
16:46:01.0302 6964 TBS - ok
16:46:01.0353 6964 [ 27d470dabc77bc60d0a3b0e4deb6cb91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:46:01.0376 6964 Tcpip - ok
16:46:01.0413 6964 [ 27d470dabc77bc60d0a3b0e4deb6cb91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:46:01.0427 6964 Tcpip6 - ok
16:46:01.0460 6964 [ 608c345a255d82a6289c2d468eb41fd7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:46:01.0469 6964 tcpipreg - ok
16:46:01.0498 6964 [ 5dcf5e267be67a1ae926f2df77fbcc56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:46:01.0507 6964 TDPIPE - ok
16:46:01.0523 6964 [ 389c63e32b3cefed425b61ed92d3f021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:46:01.0533 6964 TDTCP - ok
16:46:01.0569 6964 [ 76b06eb8a01fc8624d699e7045303e54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:46:01.0580 6964 tdx - ok
16:46:01.0619 6964 [ 3cad38910468eab9a6479e2f01db43c7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:46:01.0629 6964 TermDD - ok
16:46:01.0659 6964 [ bb95da09bef6e7a131bff3ba5032090d ] TermService C:\Windows\System32\termsrv.dll
16:46:01.0758 6964 TermService - ok
16:46:01.0778 6964 [ c7230fbee14437716701c15be02c27b8 ] Themes C:\Windows\system32\shsvcs.dll
16:46:01.0861 6964 Themes - ok
16:46:01.0877 6964 [ 1076ffcffaae8385fd62dfcb25ac4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:46:01.0928 6964 THREADORDER - ok
16:46:01.0959 6964 [ cb258c2f726f1be73c507022be33ebb3 ] TPM C:\Windows\system32\drivers\tpm.sys
16:46:01.0968 6964 TPM - ok
16:46:01.0999 6964 [ ec74e77d0eb004bd3a809b5f8fb8c2ce ] TrkWks C:\Windows\System32\trkwks.dll
16:46:02.0089 6964 TrkWks - ok
16:46:02.0143 6964 [ 97d9d6a04e3ad9b6c626b9931db78dba ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:46:02.0158 6964 TrustedInstaller - ok
16:46:02.0193 6964 [ dcf0f056a2e4f52287264f5ab29cf206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:46:02.0203 6964 tssecsrv - ok
16:46:02.0217 6964 [ caecc0120ac49e3d2f758b9169872d38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:46:02.0226 6964 tunmp - ok
16:46:02.0257 6964 [ 300db877ac094feab0be7688c3454a9c ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:46:02.0267 6964 tunnel - ok
16:46:02.0284 6964 [ 7d33c4db2ce363c8518d2dfcf533941f ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:46:02.0294 6964 uagp35 - ok
16:46:02.0326 6964 [ d9728af68c4c7693cb100b8441cbdec6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:46:02.0339 6964 udfs - ok
16:46:02.0374 6964 [ ecef404f62863755951e09c802c94ad5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:46:02.0465 6964 UI0Detect - ok
16:46:02.0482 6964 [ b0acfdc9e4af279e9116c03e014b2b27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:46:02.0494 6964 uliagpkx - ok
16:46:02.0537 6964 [ 9224bb254f591de4ca8d572a5f0d635c ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:46:02.0552 6964 uliahci - ok
16:46:02.0581 6964 [ 8514d0e5cd0534467c5fc61be94a569f ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:46:02.0592 6964 UlSata - ok
16:46:02.0610 6964 [ 38c3c6e62b157a6bc46594fada45c62b ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:46:02.0621 6964 ulsata2 - ok
16:46:02.0635 6964 [ 32cff9f809ae9aed85464492bf3e32d2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:46:02.0645 6964 umbus - ok
16:46:02.0677 6964 [ 68308183f4ae0be7bf8ecd07cb297999 ] upnphost C:\Windows\System32\upnphost.dll
16:46:02.0773 6964 upnphost - ok
16:46:02.0812 6964 [ caf811ae4c147ffcd5b51750c7f09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:46:02.0823 6964 usbccgp - ok
16:46:02.0837 6964 [ e9476e6c486e76bc4898074768fb7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:46:02.0847 6964 usbcir - ok
16:46:02.0885 6964 [ 79e96c23a97ce7b8f14d310da2db0c9b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:46:02.0895 6964 usbehci - ok
16:46:02.0913 6964 [ 4673bbcb006af60e7abddbe7a130ba42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:46:02.0926 6964 usbhub - ok
16:46:02.0951 6964 [ 38dbc7dd6cc5a72011f187425384388b ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:46:02.0960 6964 usbohci - ok
16:46:02.0997 6964 [ b51e52acf758be00ef3a58ea452fe360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:46:03.0007 6964 usbprint - ok
16:46:03.0033 6964 [ 87ba6b83c5d19b69160968d07d6e2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:46:03.0043 6964 USBSTOR - ok
16:46:03.0063 6964 [ 814d653efc4d48be3b04a307eceff56f ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:46:03.0073 6964 usbuhci - ok
16:46:03.0104 6964 [ e67998e8f14cb0627a769f6530bcb352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:46:03.0115 6964 usbvideo - ok
16:46:03.0142 6964 [ 1509e705f3ac1d474c92454a5c2dd81f ] UxSms C:\Windows\System32\uxsms.dll
16:46:03.0233 6964 UxSms - ok
16:46:03.0286 6964 [ cd88d1b7776dc17a119049742ec07eb4 ] vds C:\Windows\System32\vds.exe
16:46:03.0385 6964 vds - ok
16:46:03.0426 6964 [ 87b06e1f30b749a114f74622d013f8d4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:46:03.0435 6964 vga - ok
16:46:03.0450 6964 [ 2e93ac0a1d8c79d019db6c51f036636c ] VgaSave C:\Windows\System32\drivers\vga.sys
16:46:03.0460 6964 VgaSave - ok
16:46:03.0473 6964 [ 5d7159def58a800d5781ba3a879627bc ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:46:03.0483 6964 viaagp - ok
16:46:03.0497 6964 [ c4f3a691b5bad343e6249bd8c2d45dee ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:46:03.0542 6964 ViaC7 - ok
16:46:03.0554 6964 [ aadf5587a4063f52c2c3fed7887426fc ] viaide C:\Windows\system32\drivers\viaide.sys
16:46:03.0576 6964 viaide - ok
16:46:03.0617 6964 [ 69503668ac66c77c6cd7af86fbdf8c43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:46:03.0628 6964 volmgr - ok
16:46:03.0651 6964 [ 23e41b834759917bfd6b9a0d625d0c28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:46:03.0665 6964 volmgrx - ok
16:46:03.0679 6964 [ 147281c01fcb1df9252de2a10d5e7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:46:03.0692 6964 volsnap - ok
16:46:03.0717 6964 [ 587253e09325e6bf226b299774b728a9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:46:03.0729 6964 vsmraid - ok
16:46:03.0777 6964 [ db3d19f850c6eb32bdcb9bc0836acddb ] VSS C:\Windows\system32\vssvc.exe
16:46:03.0886 6964 VSS - ok
16:46:03.0924 6964 [ 96ea68b9eb310a69c25ebb0282b2b9de ] W32Time C:\Windows\system32\w32time.dll
16:46:04.0023 6964 W32Time - ok
16:46:04.0049 6964 [ 48dfee8f1af7c8235d4e626f0c4fe031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:46:04.0059 6964 WacomPen - ok
16:46:04.0077 6964 [ 55201897378cca7af8b5efd874374a26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:46:04.0088 6964 Wanarp - ok
16:46:04.0093 6964 [ 55201897378cca7af8b5efd874374a26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:46:04.0104 6964 Wanarpv6 - ok
16:46:04.0127 6964 [ a3cd60fd826381b49f03832590e069af ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:46:04.0228 6964 wcncsvc - ok
16:46:04.0258 6964 [ 11bcb7afcdd7aadacb5746f544d3a9c7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:46:04.0352 6964 WcsPlugInService - ok
16:46:04.0382 6964 [ 78fe9542363f297b18c027b2d7e7c07f ] Wd C:\Windows\system32\drivers\wd.sys
16:46:04.0392 6964 Wd - ok
16:46:04.0429 6964 [ b6f0a7ad6d4bd325fbcd8bac96cd8d96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:46:04.0447 6964 Wdf01000 - ok
16:46:04.0466 6964 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:46:04.0565 6964 WdiServiceHost - ok
16:46:04.0570 6964 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:46:04.0669 6964 WdiSystemHost - ok
16:46:04.0709 6964 [ 04c37d8107320312fbae09926103d5e2 ] WebClient C:\Windows\System32\webclnt.dll
16:46:04.0808 6964 WebClient - ok
16:46:04.0828 6964 [ ae3736e7e8892241c23e4ebbb7453b60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:46:04.0948 6964 Wecsvc - ok
16:46:04.0978 6964 [ 670ff720071ed741206d69bd995ea453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:46:05.0076 6964 wercplsupport - ok
16:46:05.0106 6964 [ 32b88481d3b326da6deb07b1d03481e7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:46:05.0202 6964 WerSvc - ok
16:46:05.0270 6964 [ 4575aa12561c5648483403541d0d7f2b ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:46:05.0277 6964 WinDefend - ok
16:46:05.0286 6964 WinHttpAutoProxySvc - ok
16:46:05.0340 6964 [ 6b2a1d0e80110e3d04e6863c6e62fd8a ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:46:05.0478 6964 Winmgmt - ok
16:46:05.0545 6964 [ 7cfe68bdc065e55aa5e8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:46:05.0766 6964 WinRM - ok
16:46:05.0871 6964 [ c008405e4feeb069e30da1d823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:46:05.0982 6964 Wlansvc - ok
16:46:06.0091 6964 [ fb01d4ae207b9efdbabfc55dc95c7e31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:46:06.0121 6964 wlidsvc - ok
16:46:06.0152 6964 [ 2e7255d172df0b8283cdfb7b433b864e ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:46:06.0162 6964 WmiAcpi - ok
16:46:06.0207 6964 [ 43be3875207dcb62a85c8c49970b66cc ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:46:06.0220 6964 wmiApSrv - ok
16:46:06.0303 6964 [ 3978704576a121a9204f8cc49a301a9b ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:46:06.0320 6964 WMPNetworkSvc - ok
16:46:06.0358 6964 [ cfc5a04558f5070cee3e3a7809f3ff52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:46:06.0460 6964 WPCSvc - ok
16:46:06.0494 6964 [ 801fbdb89d472b3c467eb112a0fc9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:46:06.0599 6964 WPDBusEnum - ok
16:46:06.0721 6964 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:46:06.0746 6964 WPFFontCache_v0400 - ok
16:46:06.0776 6964 [ e3a3cb253c0ec2494d4a61f5e43a389c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:46:06.0786 6964 ws2ifsl - ok
16:46:06.0804 6964 [ 1ca6c40261ddc0425987980d0cd2aaab ] wscsvc C:\Windows\system32\wscsvc.dll
16:46:06.0935 6964 wscsvc - ok
16:46:06.0943 6964 WSearch - ok
16:46:07.0038 6964 [ fc3ec24fce372c89423e015a2ac1a31e ] wuauserv C:\Windows\system32\wuaueng.dll
16:46:07.0201 6964 wuauserv - ok
16:46:07.0285 6964 [ ac13cb789d93412106b0fb6c7eb2bcb6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:46:07.0298 6964 WUDFRd - ok
16:46:07.0330 6964 [ 575a4190d989f64732119e4114045a4f ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:46:07.0462 6964 wudfsvc - ok
16:46:07.0562 6964 [ 7d1f3b131d503ef43ee594b5a2b9b427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
16:46:07.0578 6964 yukonwlh - ok
16:46:07.0587 6964 ================ Scan global ===============================
16:46:07.0618 6964 (f31eebc1a1c81fd04005489cc3dcdfe7) C:\Windows\system32\basesrv.dll
16:46:07.0654 6964 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
16:46:07.0799 6964 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
16:46:07.0924 6964 (d4e6d91c1349b7bfb3599a6ada56851b) C:\Windows\system32\services.exe
16:46:08.0009 6964 [Global] - ok
16:46:08.0010 6964 ================ Scan MBR ==================================
16:46:08.0022 6964 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:46:08.0249 6964 \Device\Harddisk0\DR0 - ok
16:46:08.0250 6964 ================ Scan VBR ==================================
16:46:08.0254 6964 Boot (0x1200) (f422a1297bdc527ff9ccf295cdf7de15) \Device\Harddisk0\DR0\Partition1
16:46:08.0256 6964 \Device\Harddisk0\DR0\Partition1 - ok
16:46:08.0282 6964 Boot (0x1200) (5c9e3dcb4c91a2629708ba56ff6b906a) \Device\Harddisk0\DR0\Partition2
16:46:08.0284 6964 \Device\Harddisk0\DR0\Partition2 - ok
16:46:08.0287 6964 ============================================================
16:46:08.0287 6964 Scan finished
16:46:08.0287 6964 ============================================================
16:46:08.0304 7872 Detected object count: 0
16:46:08.0304 7872 Actual detected object count: 0
17:00:43.0084 7700 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-18 16:51:20
-----------------------------
16:51:20.021 OS Version: Windows 6.0.6002 Service Pack 2
16:51:20.022 Number of processors: 2 586 0xF0D
16:51:20.023 ComputerName: ANDREA-PC UserName: Andrea
16:51:31.109 Initialize success
16:51:31.308 AVAST engine defs: 12081701
16:51:56.480 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:51:56.482 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
16:51:56.505 Disk 0 MBR read successfully
16:51:56.508 Disk 0 MBR scan
16:51:56.606 Disk 0 Windows VISTA default MBR code
16:51:56.632 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 5000 MB offset 2048
16:51:56.646 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 88576 MB offset 10242048
16:51:56.652 Disk 0 Partition - 00 0F Extended LBA 59049 MB offset 191645696
16:51:56.676 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 59048 MB offset 191647744
16:51:56.705 Disk 0 scanning sectors +312578048
16:51:56.777 Disk 0 scanning C:\Windows\system32\drivers
16:52:05.038 Service scanning
16:52:33.341 Modules scanning
16:52:42.919 Disk 0 trace - called modules:
16:52:42.946 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
16:52:42.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d3e3e8]
16:52:42.959 3 CLASSPNP.SYS[887a88b3] -> nt!IofCallDriver -> [0x848749c0]
16:52:42.966 5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x848a8030]
16:52:43.388 AVAST engine scan C:\Windows
16:52:47.316 AVAST engine scan C:\Windows\system32
16:55:03.544 AVAST engine scan C:\Windows\system32\drivers
16:55:14.810 AVAST engine scan C:\Users\Andrea
16:59:43.112 AVAST engine scan C:\ProgramData
17:00:07.564 Scan finished successfully
17:00:30.993 Disk 0 MBR has been saved successfully to "C:\Users\Andrea\Desktop\MBR.dat"
17:00:31.011 The log file has been saved successfully to "C:\Users\Andrea\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 PM

Posted 18 August 2012 - 02:09 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 fedup14

fedup14
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 19 August 2012 - 12:38 AM

ComboFix 12-08-18.03 - Andrea 19/08/2012 14:45:52.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2038.1144 [GMT 10:00]
Running from: c:\users\Andrea\Desktop\ComboFix.exe
Command switches used :: c:\users\Andrea\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 05:18 . 2012-08-19 05:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 16:11 . 2012-07-15 16:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3D4D901-D5CA-4DA6-8AA5-0B0CDF7FB417}\mpengine.dll
2012-08-15 13:13 . 2012-08-15 13:13 -------- d-----w- c:\programdata\Last.fm
2012-08-15 13:12 . 2012-08-15 13:12 -------- d-----w- c:\program files\Last.fm
2012-08-15 12:01 . 2012-08-15 12:01 -------- dc----w- c:\windows\system32\DRVSTORE
2012-08-15 12:01 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-15 12:01 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-15 12:00 . 2012-08-15 12:00 -------- d-----w- c:\program files\iPod
2012-08-15 12:00 . 2012-08-15 13:13 -------- d-----w- c:\program files\iTunes
2012-08-15 12:00 . 2012-08-15 12:01 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-15 12:00 . 2012-08-15 12:00 -------- d-----w- c:\programdata\Apple Computer
2012-08-15 11:58 . 2012-08-15 11:58 -------- d-----w- c:\program files\Apple Software Update
2012-08-15 10:26 . 2012-08-15 10:26 -------- d-----w- c:\program files\Bonjour
2012-08-15 10:24 . 2012-08-15 12:00 -------- d-----w- c:\program files\Common Files\Apple
2012-08-15 10:24 . 2012-08-15 11:58 -------- d-----w- c:\programdata\Apple
2012-08-15 08:25 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-08 03:50 . 2012-08-08 03:50 -------- d-----w- c:\program files\Microsoft.NET
2012-08-08 03:40 . 2012-08-08 03:40 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-08-08 03:33 . 2012-08-15 17:20 -------- d-----w- c:\program files\PeerBlock
2012-08-08 03:28 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-08-08 03:28 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-08-08 03:28 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-08-08 03:28 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-08-08 03:28 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-08-08 03:28 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-08-08 03:28 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-08-08 02:49 . 2012-08-08 02:49 -------- d-----w- c:\windows\PCHEALTH
2012-08-08 02:48 . 2012-08-08 02:51 -------- d-----w- c:\program files\Windows Live
2012-08-08 02:46 . 2012-08-08 03:43 -------- d-----w- c:\program files\Microsoft Silverlight
2012-08-07 23:52 . 2012-08-07 23:52 -------- d-----w- c:\programdata\Infineon
2012-08-07 23:52 . 2012-08-07 23:52 -------- d-----w- c:\program files\Infineon
2012-08-07 23:49 . 2007-06-01 10:00 172032 ----a-w- c:\windows\system32\igfxres.dll
2012-08-07 23:49 . 2012-08-17 05:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-08-07 23:32 . 2012-08-07 23:32 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-07 23:28 . 2012-08-07 23:28 37232 ----a-w- c:\windows\ASScrProlog.exe
2012-08-07 23:28 . 2012-08-07 23:28 4499453 ----a-w- c:\windows\ASUS Camera ScreenSaver.exe
2012-08-07 23:28 . 2012-08-07 23:28 503808 ----a-w- c:\windows\Asus_Camera_ScreenSaver.scr
2012-08-07 23:28 . 2012-08-07 23:28 274800 ----a-w- c:\windows\ASUS Camera ScreenSaver Uninstaller.exe
2012-08-07 23:28 . 2012-08-07 23:28 -------- d-----w- c:\windows\system32\Macromed
2012-08-07 23:28 . 2012-08-07 23:28 -------- d-----w- c:\windows\Asus_Camera_ScreenSaver dir
2012-08-07 23:28 . 2012-08-07 23:28 606848 ----a-w- c:\windows\flashax.exe
2012-08-07 23:28 . 2012-08-07 23:28 12288 ----a-w- c:\windows\impborl.dll
2012-08-07 23:27 . 2012-08-07 23:27 33136 ----a-w- c:\windows\ASScrPro.exe
2012-08-07 23:24 . 2012-08-07 23:24 -------- d-----w- c:\program files\P4P
2012-08-07 23:24 . 2006-03-10 18:58 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2012-08-07 23:24 . 2007-03-03 05:24 182456 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-08-07 23:24 . 2007-03-03 05:22 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-08-07 23:24 . 2007-03-03 04:37 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-08-07 23:24 . 2007-03-03 04:30 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2012-08-07 23:24 . 2007-03-03 04:29 163840 ----a-w- c:\windows\system32\SynCOM.dll
2012-08-07 23:22 . 2012-08-07 23:22 -------- d-----w- c:\program files\Synaptics
2012-08-07 23:20 . 2012-08-07 23:20 -------- d-----w- c:\programdata\P4G
2012-08-07 23:20 . 2012-08-07 23:20 -------- d-----w- c:\program files\P4G
2012-08-07 23:20 . 2012-08-07 23:20 -------- d-----w- c:\program files\Power4Gear eXtreme
2012-08-07 23:17 . 2005-07-06 22:43 155648 ----a-w- c:\windows\system32\ACEngSvr.exe
2012-08-07 23:09 . 2012-08-07 23:09 -------- d-----w- c:\programdata\ASUS
2012-08-07 23:04 . 2012-08-07 23:04 -------- d-----w- c:\windows\Options
2012-08-07 23:04 . 2012-08-07 23:04 -------- d-----w- c:\program files\Atheros
2012-08-07 23:04 . 2007-07-31 05:13 743424 ----a-w- c:\windows\system32\athr.sys
2012-08-07 23:04 . 2012-08-07 23:04 -------- d-----w- c:\programdata\Atheros
2012-08-07 23:03 . 2012-08-07 23:03 -------- d-----w- c:\program files\Wireless Console 2
2012-08-07 23:01 . 2007-08-11 03:19 29752 ----a-w- c:\windows\system32\drivers\AsDsm.sys
2012-08-07 23:00 . 2012-08-07 23:00 -------- d-----w- c:\program files\ATKGFNEX
2012-08-07 22:58 . 2012-08-07 15:08 -------- d-----w- c:\windows\system32\RTCOM
2012-08-07 22:49 . 2012-08-07 07:48 -------- d-----w- c:\programdata\Symantec
2012-08-07 22:49 . 2012-08-07 07:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-08-07 22:49 . 2012-08-15 12:03 -------- d-sh--w- c:\windows\Installer
2012-08-07 22:49 . 2012-08-07 22:49 -------- d-----w- c:\program files\ATKOSD2
2012-08-07 22:48 . 2012-08-07 22:48 -------- d-----w- c:\program files\ATK Hotkey
2012-08-07 22:48 . 2012-08-07 23:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-08-07 22:47 . 2012-08-07 22:57 -------- d-----w- c:\program files\Common Files\InstallShield
2012-08-07 22:47 . 2012-08-07 23:23 -------- d-----w- c:\program files\ASUS
2012-08-07 22:45 . 2012-08-07 22:45 -------- d-----w- c:\windows\system32\Lang
2012-08-07 22:45 . 2007-06-07 11:52 400152 ----a-w- c:\windows\system32\igxpun.exe
2012-08-07 22:45 . 2006-11-11 09:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2012-08-07 22:42 . 2012-08-07 22:42 -------- d-----w- c:\program files\Intel
2012-08-07 22:42 . 2012-08-07 22:42 -------- d-----w- C:\Intel
2012-08-07 22:38 . 2012-08-07 22:38 -------- d-----w- c:\program files\Motorola
2012-08-07 17:16 . 2012-08-07 17:16 -------- d-----w- c:\program files\Windows Portable Devices
2012-08-07 16:39 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-08-07 16:39 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-08-07 16:39 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-08-07 16:37 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2012-08-07 16:37 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2012-08-07 16:37 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2012-08-07 16:37 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2012-08-07 16:37 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2012-08-07 16:37 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-08-07 16:37 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2012-08-07 16:37 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2012-08-07 16:37 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2012-08-07 16:37 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2012-08-07 16:37 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2012-08-07 16:37 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2012-08-07 16:32 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-07 16:32 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-08-07 16:32 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-07 16:32 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-07 16:23 . 2012-08-07 16:23 98816 ----a-w- c:\windows\system32\mfps.dll
2012-08-07 16:22 . 2012-08-07 16:22 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-08-07 16:22 . 2012-08-07 16:22 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-08-07 16:22 . 2012-08-07 16:22 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-08-07 16:22 . 2012-08-07 16:22 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-08-07 16:22 . 2012-08-07 16:22 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-08-07 16:22 . 2012-08-07 16:22 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-08-07 16:22 . 2012-08-07 16:22 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-08-07 16:15 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-08-07 16:06 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-07 16:06 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-07 15:53 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-08-07 15:42 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-07 15:42 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-08-07 15:42 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-07 15:42 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-07 15:41 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-08-07 15:41 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-08-07 15:41 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-07 15:41 . 2012-06-02 05:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-07 15:41 . 2012-06-02 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-07 15:40 . 2012-08-07 15:40 -------- d-----w- c:\program files\Common Files\Windows Live
2012-08-07 15:09 . 2012-08-07 15:09 -------- d-----w- c:\windows\system32\ca-ES
2012-08-07 15:09 . 2012-08-07 15:09 -------- d-----w- c:\windows\system32\eu-ES
2012-08-07 15:09 . 2012-08-07 15:09 -------- d-----w- c:\windows\system32\vi-VN
2012-08-07 14:06 . 2012-08-07 14:06 -------- d-----w- c:\windows\system32\EventProviders
2012-08-07 13:50 . 2009-04-11 06:28 407552 ----a-w- c:\windows\system32\MPSSVC.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 02:48 . 2011-03-28 08:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-07 16:22 . 2012-08-07 16:22 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-07-14 00:17 . 2012-08-07 07:28 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-24 630784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-07 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-07 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-07 138008]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-26 4444160]
"Skytel"="Skytel.exe" [2007-04-14 1822720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-03 857648]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-07-19 778240]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2012-08-07 33136]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2012-08-07 37232]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-27 677408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 23:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\y69s8v28.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-19 15:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2244)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\ifxtcs.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\System32\ACEngSvr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-08-19 15:25:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-19 05:25
ComboFix2.txt 2012-08-17 06:11
ComboFix3.txt 2012-08-17 05:24
.
Pre-Run: 57,485,946,880 bytes free
Post-Run: 57,440,940,032 bytes free
.
- - End Of File - - 60578918D585E05E6A0490E264413243


Had to restart twice to get rid of illegal operation error messages, but otherwise computer seems okay. Computer was mostly running okay the whole time though. I'd not have known anything was wrong unless I did the boot scans and got a root kit warning from avast.

What kind of infection was this? Is my computer safe now?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 PM

Posted 19 August 2012 - 02:14 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 8 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 fedup14

fedup14
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 19 August 2012 - 03:43 AM

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Andrea :: ANDREA-PC [administrator]

Protection: Enabled

19/08/2012 6:23:16 PM
mbam-log-2012-08-19 (18-23-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183995
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:36:11 PM, on 19/08/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\ASScrPro.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Andrea\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 6331 bytes


Computer is running same as usual.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 PM

Posted 19 August 2012 - 03:55 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
      O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 fedup14

fedup14
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 19 August 2012 - 07:07 AM

Okay. I removed all unneeded start up entries and ran an ESET scan which found nothing.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users