Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Google searches being redirected


  • This topic is locked This topic is locked
17 replies to this topic

#1 Somebunny

Somebunny

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 22 September 2012 - 01:37 AM

Hello, recently whenever I make google searches with internet explorer, I am redirected to other sites, such as a search engine called scour. This does not seem to happen when I search with firefox but I am still concerned. Below is my DDS log, and I did not make a GMER log since I have a 64-bit operating system. Attach.txt is also attached, as instructed by this topic. I tried searching for an answer to the issue and wound up here. Thank you in advance for any help you can provide.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Bliz at 2:25:35 on 2012-09-22
Microsoft Windows 7 Ultimate 6.1.7601.1.949.82.1033.18.16332.13544 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Users\Bliz\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\rundll32.exe
C:\Users\Bliz\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Bliz\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.alienware.com/
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files (x86)\FlashGet\getflash.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
uRun: [Akamai NetSession Interface] "C:\Users\Bliz\AppData\Local\Akamai\netsession_win.exe"
uRun: [PlayNC Launcher]
uRun: [Akamai] rundll32.exe "C:\Users\Bliz\AppData\Local\AOL\Akamai\llpdvummd.dll",DllRegisterServerW
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Bliz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bliz\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Bliz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxps://platform.nexon.com/activex/ahnlab/aosmgr.cab
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5B584AC2-F2AD-4923-86D4-373A8AAB48D9} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5B584AC2-F2AD-4923-86D4-373A8AAB48D9}\0596E6B6D41607C656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5B584AC2-F2AD-4923-86D4-373A8AAB48D9}\265747163737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5B584AC2-F2AD-4923-86D4-373A8AAB48D9}\265747163737D25376 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5B584AC2-F2AD-4923-86D4-373A8AAB48D9}\64162747E6F636B65627 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5B584AC2-F2AD-4923-86D4-373A8AAB48D9}\7594E4F503831424 : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{6BDE829E-85F0-498B-8FBF-A112F63E75BE} : DhcpNameServer = 172.26.38.1 172.26.38.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO-X64: flashget urlcatch - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bliz\AppData\Roaming\Mozilla\Firefox\Profiles\y22f7ego.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_475\npaosmgr.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Nexon\NGM\npnxgame.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\system32\npDeployJava1.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
FF - plugin: C:\Windows\system32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-4-2 89600]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-9-11 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-9-11 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-4-10 542552]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-2 13336]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-3-31 1646056]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-4-2 705856]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Mkd2Nadr;Mkd2Nadr;C:\Windows\system32\drivers\Mkd2Nadr.sys --> C:\Windows\system32\drivers\Mkd2Nadr.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 Mkd2Bthf;Mkd2Bthf;C:\Windows\system32\drivers\Mkd2Bthf.sys --> C:\Windows\system32\drivers\Mkd2Bthf.sys [?]
S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\system32\drivers\Mkd3kfNt.sys --> C:\Windows\system32\drivers\Mkd3kfNt.sys [?]
S3 Mon_oppmmitm;Mon_oppmmitm;C:\Windows\System32\rdrleakdiag.exe [2009-7-13 36352]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-14 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-09-22 05:51:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-21 22:26:09 -------- d-----w- C:\Users\Bliz\AppData\Local\{742D13C0-A9A8-4F8D-B172-9BF6019762AD}
2012-09-21 08:29:11 -------- d-----w- C:\Program Files (x86)\Cleaners AC Calculator
2012-09-20 22:57:35 -------- d-----w- C:\Users\Bliz\AppData\Local\{FE84CEFC-5075-46DA-AFEA-F97C40D4DB26}
2012-09-20 07:58:39 -------- d-----w- C:\Users\Bliz\AppData\Local\{D262FDF9-F8D9-43B0-AFB5-81EC93BFACAF}
2012-09-19 19:58:28 -------- d-----w- C:\Users\Bliz\AppData\Local\{57A63BEF-E642-4B0B-A79B-0E61A86D95E7}
2012-09-18 23:17:35 -------- d-----w- C:\Users\Bliz\AppData\Local\{EE35DBCF-E521-44FA-9A9A-87C6CE7EE387}
2012-09-17 18:51:48 -------- d-----w- C:\Users\Bliz\AppData\Local\{EBDB1FAB-AFDF-451F-8668-43ADB1BCB74D}
2012-09-17 06:40:39 -------- d-----w- C:\Users\Bliz\AppData\Local\{6B1C0050-EF9F-4E4E-B25F-3170833BE165}
2012-09-16 18:40:27 -------- d-----w- C:\Users\Bliz\AppData\Local\{8A74873E-4985-4D76-94E8-A76E78EB1269}
2012-09-15 18:47:07 -------- d-----w- C:\Users\Bliz\AppData\Local\{3EF1F498-AD48-4A8B-BCBD-DDA3C235A15F}
2012-09-15 06:39:43 -------- d-----w- C:\Users\Bliz\AppData\Local\{30BCEC60-2D79-4ECC-ACD9-49BD65F3F1BB}
2012-09-14 18:39:20 -------- d-----w- C:\Users\Bliz\AppData\Local\{57763E70-4564-4451-96D7-0625102B11F5}
2012-09-14 06:14:50 -------- d-----w- C:\Users\Bliz\AppData\Local\{B65BC7C0-314B-40EA-9318-F0538B7D2B26}
2012-09-13 18:14:39 -------- d-----w- C:\Users\Bliz\AppData\Local\{09CC9B40-9E05-4D00-93DC-720298081B95}
2012-09-12 16:28:06 -------- d-----w- C:\Users\Bliz\AppData\Local\{A3414FD8-18FB-4114-AC2D-1A12C7B059FC}
2012-09-12 14:55:35 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-12 03:41:27 -------- d-----w- C:\Users\Bliz\AppData\Local\{E3E82663-9FE5-4221-A2D8-D9C27BA45AE9}
2012-09-11 20:01:59 -------- d-----w- C:\Users\Bliz\AppData\Roaming\Avira
2012-09-11 19:57:52 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-09-11 19:57:52 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-09-11 19:57:51 -------- d-----w- C:\ProgramData\Avira
2012-09-11 19:57:51 -------- d-----w- C:\Program Files (x86)\Avira
2012-09-11 15:41:03 -------- d-----w- C:\Users\Bliz\AppData\Local\{9450FC4D-8D84-470C-A3A5-8B9E9E2ADB26}
2012-09-10 17:41:40 -------- d-----w- C:\Users\Bliz\AppData\Local\{F30C6ECA-A116-4B27-B2FE-E876DF697FCB}
2012-09-09 20:39:51 -------- d-----w- C:\Users\Bliz\AppData\Local\{1958A0FB-124B-463A-AB2B-FA38F672B556}
2012-09-08 11:44:37 -------- d-----w- C:\Users\Bliz\AppData\Local\{2706B45B-8C5E-49CA-A30B-CD699ADD7BC5}
2012-09-07 22:23:52 -------- d-----w- C:\Users\Bliz\AppData\Local\3DVIA
2012-09-07 22:23:28 -------- d-----w- C:\ProgramData\3DVIA
2012-09-07 22:23:28 -------- d-----w- C:\Program Files (x86)\Virtools
2012-09-07 22:19:34 -------- d-----w- C:\Users\Bliz\AppData\Local\{5DDAC8E6-4FA0-446E-9AB8-CF101626427A}
2012-09-07 10:19:11 -------- d-----w- C:\Users\Bliz\AppData\Local\{7CE19A4C-5D9B-4E4A-87D8-B3DF8D23C46D}
2012-09-06 05:26:33 -------- d-----w- C:\Users\Bliz\AppData\Local\{BC19F372-B299-4EEF-9000-35418666412B}
2012-09-05 14:11:50 -------- d-----w- C:\Users\Bliz\AppData\Local\{35FB720E-9CF2-49FB-8772-761F496DD714}
2012-09-05 02:11:39 -------- d-----w- C:\Users\Bliz\AppData\Local\{A1CC9B83-9672-416A-B849-A4500D8BCF4E}
2012-09-04 02:39:52 -------- d-----w- C:\Users\Bliz\AppData\Local\{E41EBBAD-1555-46FC-B8DF-7B93A7417133}
2012-09-03 04:42:46 -------- d-----w- C:\Users\Bliz\AppData\Local\{C9997102-8E1F-4D9F-878A-1CA63F5804FA}
2012-09-02 01:46:37 -------- d-----w- C:\Users\Bliz\AppData\Local\{9AC11EC2-5C08-4B2E-B1F1-79E498AD219D}
2012-08-31 23:27:28 -------- d-----w- C:\Users\Bliz\AppData\Local\{60C8B389-6215-475B-82F5-ECDEDF348572}
2012-08-31 11:27:05 -------- d-----w- C:\Users\Bliz\AppData\Local\{DFE37F3F-C5FC-4F39-81F2-C462621F2586}
2012-08-30 23:26:55 -------- d-----w- C:\Users\Bliz\AppData\Local\{516FD1B7-1E15-4485-9F40-9770B2CFFD2A}
2012-08-30 10:08:14 -------- d-----w- C:\Users\Bliz\AppData\Local\{2385479B-5B12-40BC-B305-E906DDC0A4B2}
2012-08-29 22:07:51 -------- d-----w- C:\Users\Bliz\AppData\Local\{1BDEC867-D9B5-40CA-9E30-22647A14F1A0}
2012-08-29 01:38:47 -------- d-----w- C:\Users\Bliz\AppData\Local\{AD9C4D44-86A0-4FDA-9A22-96C64E56DD41}
2012-08-28 09:29:29 -------- d-----w- C:\Users\Bliz\AppData\Local\{4ABA8C27-EF3F-4078-8B82-92760EB993A0}
2012-08-28 09:21:44 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-08-28 06:13:16 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-27 21:29:06 -------- d-----w- C:\Users\Bliz\AppData\Local\{6CECC9A2-E86B-41EA-86F0-87507F1089F7}
2012-08-27 05:24:18 -------- d-----w- C:\Users\Bliz\AppData\Local\{A814E4F9-53F6-4388-8E73-D4D99C125081}
2012-08-26 07:40:18 -------- d-----w- C:\Users\Bliz\AppData\Local\{1CCD1C68-4BF7-4DC2-B469-B310FBCA8879}
2012-08-25 00:09:13 -------- d-----w- C:\Users\Bliz\AppData\Local\{7A7D2D4E-6828-443E-BE08-8D099E35DAF9}
.
==================== Find3M ====================
.
2012-09-14 18:37:32 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 18:37:32 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-12 14:55:32 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-19 04:06:53 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
.
============= FINISH: 2:25:56.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Somebunny

Somebunny
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 22 September 2012 - 04:53 AM

I apologize for any inconvenience caused by me doing anything out-of-order, but before I found this website, I found a site suggesting to use a program called TDSSKiller. I ran it and the redirects stopped momentarily but very quickly resumed. Just in case it is useful in any way, here is the log that the program gave me.

01:46:15.0635 5512 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
01:46:15.0955 5512 ============================================================
01:46:15.0955 5512 Current date / time: 2012/09/22 01:46:15.0955
01:46:15.0955 5512 SystemInfo:
01:46:15.0955 5512
01:46:15.0955 5512 OS Version: 6.1.7601 ServicePack: 1.0
01:46:15.0955 5512 Product type: Workstation
01:46:15.0955 5512 ComputerName: BLIENOREN
01:46:15.0955 5512 UserName: Bliz
01:46:15.0955 5512 Windows directory: C:\Windows
01:46:15.0955 5512 System windows directory: C:\Windows
01:46:15.0955 5512 Running under WOW64
01:46:15.0955 5512 Processor architecture: Intel x64
01:46:15.0955 5512 Number of processors: 8
01:46:15.0955 5512 Page size: 0x1000
01:46:15.0955 5512 Boot type: Normal boot
01:46:15.0955 5512 ============================================================
01:46:16.0245 5512 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:46:16.0255 5512 ============================================================
01:46:16.0255 5512 \Device\Harddisk0\DR0:
01:46:16.0255 5512 MBR partitions:
01:46:16.0255 5512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x2710000
01:46:16.0255 5512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2724000, BlocksNum 0x1B5CEAB0
01:46:16.0255 5512 ============================================================
01:46:16.0255 5512 C: <-> \Device\Harddisk0\DR0\Partition2
01:46:16.0255 5512 ============================================================
01:46:16.0255 5512 Initialize success
01:46:16.0255 5512 ============================================================
01:46:18.0845 6220 ============================================================
01:46:18.0845 6220 Scan started
01:46:18.0845 6220 Mode: Manual;
01:46:18.0845 6220 ============================================================
01:46:19.0155 6220 ================ Scan system memory ========================
01:46:19.0155 6220 System memory - ok
01:46:19.0155 6220 ================ Scan services =============================
01:46:19.0205 6220 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:46:19.0215 6220 1394ohci - ok
01:46:19.0215 6220 [ 7A505465BBB1EB8B5AD4D76E8749383B ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
01:46:19.0215 6220 Acceler - ok
01:46:19.0225 6220 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:46:19.0225 6220 ACPI - ok
01:46:19.0235 6220 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:46:19.0235 6220 AcpiPmi - ok
01:46:19.0245 6220 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:46:19.0255 6220 adp94xx - ok
01:46:19.0265 6220 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:46:19.0275 6220 adpahci - ok
01:46:19.0275 6220 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:46:19.0285 6220 adpu320 - ok
01:46:19.0285 6220 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:46:19.0295 6220 AeLookupSvc - ok
01:46:19.0295 6220 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
01:46:19.0305 6220 AESTFilters - ok
01:46:19.0315 6220 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\Windows\system32\drivers\afd.sys
01:46:19.0315 6220 AFD - ok
01:46:19.0315 6220 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:46:19.0325 6220 agp440 - ok
01:46:19.0375 6220 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
01:46:19.0375 6220 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
01:46:19.0385 6220 Akamai ( HiddenFile.Multi.Generic ) - warning
01:46:19.0385 6220 Akamai - detected HiddenFile.Multi.Generic (1)
01:46:19.0385 6220 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:46:19.0395 6220 ALG - ok
01:46:19.0395 6220 [ 4CFC72AE6C0ED4A04CB6042AE94024A9 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
01:46:19.0395 6220 AlienFusionService - ok
01:46:19.0405 6220 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:46:19.0405 6220 aliide - ok
01:46:19.0415 6220 [ 35B21A95BE0F1008ACA9C403C42C445F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
01:46:19.0415 6220 AMD External Events Utility - ok
01:46:19.0415 6220 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:46:19.0425 6220 amdide - ok
01:46:19.0425 6220 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:46:19.0435 6220 AmdK8 - ok
01:46:19.0535 6220 [ 1907645C230D9229B3297B05B200349F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
01:46:19.0645 6220 amdkmdag - ok
01:46:19.0645 6220 [ 4B6A626F1DA687D41193B10486781010 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
01:46:19.0655 6220 amdkmdap - ok
01:46:19.0655 6220 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:46:19.0665 6220 AmdPPM - ok
01:46:19.0665 6220 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:46:19.0675 6220 amdsata - ok
01:46:19.0675 6220 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:46:19.0685 6220 amdsbs - ok
01:46:19.0685 6220 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:46:19.0685 6220 amdxata - ok
01:46:19.0695 6220 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
01:46:19.0705 6220 AntiVirSchedulerService - ok
01:46:19.0705 6220 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
01:46:19.0715 6220 AntiVirService - ok
01:46:19.0715 6220 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:46:19.0725 6220 AppID - ok
01:46:19.0725 6220 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:46:19.0725 6220 AppIDSvc - ok
01:46:19.0735 6220 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:46:19.0735 6220 Appinfo - ok
01:46:19.0745 6220 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:46:19.0745 6220 Apple Mobile Device - ok
01:46:19.0755 6220 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
01:46:19.0765 6220 AppMgmt - ok
01:46:19.0765 6220 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
01:46:19.0775 6220 arc - ok
01:46:19.0775 6220 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:46:19.0785 6220 arcsas - ok
01:46:19.0795 6220 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:46:19.0805 6220 aspnet_state - ok
01:46:19.0805 6220 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:46:19.0805 6220 AsyncMac - ok
01:46:19.0815 6220 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:46:19.0815 6220 atapi - ok
01:46:19.0825 6220 [ E02B26650ACC2F4901342D4A66774AD7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
01:46:19.0825 6220 AtiHDAudioService - ok
01:46:19.0835 6220 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:46:19.0835 6220 AudioEndpointBuilder - ok
01:46:19.0845 6220 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:46:19.0855 6220 AudioSrv - ok
01:46:19.0855 6220 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
01:46:19.0855 6220 avgntflt - ok
01:46:19.0865 6220 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
01:46:19.0865 6220 avipbb - ok
01:46:19.0875 6220 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
01:46:19.0875 6220 avkmgr - ok
01:46:19.0885 6220 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:46:19.0885 6220 AxInstSV - ok
01:46:19.0895 6220 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
01:46:19.0905 6220 b06bdrv - ok
01:46:19.0915 6220 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:46:19.0915 6220 b57nd60a - ok
01:46:19.0925 6220 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:46:19.0935 6220 BDESVC - ok
01:46:19.0935 6220 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:46:19.0935 6220 Beep - ok
01:46:19.0945 6220 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:46:19.0965 6220 BFE - ok
01:46:19.0975 6220 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
01:46:19.0975 6220 BITS - ok
01:46:19.0985 6220 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:46:19.0985 6220 blbdrive - ok
01:46:19.0995 6220 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:46:20.0005 6220 Bonjour Service - ok
01:46:20.0005 6220 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:46:20.0005 6220 bowser - ok
01:46:20.0015 6220 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:46:20.0015 6220 BrFiltLo - ok
01:46:20.0015 6220 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:46:20.0025 6220 BrFiltUp - ok
01:46:20.0025 6220 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
01:46:20.0035 6220 Browser - ok
01:46:20.0035 6220 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:46:20.0045 6220 Brserid - ok
01:46:20.0055 6220 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:46:20.0055 6220 BrSerWdm - ok
01:46:20.0055 6220 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:46:20.0065 6220 BrUsbMdm - ok
01:46:20.0065 6220 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:46:20.0065 6220 BrUsbSer - ok
01:46:20.0075 6220 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
01:46:20.0075 6220 BthEnum - ok
01:46:20.0075 6220 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:46:20.0085 6220 BTHMODEM - ok
01:46:20.0085 6220 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
01:46:20.0085 6220 BthPan - ok
01:46:20.0095 6220 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
01:46:20.0105 6220 BTHPORT - ok
01:46:20.0115 6220 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:46:20.0115 6220 bthserv - ok
01:46:20.0115 6220 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
01:46:20.0125 6220 BTHUSB - ok
01:46:20.0135 6220 [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
01:46:20.0135 6220 btwampfl - ok
01:46:20.0135 6220 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
01:46:20.0145 6220 btwavdt - ok
01:46:20.0145 6220 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
01:46:20.0155 6220 btwrchid - ok
01:46:20.0155 6220 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:46:20.0165 6220 cdfs - ok
01:46:20.0165 6220 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:46:20.0175 6220 cdrom - ok
01:46:20.0175 6220 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:46:20.0185 6220 CertPropSvc - ok
01:46:20.0185 6220 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:46:20.0185 6220 circlass - ok
01:46:20.0195 6220 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:46:20.0195 6220 CLFS - ok
01:46:20.0205 6220 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:46:20.0215 6220 clr_optimization_v2.0.50727_32 - ok
01:46:20.0215 6220 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:46:20.0225 6220 clr_optimization_v2.0.50727_64 - ok
01:46:20.0235 6220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:46:20.0235 6220 clr_optimization_v4.0.30319_32 - ok
01:46:20.0235 6220 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:46:20.0235 6220 clr_optimization_v4.0.30319_64 - ok
01:46:20.0245 6220 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:46:20.0245 6220 CmBatt - ok
01:46:20.0245 6220 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:46:20.0255 6220 cmdide - ok
01:46:20.0255 6220 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
01:46:20.0275 6220 CNG - ok
01:46:20.0275 6220 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:46:20.0275 6220 Compbatt - ok
01:46:20.0285 6220 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:46:20.0285 6220 CompositeBus - ok
01:46:20.0285 6220 COMSysApp - ok
01:46:20.0295 6220 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:46:20.0295 6220 crcdisk - ok
01:46:20.0305 6220 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:46:20.0315 6220 CryptSvc - ok
01:46:20.0325 6220 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
01:46:20.0335 6220 CSC - ok
01:46:20.0345 6220 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
01:46:20.0345 6220 CscService - ok
01:46:20.0355 6220 [ FBE228ABEAB2BE13B9C3A3A112D4D8DC ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
01:46:20.0355 6220 CtClsFlt - ok
01:46:20.0365 6220 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:46:20.0375 6220 DcomLaunch - ok
01:46:20.0385 6220 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:46:20.0385 6220 defragsvc - ok
01:46:20.0395 6220 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:46:20.0395 6220 DfsC - ok
01:46:20.0405 6220 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:46:20.0415 6220 Dhcp - ok
01:46:20.0425 6220 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:46:20.0425 6220 discache - ok
01:46:20.0425 6220 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:46:20.0425 6220 Disk - ok
01:46:20.0435 6220 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:46:20.0445 6220 Dnscache - ok
01:46:20.0445 6220 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:46:20.0455 6220 dot3svc - ok
01:46:20.0465 6220 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:46:20.0465 6220 DPS - ok
01:46:20.0465 6220 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:46:20.0465 6220 drmkaud - ok
01:46:20.0475 6220 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
01:46:20.0475 6220 dtsoftbus01 - ok
01:46:20.0485 6220 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:46:20.0495 6220 DXGKrnl - ok
01:46:20.0505 6220 EagleX64 - ok
01:46:20.0505 6220 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:46:20.0515 6220 EapHost - ok
01:46:20.0545 6220 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
01:46:20.0575 6220 ebdrv - ok
01:46:20.0585 6220 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:46:20.0585 6220 EFS - ok
01:46:20.0595 6220 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:46:20.0615 6220 ehRecvr - ok
01:46:20.0615 6220 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:46:20.0625 6220 ehSched - ok
01:46:20.0635 6220 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:46:20.0645 6220 elxstor - ok
01:46:20.0645 6220 [ E47D9D7E6E53892FC97282482F4AE307 ] EMSC C:\Windows\system32\DRIVERS\EMSC.SYS
01:46:20.0645 6220 EMSC - ok
01:46:20.0655 6220 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:46:20.0655 6220 ErrDev - ok
01:46:20.0665 6220 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:46:20.0665 6220 EventSystem - ok
01:46:20.0685 6220 [ BDFCB7E8C108D042B213957D2B044E7E ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
01:46:20.0705 6220 EvtEng - ok
01:46:20.0715 6220 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:46:20.0715 6220 exfat - ok
01:46:20.0725 6220 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:46:20.0735 6220 fastfat - ok
01:46:20.0745 6220 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:46:20.0745 6220 Fax - ok
01:46:20.0745 6220 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:46:20.0755 6220 fdc - ok
01:46:20.0755 6220 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:46:20.0755 6220 fdPHost - ok
01:46:20.0765 6220 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:46:20.0765 6220 FDResPub - ok
01:46:20.0775 6220 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:46:20.0775 6220 FileInfo - ok
01:46:20.0775 6220 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:46:20.0785 6220 Filetrace - ok
01:46:20.0795 6220 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:46:20.0815 6220 FLEXnet Licensing Service - ok
01:46:20.0815 6220 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:46:20.0825 6220 flpydisk - ok
01:46:20.0825 6220 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:46:20.0835 6220 FltMgr - ok
01:46:20.0855 6220 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:46:20.0865 6220 FontCache - ok
01:46:20.0875 6220 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:46:20.0875 6220 FontCache3.0.0.0 - ok
01:46:20.0875 6220 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:46:20.0885 6220 FsDepends - ok
01:46:20.0885 6220 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:46:20.0885 6220 Fs_Rec - ok
01:46:20.0895 6220 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:46:20.0895 6220 fvevol - ok
01:46:20.0895 6220 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:46:20.0905 6220 gagp30kx - ok
01:46:20.0905 6220 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:46:20.0905 6220 GEARAspiWDM - ok
01:46:20.0915 6220 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:46:20.0925 6220 gpsvc - ok
01:46:20.0925 6220 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:46:20.0935 6220 hcw85cir - ok
01:46:20.0935 6220 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:46:20.0945 6220 HdAudAddService - ok
01:46:20.0955 6220 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:46:20.0955 6220 HDAudBus - ok
01:46:20.0955 6220 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:46:20.0965 6220 HidBatt - ok
01:46:20.0965 6220 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:46:20.0975 6220 HidBth - ok
01:46:20.0975 6220 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:46:20.0985 6220 HidIr - ok
01:46:20.0985 6220 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:46:20.0985 6220 hidserv - ok
01:46:20.0995 6220 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:46:20.0995 6220 HidUsb - ok
01:46:21.0005 6220 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:46:21.0005 6220 hkmsvc - ok
01:46:21.0015 6220 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:46:21.0025 6220 HomeGroupListener - ok
01:46:21.0025 6220 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:46:21.0035 6220 HomeGroupProvider - ok
01:46:21.0035 6220 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:46:21.0045 6220 HpSAMD - ok
01:46:21.0055 6220 [ B7CFE93627E7796624004687125A729F ] hshld C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
01:46:21.0065 6220 hshld - ok
01:46:21.0075 6220 [ A60C877E1CD3AA2E4E5CCD8AF305C0F1 ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys
01:46:21.0075 6220 HssDrv - ok
01:46:21.0085 6220 [ 2CFEA9C337B699ACA38487E8A7438F35 ] HssSrv C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
01:46:21.0085 6220 HssSrv - ok
01:46:21.0095 6220 [ B3C6EEEFF5C5EA3235B7D84317C1FB3F ] HssTrayService C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
01:46:21.0095 6220 HssTrayService - ok
01:46:21.0105 6220 HssWd - ok
01:46:21.0115 6220 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:46:21.0125 6220 HTTP - ok
01:46:21.0125 6220 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:46:21.0125 6220 hwpolicy - ok
01:46:21.0135 6220 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:46:21.0135 6220 i8042prt - ok
01:46:21.0145 6220 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
01:46:21.0145 6220 iaStor - ok
01:46:21.0155 6220 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
01:46:21.0155 6220 IAStorDataMgrSvc - ok
01:46:21.0155 6220 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:46:21.0165 6220 iaStorV - ok
01:46:21.0175 6220 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
01:46:21.0185 6220 IDriverT - ok
01:46:21.0195 6220 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:46:21.0225 6220 idsvc - ok
01:46:21.0225 6220 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:46:21.0235 6220 iirsp - ok
01:46:21.0245 6220 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:46:21.0265 6220 IKEEXT - ok
01:46:21.0265 6220 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
01:46:21.0275 6220 IntcDAud - ok
01:46:21.0285 6220 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:46:21.0285 6220 intelide - ok
01:46:21.0386 6220 [ 7D6ABD612519DD43D2ED644C7020E959 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
01:46:21.0526 6220 intelkmd - ok
01:46:21.0536 6220 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:46:21.0536 6220 intelppm - ok
01:46:21.0536 6220 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:46:21.0546 6220 IPBusEnum - ok
01:46:21.0546 6220 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:46:21.0556 6220 IpFilterDriver - ok
01:46:21.0556 6220 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:46:21.0566 6220 iphlpsvc - ok
01:46:21.0566 6220 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:46:21.0576 6220 IPMIDRV - ok
01:46:21.0576 6220 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:46:21.0586 6220 IPNAT - ok
01:46:21.0596 6220 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:46:21.0606 6220 iPod Service - ok
01:46:21.0606 6220 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:46:21.0606 6220 IRENUM - ok
01:46:21.0616 6220 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:46:21.0616 6220 isapnp - ok
01:46:21.0626 6220 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:46:21.0626 6220 iScsiPrt - ok
01:46:21.0636 6220 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:46:21.0636 6220 kbdclass - ok
01:46:21.0646 6220 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:46:21.0646 6220 kbdhid - ok
01:46:21.0646 6220 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:46:21.0646 6220 KeyIso - ok
01:46:21.0656 6220 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:46:21.0656 6220 KSecDD - ok
01:46:21.0666 6220 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:46:21.0666 6220 KSecPkg - ok
01:46:21.0676 6220 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:46:21.0676 6220 ksthunk - ok
01:46:21.0686 6220 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:46:21.0696 6220 KtmRm - ok
01:46:21.0696 6220 [ EBED8B3FF4A823C1A6EEBEED7B29353F ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
01:46:21.0696 6220 L1C - ok
01:46:21.0706 6220 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:46:21.0716 6220 LanmanServer - ok
01:46:21.0716 6220 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:46:21.0726 6220 LanmanWorkstation - ok
01:46:21.0726 6220 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:46:21.0736 6220 lltdio - ok
01:46:21.0736 6220 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:46:21.0746 6220 lltdsvc - ok
01:46:21.0746 6220 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:46:21.0756 6220 lmhosts - ok
01:46:21.0756 6220 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:46:21.0766 6220 LSI_FC - ok
01:46:21.0766 6220 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:46:21.0776 6220 LSI_SAS - ok
01:46:21.0776 6220 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:46:21.0786 6220 LSI_SAS2 - ok
01:46:21.0786 6220 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:46:21.0786 6220 LSI_SCSI - ok
01:46:21.0796 6220 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:46:21.0796 6220 luafv - ok
01:46:21.0796 6220 [ D5BA9B816AFEF5292FE13C9A6267B6AB ] Macromedia Licensing Service C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
01:46:21.0796 6220 Macromedia Licensing Service - ok
01:46:21.0806 6220 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:46:21.0806 6220 Mcx2Svc - ok
01:46:21.0816 6220 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:46:21.0816 6220 megasas - ok
01:46:21.0826 6220 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:46:21.0836 6220 MegaSR - ok
01:46:21.0836 6220 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
01:46:21.0836 6220 MEIx64 - ok
01:46:21.0846 6220 [ 2674143660BACE99BD8DE96C171C8C30 ] Mkd2Bthf C:\Windows\system32\drivers\Mkd2Bthf.sys
01:46:21.0846 6220 Mkd2Bthf - ok
01:46:21.0856 6220 [ D9263C3227963CAF09F279D952218B1C ] Mkd2Nadr C:\Windows\system32\drivers\Mkd2Nadr.sys
01:46:21.0856 6220 Mkd2Nadr - ok
01:46:21.0856 6220 [ 73FE0EFE7FD7679C4BF2F7E4F999F55A ] Mkd3kfNt C:\Windows\system32\drivers\Mkd3kfNt.sys
01:46:21.0866 6220 Mkd3kfNt - ok
01:46:21.0866 6220 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:46:21.0876 6220 MMCSS - ok
01:46:21.0876 6220 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:46:21.0886 6220 Modem - ok
01:46:21.0886 6220 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:46:21.0886 6220 monitor - ok
01:46:21.0886 6220 [ 5E058566AF53848541FA23FBA4BB5B81 ] Mon_oppmmitm C:\Windows\system32\rdrleakdiag.exe
01:46:21.0896 6220 Mon_oppmmitm - ok
01:46:21.0896 6220 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:46:21.0906 6220 mouclass - ok
01:46:21.0906 6220 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:46:21.0906 6220 mouhid - ok
01:46:21.0916 6220 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:46:21.0916 6220 mountmgr - ok
01:46:21.0916 6220 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:46:21.0926 6220 MozillaMaintenance - ok
01:46:21.0926 6220 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:46:21.0936 6220 mpio - ok
01:46:21.0936 6220 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:46:21.0946 6220 mpsdrv - ok
01:46:21.0956 6220 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:46:21.0976 6220 MpsSvc - ok
01:46:21.0976 6220 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:46:21.0986 6220 MRxDAV - ok
01:46:21.0986 6220 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:46:21.0996 6220 mrxsmb - ok
01:46:22.0006 6220 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:46:22.0006 6220 mrxsmb10 - ok
01:46:22.0016 6220 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:46:22.0016 6220 mrxsmb20 - ok
01:46:22.0026 6220 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:46:22.0026 6220 msahci - ok
01:46:22.0036 6220 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:46:22.0036 6220 msdsm - ok
01:46:22.0046 6220 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:46:22.0046 6220 MSDTC - ok
01:46:22.0056 6220 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:46:22.0056 6220 Msfs - ok
01:46:22.0066 6220 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:46:22.0066 6220 mshidkmdf - ok
01:46:22.0066 6220 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:46:22.0066 6220 msisadrv - ok
01:46:22.0076 6220 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:46:22.0086 6220 MSiSCSI - ok
01:46:22.0086 6220 msiserver - ok
01:46:22.0086 6220 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:46:22.0096 6220 MSKSSRV - ok
01:46:22.0096 6220 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:46:22.0096 6220 MSPCLOCK - ok
01:46:22.0096 6220 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:46:22.0106 6220 MSPQM - ok
01:46:22.0106 6220 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:46:22.0116 6220 MsRPC - ok
01:46:22.0126 6220 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:46:22.0126 6220 mssmbios - ok
01:46:22.0126 6220 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:46:22.0126 6220 MSTEE - ok
01:46:22.0136 6220 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:46:22.0136 6220 MTConfig - ok
01:46:22.0136 6220 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:46:22.0146 6220 Mup - ok
01:46:22.0146 6220 [ 93CD1C4ECB8658A35E5E6EBA02D43E4F ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
01:46:22.0166 6220 MyWiFiDHCPDNS - ok
01:46:22.0166 6220 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:46:22.0176 6220 napagent - ok
01:46:22.0186 6220 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:46:22.0196 6220 NativeWifiP - ok
01:46:22.0206 6220 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
01:46:22.0206 6220 NDIS - ok
01:46:22.0216 6220 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:46:22.0216 6220 NdisCap - ok
01:46:22.0226 6220 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:46:22.0226 6220 NdisTapi - ok
01:46:22.0226 6220 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:46:22.0236 6220 Ndisuio - ok
01:46:22.0236 6220 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:46:22.0246 6220 NdisWan - ok
01:46:22.0246 6220 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:46:22.0256 6220 NDProxy - ok
01:46:22.0256 6220 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
01:46:22.0256 6220 Netaapl - ok
01:46:22.0266 6220 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:46:22.0266 6220 NetBIOS - ok
01:46:22.0276 6220 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:46:22.0276 6220 NetBT - ok
01:46:22.0276 6220 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:46:22.0286 6220 Netlogon - ok
01:46:22.0286 6220 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:46:22.0296 6220 Netman - ok
01:46:22.0296 6220 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:46:22.0306 6220 NetMsmqActivator - ok
01:46:22.0306 6220 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:46:22.0306 6220 NetPipeActivator - ok
01:46:22.0316 6220 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:46:22.0326 6220 netprofm - ok
01:46:22.0326 6220 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:46:22.0326 6220 NetTcpActivator - ok
01:46:22.0336 6220 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:46:22.0336 6220 NetTcpPortSharing - ok
01:46:22.0446 6220 [ EB43840BABF5589E33186D094DE7381D ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
01:46:22.0566 6220 NETwNs64 - ok
01:46:22.0576 6220 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
01:46:22.0576 6220 nfrd960 - ok
01:46:22.0586 6220 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:46:22.0586 6220 NlaSvc - ok
01:46:22.0586 6220 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:46:22.0596 6220 Npfs - ok
01:46:22.0596 6220 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:46:22.0606 6220 nsi - ok
01:46:22.0606 6220 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:46:22.0606 6220 nsiproxy - ok
01:46:22.0626 6220 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:46:22.0646 6220 Ntfs - ok
01:46:22.0656 6220 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:46:22.0656 6220 Null - ok
01:46:22.0656 6220 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
01:46:22.0666 6220 nusb3hub - ok
01:46:22.0666 6220 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
01:46:22.0676 6220 nusb3xhc - ok
01:46:22.0676 6220 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:46:22.0686 6220 nvraid - ok
01:46:22.0686 6220 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:46:22.0696 6220 nvstor - ok
01:46:22.0706 6220 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:46:22.0706 6220 nv_agp - ok
01:46:22.0706 6220 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:46:22.0716 6220 ohci1394 - ok
01:46:22.0726 6220 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:46:22.0726 6220 p2pimsvc - ok
01:46:22.0736 6220 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:46:22.0746 6220 p2psvc - ok
01:46:22.0746 6220 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:46:22.0756 6220 Parport - ok
01:46:22.0756 6220 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:46:22.0766 6220 partmgr - ok
01:46:22.0766 6220 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:46:22.0776 6220 PcaSvc - ok
01:46:22.0786 6220 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:46:22.0786 6220 pci - ok
01:46:22.0786 6220 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:46:22.0786 6220 pciide - ok
01:46:22.0796 6220 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
01:46:22.0806 6220 pcmcia - ok
01:46:22.0806 6220 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:46:22.0806 6220 pcw - ok
01:46:22.0816 6220 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:46:22.0836 6220 PEAUTH - ok
01:46:22.0846 6220 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
01:46:22.0856 6220 PeerDistSvc - ok
01:46:22.0886 6220 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:46:22.0886 6220 PerfHost - ok
01:46:22.0906 6220 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:46:22.0926 6220 pla - ok
01:46:22.0936 6220 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:46:22.0956 6220 PlugPlay - ok
01:46:22.0956 6220 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:46:22.0966 6220 PNRPAutoReg - ok
01:46:22.0966 6220 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:46:22.0966 6220 PNRPsvc - ok
01:46:22.0976 6220 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:46:22.0986 6220 PolicyAgent - ok
01:46:22.0996 6220 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:46:22.0996 6220 Power - ok
01:46:22.0996 6220 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:46:23.0006 6220 PptpMiniport - ok
01:46:23.0006 6220 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
01:46:23.0016 6220 Processor - ok
01:46:23.0016 6220 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
01:46:23.0026 6220 ProfSvc - ok
01:46:23.0036 6220 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:46:23.0036 6220 ProtectedStorage - ok
01:46:23.0036 6220 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:46:23.0036 6220 Psched - ok
01:46:23.0046 6220 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
01:46:23.0046 6220 PxHlpa64 - ok
01:46:23.0066 6220 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
01:46:23.0086 6220 ql2300 - ok
01:46:23.0086 6220 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
01:46:23.0096 6220 ql40xx - ok
01:46:23.0096 6220 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:46:23.0106 6220 QWAVE - ok
01:46:23.0106 6220 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:46:23.0116 6220 QWAVEdrv - ok
01:46:23.0116 6220 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:46:23.0116 6220 RasAcd - ok
01:46:23.0126 6220 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:46:23.0126 6220 RasAgileVpn - ok
01:46:23.0136 6220 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:46:23.0146 6220 RasAuto - ok
01:46:23.0146 6220 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:46:23.0156 6220 Rasl2tp - ok
01:46:23.0156 6220 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:46:23.0166 6220 RasMan - ok
01:46:23.0176 6220 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:46:23.0186 6220 RasPppoe - ok
01:46:23.0186 6220 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:46:23.0186 6220 RasSstp - ok
01:46:23.0196 6220 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:46:23.0206 6220 rdbss - ok
01:46:23.0216 6220 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:46:23.0216 6220 rdpbus - ok
01:46:23.0216 6220 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:46:23.0216 6220 RDPCDD - ok
01:46:23.0226 6220 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
01:46:23.0236 6220 RDPDR - ok
01:46:23.0236 6220 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:46:23.0236 6220 RDPENCDD - ok
01:46:23.0236 6220 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:46:23.0246 6220 RDPREFMP - ok
01:46:23.0246 6220 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
01:46:23.0256 6220 RdpVideoMiniport - ok
01:46:23.0256 6220 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:46:23.0266 6220 RDPWD - ok
01:46:23.0266 6220 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:46:23.0276 6220 rdyboost - ok
01:46:23.0286 6220 [ A6BAEA839CC888D4961AB5FE16BB8C4A ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
01:46:23.0296 6220 RegSrvc - ok
01:46:23.0296 6220 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:46:23.0306 6220 RemoteAccess - ok
01:46:23.0306 6220 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:46:23.0316 6220 RemoteRegistry - ok
01:46:23.0326 6220 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
01:46:23.0326 6220 RFCOMM - ok
01:46:23.0346 6220 [ E7062DBD907E0C5CEEB5ABDAF07E6B32 ] RosettaStoneDaemon C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
01:46:23.0366 6220 RosettaStoneDaemon - ok
01:46:23.0386 6220 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
01:46:23.0406 6220 RoxMediaDB12OEM - ok
01:46:23.0416 6220 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
01:46:23.0416 6220 RoxWatch12 - ok
01:46:23.0416 6220 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:46:23.0426 6220 RpcEptMapper - ok
01:46:23.0426 6220 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:46:23.0426 6220 RpcLocator - ok
01:46:23.0436 6220 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:46:23.0446 6220 RpcSs - ok
01:46:23.0446 6220 [ 85B325723F67EF80927326FD7EB1CC10 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
01:46:23.0456 6220 RSPCIESTOR - ok
01:46:23.0456 6220 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:46:23.0456 6220 rspndr - ok
01:46:23.0466 6220 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
01:46:23.0466 6220 s3cap - ok
01:46:23.0466 6220 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:46:23.0466 6220 SamSs - ok
01:46:23.0476 6220 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:46:23.0476 6220 sbp2port - ok
01:46:23.0486 6220 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:46:23.0496 6220 SCardSvr - ok
01:46:23.0496 6220 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:46:23.0496 6220 scfilter - ok
01:46:23.0516 6220 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:46:23.0536 6220 Schedule - ok
01:46:23.0536 6220 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:46:23.0546 6220 SCPolicySvc - ok
01:46:23.0546 6220 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
01:46:23.0546 6220 sdbus - ok
01:46:23.0556 6220 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:46:23.0566 6220 SDRSVC - ok
01:46:23.0566 6220 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:46:23.0566 6220 secdrv - ok
01:46:23.0576 6220 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:46:23.0576 6220 seclogon - ok
01:46:23.0586 6220 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
01:46:23.0586 6220 SENS - ok
01:46:23.0586 6220 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:46:23.0596 6220 SensrSvc - ok
01:46:23.0596 6220 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:46:23.0596 6220 Serenum - ok
01:46:23.0606 6220 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:46:23.0606 6220 Serial - ok
01:46:23.0616 6220 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
01:46:23.0616 6220 sermouse - ok
01:46:23.0626 6220 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:46:23.0626 6220 SessionEnv - ok
01:46:23.0636 6220 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:46:23.0636 6220 sffdisk - ok
01:46:23.0646 6220 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:46:23.0646 6220 sffp_mmc - ok
01:46:23.0646 6220 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:46:23.0646 6220 sffp_sd - ok
01:46:23.0656 6220 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
01:46:23.0656 6220 sfloppy - ok
01:46:23.0666 6220 [ 38F88F0DF46C4D42125EF721ABD7F6B9 ] SftService C:\Program Files (x86)\AlienRespawn\sftservice.EXE
01:46:23.0676 6220 SftService - ok
01:46:23.0676 6220 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:46:23.0696 6220 SharedAccess - ok
01:46:23.0696 6220 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:46:23.0706 6220 ShellHWDetection - ok
01:46:23.0716 6220 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:46:23.0716 6220 SiSRaid2 - ok
01:46:23.0716 6220 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
01:46:23.0726 6220 SiSRaid4 - ok
01:46:23.0726 6220 sj - ok
01:46:23.0736 6220 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:46:23.0736 6220 Smb - ok
01:46:23.0746 6220 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:46:23.0746 6220 SNMPTRAP - ok
01:46:23.0756 6220 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:46:23.0756 6220 spldr - ok
01:46:23.0766 6220 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
01:46:23.0776 6220 Spooler - ok
01:46:23.0806 6220 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:46:23.0836 6220 sppsvc - ok
01:46:23.0836 6220 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:46:23.0846 6220 sppuinotify - ok
01:46:23.0856 6220 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:46:23.0866 6220 srv - ok
01:46:23.0866 6220 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:46:23.0886 6220 srv2 - ok
01:46:23.0886 6220 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:46:23.0896 6220 srvnet - ok
01:46:23.0896 6220 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:46:23.0906 6220 SSDPSRV - ok
01:46:23.0906 6220 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:46:23.0916 6220 SstpSvc - ok
01:46:23.0926 6220 [ 20BEEB2472A08945C716DA37AEAC0CBE ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
01:46:23.0926 6220 STacSV - ok
01:46:23.0926 6220 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
01:46:23.0936 6220 stdcfltn - ok
01:46:23.0936 6220 Steam Client Service - ok
01:46:23.0936 6220 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
01:46:23.0946 6220 stexstor - ok
01:46:23.0956 6220 [ 16325D9BB55E07A4E5F1052D2ED08C30 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
01:46:23.0966 6220 STHDA - ok
01:46:23.0966 6220 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
01:46:23.0976 6220 StillCam - ok
01:46:23.0976 6220 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:46:23.0986 6220 stisvc - ok
01:46:23.0996 6220 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
01:46:24.0006 6220 stllssvr - ok
01:46:24.0006 6220 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
01:46:24.0006 6220 storflt - ok
01:46:24.0016 6220 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
01:46:24.0016 6220 storvsc - ok
01:46:24.0016 6220 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:46:24.0026 6220 swenum - ok
01:46:24.0026 6220 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:46:24.0036 6220 swprv - ok
01:46:24.0046 6220 Synth3dVsc - ok
01:46:24.0056 6220 [ D8205430CFD64FDB7D691D3BB74FD18F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
01:46:24.0066 6220 SynTP - ok
01:46:24.0086 6220 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:46:24.0116 6220 SysMain - ok
01:46:24.0126 6220 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:46:24.0126 6220 TabletInputService - ok
01:46:24.0136 6220 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
01:46:24.0136 6220 taphss - ok
01:46:24.0146 6220 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:46:24.0156 6220 TapiSrv - ok
01:46:24.0156 6220 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:46:24.0156 6220 TBS - ok
01:46:24.0176 6220 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:46:24.0206 6220 Tcpip - ok
01:46:24.0236 6220 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:46:24.0236 6220 TCPIP6 - ok
01:46:24.0246 6220 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:46:24.0246 6220 tcpipreg - ok
01:46:24.0256 6220 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:46:24.0256 6220 TDPIPE - ok
01:46:24.0256 6220 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:46:24.0266 6220 TDTCP - ok
01:46:24.0266 6220 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:46:24.0276 6220 tdx - ok
01:46:24.0276 6220 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:46:24.0276 6220 TermDD - ok
01:46:24.0286 6220 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:46:24.0306 6220 TermService - ok
01:46:24.0316 6220 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:46:24.0316 6220 Themes - ok
01:46:24.0316 6220 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:46:24.0326 6220 THREADORDER - ok
01:46:24.0326 6220 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:46:24.0336 6220 TrkWks - ok
01:46:24.0336 6220 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:46:24.0336 6220 TrustedInstaller - ok
01:46:24.0346 6220 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:46:24.0346 6220 tssecsrv - ok
01:46:24.0356 6220 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:46:24.0356 6220 TsUsbFlt - ok
01:46:24.0356 6220 tsusbhub - ok
01:46:24.0366 6220 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:46:24.0366 6220 tunnel - ok
01:46:24.0366 6220 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
01:46:24.0376 6220 uagp35 - ok
01:46:24.0376 6220 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:46:24.0386 6220 udfs - ok
01:46:24.0396 6220 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:46:24.0406 6220 UI0Detect - ok
01:46:24.0406 6220 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:46:24.0416 6220 uliagpkx - ok
01:46:24.0416 6220 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:46:24.0416 6220 umbus - ok
01:46:24.0426 6220 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
01:46:24.0426 6220 UmPass - ok
01:46:24.0436 6220 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
01:46:24.0446 6220 UmRdpService - ok
01:46:24.0446 6220 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:46:24.0456 6220 upnphost - ok
01:46:24.0466 6220 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
01:46:24.0466 6220 USBAAPL64 - ok
01:46:24.0466 6220 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:46:24.0476 6220 usbaudio - ok
01:46:24.0476 6220 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:46:24.0486 6220 usbccgp - ok
01:46:24.0486 6220 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:46:24.0496 6220 usbcir - ok
01:46:24.0496 6220 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
01:46:24.0506 6220 usbehci - ok
01:46:24.0506 6220 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:46:24.0516 6220 usbhub - ok
01:46:24.0526 6220 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:46:24.0526 6220 usbohci - ok
01:46:24.0526 6220 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:46:24.0536 6220 usbprint - ok
01:46:24.0536 6220 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:46:24.0546 6220 usbscan - ok
01:46:24.0546 6220 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:46:24.0556 6220 USBSTOR - ok
01:46:24.0556 6220 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:46:24.0556 6220 usbuhci - ok
01:46:24.0566 6220 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
01:46:24.0576 6220 usbvideo - ok
01:46:24.0576 6220 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:46:24.0586 6220 UxSms - ok
01:46:24.0586 6220 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:46:24.0586 6220 VaultSvc - ok
01:46:24.0586 6220 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:46:24.0596 6220 vdrvroot - ok
01:46:24.0596 6220 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:46:24.0606 6220 vds - ok
01:46:24.0606 6220 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:46:24.0616 6220 vga - ok
01:46:24.0616 6220 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:46:24.0616 6220 VgaSave - ok
01:46:24.0626 6220 VGPU - ok
01:46:24.0626 6220 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:46:24.0636 6220 vhdmp - ok
01:46:24.0646 6220 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:46:24.0646 6220 viaide - ok
01:46:24.0646 6220 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
01:46:24.0656 6220 vmbus - ok
01:46:24.0666 6220 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
01:46:24.0666 6220 VMBusHID - ok
01:46:24.0666 6220 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:46:24.0676 6220 volmgr - ok
01:46:24.0676 6220 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:46:24.0686 6220 volmgrx - ok
01:46:24.0686 6220 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:46:24.0696 6220 volsnap - ok
01:46:24.0706 6220 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
01:46:24.0706 6220 vsmraid - ok
01:46:24.0726 6220 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:46:24.0746 6220 VSS - ok
01:46:24.0746 6220 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
01:46:24.0746 6220 vwifibus - ok
01:46:24.0756 6220 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:46:24.0756 6220 vwififlt - ok
01:46:24.0756 6220 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
01:46:24.0766 6220 vwifimp - ok
01:46:24.0766 6220 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:46:24.0786 6220 W32Time - ok
01:46:24.0786 6220 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
01:46:24.0796 6220 WacomPen - ok
01:46:24.0796 6220 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:46:24.0806 6220 WANARP - ok
01:46:24.0806 6220 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:46:24.0806 6220 Wanarpv6 - ok
01:46:24.0816 6220 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:46:24.0846 6220 WatAdminSvc - ok
01:46:24.0866 6220 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:46:24.0886 6220 wbengine - ok
01:46:24.0896 6220 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:46:24.0896 6220 WbioSrvc - ok
01:46:24.0906 6220 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:46:24.0916 6220 wcncsvc - ok
01:46:24.0916 6220 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:46:24.0926 6220 WcsPlugInService - ok
01:46:24.0926 6220 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
01:46:24.0936 6220 Wd - ok
01:46:24.0936 6220 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
01:46:24.0936 6220 WDC_SAM - ok
01:46:24.0946 6220 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:46:24.0966 6220 Wdf01000 - ok
01:46:24.0966 6220 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:46:24.0966 6220 WdiServiceHost - ok
01:46:24.0976 6220 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:46:24.0976 6220 WdiSystemHost - ok
01:46:24.0976 6220 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:46:24.0986 6220 WebClient - ok
01:46:24.0996 6220 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:46:25.0006 6220 Wecsvc - ok
01:46:25.0006 6220 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:46:25.0016 6220 wercplsupport - ok
01:46:25.0016 6220 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:46:25.0026 6220 WerSvc - ok
01:46:25.0026 6220 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:46:25.0026 6220 WfpLwf - ok
01:46:25.0036 6220 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
01:46:25.0036 6220 WimFltr - ok
01:46:25.0046 6220 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:46:25.0046 6220 WIMMount - ok
01:46:25.0046 6220 WinDefend - ok
01:46:25.0056 6220 WinHttpAutoProxySvc - ok
01:46:25.0066 6220 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:46:25.0076 6220 Winmgmt - ok
01:46:25.0096 6220 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:46:25.0126 6220 WinRM - ok
01:46:25.0126 6220 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:46:25.0136 6220 WinUsb - ok
01:46:25.0146 6220 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:46:25.0156 6220 Wlansvc - ok
01:46:25.0176 6220 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:46:25.0196 6220 wlidsvc - ok
01:46:25.0206 6220 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:46:25.0206 6220 WmiAcpi - ok
01:46:25.0216 6220 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:46:25.0216 6220 wmiApSrv - ok
01:46:25.0226 6220 WMPNetworkSvc - ok
01:46:25.0226 6220 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:46:25.0226 6220 WPCSvc - ok
01:46:25.0236 6220 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:46:25.0236 6220 WPDBusEnum - ok
01:46:25.0246 6220 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:46:25.0246 6220 ws2ifsl - ok
01:46:25.0246 6220 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
01:46:25.0256 6220 wscsvc - ok
01:46:25.0256 6220 WSearch - ok
01:46:25.0286 6220 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
01:46:25.0306 6220 wuauserv - ok
01:46:25.0306 6220 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:46:25.0316 6220 WudfPf - ok
01:46:25.0316 6220 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:46:25.0326 6220 WUDFRd - ok
01:46:25.0326 6220 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:46:25.0336 6220 wudfsvc - ok
01:46:25.0336 6220 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:46:25.0346 6220 WwanSvc - ok
01:46:25.0386 6220 X6va005 - ok
01:46:25.0416 6220 X6va008 - ok
01:46:25.0436 6220 ================ Scan global ===============================
01:46:25.0436 6220 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:46:25.0446 6220 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:46:25.0456 6220 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:46:25.0456 6220 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:46:25.0466 6220 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:46:25.0476 6220 [Global] - ok
01:46:25.0476 6220 ================ Scan MBR ==================================
01:46:25.0476 6220 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
01:46:25.0616 6220 \Device\Harddisk0\DR0 - ok
01:46:25.0616 6220 ================ Scan VBR ==================================
01:46:25.0616 6220 [ D9378DB4096130379E4837B268FE0EC0 ] \Device\Harddisk0\DR0\Partition1
01:46:25.0616 6220 \Device\Harddisk0\DR0\Partition1 - ok
01:46:25.0626 6220 [ D8C64602DD0C47FBECAEE8C28B84AAA6 ] \Device\Harddisk0\DR0\Partition2
01:46:25.0626 6220 \Device\Harddisk0\DR0\Partition2 - ok
01:46:25.0626 6220 ============================================================
01:46:25.0626 6220 Scan finished
01:46:25.0626 6220 ============================================================
01:46:25.0626 8992 Detected object count: 1
01:46:25.0626 8992 Actual detected object count: 1
01:51:10.0877 8992 c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll - copied to quarantine
01:51:10.0887 8992 HKLM\SYSTEM\ControlSet001\services\Akamai - will be deleted on reboot
01:51:10.0887 8992 HKLM\SYSTEM\ControlSet002\services\Akamai - will be deleted on reboot
01:51:10.0897 8992 c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll - will be deleted on reboot
01:51:10.0897 8992 Akamai ( HiddenFile.Multi.Generic ) - User select action: Delete
01:52:15.0969 10228 Deinitialize success

#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:21 AM

Posted 22 September 2012 - 07:58 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 Somebunny

Somebunny
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 23 September 2012 - 12:07 AM

[*]Select "Computer" and find your flash drive letter and close the notepad.


I could not find the flash drive at this step. The flash drive appears when I boot up normally, but not in system recovery options.

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:21 AM

Posted 23 September 2012 - 08:10 AM

do you have another USB that you can try?

if there is nothing else saved to the USB you are using, then please try formatting it first before saving FRST to it.

(If it still wont work, that's OK, we have other tools we can used)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Somebunny

Somebunny
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 23 September 2012 - 11:35 PM

I don't have another USB and the same issue occurred even after formatting.

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:21 AM

Posted 24 September 2012 - 07:18 AM

Please run the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Somebunny

Somebunny
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 24 September 2012 - 07:18 PM

ComboFix 12-09-24.02 - Bliz 4/2012 Mon 19:36:06.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.949.82.1033.18.16332.13885 [GMT -4:00]
Running from: c:\users\Bliz\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bliz\AppData\Local\AOL\Akamai\llpdvummd.dll
c:\users\Bliz\AppData\Local\assembly\tmp
c:\windows\SysWow64\sqlite3.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
.
.
2012-09-24 23:54 . 2012-09-24 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 05:51 . 2012-09-22 05:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-21 08:29 . 2012-09-21 08:29 -------- d-----w- c:\program files (x86)\Cleaners AC Calculator
2012-09-12 14:55 . 2012-09-12 14:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-11 20:01 . 2012-09-11 20:01 -------- d-----w- c:\users\Bliz\AppData\Roaming\Avira
2012-09-11 19:57 . 2012-09-08 00:26 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-11 19:57 . 2012-09-08 00:26 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-11 19:57 . 2012-09-08 00:26 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-11 19:57 . 2012-09-11 19:57 -------- d-----w- c:\programdata\Avira
2012-09-11 19:57 . 2012-09-11 19:57 -------- d-----w- c:\program files (x86)\Avira
2012-09-07 22:23 . 2012-09-07 22:23 -------- d-----w- c:\users\Bliz\AppData\Local\3DVIA
2012-09-07 22:23 . 2012-09-07 22:23 -------- d-----w- c:\programdata\3DVIA
2012-09-07 22:23 . 2012-09-07 22:23 -------- d-----w- c:\program files (x86)\Virtools
2012-08-28 09:21 . 2012-08-28 09:21 -------- d-----w- c:\program files (x86)\Winamp Detect
2012-08-28 09:21 . 2012-08-28 11:44 -------- d-----w- c:\users\Bliz\AppData\Roaming\Winamp
2012-08-28 09:21 . 2012-08-28 09:21 -------- d-----w- c:\program files (x86)\Winamp
2012-08-28 06:13 . 2012-08-28 06:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-28 06:13 . 2012-09-12 14:55 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-28 06:12 . 2012-08-28 06:12 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 18:37 . 2012-06-12 21:21 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-14 18:37 . 2012-06-12 21:21 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 14:55 . 2011-04-02 14:04 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-07 21:04 . 2011-04-12 20:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 04:06 . 2012-07-19 04:06 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Bliz\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-02 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2010-11-17 1500528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2010-08-19 487562]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-08 348664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Bliz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bliz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [2012-03-07 98040]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [2012-03-07 183544]
R3 Mon_oppmmitm;Mon_oppmmitm;c:\windows\system32\rdrleakdiag.exe [2009-07-14 40448]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-11-29 326760]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-07 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 X6va005;X6va005;c:\users\Bliz\AppData\Local\Temp\005B97.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-08 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-19 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-12-01 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-02 203264]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-08 86224]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-03-31 1646056]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-01-13 705856]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-06 27760]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-02 8123392]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-02 288256]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-08-16 344616]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-12-01 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-11-03 12178816]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-29 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-12-09 56344]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2012-03-07 107768]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-08-09 7821312]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-16 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-16 180736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-04-02 18:47 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-01 524800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-03 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-03 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-03 417304]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2010-11-10 13256]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
FF - ProfilePath - c:\users\Bliz\AppData\Roaming\Mozilla\Firefox\Profiles\y22f7ego.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-Akamai - c:\users\Bliz\AppData\Local\AOL\Akamai\llpdvummd.dll
SafeBoot-53393384.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(Default) - (no file)
AddRemove-L4D2onL4D - c:\program files (x86)\steam\steamapps\common\left 4 dead\Uninstall L4D2onL4D.exe
AddRemove-?u?_?i?_ IA_is1 - c:\users\Bliz\Desktop\Games\Touhou 13 Demo\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Bliz\AppData\Local\Temp\005B97.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-24 19:55:38
ComboFix-quarantined-files.txt 2012-09-24 23:55
.
Pre-Run: 21,669,191,680 bytes free
Post-Run: 21,339,238,400 bytes free
.
- - End Of File - - D10615353B48BF82672349186E926BDC

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:21 AM

Posted 24 September 2012 - 08:40 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DDS::
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Somebunny

Somebunny
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 25 September 2012 - 01:55 AM

Combofix Log:
ComboFix 12-09-24.03 - Bliz 4/2012 Mon 23:52:11.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.949.82.1033.18.16332.13279 [GMT -4:00]
Running from: c:\users\Bliz\Desktop\ComboFix.exe
Command switches used :: c:\users\Bliz\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-25 to 2012-09-25 )))))))))))))))))))))))))))))))
.
.
2012-09-25 03:56 . 2012-09-25 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 05:51 . 2012-09-22 05:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-21 08:29 . 2012-09-21 08:29 -------- d-----w- c:\program files (x86)\Cleaners AC Calculator
2012-09-12 14:55 . 2012-09-12 14:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-11 20:01 . 2012-09-11 20:01 -------- d-----w- c:\users\Bliz\AppData\Roaming\Avira
2012-09-11 19:57 . 2012-09-08 00:26 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-11 19:57 . 2012-09-08 00:26 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-11 19:57 . 2012-09-08 00:26 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-11 19:57 . 2012-09-11 19:57 -------- d-----w- c:\programdata\Avira
2012-09-11 19:57 . 2012-09-11 19:57 -------- d-----w- c:\program files (x86)\Avira
2012-09-07 22:23 . 2012-09-07 22:23 -------- d-----w- c:\users\Bliz\AppData\Local\3DVIA
2012-09-07 22:23 . 2012-09-07 22:23 -------- d-----w- c:\programdata\3DVIA
2012-09-07 22:23 . 2012-09-07 22:23 -------- d-----w- c:\program files (x86)\Virtools
2012-08-28 09:21 . 2012-08-28 09:21 -------- d-----w- c:\program files (x86)\Winamp Detect
2012-08-28 09:21 . 2012-08-28 11:44 -------- d-----w- c:\users\Bliz\AppData\Roaming\Winamp
2012-08-28 09:21 . 2012-08-28 09:21 -------- d-----w- c:\program files (x86)\Winamp
2012-08-28 06:13 . 2012-08-28 06:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-28 06:13 . 2012-09-12 14:55 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-28 06:12 . 2012-08-28 06:12 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 18:37 . 2012-06-12 21:21 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-14 18:37 . 2012-06-12 21:21 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 14:55 . 2011-04-02 14:04 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-07 21:04 . 2011-04-12 20:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 04:06 . 2012-07-19 04:06 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Bliz\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-02 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2010-11-17 1500528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2010-08-19 487562]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-08 348664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Bliz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bliz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [2012-03-07 98040]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [2012-03-07 183544]
R3 Mon_oppmmitm;Mon_oppmmitm;c:\windows\system32\rdrleakdiag.exe [2009-07-14 40448]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-11-29 326760]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-07 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 X6va005;X6va005;c:\users\Bliz\AppData\Local\Temp\005B97.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-08 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-19 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-12-01 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-02 203264]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-08 86224]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-03-31 1646056]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-01-13 705856]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-06 27760]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-02 8123392]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-02 288256]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-08-16 344616]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-12-01 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-11-03 12178816]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-29 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-12-09 56344]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2012-03-07 107768]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-08-09 7821312]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-16 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-16 180736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-01 524800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-03 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-03 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-03 417304]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2010-11-10 13256]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
FF - ProfilePath - c:\users\Bliz\AppData\Roaming\Mozilla\Firefox\Profiles\y22f7ego.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-?u?_?i?_ IA_is1 - c:\users\Bliz\Desktop\Games\Touhou 13 Demo\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Bliz\AppData\Local\Temp\005B97.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-24 23:57:27
ComboFix-quarantined-files.txt 2012-09-25 03:57
ComboFix2.txt 2012-09-24 23:55
.
Pre-Run: 21,391,593,472 bytes free
Post-Run: 21,338,718,208 bytes free
.
- - End Of File - - 41D0579289B40AA3C75D98D1373D8BBB

AdwCleaner Log:
# AdwCleaner v2.003 - Logfile created 09/25/2012 at 01:45:40
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Bliz - BLIENOREN
# Boot Mode : Normal
# Running from : C:\Users\Bliz\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default
File : C:\Users\Bliz\AppData\Roaming\Mozilla\Firefox\Profiles\y22f7ego.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1167 octets] - [25/09/2012 01:45:40]

########## EOF - C:\AdwCleaner[S1].txt - [1227 octets] ##########

Malwarebytes Log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.25.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bliz :: BLIENOREN [administrator]

9/25/2012 1:49:19 AM
mbam-log-2012-09-25 (01-49-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207221
Time elapsed: 1 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESETSCAN Log:
C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Qoobox\Quarantine\C\Users\Bliz\AppData\Local\AOL\Akamai\llpdvummd.dll.vir Win32/TrojanDownloader.Tracur.N.Gen trojan
C:\Users\Bliz\AppData\Roaming\Mozilla\Firefox\Profiles\y22f7ego.default\extensions\wfypoqfake@wfypoqfake.org.xpi JS/Redirector.NCA trojan

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:21 AM

Posted 25 September 2012 - 08:45 AM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic469473.html/page__pid__2850689#entry2850689

Collect::
C:\Users\Bliz\AppData\Roaming\Mozilla\Firefox\Profiles\y22f7ego.default\extensions\wfypoqfake@wfypoqfake.org.xpi 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Somebunny

Somebunny
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 25 September 2012 - 07:12 PM

Combofix:
ComboFix 12-09-24.03 - Bliz 5/2012 Tue 18:32:19.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.949.82.1033.18.16332.13197 [GMT -4:00]
Running from: c:\users\Bliz\Desktop\ComboFix.exe
Command switches used :: c:\users\Bliz\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((( Files Created from 2012-08-25 to 2012-09-25 )))))))))))))))))))))))))))))))
.
.
2012-09-25 22:50 . 2012-09-25 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 05:51 . 2012-09-22 05:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-21 08:29 . 2012-09-21 08:29 -------- d-----w- c:\program files (x86)\Cleaners AC Calculator
2012-09-12 14:55 . 2012-09-12 14:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-11 20:01 . 2012-09-11 20:01 -------- d-----w- c:\users\Bliz\AppData\Roaming\Avira
2012-09-11 19:57 . 2012-09-08 00:26 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-11 19:57 . 2012-09-08 00:26 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-11 19:57 . 2012-09-08 00:26 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-11 19:57 . 2012-09-11 19:57 -------- d-----w- c:\programdata\Avira
2012-09-11 19:57 . 2012-09-11 19:57 -------- d-----w- c:\program files (x86)\Avira
2012-09-07 22:23 . 2012-09-07 22:23 -------- d-----w- c:\users\Bliz\AppData\Local\3DVIA
2012-09-07 22:23 . 2012-09-07 22:23 -------- d-----w- c:\programdata\3DVIA
2012-09-07 22:23 . 2012-09-07 22:23 -------- d-----w- c:\program files (x86)\Virtools
2012-08-28 09:21 . 2012-08-28 09:21 -------- d-----w- c:\program files (x86)\Winamp Detect
2012-08-28 09:21 . 2012-08-28 11:44 -------- d-----w- c:\users\Bliz\AppData\Roaming\Winamp
2012-08-28 09:21 . 2012-08-28 09:21 -------- d-----w- c:\program files (x86)\Winamp
2012-08-28 06:13 . 2012-08-28 06:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-28 06:13 . 2012-09-12 14:55 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-28 06:12 . 2012-08-28 06:12 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 18:37 . 2012-06-12 21:21 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-14 18:37 . 2012-06-12 21:21 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 14:55 . 2011-04-02 14:04 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-07 21:04 . 2011-04-12 20:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 04:06 . 2012-07-19 04:06 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Bliz\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-02 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2010-11-17 1500528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2010-08-19 487562]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-08 348664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Bliz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bliz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [2012-03-07 98040]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [2012-03-07 183544]
R3 Mon_oppmmitm;Mon_oppmmitm;c:\windows\system32\rdrleakdiag.exe [2009-07-14 40448]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-11-29 326760]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-07 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 X6va005;X6va005;c:\users\Bliz\AppData\Local\Temp\005B97.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-08 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-19 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-12-01 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-02 203264]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-08 86224]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-03-31 1646056]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-01-13 705856]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-06 27760]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-02 8123392]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-02 288256]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-08-16 344616]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-12-01 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-11-03 12178816]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-29 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-12-09 56344]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2012-03-07 107768]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-08-09 7821312]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-16 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-16 180736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bliz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-01 524800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-03 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-03 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-03 417304]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2010-11-10 13256]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
FF - ProfilePath - c:\users\Bliz\AppData\Roaming\Mozilla\Firefox\Profiles\y22f7ego.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-?u?_?i?_ IA_is1 - c:\users\Bliz\Desktop\Games\Touhou 13 Demo\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Bliz\AppData\Local\Temp\005B97.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\AlienRespawn\Toaster.exe
c:\program files\Alienware\Command Center\AlienFusionController.exe
.
**************************************************************************
.
Completion time: 2012-09-25 20:00:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-26 00:00
ComboFix2.txt 2012-09-25 03:57
ComboFix3.txt 2012-09-24 23:55
.
Pre-Run: 21,715,447,808 bytes free
Post-Run: 21,213,134,848 bytes free
.
- - End Of File - - 06C25B3D5CF9A466488EBB1C37A1DDB4
Upload was successful

MiniToolBox:
MiniToolBox by Farbar Version: 23-07-2012
Ran by Bliz (administrator) on 25-09-2012 at 20:03:50
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

?u?_?i?_ IA ver 0.01a
3DVIA player 5.0.0.20 (Version: 5.0.20)
Accidental Damage Services Agreement (Version: 2.0.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Reader 9.1.2 (Version: 9.1.2)
Advanced Audio FX Engine (Version: 1.12.05)
AhnLab Online Security
AIM for Windows
Akamai NetSession Interface
Akamai NetSession Interface Service
AlienRespawn - Support Software
AlienRespawn (Version: 9.4.51)
Alienware M17x Manual (Version: 1.0.0.1)
Alienware On-Screen Display (Version: 0.31.0.8C)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Asheron's Call Dual Client Utility (Version: 7.2.1)
Asheron's Call: Throne of Destiny (Version: 3.11.2646)
ATI Catalyst Install Manager (Version: 3.0.804.0)
Audacity 1.3.13 (Unicode)
Avira Free Antivirus (Version: 12.0.0.1199)
Banctec Service Agreement (Version: 2.0.0)
Bonjour (Version: 3.0.0.10)
CamStudio
Castaway (Version: 1.8.0.2)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center InstallProxy (Version: 2010.1202.1025.18640)
Catalyst Control Center Localization All (Version: 2010.1202.1025.18640)
ccc-core-static (Version: 2010.1202.1025.18640)
ccc-utility64 (Version: 2010.1202.1025.18640)
CCC Help Chinese Standard (Version: 2010.1202.1024.18640)
CCC Help Chinese Traditional (Version: 2010.1202.1024.18640)
CCC Help Danish (Version: 2010.1202.1024.18640)
CCC Help Dutch (Version: 2010.1202.1024.18640)
CCC Help English (Version: 2010.1202.1024.18640)
CCC Help Finnish (Version: 2010.1202.1024.18640)
CCC Help French (Version: 2010.1202.1024.18640)
CCC Help German (Version: 2010.1202.1024.18640)
CCC Help Italian (Version: 2010.1202.1024.18640)
CCC Help Japanese (Version: 2010.1202.1024.18640)
CCC Help Korean (Version: 2010.1202.1024.18640)
CCC Help Norwegian (Version: 2010.1202.1024.18640)
CCC Help Portuguese (Version: 2010.1202.1024.18640)
CCC Help Russian (Version: 2010.1202.1024.18640)
CCC Help Spanish (Version: 2010.1202.1024.18640)
CCC Help Swedish (Version: 2010.1202.1024.18640)
Cleaners AC Calc Setup (Version: 1.0.0)
Command Center (Version: 2.6.2.0)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.4.0315)
Decal 3.0 (Alpha 8: 2.9.6.0) (Version: 2.9.0600)
Diablo II
Diablo III (Version: 1.0.4.11327)
DirectX 9 Runtime (Version: 1.00.0000)
Dropbox (Version: 1.4.7)
EMSC (Version: 0.0.0.22C)
Epson Event Manager (Version: 2.20.00)
EPSON NX210 Series Printer Uninstall
EPSON Scan
ESET Online Scanner v3
FlashGet 1.9.6.1073 (Version: 1.9.6.1073)
FormatFactory 2.95 (Version: 2.95)
Fraps (remove only)
GCFScape 1.8.2
GIMP 2.6.11 (Version: 2.6.11)
GoArrow v1.2.0.1 (Version: 1.2.1)
Hero Editor V0.96
Hotspot Shield 2.53 (Version: 2.53)
HP Photosmart Plus B210 series Basic Device Software (Version: 22.0.334.0)
HP Photosmart Plus B210 series Help (Version: 140.0.54.54)
Hush (Version: 1.0.0.15)
HxD Hex Editor version 1.7.7.0 (Version: 1.7.7.0)
Integrated Webcam Live! Central (Version: 2.00.35)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software (Version: 13.03.0000)
Intel® Rapid Storage Technology (Version: 10.0.0.1046)
intelliScore Ensemble WAV to MIDI Converter Demo
ips XP 1.11.2600 (Version: 1.11.2600)
iTunes (Version: 10.5.2.11)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 27 (64-bit) (Version: 6.0.270)
Java™ 7 (64-bit) (Version: 7.0.0)
Java™ SE Development Kit 6 Update 27 (64-bit) (Version: 1.6.0.270)
KeyTweak - Keyboard Remapper (remove only)
L4D2onL4D Addon (Version: 1.0.0.0)
La Tale
LAME v3.98.3 for Audacity
League of Legends (Version: 1.3)
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
Left 4 Dead 2 Authoring Tools
Left 4 Dead 2 Dedicated Server
LifeTank X (Version: 11.9.0.8)
Livestream Procaster (Version: 20.0.151)
LockesArmyKnife (Version: 1.5.3)
LOLReplay (Version: 0.7.6.0)
Macromedia Fireworks MX 2004 (Version: 7)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MapleStory
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
MiniMap (Version: 1.0.0)
Miranda IM 0.10.2
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML4 Parser (Version: 1.0.0)
NCsoft Launcher (Version: 1.5.19002)
Nettalk 6.7
Nexon Game Manager
NSIS SWR English
NVIDIA PhysX v8.10.29 (Version: 8.10.29)
OGPlanet Game Launcher (Version: 1.0.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
Paint.NET v3.5.8 (Version: 3.58.0)
PESTERCHUM
PhotoShowExpress (Version: 2.0.063)
Portal
PowerXpressHybrid (Version: 1.00.0000)
Project64 1.6 (Version: 1.6)
Psi (remove only)
PX Profile Update (Version: 1.00.1.)
Radar Add-on (Version: 1.0.0)
RBVirtualFolder64Inst (Version: 1.00.0000)
Rosetta Stone Ltd Services (Version: 3.2.17)
Rosetta Stone TOTALe (Version: 4.1.1)
Rosetta Stone TOTALe (Version: 4.1.15.1)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Rusty Hearts PWE (Version: 1.00.0000)
Saints Row: The Third
SCHTHACK PSOBB Compatibility Database
SkunkVision (Version: 1.0.7)
Skype 5.7 (Version: 5.7.123)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 15.1.19.0)
Target Info v3.1.1 Alpha (Version: 3.1.1)
Team Fortress 2
Terraria
The Elder Scrolls V: Skyrim
Tiled - Tiled Map Editor
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
VLC media player 1.1.9 (Version: 1.1.9)
VTFEdit 1.3.3
Warcraft III: All Products
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
XChat 2 (remove only)
XviD v1.3.0 CVS
YVD (Version: 1.0.0)
Zip Motion Block Video codec (Remove Only)

**** End of log ****

Farbar:
Farbar Service Scanner Version: 19-09-2012
Ran by Bliz (administrator) on 25-09-2012 at 20:04:51
Running from "C:\Users\Bliz\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

The redirects seem to have stopped.

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:21 AM

Posted 25 September 2012 - 09:09 PM

You can delete these versions of Java from your computer as you already have the latest version installed

Java 6 Update 22 (Version: 6.0.220)
Java 6 Update 26 (Version: 6.0.260)
Java 6 Update 27 (64-bit) (Version: 6.0.270)


NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


Please let me know if there are any outstanding issues, if not, then we can clean up our tools

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Somebunny

Somebunny
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 25 September 2012 - 11:44 PM

I went and did that, and there still seem to be no issues.

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:21 AM

Posted 26 September 2012 - 08:28 AM

We just have some housekeeping to do now,

Please do the following:


You can delete the DDS, TDSSKiller and all the Farbar logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT


  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users