Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
33 replies to this topic

#1 Bandion

Bandion

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 13 August 2012 - 09:32 PM

I have a google redirect, doesnt happen every time, I can get redirected and click back, and click the link again and it will respond normally.
I have attempted to remove it my self, using TDSSKILLER from Kaspersky and rkill, but they did not see it. Malware bytes does not see it either.
I have also installed Revo to remove programs, and have removed SearchQu and iLivid, as well as Java 6, I do have Java 7 installed.

Currently am running GMER, but was only able to select Services, Registry, Files (C:), and ADS

Thank you for your help
Band



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Bandion at 21:18:55 on 2012-08-13
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8109.3785 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\BOINC\boincmgr.exe
C:\Program Files (x86)\BOINC\boinctray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\BOINC\boinc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Do It Again\DoItAgain.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\BOINC\boincmgr.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.31_windows_x86_64.exe
C:\ProgramData\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_separation_1.00_windows_x86_64.exe
C:\Windows\system32\conhost.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: AutorunsDisabled - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Bandion\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe -update activex
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
mRunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{C776797C-D1A8-4C95-AD0E-2A00FE2E9B29} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C776797C-D1A8-4C95-AD0E-2A00FE2E9B29} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO-X64: AutorunsDisabled - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun-x64: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRunOnce-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
mRunOnce-x64: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar"
AppInit_DLLs-X64: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bandion\AppData\Roaming\Mozilla\Firefox\Profiles\3t5ifau1.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Ba22fda65-a079-4f42-9b0d-1550552b4660%7D&mid=1b4adbdfc15447d0baab81ac0fadffd0-d2801f51ea3ff291bc5fb49252cfd329fee30a43&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-07-16%2009%3A02%3A23&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Bandion\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-13 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-30 2253120]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-12-30 114688]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-16 935008]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-12-30 30528]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-3 136176]
S2 NPVR Recording Service;NPVR Recording Service;"C:\Program Files (x86)\NPVR\NRecord.exe" --> C:\Program Files (x86)\NPVR\NRecord.exe [?]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-30 79360]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-12-30 25640]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-31 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-3 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-6 113120]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-14 01:58:18 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-14 01:33:26 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-07-24 16:24:01 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-24 16:23:05 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-23 14:04:39 466944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
2012-07-23 14:04:38 -------- d-----w- C:\Users\Bandion\AppData\Roaming\Catalina Marketing Corp
2012-07-23 14:04:36 489712 ----a-w- C:\Users\Bandion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-07-16 16:47:33 -------- d-----w- C:\Users\Bandion\AppData\Roaming\AVG
2012-07-16 14:45:19 -------- d-----w- C:\Users\Bandion\AppData\Roaming\AVG2012
2012-07-16 14:03:28 -------- d-----w- C:\Users\Bandion\AppData\Local\AVG Secure Search
2012-07-16 14:02:21 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-16 14:02:19 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-16 14:02:18 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-16 14:00:31 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-16 13:59:25 -------- d--h--w- C:\$AVG
2012-07-16 13:59:25 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-16 13:59:25 -------- d-----w- C:\ProgramData\AVG2012
2012-07-16 13:57:46 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-16 13:54:46 -------- d--h--w- C:\ProgramData\Common Files
2012-07-16 13:54:46 -------- d-----w- C:\ProgramData\MFAData
.
==================== Find3M ====================
.
2012-08-11 19:42:25 30528 ----a-w- C:\Windows\GVTDrv64.sys
2012-08-11 19:42:10 25640 ----a-w- C:\Windows\gdrv.sys
2012-07-12 00:18:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 00:18:53 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 03:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-04 18:22:11 14844448 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 21:19:12.41 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:08 PM

Posted 18 August 2012 - 09:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465109 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Bandion

Bandion
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 18 August 2012 - 11:41 PM

Still need help.... GMER log had no output...

here is a new DDS


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Bandion at 23:21:01 on 2012-08-18
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8109.3327 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\BOINC\boincmgr.exe
C:\Program Files (x86)\BOINC\boinctray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\BOINC\boinc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\BOINC\boincmgr.exe
C:\Windows\System32\dinotify.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Windows\system32\conhost.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_6.01_windows_intelx86.exe
C:\Windows\system32\conhost.exe
C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.31_windows_x86_64.exe
C:\Users\Bandion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: AutorunsDisabled - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Bandion\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe -update plugin
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
mRunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{C776797C-D1A8-4C95-AD0E-2A00FE2E9B29} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C776797C-D1A8-4C95-AD0E-2A00FE2E9B29} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO-X64: AutorunsDisabled - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun-x64: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRunOnce-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
mRunOnce-x64: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar"
AppInit_DLLs-X64: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bandion\AppData\Roaming\Mozilla\Firefox\Profiles\3t5ifau1.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Ba22fda65-a079-4f42-9b0d-1550552b4660%7D&mid=1b4adbdfc15447d0baab81ac0fadffd0-d2801f51ea3ff291bc5fb49252cfd329fee30a43&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-07-16%2009%3A02%3A23&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Bandion\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-13 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-30 2253120]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-12-30 114688]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-16 935008]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-12-30 30528]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-3 136176]
S2 NPVR Recording Service;NPVR Recording Service;"C:\Program Files (x86)\NPVR\NRecord.exe" --> C:\Program Files (x86)\NPVR\NRecord.exe [?]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-30 79360]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-12-30 25640]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-31 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-3 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-6 113120]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-17 22:13:10 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-08-17 22:11:39 103904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-08-17 22:11:30 -------- d-----w- C:\_AcroTemp
2012-08-14 13:48:22 -------- d-----w- C:\Program Files\Core Temp
2012-08-14 01:58:18 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-14 01:33:26 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-07-24 16:24:01 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-24 16:23:05 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-23 14:04:39 466944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
2012-07-23 14:04:38 -------- d-----w- C:\Users\Bandion\AppData\Roaming\Catalina Marketing Corp
2012-07-23 14:04:36 489712 ----a-w- C:\Users\Bandion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
.
==================== Find3M ====================
.
2012-08-11 19:42:25 30528 ----a-w- C:\Windows\GVTDrv64.sys
2012-08-11 19:42:10 25640 ----a-w- C:\Windows\gdrv.sys
2012-07-12 00:18:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 00:18:53 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 03:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-04 18:22:11 14844448 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 23:21:44.84 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 19 August 2012 - 01:39 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Bandion

Bandion
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 19 August 2012 - 03:24 PM

I ran combofix and it crashed my comp.. had to restore from prevous boot, system restore didnt work. Also had to re-install my lan drivers. Not sure what caused the crash.. could be a couple of things, I did not entirely disable the antivirus as I thought I had.. and there were updates that had been applied and were waiting for a reboot...
anyways it is back running again, still have the same issue...

here is the security check

Results of screen317's Security Check version 0.99.46
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
AVG PC Tuneup
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.75
Google Chrome 21.0.1180.79
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

and the Combofix log


ComboFix 12-08-18.03 - Bandion 08/19/2012 15:06:56.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8109.6182 [GMT -5:00]
Running from: c:\users\Bandion\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 20:10 . 2012-08-19 20:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-19 20:10 . 2012-08-19 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-19 19:54 . 2012-08-19 19:54 -------- d-----w- c:\windows\LastGood.Tmp
2012-08-19 19:54 . 2011-09-29 09:30 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-08-19 19:54 . 2011-09-29 09:30 646248 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-08-19 19:54 . 2011-09-29 09:30 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-08-19 19:52 . 2012-08-19 19:52 -------- d-----w- C:\RealTek Lan drivers
2012-08-17 22:13 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-08-17 22:11 . 2012-07-30 19:52 103904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-08-17 22:11 . 2012-08-19 16:30 -------- d-----w- C:\_AcroTemp
2012-08-15 20:02 . 2012-08-15 20:02 -------- d-----w- c:\windows\Sun
2012-08-14 13:48 . 2012-08-14 13:50 -------- d-----w- c:\program files\Core Temp
2012-08-14 01:58 . 2012-08-14 01:58 -------- d-----w- c:\program files (x86)\ESET
2012-08-14 01:33 . 2012-08-14 01:33 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-07-24 16:24 . 2012-07-24 16:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-24 16:24 . 2012-07-24 16:24 -------- d-----w- c:\program files (x86)\Oracle
2012-07-24 16:23 . 2012-07-06 03:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-24 16:21 . 2012-07-24 16:21 -------- d-----w- c:\programdata\McAfee
2012-07-23 14:04 . 2012-07-23 14:04 466944 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\NPcol400.dll
2012-07-23 14:04 . 2012-07-23 14:04 -------- d-----w- c:\users\Bandion\AppData\Roaming\Catalina Marketing Corp
2012-07-23 14:04 . 2012-07-23 14:04 489712 ----a-w- c:\users\Bandion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-19 20:12 . 2011-12-30 12:36 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-08-19 20:12 . 2011-12-30 12:36 25640 ----a-w- c:\windows\gdrv.sys
2012-08-19 13:46 . 2011-12-31 01:01 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-12 00:18 . 2012-04-29 00:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 00:18 . 2011-12-31 18:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 03:06 . 2011-12-31 22:53 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 18:46 . 2012-07-14 00:54 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 05:30 . 2012-07-11 09:16 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-11 09:16 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 09:16 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 09:16 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 09:16 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-04 18:22 . 2012-06-04 18:22 14844448 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2012-06-02 22:19 . 2012-06-21 13:51 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 13:51 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 13:51 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 13:51 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 13:51 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 13:51 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 13:51 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 13:51 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-21 13:51 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:38 . 2012-07-11 09:16 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 09:16 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 09:16 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 09:16 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 09:16 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 09:16 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 09:16 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 09:16 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 09:16 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 17:25 . 2011-12-31 00:58 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 04:04 . 2012-07-14 02:05 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04118AD2-E68E-4B6A-9561-93613EDF6BDC}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-16 14:02 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-16 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bandion\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bandion\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bandion\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-08-16 6287008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"boincmgr"="c:\program files (x86)\BOINC\boincmgr.exe" [2010-09-24 4543232]
"boinctray"="c:\program files (x86)\BOINC\boinctray.exe" [2010-09-24 58112]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 136176]
R2 NPVR Recording Service;NPVR Recording Service;c:\program files (x86)\NPVR\NRecord.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Bandion\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-31 79360]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-01-01 25640]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-31 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-23 113120]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-31 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-11 21104]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-16 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-05-25 52608]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-05-25 76160]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-08-19 30528]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 00:40]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 00:40]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2463109897-2111745696-3069678227-1000Core.job
- c:\users\Bandion\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 00:44]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2463109897-2111745696-3069678227-1000UA.job
- c:\users\Bandion\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 00:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2009-11-25 18:47 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2009-11-25 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bandion\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bandion\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bandion\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bandion\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-17 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-17 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-17 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-07 11858536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://msn.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Bandion\AppData\Roaming\Mozilla\Firefox\Profiles\3t5ifau1.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Ba22fda65-a079-4f42-9b0d-1550552b4660%7D&mid=1b4adbdfc15447d0baab81ac0fadffd0-d2801f51ea3ff291bc5fb49252cfd329fee30a43&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-07-16%2009%3A02%3A23&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-10 - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\GIGABYTE\ET6\GUI.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\BOINC\boinc.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
.
**************************************************************************
.
Completion time: 2012-08-19 15:16:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-19 20:16
.
Pre-Run: 795,686,772,736 bytes free
Post-Run: 795,031,076,864 bytes free
.
- - End Of File - - AC30B6B92B03F717E698830B47378E4A

#6 Bandion

Bandion
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 19 August 2012 - 03:38 PM

Also just found out from my wife that her PC and my daughter's PC has the same issue.. I suspect that it is my daughter going to some site no idea where though

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 19 August 2012 - 04:44 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Bandion

Bandion
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 19 August 2012 - 05:57 PM

Windows IP Configuration

Host Name . . . . . . . . . . . . : Trickster
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.mn.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.mn.comcast.net.
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 50-E5-49-49-16-23
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d5dd:b687:52a1:87c%13(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 19, 2012 3:11:44 PM
Lease Expires . . . . . . . . . . : Monday, August 19, 2013 3:15:33 PM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 273737033
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-8F-66-CE-50-E5-49-49-16-23
DNS Servers . . . . . . . . . . . : 75.75.76.76
75.75.75.75
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.mn.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.mn.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:1c30:1098:51ca:4e6e(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c30:1098:51ca:4e6e%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 2607:f8b0:4009:803::1003
74.125.45.101
74.125.45.138
74.125.45.102
74.125.45.139
74.125.45.113
74.125.45.100

Server: cdns02.comcast.net
Address: 75.75.76.76

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging google.com [74.125.225.38] with 32 bytes of data:
Reply from 74.125.225.38: bytes=32 time=17ms TTL=55
Reply from 74.125.225.38: bytes=32 time=17ms TTL=55

Ping statistics for 74.125.225.38:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 17ms, Maximum = 17ms, Average = 17ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=118ms TTL=51
Reply from 98.139.183.24: bytes=32 time=75ms TTL=51

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 75ms, Maximum = 118ms, Average = 96ms
===========================================================================
Interface List
13...50 e5 49 49 16 23 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.7 21
10.0.0.0 255.255.255.0 On-link 10.0.0.7 276
10.0.0.7 255.255.255.255 On-link 10.0.0.7 276
10.0.0.255 255.255.255.255 On-link 10.0.0.7 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.7 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.7 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:9d38:953c:1c30:1098:51ca:4e6e/128
On-link
13 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::1c30:1098:51ca:4e6e/128
On-link
13 276 fe80::d5dd:b687:52a1:87c/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 19 August 2012 - 09:08 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Bandion

Bandion
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 19 August 2012 - 09:18 PM

TdsKiller... did not find anything


21:17:16.0070 2956 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
21:17:16.0338 2956 ============================================================
21:17:16.0338 2956 Current date / time: 2012/08/19 21:17:16.0338
21:17:16.0338 2956 SystemInfo:
21:17:16.0338 2956
21:17:16.0338 2956 OS Version: 6.1.7600 ServicePack: 0.0
21:17:16.0338 2956 Product type: Workstation
21:17:16.0338 2956 ComputerName: TRICKSTER
21:17:16.0339 2956 UserName: Bandion
21:17:16.0339 2956 Windows directory: C:\Windows
21:17:16.0339 2956 System windows directory: C:\Windows
21:17:16.0339 2956 Running under WOW64
21:17:16.0339 2956 Processor architecture: Intel x64
21:17:16.0339 2956 Number of processors: 4
21:17:16.0339 2956 Page size: 0x1000
21:17:16.0339 2956 Boot type: Normal boot
21:17:16.0339 2956 ============================================================
21:17:17.0507 2956 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
21:17:17.0510 2956 Drive \Device\Harddisk1\DR1 - Size: 0x3BB63FE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:17:17.0511 2956 ============================================================
21:17:17.0511 2956 \Device\Harddisk0\DR0:
21:17:17.0511 2956 MBR partitions:
21:17:17.0511 2956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:17:17.0511 2956 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
21:17:17.0511 2956 \Device\Harddisk1\DR1:
21:17:17.0512 2956 MBR partitions:
21:17:17.0512 2956 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92
21:17:17.0512 2956 ============================================================
21:17:17.0538 2956 C: <-> \Device\Harddisk0\DR0\Partition2
21:17:17.0538 2956 ============================================================
21:17:17.0538 2956 Initialize success
21:17:17.0538 2956 ============================================================
21:17:20.0150 5452 ============================================================
21:17:20.0150 5452 Scan started
21:17:20.0150 5452 Mode: Manual;
21:17:20.0150 5452 ============================================================
21:17:20.0561 5452 ================ Scan services =============================
21:17:20.0636 5452 [ 1b00662092f9f9568b995902f0cc40d5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
21:17:20.0639 5452 1394ohci - ok
21:17:20.0661 5452 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
21:17:20.0664 5452 ACPI - ok
21:17:20.0677 5452 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
21:17:20.0684 5452 AcpiPmi - ok
21:17:20.0742 5452 [ 2f0683fd2df1d92e891caca14b45a8c1 ] adfs C:\Windows\system32\drivers\adfs.sys
21:17:20.0744 5452 adfs - ok
21:17:20.0770 5452 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:17:20.0774 5452 adp94xx - ok
21:17:20.0784 5452 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:17:20.0787 5452 adpahci - ok
21:17:20.0804 5452 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:17:20.0806 5452 adpu320 - ok
21:17:20.0823 5452 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:17:20.0824 5452 AeLookupSvc - ok
21:17:20.0856 5452 [ db9d6c6b2cd95a9ca414d045b627422e ] AFD C:\Windows\system32\drivers\afd.sys
21:17:20.0861 5452 AFD - ok
21:17:20.0875 5452 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
21:17:20.0876 5452 agp440 - ok
21:17:20.0892 5452 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
21:17:20.0893 5452 ALG - ok
21:17:20.0905 5452 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
21:17:20.0906 5452 aliide - ok
21:17:20.0949 5452 ALSysIO - ok
21:17:20.0962 5452 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys
21:17:20.0963 5452 amdide - ok
21:17:20.0972 5452 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:17:20.0974 5452 AmdK8 - ok
21:17:20.0983 5452 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:17:20.0984 5452 AmdPPM - ok
21:17:21.0009 5452 [ ec7ebab00a4d8448bab68d1e49b4beb9 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
21:17:21.0011 5452 amdsata - ok
21:17:21.0015 5452 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:17:21.0018 5452 amdsbs - ok
21:17:21.0030 5452 [ db27766102c7bf7e95140a2aa81d042e ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:17:21.0031 5452 amdxata - ok
21:17:21.0046 5452 [ 147866af11f5eab84c52436c9cae3693 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
21:17:21.0048 5452 AnyDVD - ok
21:17:21.0062 5452 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\Windows\system32\drivers\appid.sys
21:17:21.0063 5452 AppID - ok
21:17:21.0073 5452 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:17:21.0076 5452 AppIDSvc - ok
21:17:21.0078 5452 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\Windows\System32\appinfo.dll
21:17:21.0080 5452 Appinfo - ok
21:17:21.0150 5452 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:17:21.0151 5452 Apple Mobile Device - ok
21:17:21.0171 5452 [ 6be11ad81d4527d299f0cb5f3731aabc ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
21:17:21.0176 5452 AppleCharger - ok
21:17:21.0185 5452 [ 95ef7247c50c7241fdae39a9b3aff4ae ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
21:17:21.0187 5452 AppleChargerSrv - ok
21:17:21.0206 5452 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:17:21.0209 5452 AppMgmt - ok
21:17:21.0217 5452 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
21:17:21.0219 5452 arc - ok
21:17:21.0231 5452 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:17:21.0232 5452 arcsas - ok
21:17:21.0242 5452 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:17:21.0244 5452 AsyncMac - ok
21:17:21.0252 5452 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\DRIVERS\atapi.sys
21:17:21.0253 5452 atapi - ok
21:17:21.0281 5452 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:17:21.0287 5452 AudioEndpointBuilder - ok
21:17:21.0294 5452 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:17:21.0297 5452 AudioSrv - ok
21:17:21.0433 5452 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
21:17:21.0502 5452 AVGIDSAgent - ok
21:17:21.0532 5452 [ 1b2e9fcdc26dc7c81d4131430e2dc936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:17:21.0535 5452 AVGIDSDriver - ok
21:17:21.0545 5452 [ 0f293406f64b48d5d2f0d3a1117f3a83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
21:17:21.0546 5452 AVGIDSFilter - ok
21:17:21.0559 5452 [ cffc3a4a638f462e0561cb368b9a7a3a ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
21:17:21.0559 5452 AVGIDSHA - ok
21:17:21.0570 5452 [ 59955b4c288dd2a8b9fd2cd5158355c5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
21:17:21.0573 5452 Avgldx64 - ok
21:17:21.0579 5452 [ a6aec362aae5e2dda7445e7690cb0f33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
21:17:21.0580 5452 Avgmfx64 - ok
21:17:21.0606 5452 [ 645c7f0a0e39758a0024a9b1748273c0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
21:17:21.0606 5452 Avgrkx64 - ok
21:17:21.0623 5452 [ 1bee674ad792b1c63bb0dac5fa724b23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
21:17:21.0627 5452 Avgtdia - ok
21:17:21.0643 5452 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:17:21.0645 5452 avgwd - ok
21:17:21.0652 5452 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:17:21.0654 5452 AxInstSV - ok
21:17:21.0718 5452 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:17:21.0723 5452 b06bdrv - ok
21:17:21.0737 5452 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:17:21.0740 5452 b57nd60a - ok
21:17:21.0754 5452 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:17:21.0759 5452 BDESVC - ok
21:17:21.0781 5452 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:17:21.0782 5452 Beep - ok
21:17:21.0796 5452 [ 4992c609a6315671463e30f6512bc022 ] BFE C:\Windows\System32\bfe.dll
21:17:21.0812 5452 BFE - ok
21:17:21.0841 5452 [ 7f0c323fe3da28aa4aa1bda3f575707f ] BITS C:\Windows\system32\qmgr.dll
21:17:21.0849 5452 BITS - ok
21:17:21.0872 5452 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:17:21.0885 5452 blbdrive - ok
21:17:21.0973 5452 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:17:21.0977 5452 Bonjour Service - ok
21:17:21.0997 5452 [ 19d20159708e152267e53b66677a4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:17:21.0999 5452 bowser - ok
21:17:22.0014 5452 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:17:22.0015 5452 BrFiltLo - ok
21:17:22.0023 5452 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:17:22.0024 5452 BrFiltUp - ok
21:17:22.0061 5452 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:17:22.0063 5452 BridgeMP - ok
21:17:22.0091 5452 [ 6b054c67aaa87843504e8e3c09102009 ] Browser C:\Windows\System32\browser.dll
21:17:22.0093 5452 Browser - ok
21:17:22.0098 5452 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:17:22.0101 5452 Brserid - ok
21:17:22.0113 5452 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:17:22.0115 5452 BrSerWdm - ok
21:17:22.0125 5452 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:17:22.0127 5452 BrUsbMdm - ok
21:17:22.0135 5452 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:17:22.0137 5452 BrUsbSer - ok
21:17:22.0147 5452 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:17:22.0149 5452 BTHMODEM - ok
21:17:22.0168 5452 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
21:17:22.0169 5452 bthserv - ok
21:17:22.0185 5452 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:17:22.0187 5452 cdfs - ok
21:17:22.0205 5452 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:17:22.0207 5452 cdrom - ok
21:17:22.0220 5452 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\Windows\System32\certprop.dll
21:17:22.0222 5452 CertPropSvc - ok
21:17:22.0235 5452 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:17:22.0237 5452 circlass - ok
21:17:22.0255 5452 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
21:17:22.0258 5452 CLFS - ok
21:17:22.0301 5452 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:17:22.0318 5452 clr_optimization_v2.0.50727_32 - ok
21:17:22.0349 5452 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:17:22.0357 5452 clr_optimization_v2.0.50727_64 - ok
21:17:22.0396 5452 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:17:22.0397 5452 clr_optimization_v4.0.30319_32 - ok
21:17:22.0412 5452 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:17:22.0413 5452 clr_optimization_v4.0.30319_64 - ok
21:17:22.0415 5452 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:17:22.0416 5452 CmBatt - ok
21:17:22.0426 5452 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
21:17:22.0427 5452 cmdide - ok
21:17:22.0462 5452 [ ca7720b73446fddec5c69519c1174c98 ] CNG C:\Windows\system32\Drivers\cng.sys
21:17:22.0466 5452 CNG - ok
21:17:22.0482 5452 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:17:22.0483 5452 Compbatt - ok
21:17:22.0498 5452 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:17:22.0499 5452 CompositeBus - ok
21:17:22.0502 5452 COMSysApp - ok
21:17:22.0505 5452 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:17:22.0506 5452 crcdisk - ok
21:17:22.0530 5452 [ c0ead9f8ab83d41ff07303c75589c2b8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
21:17:22.0539 5452 Creative Audio Engine Licensing Service - ok
21:17:22.0567 5452 [ f02786b66375292e58c8777082d4396d ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:17:22.0570 5452 CryptSvc - ok
21:17:22.0583 5452 [ 4a6173c2279b498cd8f57cae504564cb ] CSC C:\Windows\system32\drivers\csc.sys
21:17:22.0588 5452 CSC - ok
21:17:22.0603 5452 [ 873fbf927c06e5cee04dec617502f8fd ] CscService C:\Windows\System32\cscsvc.dll
21:17:22.0608 5452 CscService - ok
21:17:22.0624 5452 [ 69cdba2b9c397e349a04fa70dd9170a2 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
21:17:22.0633 5452 CTAudSvcService - ok
21:17:22.0652 5452 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:17:22.0657 5452 DcomLaunch - ok
21:17:22.0692 5452 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
21:17:22.0708 5452 defragsvc - ok
21:17:22.0720 5452 [ 9c253ce7311ca60fc11c774692a13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:17:22.0722 5452 DfsC - ok
21:17:22.0736 5452 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\Windows\system32\dhcpcore.dll
21:17:22.0740 5452 Dhcp - ok
21:17:22.0750 5452 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
21:17:22.0752 5452 discache - ok
21:17:22.0758 5452 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:17:22.0759 5452 Disk - ok
21:17:22.0782 5452 [ 85cf424c74a1d5ec33533e1dbff9920a ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:17:22.0785 5452 Dnscache - ok
21:17:22.0799 5452 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\Windows\System32\dot3svc.dll
21:17:22.0802 5452 dot3svc - ok
21:17:22.0807 5452 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\Windows\system32\dps.dll
21:17:22.0809 5452 DPS - ok
21:17:22.0827 5452 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:17:22.0829 5452 drmkaud - ok
21:17:22.0871 5452 [ 1633b9abf52784a1331476397a48cbef ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:17:22.0880 5452 DXGKrnl - ok
21:17:22.0902 5452 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:17:22.0904 5452 EapHost - ok
21:17:22.0969 5452 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:17:23.0012 5452 ebdrv - ok
21:17:23.0036 5452 [ 156f6159457d0aa7e59b62681b56eb90 ] EFS C:\Windows\System32\lsass.exe
21:17:23.0038 5452 EFS - ok
21:17:23.0077 5452 [ 47c071994c3f649f23d9cd075ac9304a ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:17:23.0084 5452 ehRecvr - ok
21:17:23.0121 5452 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
21:17:23.0123 5452 ehSched - ok
21:17:23.0136 5452 [ a05fc7eca0966ebb70e4d17b855a853b ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
21:17:23.0137 5452 ElbyCDIO - ok
21:17:23.0156 5452 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:17:23.0161 5452 elxstor - ok
21:17:23.0177 5452 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
21:17:23.0178 5452 ErrDev - ok
21:17:23.0199 5452 [ 84486624268e078255bc7aa47f0960bc ] etdrv C:\Windows\etdrv.sys
21:17:23.0201 5452 etdrv - ok
21:17:23.0219 5452 [ 72eccb2f5c9cfc32a9b2a60933832501 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
21:17:23.0221 5452 EtronHub3 - ok
21:17:23.0241 5452 [ 7bb310f6fb9e1b9d21dd2ce7eb0d5464 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
21:17:23.0243 5452 EtronXHCI - ok
21:17:23.0254 5452 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
21:17:23.0258 5452 EventSystem - ok
21:17:23.0263 5452 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
21:17:23.0265 5452 exfat - ok
21:17:23.0282 5452 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:17:23.0283 5452 fastfat - ok
21:17:23.0303 5452 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\Windows\system32\fxssvc.exe
21:17:23.0310 5452 Fax - ok
21:17:23.0324 5452 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:17:23.0326 5452 fdc - ok
21:17:23.0342 5452 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:17:23.0343 5452 fdPHost - ok
21:17:23.0349 5452 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:17:23.0351 5452 FDResPub - ok
21:17:23.0356 5452 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:17:23.0358 5452 FileInfo - ok
21:17:23.0360 5452 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:17:23.0361 5452 Filetrace - ok
21:17:23.0388 5452 [ 1f63900e2eb00101b9aca2b7a870704e ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:17:23.0394 5452 FLEXnet Licensing Service - ok
21:17:23.0444 5452 [ 1c3fb052a0bb72edaed90785c34d6eed ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
21:17:23.0454 5452 FLEXnet Licensing Service 64 - ok
21:17:23.0465 5452 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:17:23.0466 5452 flpydisk - ok
21:17:23.0478 5452 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:17:23.0480 5452 FltMgr - ok
21:17:23.0518 5452 [ cb5e4b9c319e3c6bb363eb7e58a4a051 ] FontCache C:\Windows\system32\FntCache.dll
21:17:23.0535 5452 FontCache - ok
21:17:23.0559 5452 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:17:23.0561 5452 FontCache3.0.0.0 - ok
21:17:23.0573 5452 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:17:23.0575 5452 FsDepends - ok
21:17:23.0616 5452 [ d3e3f93d67821a2db2b3d9fac2dc2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:17:23.0618 5452 Fs_Rec - ok
21:17:23.0637 5452 [ ae87ba80d0ec3b57126ed2cdc15b24ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:17:23.0639 5452 fvevol - ok
21:17:23.0650 5452 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:17:23.0652 5452 gagp30kx - ok
21:17:23.0672 5452 [ 7907e14f9bcf3a4689c9a74a1a873cb6 ] gdrv C:\Windows\gdrv.sys
21:17:23.0719 5452 gdrv - ok
21:17:23.0769 5452 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:17:23.0770 5452 GEARAspiWDM - ok
21:17:23.0785 5452 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\Windows\System32\gpsvc.dll
21:17:23.0792 5452 gpsvc - ok
21:17:23.0848 5452 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:17:23.0849 5452 gupdate - ok
21:17:23.0853 5452 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:17:23.0854 5452 gupdatem - ok
21:17:23.0876 5452 [ 8126331fbd4ed29eb3b356f9c905064d ] GVTDrv64 C:\Windows\GVTDrv64.sys
21:17:23.0877 5452 GVTDrv64 - ok
21:17:23.0885 5452 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:17:23.0887 5452 hcw85cir - ok
21:17:23.0925 5452 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:17:23.0929 5452 HdAudAddService - ok
21:17:23.0945 5452 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:17:23.0947 5452 HDAudBus - ok
21:17:23.0959 5452 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:17:23.0961 5452 HidBatt - ok
21:17:23.0974 5452 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:17:23.0976 5452 HidBth - ok
21:17:23.0988 5452 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:17:23.0990 5452 HidIr - ok
21:17:24.0011 5452 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
21:17:24.0013 5452 hidserv - ok
21:17:24.0021 5452 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:17:24.0023 5452 HidUsb - ok
21:17:24.0029 5452 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:17:24.0031 5452 hkmsvc - ok
21:17:24.0040 5452 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:17:24.0043 5452 HomeGroupListener - ok
21:17:24.0065 5452 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:17:24.0067 5452 HomeGroupProvider - ok
21:17:24.0125 5452 [ 97aac45a375168c6a2297beeb9692e31 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:17:24.0127 5452 hpqcxs08 - ok
21:17:24.0139 5452 [ 19a4fb67b1c97ea18edff44340973cd9 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:17:24.0141 5452 hpqddsvc - ok
21:17:24.0152 5452 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
21:17:24.0154 5452 HpSAMD - ok
21:17:24.0181 5452 [ f37882f128efacefe353e0bae2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:17:24.0186 5452 HPSLPSVC - ok
21:17:24.0208 5452 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:17:24.0215 5452 HTTP - ok
21:17:24.0217 5452 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:17:24.0218 5452 hwpolicy - ok
21:17:24.0237 5452 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:17:24.0239 5452 i8042prt - ok
21:17:24.0283 5452 [ b75e45c564e944a2657167d197ab29da ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
21:17:24.0288 5452 iaStorV - ok
21:17:24.0365 5452 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:17:24.0372 5452 IDriverT - ok
21:17:24.0406 5452 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:17:24.0413 5452 idsvc - ok
21:17:24.0581 5452 [ 9937600a1584ff00565d5379eb4c9edb ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:17:24.0764 5452 igfx - ok
21:17:24.0790 5452 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:17:24.0792 5452 iirsp - ok
21:17:24.0929 5452 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\Windows\System32\ikeext.dll
21:17:24.0953 5452 IKEEXT - ok
21:17:25.0108 5452 [ 392d5c87f282e8e36df5154418a7bb20 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:17:25.0150 5452 IntcAzAudAddService - ok
21:17:25.0180 5452 [ fc727061c0f47c8059e88e05d5c8e381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:17:25.0184 5452 IntcDAud - ok
21:17:25.0199 5452 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\DRIVERS\intelide.sys
21:17:25.0200 5452 intelide - ok
21:17:25.0211 5452 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:17:25.0212 5452 intelppm - ok
21:17:25.0224 5452 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:17:25.0227 5452 IPBusEnum - ok
21:17:25.0239 5452 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:17:25.0240 5452 IpFilterDriver - ok
21:17:25.0256 5452 [ f8e058d17363ec580e4b7232778b6cb5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:17:25.0262 5452 iphlpsvc - ok
21:17:25.0279 5452 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:17:25.0280 5452 IPMIDRV - ok
21:17:25.0292 5452 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:17:25.0294 5452 IPNAT - ok
21:17:25.0336 5452 [ 50d6ccc6ff5561f9f56946b3e6164fb8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:17:25.0344 5452 iPod Service - ok
21:17:25.0352 5452 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:17:25.0353 5452 IRENUM - ok
21:17:25.0368 5452 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
21:17:25.0370 5452 isapnp - ok
21:17:25.0382 5452 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:17:25.0385 5452 iScsiPrt - ok
21:17:25.0396 5452 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:17:25.0398 5452 kbdclass - ok
21:17:25.0402 5452 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:17:25.0404 5452 kbdhid - ok
21:17:25.0409 5452 [ 156f6159457d0aa7e59b62681b56eb90 ] KeyIso C:\Windows\system32\lsass.exe
21:17:25.0410 5452 KeyIso - ok
21:17:25.0446 5452 [ 4f4b5fde429416877de7143044582eb5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:17:25.0447 5452 KSecDD - ok
21:17:25.0460 5452 [ 6f40465a44ecdc1731befafec5bdd03c ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:17:25.0462 5452 KSecPkg - ok
21:17:25.0471 5452 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:17:25.0472 5452 ksthunk - ok
21:17:25.0495 5452 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
21:17:25.0499 5452 KtmRm - ok
21:17:25.0535 5452 [ 81f1d04d4d0e433099365127375fd501 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:17:25.0539 5452 LanmanServer - ok
21:17:25.0562 5452 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:17:25.0565 5452 LanmanWorkstation - ok
21:17:25.0588 5452 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:17:25.0589 5452 lltdio - ok
21:17:25.0616 5452 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:17:25.0620 5452 lltdsvc - ok
21:17:25.0630 5452 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:17:25.0632 5452 lmhosts - ok
21:17:25.0645 5452 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:17:25.0647 5452 LSI_FC - ok
21:17:25.0650 5452 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:17:25.0652 5452 LSI_SAS - ok
21:17:25.0670 5452 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:17:25.0672 5452 LSI_SAS2 - ok
21:17:25.0722 5452 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:17:25.0724 5452 LSI_SCSI - ok
21:17:25.0732 5452 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
21:17:25.0733 5452 luafv - ok
21:17:25.0759 5452 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:17:25.0759 5452 MBAMProtector - ok
21:17:25.0800 5452 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:17:25.0803 5452 MBAMService - ok
21:17:25.0828 5452 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:17:25.0830 5452 Mcx2Svc - ok
21:17:25.0843 5452 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:17:25.0845 5452 megasas - ok
21:17:25.0856 5452 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:17:25.0859 5452 MegaSR - ok
21:17:25.0879 5452 [ a6518dcc42f7a6e999bb3bea8fd87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:17:25.0880 5452 MEIx64 - ok
21:17:25.0883 5452 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
21:17:25.0884 5452 MMCSS - ok
21:17:25.0898 5452 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:17:25.0900 5452 Modem - ok
21:17:25.0947 5452 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:17:25.0947 5452 monitor - ok
21:17:25.0967 5452 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:17:25.0969 5452 mouclass - ok
21:17:25.0978 5452 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:17:25.0979 5452 mouhid - ok
21:17:25.0989 5452 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:17:25.0990 5452 mountmgr - ok
21:17:26.0028 5452 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:17:26.0030 5452 MozillaMaintenance - ok
21:17:26.0040 5452 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\Windows\system32\DRIVERS\mpio.sys
21:17:26.0048 5452 mpio - ok
21:17:26.0063 5452 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:17:26.0065 5452 mpsdrv - ok
21:17:26.0082 5452 [ aecab449567d1846dad63ece49e893e3 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:17:26.0090 5452 MpsSvc - ok
21:17:26.0105 5452 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:17:26.0107 5452 MRxDAV - ok
21:17:26.0131 5452 [ 040d62a9d8ad28922632137acdd984f2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:17:26.0133 5452 mrxsmb - ok
21:17:26.0148 5452 [ f0067552f8f9b33d7c59403ab808a3cb ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:17:26.0151 5452 mrxsmb10 - ok
21:17:26.0173 5452 [ 3c142d31de9f2f193218a53fe2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:17:26.0175 5452 mrxsmb20 - ok
21:17:26.0188 5452 [ 5c37497276e3b3a5488b23a326a754b7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
21:17:26.0190 5452 msahci - ok
21:17:26.0193 5452 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
21:17:26.0195 5452 msdsm - ok
21:17:26.0203 5452 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
21:17:26.0206 5452 MSDTC - ok
21:17:26.0220 5452 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:17:26.0221 5452 Msfs - ok
21:17:26.0230 5452 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:17:26.0231 5452 mshidkmdf - ok
21:17:26.0240 5452 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
21:17:26.0240 5452 msisadrv - ok
21:17:26.0260 5452 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:17:26.0262 5452 MSiSCSI - ok
21:17:26.0264 5452 msiserver - ok
21:17:26.0274 5452 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:17:26.0275 5452 MSKSSRV - ok
21:17:26.0288 5452 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:17:26.0289 5452 MSPCLOCK - ok
21:17:26.0304 5452 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:17:26.0305 5452 MSPQM - ok
21:17:26.0320 5452 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:17:26.0323 5452 MsRPC - ok
21:17:26.0331 5452 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:17:26.0331 5452 mssmbios - ok
21:17:26.0343 5452 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:17:26.0344 5452 MSTEE - ok
21:17:26.0353 5452 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:17:26.0354 5452 MTConfig - ok
21:17:26.0362 5452 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:17:26.0363 5452 Mup - ok
21:17:26.0386 5452 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\Windows\system32\qagentRT.dll
21:17:26.0391 5452 napagent - ok
21:17:26.0408 5452 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:17:26.0411 5452 NativeWifiP - ok
21:17:26.0431 5452 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\Windows\system32\drivers\ndis.sys
21:17:26.0448 5452 NDIS - ok
21:17:26.0458 5452 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:17:26.0460 5452 NdisCap - ok
21:17:26.0475 5452 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:17:26.0476 5452 NdisTapi - ok
21:17:26.0491 5452 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:17:26.0493 5452 Ndisuio - ok
21:17:26.0503 5452 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:17:26.0505 5452 NdisWan - ok
21:17:26.0511 5452 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:17:26.0512 5452 NDProxy - ok
21:17:26.0548 5452 [ 2334dc48997ba203b794df3ee70521db ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:17:26.0555 5452 Net Driver HPZ12 - ok
21:17:26.0561 5452 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:17:26.0561 5452 NetBIOS - ok
21:17:26.0574 5452 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:17:26.0577 5452 NetBT - ok
21:17:26.0583 5452 [ 156f6159457d0aa7e59b62681b56eb90 ] Netlogon C:\Windows\system32\lsass.exe
21:17:26.0583 5452 Netlogon - ok
21:17:26.0592 5452 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
21:17:26.0596 5452 Netman - ok
21:17:26.0611 5452 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
21:17:26.0616 5452 netprofm - ok
21:17:26.0628 5452 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:17:26.0630 5452 NetTcpPortSharing - ok
21:17:26.0653 5452 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:17:26.0660 5452 nfrd960 - ok
21:17:26.0665 5452 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:17:26.0668 5452 NlaSvc - ok
21:17:26.0690 5452 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:17:26.0691 5452 Npfs - ok
21:17:26.0699 5452 NPVR Recording Service - ok
21:17:26.0712 5452 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:17:26.0713 5452 nsi - ok
21:17:26.0719 5452 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:17:26.0721 5452 nsiproxy - ok
21:17:26.0756 5452 [ 378e0e0dfea67d98ae6ea53adbbd76bc ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:17:26.0782 5452 Ntfs - ok
21:17:26.0787 5452 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
21:17:26.0788 5452 Null - ok
21:17:26.0811 5452 [ 10204955027011e08a9dc27737a48a54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:17:26.0813 5452 NVHDA - ok
21:17:26.0991 5452 [ b15258b1f45f9571758ac6bb2f043b01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:17:27.0167 5452 nvlddmkm - ok
21:17:27.0182 5452 [ a4d9c9a608a97f59307c2f2600edc6a4 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
21:17:27.0184 5452 nvraid - ok
21:17:27.0213 5452 [ 6c1d5f70e7a6a3fd1c90d840edc048b9 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
21:17:27.0215 5452 nvstor - ok
21:17:27.0244 5452 [ 2d7092fec9bd2aca199673bba2ba9277 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:17:27.0270 5452 nvsvc - ok
21:17:27.0316 5452 [ 7e22de30e222bfdfcec7e77032baf3cd ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:17:27.0325 5452 nvUpdatusService - ok
21:17:27.0339 5452 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
21:17:27.0341 5452 nv_agp - ok
21:17:27.0357 5452 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:17:27.0359 5452 ohci1394 - ok
21:17:27.0395 5452 [ edd1dcd36f6115acc6935c3f88ff54d7 ] P17 C:\Windows\system32\drivers\P17.sys
21:17:27.0421 5452 P17 - ok
21:17:27.0438 5452 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:17:27.0442 5452 p2pimsvc - ok
21:17:27.0456 5452 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:17:27.0461 5452 p2psvc - ok
21:17:27.0472 5452 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:17:27.0474 5452 Parport - ok
21:17:27.0490 5452 [ 90061b1acfe8ccaa5345750ffe08d8b8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:17:27.0491 5452 partmgr - ok
21:17:27.0502 5452 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:17:27.0505 5452 PcaSvc - ok
21:17:27.0532 5452 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\Windows\system32\DRIVERS\pci.sys
21:17:27.0534 5452 pci - ok
21:17:27.0543 5452 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\DRIVERS\pciide.sys
21:17:27.0543 5452 pciide - ok
21:17:27.0561 5452 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:17:27.0564 5452 pcmcia - ok
21:17:27.0574 5452 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:17:27.0575 5452 pcw - ok
21:17:27.0588 5452 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:17:27.0593 5452 PEAUTH - ok
21:17:27.0620 5452 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:17:27.0645 5452 PeerDistSvc - ok
21:17:27.0723 5452 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:17:27.0725 5452 PerfHost - ok
21:17:27.0753 5452 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\Windows\system32\pla.dll
21:17:27.0779 5452 pla - ok
21:17:27.0811 5452 [ 98b1721b8718164293b9701b98c52d77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:17:27.0816 5452 PlugPlay - ok
21:17:27.0849 5452 [ ac78df349f0e4cfb8b667c0cfff83cce ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:17:27.0856 5452 Pml Driver HPZ12 - ok
21:17:27.0867 5452 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:17:27.0869 5452 PNRPAutoReg - ok
21:17:27.0879 5452 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:17:27.0881 5452 PNRPsvc - ok
21:17:27.0903 5452 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:17:27.0908 5452 PolicyAgent - ok
21:17:27.0916 5452 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
21:17:27.0918 5452 Power - ok
21:17:27.0931 5452 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:17:27.0933 5452 PptpMiniport - ok
21:17:27.0948 5452 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:17:27.0951 5452 Processor - ok
21:17:28.0001 5452 [ 97293447431311c06703368ad0f6c4be ] ProfSvc C:\Windows\system32\profsvc.dll
21:17:28.0004 5452 ProfSvc - ok
21:17:28.0015 5452 [ 156f6159457d0aa7e59b62681b56eb90 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:17:28.0016 5452 ProtectedStorage - ok
21:17:28.0026 5452 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:17:28.0028 5452 Psched - ok
21:17:28.0059 5452 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:17:28.0085 5452 ql2300 - ok
21:17:28.0099 5452 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:17:28.0101 5452 ql40xx - ok
21:17:28.0113 5452 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
21:17:28.0116 5452 QWAVE - ok
21:17:28.0126 5452 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:17:28.0127 5452 QWAVEdrv - ok
21:17:28.0138 5452 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:17:28.0140 5452 RasAcd - ok
21:17:28.0159 5452 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:17:28.0161 5452 RasAgileVpn - ok
21:17:28.0172 5452 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
21:17:28.0174 5452 RasAuto - ok
21:17:28.0181 5452 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:17:28.0183 5452 Rasl2tp - ok
21:17:28.0194 5452 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\Windows\System32\rasmans.dll
21:17:28.0198 5452 RasMan - ok
21:17:28.0207 5452 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:17:28.0208 5452 RasPppoe - ok
21:17:28.0213 5452 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:17:28.0214 5452 RasSstp - ok
21:17:28.0227 5452 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:17:28.0229 5452 rdbss - ok
21:17:28.0232 5452 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:17:28.0233 5452 rdpbus - ok
21:17:28.0240 5452 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:17:28.0241 5452 RDPCDD - ok
21:17:28.0268 5452 [ 9706b84dbabfc4b4ca46c5a82b14dfa3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:17:28.0271 5452 RDPDR - ok
21:17:28.0292 5452 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:17:28.0293 5452 RDPENCDD - ok
21:17:28.0300 5452 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:17:28.0301 5452 RDPREFMP - ok
21:17:28.0320 5452 [ 447de7e3dea39d422c1504f245b668b1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:17:28.0322 5452 RDPWD - ok
21:17:28.0342 5452 [ 634b9a2181d98f15941236886164ec8b ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:17:28.0344 5452 rdyboost - ok
21:17:28.0362 5452 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:17:28.0365 5452 RemoteAccess - ok
21:17:28.0375 5452 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:17:28.0377 5452 RemoteRegistry - ok
21:17:28.0396 5452 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:17:28.0398 5452 RpcEptMapper - ok
21:17:28.0411 5452 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
21:17:28.0412 5452 RpcLocator - ok
21:17:28.0430 5452 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\Windows\system32\rpcss.dll
21:17:28.0433 5452 RpcSs - ok
21:17:28.0443 5452 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:17:28.0445 5452 rspndr - ok
21:17:28.0469 5452 [ 7f4f11527af5a7e4526cb6a146b3e40c ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:17:28.0475 5452 RTL8167 - ok
21:17:28.0487 5452 [ 88af6e02ab19df7fd07ecdf9c91e9af6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
21:17:28.0489 5452 s3cap - ok
21:17:28.0492 5452 [ 156f6159457d0aa7e59b62681b56eb90 ] SamSs C:\Windows\system32\lsass.exe
21:17:28.0493 5452 SamSs - ok
21:17:28.0509 5452 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
21:17:28.0511 5452 sbp2port - ok
21:17:28.0519 5452 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:17:28.0522 5452 SCardSvr - ok
21:17:28.0535 5452 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:17:28.0537 5452 scfilter - ok
21:17:28.0569 5452 [ 624d0f5ff99428bb90a5b8a4123e918e ] Schedule C:\Windows\system32\schedsvc.dll
21:17:28.0586 5452 Schedule - ok
21:17:28.0597 5452 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\Windows\System32\certprop.dll
21:17:28.0598 5452 SCPolicySvc - ok
21:17:28.0609 5452 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:17:28.0612 5452 SDRSVC - ok
21:17:28.0622 5452 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:17:28.0624 5452 secdrv - ok
21:17:28.0630 5452 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\Windows\system32\seclogon.dll
21:17:28.0632 5452 seclogon - ok
21:17:28.0651 5452 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
21:17:28.0653 5452 SENS - ok
21:17:28.0664 5452 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:17:28.0666 5452 SensrSvc - ok
21:17:28.0693 5452 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:17:28.0702 5452 Serenum - ok
21:17:28.0726 5452 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:17:28.0728 5452 Serial - ok
21:17:28.0740 5452 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:17:28.0741 5452 sermouse - ok
21:17:28.0764 5452 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\Windows\system32\sessenv.dll
21:17:28.0767 5452 SessionEnv - ok
21:17:28.0785 5452 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:17:28.0787 5452 sffdisk - ok
21:17:28.0804 5452 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:17:28.0806 5452 sffp_mmc - ok
21:17:28.0808 5452 [ 178298f767fe638c9fedcbdef58bb5e4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:17:28.0809 5452 sffp_sd - ok
21:17:28.0836 5452 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:17:28.0837 5452 sfloppy - ok
21:17:28.0863 5452 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:17:28.0867 5452 SharedAccess - ok
21:17:28.0878 5452 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:17:28.0882 5452 ShellHWDetection - ok
21:17:28.0902 5452 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:17:28.0904 5452 SiSRaid2 - ok
21:17:28.0913 5452 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:17:28.0915 5452 SiSRaid4 - ok
21:17:28.0966 5452 [ 101556f6216e97f1258d87c38203695f ] Smart TimeLock C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
21:17:28.0976 5452 Smart TimeLock - ok
21:17:28.0987 5452 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:17:28.0989 5452 Smb - ok
21:17:29.0004 5452 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:17:29.0006 5452 SNMPTRAP - ok
21:17:29.0008 5452 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:17:29.0009 5452 spldr - ok
21:17:29.0043 5452 [ 567977dc43cc13c4c35ed7084c0b84d5 ] Spooler C:\Windows\System32\spoolsv.exe
21:17:29.0049 5452 Spooler - ok
21:17:29.0099 5452 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\Windows\system32\sppsvc.exe
21:17:29.0150 5452 sppsvc - ok
21:17:29.0169 5452 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:17:29.0171 5452 sppuinotify - ok
21:17:29.0196 5452 [ 2408c0366d96bcdf63e8f1c78e4a29c5 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:17:29.0200 5452 srv - ok
21:17:29.0217 5452 [ 76548f7b818881b47d8d1ae1be9c11f8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:17:29.0221 5452 srv2 - ok
21:17:29.0231 5452 [ 0af6e19d39c70844c5caa8fb0183c36e ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:17:29.0233 5452 srvnet - ok
21:17:29.0246 5452 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:17:29.0249 5452 SSDPSRV - ok
21:17:29.0257 5452 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:17:29.0260 5452 SstpSvc - ok
21:17:29.0304 5452 Steam Client Service - ok
21:17:29.0316 5452 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:17:29.0318 5452 stexstor - ok
21:17:29.0346 5452 [ decacb6921ded1a38642642685d77dac ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:17:29.0348 5452 StillCam - ok
21:17:29.0367 5452 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\Windows\System32\wiaservc.dll
21:17:29.0373 5452 stisvc - ok
21:17:29.0382 5452 [ ffd7a6f15b14234b5b0e5d49e7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
21:17:29.0383 5452 storflt - ok
21:17:29.0417 5452 [ c40841817ef57d491f22eb103da587cc ] StorSvc C:\Windows\system32\storsvc.dll
21:17:29.0419 5452 StorSvc - ok
21:17:29.0430 5452 [ 8fccbefc5c440b3c23454656e551b09a ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
21:17:29.0432 5452 storvsc - ok
21:17:29.0446 5452 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:17:29.0447 5452 swenum - ok
21:17:29.0460 5452 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
21:17:29.0465 5452 swprv - ok
21:17:29.0496 5452 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\Windows\system32\sysmain.dll
21:17:29.0522 5452 SysMain - ok
21:17:29.0535 5452 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:17:29.0537 5452 TabletInputService - ok
21:17:29.0542 5452 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\Windows\System32\tapisrv.dll
21:17:29.0546 5452 TapiSrv - ok
21:17:29.0552 5452 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
21:17:29.0554 5452 TBS - ok
21:17:29.0598 5452 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:17:29.0632 5452 Tcpip - ok
21:17:29.0711 5452 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:17:29.0718 5452 TCPIP6 - ok
21:17:29.0726 5452 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:17:29.0728 5452 tcpipreg - ok
21:17:29.0737 5452 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:17:29.0738 5452 TDPIPE - ok
21:17:29.0760 5452 [ 7518f7bcfd4b308abc9192bacaf6c970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:17:29.0773 5452 TDTCP - ok
21:17:29.0790 5452 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:17:29.0792 5452 tdx - ok
21:17:29.0804 5452 [ c448651339196c0e869a355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:17:29.0805 5452 TermDD - ok
21:17:29.0822 5452 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\Windows\System32\termsrv.dll
21:17:29.0829 5452 TermService - ok
21:17:29.0837 5452 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
21:17:29.0839 5452 Themes - ok
21:17:29.0847 5452 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
21:17:29.0848 5452 THREADORDER - ok
21:17:29.0857 5452 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
21:17:29.0860 5452 TrkWks - ok
21:17:29.0897 5452 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:17:29.0899 5452 TrustedInstaller - ok
21:17:29.0909 5452 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:17:29.0910 5452 tssecsrv - ok
21:17:29.0937 5452 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:17:29.0939 5452 tunnel - ok
21:17:29.0954 5452 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:17:29.0955 5452 uagp35 - ok
21:17:29.0964 5452 [ d47baead86c65d4f4069d7ce0a4edceb ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:17:29.0967 5452 udfs - ok
21:17:29.0979 5452 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:17:29.0982 5452 UI0Detect - ok
21:17:29.0994 5452 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
21:17:29.0996 5452 uliagpkx - ok
21:17:30.0006 5452 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:17:30.0019 5452 umbus - ok
21:17:30.0036 5452 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:17:30.0038 5452 UmPass - ok
21:17:30.0056 5452 [ af0ac98ee5077eb844413eb54287fde3 ] UmRdpService C:\Windows\System32\umrdp.dll
21:17:30.0059 5452 UmRdpService - ok
21:17:30.0072 5452 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
21:17:30.0077 5452 upnphost - ok
21:17:30.0200 5452 [ 7b6a127c93ee590e4d79a5f2a76fe46f ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:17:30.0224 5452 usbccgp - ok
21:17:30.0245 5452 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
21:17:30.0271 5452 usbcir - ok
21:17:30.0292 5452 [ 92969ba5ac44e229c55a332864f79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:17:30.0294 5452 usbehci - ok
21:17:30.0310 5452 [ e7df1cfd28ca86b35ef5add0735ceef3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:17:30.0314 5452 usbhub - ok
21:17:30.0333 5452 [ f1bb1e55f1e7a65c5839ccc7b36d773e ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:17:30.0334 5452 usbohci - ok
21:17:30.0348 5452 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:17:30.0350 5452 usbprint - ok
21:17:30.0364 5452 [ f39983647bc1f3e6100778ddfe9dce29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:17:30.0366 5452 USBSTOR - ok
21:17:30.0384 5452 [ bc3070350a491d84b518d7cca9abd36f ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:17:30.0385 5452 usbuhci - ok
21:17:30.0394 5452 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
21:17:30.0395 5452 UxSms - ok
21:17:30.0404 5452 [ 156f6159457d0aa7e59b62681b56eb90 ] VaultSvc C:\Windows\system32\lsass.exe
21:17:30.0405 5452 VaultSvc - ok
21:17:30.0411 5452 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
21:17:30.0412 5452 vdrvroot - ok
21:17:30.0424 5452 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\Windows\System32\vds.exe
21:17:30.0430 5452 vds - ok
21:17:30.0440 5452 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:17:30.0441 5452 vga - ok
21:17:30.0448 5452 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
21:17:30.0449 5452 VgaSave - ok
21:17:30.0467 5452 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
21:17:30.0470 5452 vhdmp - ok
21:17:30.0482 5452 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
21:17:30.0483 5452 viaide - ok
21:17:30.0509 5452 [ 1501699d7eda984abc4155a7da5738d1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
21:17:30.0512 5452 vmbus - ok
21:17:30.0523 5452 [ ae10c35761889e65a6f7176937c5592c ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
21:17:30.0524 5452 VMBusHID - ok
21:17:30.0535 5452 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
21:17:30.0536 5452 volmgr - ok
21:17:30.0554 5452 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:17:30.0557 5452 volmgrx - ok
21:17:30.0572 5452 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
21:17:30.0575 5452 volsnap - ok
21:17:30.0590 5452 [ abd9b4a7e2d0ae51a3b8df1af3152d61 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
21:17:30.0592 5452 vpcbus - ok
21:17:30.0607 5452 [ 8acda395841538ce9713a67fe8b2a3eb ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:17:30.0609 5452 vpcnfltr - ok
21:17:30.0618 5452 [ 31924e31bc315773e6d149b157db46d5 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
21:17:30.0620 5452 vpcusb - ok
21:17:30.0653 5452 [ 510d250a08c09850f5c78ca2011b3b62 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
21:17:30.0656 5452 vpcvmm - ok
21:17:30.0682 5452 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:17:30.0697 5452 vsmraid - ok
21:17:30.0731 5452 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\Windows\system32\vssvc.exe
21:17:30.0757 5452 VSS - ok
21:17:30.0834 5452 [ 8ed347bad8d1fb7c40b593bfb01786d2 ] vToolbarUpdater11.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
21:17:30.0838 5452 vToolbarUpdater11.2.0 - ok
21:17:30.0850 5452 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:17:30.0852 5452 vwifibus - ok
21:17:30.0858 5452 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
21:17:30.0862 5452 W32Time - ok
21:17:30.0879 5452 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:17:30.0881 5452 WacomPen - ok
21:17:30.0890 5452 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:17:30.0892 5452 WANARP - ok
21:17:30.0894 5452 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:17:30.0895 5452 Wanarpv6 - ok
21:17:30.0927 5452 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:17:30.0944 5452 WatAdminSvc - ok
21:17:30.0976 5452 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\Windows\system32\wbengine.exe
21:17:31.0002 5452 wbengine - ok
21:17:31.0010 5452 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:17:31.0013 5452 WbioSrvc - ok
21:17:31.0036 5452 [ dd1bae8ebfc653824d29ccf8c9054d68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:17:31.0041 5452 wcncsvc - ok
21:17:31.0053 5452 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:17:31.0055 5452 WcsPlugInService - ok
21:17:31.0070 5452 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:17:31.0071 5452 Wd - ok
21:17:31.0090 5452 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:17:31.0095 5452 Wdf01000 - ok
21:17:31.0119 5452 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:17:31.0121 5452 WdiServiceHost - ok
21:17:31.0123 5452 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:17:31.0124 5452 WdiSystemHost - ok
21:17:31.0148 5452 [ 733006127f235be7c35354ebee7b9a7b ] WebClient C:\Windows\System32\webclnt.dll
21:17:31.0152 5452 WebClient - ok
21:17:31.0161 5452 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:17:31.0165 5452 Wecsvc - ok
21:17:31.0176 5452 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:17:31.0178 5452 wercplsupport - ok
21:17:31.0192 5452 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:17:31.0194 5452 WerSvc - ok
21:17:31.0203 5452 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:17:31.0204 5452 WfpLwf - ok
21:17:31.0220 5452 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:17:31.0221 5452 WIMMount - ok
21:17:31.0257 5452 WinDefend - ok
21:17:31.0260 5452 WinHttpAutoProxySvc - ok
21:17:31.0296 5452 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:17:31.0299 5452 Winmgmt - ok
21:17:31.0341 5452 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\Windows\system32\WsmSvc.dll
21:17:31.0375 5452 WinRM - ok
21:17:31.0419 5452 [ 817eaff5d38674edd7713b9dfb8e9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:17:31.0434 5452 WinUsb - ok
21:17:31.0459 5452 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
21:17:31.0467 5452 Wlansvc - ok
21:17:31.0542 5452 [ 98f138897ef4246381d197cb81846d62 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:17:31.0578 5452 wlidsvc - ok
21:17:31.0601 5452 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:17:31.0602 5452 WmiAcpi - ok
21:17:31.0620 5452 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:17:31.0622 5452 wmiApSrv - ok
21:17:31.0624 5452 WMPNetworkSvc - ok
21:17:31.0632 5452 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:17:31.0634 5452 WPCSvc - ok
21:17:31.0647 5452 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:17:31.0650 5452 WPDBusEnum - ok
21:17:31.0657 5452 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:17:31.0658 5452 ws2ifsl - ok
21:17:31.0674 5452 [ 8f9f3969933c02da96eb0f84576db43e ] wscsvc C:\Windows\system32\wscsvc.dll
21:17:31.0705 5452 wscsvc - ok
21:17:31.0719 5452 WSearch - ok
21:17:31.0774 5452 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:17:31.0785 5452 wuauserv - ok
21:17:31.0797 5452 [ 7cadc74271dd6461c452c271b30bd378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:17:31.0799 5452 WudfPf - ok
21:17:31.0828 5452 [ 3b197af0fff08aa66b6b2241ca538d64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:17:31.0831 5452 WUDFRd - ok
21:17:31.0841 5452 [ b551d6637aa0e132c18ac6e504f7b79b ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:17:31.0843 5452 wudfsvc - ok
21:17:31.0853 5452 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
21:17:31.0857 5452 WwanSvc - ok
21:17:31.0867 5452 ================ Scan global ===============================
21:17:31.0895 5452 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
21:17:31.0916 5452 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
21:17:31.0922 5452 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
21:17:31.0932 5452 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
21:17:31.0947 5452 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
21:17:31.0951 5452 [Global] - ok
21:17:31.0951 5452 ================ Scan MBR ==================================
21:17:31.0959 5452 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:17:32.0141 5452 \Device\Harddisk0\DR0 - ok
21:17:32.0144 5452 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
21:17:32.0164 5452 \Device\Harddisk1\DR1 - ok
21:17:32.0165 5452 ================ Scan VBR ==================================
21:17:32.0175 5452 Boot (0x1200) (1093b745a01d0f9ffbe650c17287cbb9) \Device\Harddisk0\DR0\Partition1
21:17:32.0176 5452 \Device\Harddisk0\DR0\Partition1 - ok
21:17:32.0178 5452 Boot (0x1200) (0da30815017c6444f108a48f50b23d9b) \Device\Harddisk0\DR0\Partition2
21:17:32.0179 5452 \Device\Harddisk0\DR0\Partition2 - ok
21:17:32.0182 5452 Boot (0x1200) (df48bbb52369c3f7bc21ad7804ce8b3e) \Device\Harddisk1\DR1\Partition1
21:17:32.0183 5452 \Device\Harddisk1\DR1\Partition1 - ok
21:17:32.0183 5452 ============================================================
21:17:32.0183 5452 Scan finished
21:17:32.0183 5452 ============================================================
21:17:32.0189 6924 Detected object count: 0
21:17:32.0189 6924 Actual detected object count: 0

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 19 August 2012 - 10:04 PM

did you run aswMBR and get a report?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Bandion

Bandion
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 19 August 2012 - 11:02 PM

the aswMBR log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-19 21:19:40
-----------------------------
21:19:40.286 OS Version: Windows x64 6.1.7600
21:19:40.286 Number of processors: 4 586 0x2A07
21:19:40.287 ComputerName: TRICKSTER UserName: Bandion
21:19:41.604 Initialize success
21:20:27.325 AVAST engine defs: 12081900
21:21:38.101 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
21:21:38.103 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
21:21:38.114 Disk 0 MBR read successfully
21:21:38.116 Disk 0 MBR scan
21:21:38.119 Disk 0 Windows 7 default MBR code
21:21:38.122 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:21:38.132 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
21:21:38.155 Disk 0 scanning C:\Windows\system32\drivers
21:21:46.968 Service scanning
21:22:01.677 Modules scanning
21:22:01.681 Disk 0 trace - called modules:
21:22:01.723 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
21:22:01.725 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aca060]
21:22:01.728 3 CLASSPNP.SYS[fffff8800191143f] -> nt!IofCallDriver -> [0xfffffa800747ee40]
21:22:01.731 5 ACPI.sys[fffff88000e0b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa8007829060]
21:22:05.231 AVAST engine scan C:\Windows
21:22:08.138 AVAST engine scan C:\Windows\system32
21:24:35.887 AVAST engine scan C:\Windows\system32\drivers
21:24:50.905 AVAST engine scan C:\Users\Bandion
21:42:14.221 AVAST engine scan C:\ProgramData
21:44:14.445 Scan finished successfully
23:01:22.983 Disk 0 MBR has been saved successfully to "C:\Users\Bandion\Desktop\MBR.dat"
23:01:22.987 The log file has been saved successfully to "C:\Users\Bandion\Desktop\aswMBR.txt"

#13 Bandion

Bandion
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 19 August 2012 - 11:05 PM

sorry posted as they succeeded... both were ran.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 19 August 2012 - 11:19 PM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Bandion

Bandion
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 19 August 2012 - 11:26 PM

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Bandion [Admin rights]
Mode: Scan -- Date: 08/19/2012 23:24:45

Bad processes: 0

Registry Entries: 3
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] 0b95ae0a2f2f4e5b37707641d2703f71
[BSP] 30249b43be01af17c8ae36f016541702 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users