Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches redirect to googleleads.g.doubleeclick.com


  • This topic is locked This topic is locked
21 replies to this topic

#1 killerfuse

killerfuse

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 22 September 2012 - 06:47 PM

On random intervals, some Google search results are redirecting to l.doubleeclick.net. I have tried every root killer and AV program I can think of! I have noticed that Windows Defender is disabled. When I try to enable it, I receive an "Access Denied" message.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.6.2
Run by killerfuse at 18:58:54 on 2012-09-22
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3000.1372 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FortiClient Personal Firewall *Disabled* {006D9983-6839-71D6-14E6-D7AD47ECD682}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Fortinet\FortiClient\scheduler.exe
C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
C:\Program Files\Fortinet\FortiClient\fcappdb.exe
C:\Program Files\Fortinet\FortiClient\FortiProxy.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\Fortinet\FortiClient\fortifw.exe
C:\Program Files\Fortinet\FortiClient\FortiTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\FortiSSLVPNdaemon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\killerfuse\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Fortinet\FortiClient\ipsec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Users\killerfuse\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\killerfuse\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\killerfuse\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\killerfuse\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\killerfuse\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\killerfuse\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\killerfuse\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\killerfuse\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\killerfuse\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\UnHackMe\UnHackMe.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
StartupFolder: c:\users\killer~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\killerfuse\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C4B6D699-6F1B-4DAA-AC4D-29347FA4E707} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C4B6D699-6F1B-4DAA-AC4D-29347FA4E707}\445746C65697 : DhcpNameServer = 205.152.37.23 205.152.150.23 192.168.0.1
TCP: Interfaces\{C4B6D699-6F1B-4DAA-AC4D-29347FA4E707}\54347425C4D4F62696C656 : DhcpNameServer = 192.168.3.254
TCP: Interfaces\{C4B6D699-6F1B-4DAA-AC4D-29347FA4E707}\94E6472756079646D4F62696C656 : DhcpNameServer = 192.168.3.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\killerfuse\appdata\roaming\mozilla\firefox\profiles\h9etwuxn.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\fortinet\sslvpnclient\npccplugin.dll
FF - plugin: c:\program files\fortinet\sslvpnclient\nptcplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\users\killerfuse\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\killerfuse\appdata\roaming\tenhandsinc\tenhandsplugin\1.8.20.1291\npTenHandsPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 fortiapd;fortiapd;c:\windows\system32\drivers\fortiapd.sys [2011-1-12 13416]
R1 FortiPFW;FortiPFW;c:\windows\system32\drivers\fortipfw2.sys [2011-1-12 100968]
R1 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys [2011-1-12 104296]
R1 FortiRdr;FortiRdr;c:\windows\system32\drivers\FortiRdr2.sys [2011-1-12 35944]
R1 FortiShield;FortiShield;c:\windows\system32\drivers\FortiShield.sys [2011-1-12 40552]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 193288]
R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [2010-3-22 703080]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-3-31 80896]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2009-7-13 20992]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-6-11 228408]
R3 Fortidrv2;Fortinet Packet Filter Service;c:\windows\system32\drivers\fortidrv.sys [2010-1-4 22504]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-6-11 122368]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2011-6-23 3768]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [2009-7-21 36384]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-20 313856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-1 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\drivers\ftvnic.sys [2011-3-27 14496]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2011-9-1 450048]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-1 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 114144]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-9-15 24416]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2011-6-23 184320]
S3 SpotUsb;SpotUsb;c:\windows\system32\drivers\MFUSB_Netduino.sys [2010-7-31 22144]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
.
=============== Created Last 30 ================
.
2012-09-21 22:19:23 -------- d-----w- c:\users\killerfuse\appdata\roaming\pdfforge
2012-09-21 22:19:22 81920 ----a-w- c:\windows\system32\pdfcmon.dll
2012-09-21 22:19:22 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-09-21 22:19:22 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-09-21 22:19:20 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-09-21 22:19:20 -------- d-----w- c:\program files\PDFCreator
2012-09-21 22:15:04 87191 ----a-w- c:\windows\system32\~.tmp
2012-09-19 13:46:22 -------- d-----w- c:\users\killerfuse\appdata\local\{7CE4814C-7538-4E45-A26E-D74B969D8C79}
2012-09-19 01:45:57 -------- d-----w- c:\users\killerfuse\appdata\local\{364863DE-9B6A-4086-B516-DB1430CFCC2B}
2012-09-19 00:09:54 135016 ----a-w- c:\windows\system32\LnkProtect.dll
2012-09-19 00:07:23 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-18 13:45:33 -------- d-----w- c:\users\killerfuse\appdata\local\{1BE328E8-745E-4B18-B24C-B8A765EA5FD4}
2012-09-18 02:21:00 14664 ----a-w- c:\windows\stinger.sys
2012-09-18 02:20:37 -------- d-----w- c:\program files\stinger
2012-09-16 13:44:33 -------- d-----w- c:\users\killerfuse\appdata\local\{2D05FB8E-0CD8-44C6-B703-A79C88A0F83D}
2012-09-16 02:33:24 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-09-16 02:24:42 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-09-16 02:24:42 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-09-16 02:24:42 -------- d-----w- c:\programdata\RegRun
2012-09-16 02:24:22 2 --shatr- c:\windows\winstart.bat
2012-09-16 02:24:17 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-09-16 02:24:13 -------- d-----w- c:\program files\UnHackMe
2012-09-15 01:43:45 -------- d-----w- c:\users\killerfuse\appdata\local\{036D6444-5E1D-4269-A102-54AEECD0B8D0}
2012-09-15 00:06:57 -------- d-----w- c:\users\killerfuse\appdata\local\temp
2012-09-14 23:39:46 98816 ----a-w- c:\windows\sed.exe
2012-09-14 23:39:46 518144 ----a-w- c:\windows\SWREG.exe
2012-09-14 23:39:46 256000 ----a-w- c:\windows\PEV.exe
2012-09-14 23:39:46 208896 ----a-w- c:\windows\MBR.exe
2012-09-14 23:24:56 388096 ----a-r- c:\users\killerfuse\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-09-14 23:24:55 -------- d-----w- c:\program files\Trend Micro
2012-09-14 23:20:29 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-09-14 23:07:27 -------- d-----w- c:\programdata\HitmanPro
2012-09-13 01:41:39 -------- d-----w- c:\users\killerfuse\appdata\local\{DD2B98DB-0746-4257-9BA2-F8AF3EEBC338}
2012-09-11 17:55:34 -------- d-----w- c:\users\killerfuse\appdata\local\{AA4C874B-33E5-4239-98EC-BA4074092DAA}
2012-09-07 23:14:26 -------- d-----w- c:\program files\MediaInfo
2012-09-07 22:34:25 -------- d-----w- c:\users\killerfuse\appdata\roaming\avidemux
2012-09-07 22:34:09 -------- d-----w- c:\program files\Avidemux 2.5
2012-09-06 11:36:04 -------- d-----w- c:\users\killerfuse\appdata\local\{EBCC8656-732D-46F5-990C-38FF0AE154A7}
2012-09-05 23:35:39 -------- d-----w- c:\users\killerfuse\appdata\local\{3857E5AF-F021-44A2-9BA9-585C3B65CFC6}
2012-09-03 19:48:14 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-03 19:42:57 -------- d-----w- c:\users\killerfuse\appdata\local\{8FC9B471-F5FF-11E1-8270-B8AC6F996F26}
2012-09-03 02:12:44 -------- d-----w- c:\program files\AAALOGO2009
2012-08-29 00:09:54 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-28 23:27:54 -------- d-----w- c:\users\killerfuse\appdata\local\{FA61BD58-8702-4213-B38F-DCA2B067DAED}
2012-08-28 11:27:07 -------- d-----w- c:\users\killerfuse\appdata\local\{CC466BCD-BBD1-4C40-B965-BBD4451111C9}
2012-08-27 23:26:33 -------- d-----w- c:\users\killerfuse\appdata\local\{493F9102-55B1-47BC-A6D7-946457BF8642}
2012-08-27 11:26:00 -------- d-----w- c:\users\killerfuse\appdata\local\{E180E804-4FD3-464A-91DE-37227FB7D0E8}
2012-08-26 23:25:23 -------- d-----w- c:\users\killerfuse\appdata\local\{DF212CE2-DC97-47FE-A38F-8C4E986431C2}
2012-08-26 11:25:07 -------- d-----w- c:\users\killerfuse\appdata\local\{D5142B49-5C9C-40DC-A5E2-3AD20EC4EE54}
2012-08-25 23:24:54 -------- d-----w- c:\users\killerfuse\appdata\local\{D692D4A1-4FAB-4934-BD73-A2370E8E273A}
2012-08-25 11:24:31 -------- d-----w- c:\users\killerfuse\appdata\local\{AD7EE3B5-89A9-4547-B6DB-4133070CC754}
2012-08-24 23:24:17 -------- d-----w- c:\users\killerfuse\appdata\local\{BA2DBB24-8F06-4B5C-84E3-90F47316E183}
2012-08-24 19:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 11:24:03 -------- d-----w- c:\users\killerfuse\appdata\local\{AD8606B3-D086-45EF-997B-A938D91A800E}
2012-08-23 23:23:47 -------- d-----w- c:\users\killerfuse\appdata\local\{5CC886F0-2ECD-449F-91A5-45CBAEF6D843}
.
==================== Find3M ====================
.
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 19:43:00 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 19:43:00 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-29 00:09:47 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 00:09:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-26 07:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 18:59:53.55 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 23 September 2012 - 07:34 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 killerfuse

killerfuse
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 23 September 2012 - 02:18 PM

Thanks for the response! Here is the results of Security Check:

Results of screen317's Security Check version 0.99.51
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java DB 10.5.3.0
JavaFX 2.0.3
JavaFX 2.0.2 SDK
Java™ 6 Update 29
Java 7 Update 6
Java™ SE Development Kit 6 Update 18
Java™ SE Development Kit 7 Update 2
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Edited by killerfuse, 23 September 2012 - 02:20 PM.


#4 killerfuse

killerfuse
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 23 September 2012 - 02:21 PM

# AdwCleaner v2.002 - Logfile created 09/23/2012 at 14:57:21
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Enterprise (32 bits)
# User : killerfuse - KILLERLAPTOP
# Boot Mode : Normal
# Running from : C:\Users\killerfuse\Desktop\bleepingcomputer\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\killerfuse\AppData\Roaming\pdfforge

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\killerfuse\AppData\Roaming\Mozilla\Firefox\Profiles\h9etwuxn.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\killerfuse\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [1065 octets] - [23/09/2012 14:57:21]

########## EOF - C:\AdwCleaner[S2].txt - [1125 octets] ##########

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : killerfuse [Admin rights]
Mode : Remove -- Date : 09/23/2012 15:05:34

Bad processes : 0

Registry Entries : 4
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [LOADED]

Extern Hives:

Infection :

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD2500BEKT-60V5T1 +++++
--- User ---
[MBR] 3b043d523c97e9504b89513be9dcb062
[BSP] a6fc4a0f33d5b1af5d4ef14bc4b4e985 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 23 September 2012 - 03:41 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 killerfuse

killerfuse
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 23 September 2012 - 04:31 PM

Here's TDSS Log. aswMBR ran for about 20 minutes and then the program locked up.

16:51:26.0216 5560 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:51:26.0528 5560 ============================================================
16:51:26.0528 5560 Current date / time: 2012/09/23 16:51:26.0528
16:51:26.0528 5560 SystemInfo:
16:51:26.0528 5560
16:51:26.0528 5560 OS Version: 6.1.7600 ServicePack: 0.0
16:51:26.0528 5560 Product type: Workstation
16:51:26.0528 5560 ComputerName: KILLERLAPTOP
16:51:26.0528 5560 UserName: killerfuse
16:51:26.0528 5560 Windows directory: C:\Windows
16:51:26.0528 5560 System windows directory: C:\Windows
16:51:26.0528 5560 Processor architecture: Intel x86
16:51:26.0528 5560 Number of processors: 2
16:51:26.0528 5560 Page size: 0x1000
16:51:26.0528 5560 Boot type: Normal boot
16:51:26.0528 5560 ============================================================
16:51:26.0996 5560 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:51:26.0996 5560 ============================================================
16:51:26.0996 5560 \Device\Harddisk0\DR0:
16:51:26.0996 5560 MBR partitions:
16:51:26.0996 5560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:51:26.0996 5560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
16:51:26.0996 5560 ============================================================
16:51:27.0028 5560 C: <-> \Device\Harddisk0\DR0\Partition2
16:51:27.0028 5560 ============================================================
16:51:27.0028 5560 Initialize success
16:51:27.0028 5560 ============================================================
16:51:30.0756 5808 ============================================================
16:51:30.0756 5808 Scan started
16:51:30.0756 5808 Mode: Manual;
16:51:30.0756 5808 ============================================================
16:51:31.0286 5808 ================ Scan system memory ========================
16:51:31.0286 5808 System memory - ok
16:51:31.0286 5808 ================ Scan services =============================
16:51:31.0458 5808 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:51:31.0458 5808 1394ohci - ok
16:51:31.0489 5808 [ 4DF5E6215A102A192B2B6DBB61F2FBA5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
16:51:31.0505 5808 Accelerometer - ok
16:51:31.0536 5808 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
16:51:31.0536 5808 ACPI - ok
16:51:31.0567 5808 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
16:51:31.0567 5808 AcpiPmi - ok
16:51:31.0598 5808 [ 6C61BCEB60C2C187E6F96001FD69493E ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
16:51:31.0598 5808 ADIHdAudAddService - ok
16:51:31.0676 5808 [ 4AE327C9C375D985FF2A2AAB92765218 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
16:51:31.0676 5808 Adobe LM Service - ok
16:51:31.0708 5808 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:51:31.0708 5808 adp94xx - ok
16:51:31.0739 5808 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:51:31.0739 5808 adpahci - ok
16:51:31.0754 5808 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:51:31.0754 5808 adpu320 - ok
16:51:31.0786 5808 [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
16:51:31.0786 5808 AEADIFilters - ok
16:51:31.0801 5808 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:51:31.0801 5808 AeLookupSvc - ok
16:51:31.0832 5808 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys
16:51:31.0832 5808 AFD - ok
16:51:31.0864 5808 [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
16:51:31.0879 5808 AgereModemAudio - ok
16:51:31.0926 5808 [ FAA5A0B80E011464C7654851CE3D7FE7 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
16:51:31.0957 5808 AgereSoftModem - ok
16:51:31.0988 5808 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
16:51:31.0988 5808 agp440 - ok
16:51:32.0020 5808 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:51:32.0020 5808 aic78xx - ok
16:51:32.0051 5808 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:51:32.0051 5808 ALG - ok
16:51:32.0082 5808 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
16:51:32.0082 5808 aliide - ok
16:51:32.0082 5808 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
16:51:32.0082 5808 amdagp - ok
16:51:32.0098 5808 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
16:51:32.0098 5808 amdide - ok
16:51:32.0113 5808 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:51:32.0113 5808 AmdK8 - ok
16:51:32.0129 5808 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:51:32.0129 5808 AmdPPM - ok
16:51:32.0160 5808 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
16:51:32.0160 5808 amdsata - ok
16:51:32.0176 5808 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:51:32.0191 5808 amdsbs - ok
16:51:32.0207 5808 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
16:51:32.0207 5808 amdxata - ok
16:51:32.0222 5808 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
16:51:32.0222 5808 AppID - ok
16:51:32.0222 5808 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:51:32.0222 5808 AppIDSvc - ok
16:51:32.0254 5808 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
16:51:32.0254 5808 Appinfo - ok
16:51:32.0269 5808 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
16:51:32.0269 5808 AppMgmt - ok
16:51:32.0300 5808 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:51:32.0300 5808 arc - ok
16:51:32.0300 5808 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:51:32.0316 5808 arcsas - ok
16:51:32.0394 5808 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:51:32.0394 5808 aspnet_state - ok
16:51:32.0425 5808 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:51:32.0425 5808 AsyncMac - ok
16:51:32.0456 5808 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
16:51:32.0456 5808 atapi - ok
16:51:32.0503 5808 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\Windows\system32\DRIVERS\athr.sys
16:51:32.0550 5808 athr - ok
16:51:32.0597 5808 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:51:32.0597 5808 AudioEndpointBuilder - ok
16:51:32.0628 5808 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:51:32.0628 5808 Audiosrv - ok
16:51:32.0690 5808 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
16:51:32.0690 5808 AVGIDSHX - ok
16:51:32.0737 5808 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
16:51:32.0737 5808 Avgldx86 - ok
16:51:32.0768 5808 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
16:51:32.0768 5808 Avgmfx86 - ok
16:51:32.0815 5808 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
16:51:32.0815 5808 Avgrkx86 - ok
16:51:32.0862 5808 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
16:51:32.0862 5808 Avgtdix - ok
16:51:32.0956 5808 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
16:51:32.0956 5808 avgwd - ok
16:51:32.0987 5808 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:51:33.0002 5808 AxInstSV - ok
16:51:33.0049 5808 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:51:33.0049 5808 b06bdrv - ok
16:51:33.0096 5808 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:51:33.0096 5808 b57nd60x - ok
16:51:33.0127 5808 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:51:33.0127 5808 BDESVC - ok
16:51:33.0143 5808 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:51:33.0143 5808 Beep - ok
16:51:33.0190 5808 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
16:51:33.0190 5808 BFE - ok
16:51:33.0221 5808 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll
16:51:33.0236 5808 BITS - ok
16:51:33.0252 5808 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:51:33.0252 5808 blbdrive - ok
16:51:33.0268 5808 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:51:33.0268 5808 bowser - ok
16:51:33.0283 5808 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:51:33.0283 5808 BrFiltLo - ok
16:51:33.0299 5808 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:51:33.0299 5808 BrFiltUp - ok
16:51:33.0314 5808 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:51:33.0314 5808 BridgeMP - ok
16:51:33.0330 5808 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
16:51:33.0330 5808 Browser - ok
16:51:33.0346 5808 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:51:33.0346 5808 Brserid - ok
16:51:33.0361 5808 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:51:33.0361 5808 BrSerWdm - ok
16:51:33.0361 5808 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:51:33.0361 5808 BrUsbMdm - ok
16:51:33.0377 5808 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:51:33.0377 5808 BrUsbSer - ok
16:51:33.0392 5808 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:51:33.0392 5808 BTHMODEM - ok
16:51:33.0424 5808 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:51:33.0424 5808 bthserv - ok
16:51:33.0502 5808 catchme - ok
16:51:33.0517 5808 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:51:33.0533 5808 cdfs - ok
16:51:33.0580 5808 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:51:33.0580 5808 cdrom - ok
16:51:33.0611 5808 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
16:51:33.0611 5808 CertPropSvc - ok
16:51:33.0642 5808 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:51:33.0642 5808 circlass - ok
16:51:33.0658 5808 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:51:33.0658 5808 CLFS - ok
16:51:33.0720 5808 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:51:33.0720 5808 clr_optimization_v2.0.50727_32 - ok
16:51:33.0767 5808 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:51:33.0767 5808 clr_optimization_v4.0.30319_32 - ok
16:51:33.0782 5808 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:51:33.0782 5808 CmBatt - ok
16:51:33.0798 5808 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
16:51:33.0814 5808 cmdide - ok
16:51:33.0829 5808 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
16:51:33.0829 5808 CNG - ok
16:51:33.0907 5808 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:51:33.0907 5808 Com4QLBEx - ok
16:51:33.0938 5808 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:51:33.0938 5808 Compbatt - ok
16:51:33.0954 5808 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:51:33.0954 5808 CompositeBus - ok
16:51:33.0970 5808 COMSysApp - ok
16:51:33.0985 5808 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:51:34.0001 5808 crcdisk - ok
16:51:34.0032 5808 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:51:34.0032 5808 CryptSvc - ok
16:51:34.0048 5808 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
16:51:34.0048 5808 CSC - ok
16:51:34.0079 5808 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
16:51:34.0079 5808 CscService - ok
16:51:34.0110 5808 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
16:51:34.0126 5808 DcomLaunch - ok
16:51:34.0126 5808 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:51:34.0141 5808 defragsvc - ok
16:51:34.0157 5808 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:51:34.0157 5808 DfsC - ok
16:51:34.0188 5808 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:51:34.0188 5808 Dhcp - ok
16:51:34.0204 5808 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:51:34.0204 5808 discache - ok
16:51:34.0219 5808 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:51:34.0219 5808 Disk - ok
16:51:34.0235 5808 [ D0722E963D3C6145446874241401B209 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:51:34.0235 5808 Dnscache - ok
16:51:34.0250 5808 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
16:51:34.0250 5808 dot3svc - ok
16:51:34.0266 5808 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
16:51:34.0266 5808 DPS - ok
16:51:34.0297 5808 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:51:34.0297 5808 drmkaud - ok
16:51:34.0328 5808 [ 39806CFEDDCC55E686A49BCCD2972F23 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:51:34.0328 5808 DXGKrnl - ok
16:51:34.0360 5808 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:51:34.0360 5808 EapHost - ok
16:51:34.0469 5808 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:51:34.0562 5808 ebdrv - ok
16:51:34.0594 5808 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
16:51:34.0609 5808 EFS - ok
16:51:34.0656 5808 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:51:34.0672 5808 ehRecvr - ok
16:51:34.0703 5808 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:51:34.0703 5808 ehSched - ok
16:51:34.0734 5808 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:51:34.0734 5808 elxstor - ok
16:51:34.0750 5808 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
16:51:34.0750 5808 ErrDev - ok
16:51:34.0796 5808 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:51:34.0796 5808 EventSystem - ok
16:51:34.0812 5808 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:51:34.0828 5808 exfat - ok
16:51:34.0843 5808 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:51:34.0843 5808 fastfat - ok
16:51:34.0874 5808 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
16:51:34.0874 5808 Fax - ok
16:51:34.0921 5808 [ 9F7DB1DD926FD5D5598C33644311E9A2 ] FA_Scheduler C:\Program Files\Fortinet\FortiClient\scheduler.exe
16:51:34.0921 5808 FA_Scheduler - ok
16:51:34.0937 5808 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:51:34.0937 5808 fdc - ok
16:51:34.0952 5808 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:51:34.0952 5808 fdPHost - ok
16:51:34.0968 5808 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:51:34.0968 5808 FDResPub - ok
16:51:34.0984 5808 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:51:34.0984 5808 FileInfo - ok
16:51:34.0999 5808 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:51:34.0999 5808 Filetrace - ok
16:51:35.0015 5808 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:51:35.0015 5808 flpydisk - ok
16:51:35.0046 5808 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:51:35.0046 5808 FltMgr - ok
16:51:35.0062 5808 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\Windows\system32\FntCache.dll
16:51:35.0093 5808 FontCache - ok
16:51:35.0140 5808 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:51:35.0140 5808 FontCache3.0.0.0 - ok
16:51:35.0155 5808 [ 61E4C4700CC98F537B1D1A41609A25AC ] fortiapd C:\Windows\system32\drivers\fortiapd.sys
16:51:35.0155 5808 fortiapd - ok
16:51:35.0186 5808 [ EFF623353D292D52C6C353DA24A6242D ] Fortidrv2 C:\Windows\system32\DRIVERS\fortidrv.sys
16:51:35.0186 5808 Fortidrv2 - ok
16:51:35.0202 5808 [ FCA69B9D6251B1A62868F96E3E4B5AAA ] FortiPFW C:\Windows\system32\drivers\FortiPFW2.sys
16:51:35.0218 5808 FortiPFW - ok
16:51:35.0218 5808 [ 2C045910DEEC7BE2A49C1FADBF0E6C07 ] Fortips C:\Windows\system32\drivers\fortips.sys
16:51:35.0233 5808 Fortips - ok
16:51:35.0233 5808 [ 109442B7210B91266BC85F8CC6189DDB ] FortiRdr C:\Windows\system32\drivers\FortiRdr2.sys
16:51:35.0233 5808 FortiRdr - ok
16:51:35.0249 5808 [ 47D29BD8BDFCA566B46E33736B8E3196 ] FortiShield C:\Windows\system32\drivers\FortiShield.sys
16:51:35.0249 5808 FortiShield - ok
16:51:35.0280 5808 [ CD6B0AA80B91CF11278F708AE1521945 ] FortiSslvpnDaemon C:\Windows\system32\FortiSSLVPNdaemon.exe
16:51:35.0296 5808 FortiSslvpnDaemon - ok
16:51:35.0311 5808 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:51:35.0311 5808 FsDepends - ok
16:51:35.0327 5808 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:51:35.0327 5808 Fs_Rec - ok
16:51:35.0358 5808 [ 6F8AC27B43ECE9504FA5D521E086A92A ] ft_vnic C:\Windows\system32\DRIVERS\ftvnic.sys
16:51:35.0358 5808 ft_vnic - ok
16:51:35.0389 5808 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:51:35.0389 5808 fvevol - ok
16:51:35.0420 5808 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:51:35.0420 5808 gagp30kx - ok
16:51:35.0452 5808 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
16:51:35.0452 5808 gpsvc - ok
16:51:35.0514 5808 [ 9D3CB0CA88CB9B39A11B882D7E77CB2C ] GSService C:\Windows\system32\GSService.exe
16:51:35.0514 5808 GSService - ok
16:51:35.0592 5808 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:51:35.0592 5808 gupdate - ok
16:51:35.0608 5808 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:51:35.0608 5808 gupdatem - ok
16:51:35.0623 5808 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:51:35.0623 5808 hcw85cir - ok
16:51:35.0654 5808 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:51:35.0654 5808 HdAudAddService - ok
16:51:35.0686 5808 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:51:35.0686 5808 HDAudBus - ok
16:51:35.0701 5808 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:51:35.0701 5808 HidBatt - ok
16:51:35.0717 5808 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:51:35.0717 5808 HidBth - ok
16:51:35.0732 5808 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:51:35.0732 5808 HidIr - ok
16:51:35.0764 5808 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
16:51:35.0764 5808 hidserv - ok
16:51:35.0779 5808 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:51:35.0779 5808 HidUsb - ok
16:51:35.0795 5808 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:51:35.0810 5808 hkmsvc - ok
16:51:35.0826 5808 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:51:35.0826 5808 HomeGroupListener - ok
16:51:35.0857 5808 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:51:35.0857 5808 HomeGroupProvider - ok
16:51:35.0873 5808 [ E1D82F0C8456ABB03B7DF5D623CA47D1 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
16:51:35.0873 5808 hpdskflt - ok
16:51:35.0920 5808 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:51:35.0920 5808 HpqKbFiltr - ok
16:51:35.0951 5808 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
16:51:35.0951 5808 hpqwmiex - ok
16:51:35.0966 5808 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
16:51:35.0966 5808 HpSAMD - ok
16:51:35.0982 5808 [ D1F817E61D52816996B8F1EBA9A38276 ] hpsrv C:\Windows\system32\Hpservice.exe
16:51:35.0982 5808 hpsrv - ok
16:51:36.0013 5808 [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:51:36.0013 5808 HTCAND32 - ok
16:51:36.0060 5808 [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
16:51:36.0060 5808 htcnprot - ok
16:51:36.0091 5808 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:51:36.0091 5808 HTTP - ok
16:51:36.0107 5808 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:51:36.0107 5808 hwpolicy - ok
16:51:36.0138 5808 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:51:36.0138 5808 i8042prt - ok
16:51:36.0185 5808 [ F54B3DB096ABD6E9BBBD052FD3878A48 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:51:36.0200 5808 IAANTMON - ok
16:51:36.0247 5808 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:51:36.0247 5808 iaStor - ok
16:51:36.0278 5808 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
16:51:36.0278 5808 iaStorV - ok
16:51:36.0310 5808 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:51:36.0341 5808 idsvc - ok
16:51:36.0497 5808 [ A70C995199A47F326EEF4F9F5E6267A1 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:51:36.0668 5808 igfx - ok
16:51:36.0715 5808 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:51:36.0715 5808 iirsp - ok
16:51:36.0762 5808 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
16:51:36.0762 5808 IKEEXT - ok
16:51:36.0824 5808 [ E63CD0D9AA8D406CABDE5AA718936F40 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
16:51:36.0824 5808 IntcHdmiAddService - ok
16:51:36.0840 5808 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:51:36.0840 5808 intelide - ok
16:51:36.0871 5808 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:51:36.0871 5808 intelppm - ok
16:51:36.0871 5808 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:51:36.0871 5808 IPBusEnum - ok
16:51:36.0887 5808 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:51:36.0887 5808 IpFilterDriver - ok
16:51:36.0918 5808 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:51:36.0918 5808 iphlpsvc - ok
16:51:36.0934 5808 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:51:36.0934 5808 IPMIDRV - ok
16:51:36.0949 5808 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:51:36.0949 5808 IPNAT - ok
16:51:36.0965 5808 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:51:36.0965 5808 IRENUM - ok
16:51:36.0980 5808 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
16:51:36.0980 5808 isapnp - ok
16:51:36.0996 5808 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:51:36.0996 5808 iScsiPrt - ok
16:51:37.0027 5808 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:51:37.0027 5808 kbdclass - ok
16:51:37.0043 5808 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:51:37.0043 5808 kbdhid - ok
16:51:37.0058 5808 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
16:51:37.0058 5808 KeyIso - ok
16:51:37.0074 5808 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:51:37.0074 5808 KSecDD - ok
16:51:37.0090 5808 [ 26C046977E85B95036453D7B88BA1820 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:51:37.0090 5808 KSecPkg - ok
16:51:37.0121 5808 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:51:37.0121 5808 KtmRm - ok
16:51:37.0152 5808 [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:51:37.0152 5808 LanmanServer - ok
16:51:37.0183 5808 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:51:37.0183 5808 LanmanWorkstation - ok
16:51:37.0246 5808 [ 71C6A95A5F0CCC87298C4DD0F2C3635A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:51:37.0246 5808 LightScribeService - ok
16:51:37.0277 5808 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:51:37.0277 5808 lltdio - ok
16:51:37.0292 5808 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:51:37.0308 5808 lltdsvc - ok
16:51:37.0308 5808 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:51:37.0324 5808 lmhosts - ok
16:51:37.0339 5808 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:51:37.0339 5808 LSI_FC - ok
16:51:37.0355 5808 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:51:37.0355 5808 LSI_SAS - ok
16:51:37.0370 5808 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:51:37.0370 5808 LSI_SAS2 - ok
16:51:37.0386 5808 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:51:37.0386 5808 LSI_SCSI - ok
16:51:37.0402 5808 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:51:37.0402 5808 luafv - ok
16:51:37.0417 5808 MCSTRM - ok
16:51:37.0448 5808 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:51:37.0448 5808 Mcx2Svc - ok
16:51:37.0448 5808 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:51:37.0448 5808 megasas - ok
16:51:37.0480 5808 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:51:37.0480 5808 MegaSR - ok
16:51:37.0558 5808 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:51:37.0558 5808 Microsoft Office Groove Audit Service - ok
16:51:37.0573 5808 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:51:37.0589 5808 MMCSS - ok
16:51:37.0604 5808 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:51:37.0604 5808 Modem - ok
16:51:37.0620 5808 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:51:37.0620 5808 monitor - ok
16:51:37.0636 5808 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:51:37.0636 5808 mouclass - ok
16:51:37.0651 5808 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:51:37.0667 5808 mouhid - ok
16:51:37.0667 5808 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:51:37.0667 5808 mountmgr - ok
16:51:37.0714 5808 [ CB48C23769C56977EC3DE6DF0C6DBB8C ] MovRVDrv32 C:\Windows\system32\DRIVERS\MovRVDrv32.sys
16:51:37.0714 5808 MovRVDrv32 - ok
16:51:37.0776 5808 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:51:37.0776 5808 MozillaMaintenance - ok
16:51:37.0792 5808 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
16:51:37.0792 5808 mpio - ok
16:51:37.0807 5808 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:51:37.0807 5808 mpsdrv - ok
16:51:37.0854 5808 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
16:51:37.0854 5808 MpsSvc - ok
16:51:37.0870 5808 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:51:37.0885 5808 MRxDAV - ok
16:51:37.0885 5808 [ F4A054BE78AF7F410129C4B64B07DC9B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:51:37.0885 5808 mrxsmb - ok
16:51:37.0916 5808 [ DEFFA295BD1895C6ED8E3078412AC60B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:51:37.0916 5808 mrxsmb10 - ok
16:51:37.0932 5808 [ 24D76ABE5DCAD22F19D105F76FDF0CE1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:51:37.0932 5808 mrxsmb20 - ok
16:51:37.0948 5808 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
16:51:37.0948 5808 msahci - ok
16:51:37.0963 5808 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
16:51:37.0963 5808 msdsm - ok
16:51:37.0979 5808 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:51:37.0979 5808 MSDTC - ok
16:51:37.0994 5808 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:51:37.0994 5808 Msfs - ok
16:51:38.0010 5808 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:51:38.0010 5808 mshidkmdf - ok
16:51:38.0026 5808 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
16:51:38.0026 5808 msisadrv - ok
16:51:38.0057 5808 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:51:38.0057 5808 MSiSCSI - ok
16:51:38.0057 5808 msiserver - ok
16:51:38.0088 5808 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:51:38.0088 5808 MSKSSRV - ok
16:51:38.0088 5808 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:51:38.0088 5808 MSPCLOCK - ok
16:51:38.0104 5808 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:51:38.0104 5808 MSPQM - ok
16:51:38.0119 5808 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:51:38.0119 5808 MsRPC - ok
16:51:38.0135 5808 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:51:38.0135 5808 mssmbios - ok
16:51:38.0135 5808 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:51:38.0135 5808 MSTEE - ok
16:51:38.0150 5808 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:51:38.0150 5808 MTConfig - ok
16:51:38.0182 5808 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:51:38.0182 5808 Mup - ok
16:51:38.0213 5808 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
16:51:38.0213 5808 napagent - ok
16:51:38.0244 5808 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:51:38.0244 5808 NativeWifiP - ok
16:51:38.0275 5808 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:51:38.0275 5808 NDIS - ok
16:51:38.0306 5808 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:51:38.0306 5808 NdisCap - ok
16:51:38.0322 5808 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:51:38.0322 5808 NdisTapi - ok
16:51:38.0338 5808 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:51:38.0338 5808 Ndisuio - ok
16:51:38.0369 5808 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:51:38.0369 5808 NdisWan - ok
16:51:38.0369 5808 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:51:38.0369 5808 NDProxy - ok
16:51:38.0384 5808 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:51:38.0384 5808 NetBIOS - ok
16:51:38.0400 5808 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:51:38.0400 5808 NetBT - ok
16:51:38.0416 5808 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
16:51:38.0416 5808 Netlogon - ok
16:51:38.0447 5808 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:51:38.0447 5808 Netman - ok
16:51:38.0494 5808 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:51:38.0494 5808 NetMsmqActivator - ok
16:51:38.0494 5808 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:51:38.0494 5808 NetPipeActivator - ok
16:51:38.0525 5808 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:51:38.0540 5808 netprofm - ok
16:51:38.0540 5808 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:51:38.0540 5808 NetTcpActivator - ok
16:51:38.0556 5808 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:51:38.0556 5808 NetTcpPortSharing - ok
16:51:38.0587 5808 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:51:38.0587 5808 nfrd960 - ok
16:51:38.0603 5808 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
16:51:38.0603 5808 NlaSvc - ok
16:51:38.0665 5808 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] npf C:\Windows\system32\drivers\npf.sys
16:51:38.0665 5808 npf - ok
16:51:38.0665 5808 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:51:38.0665 5808 Npfs - ok
16:51:38.0681 5808 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:51:38.0681 5808 nsi - ok
16:51:38.0696 5808 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:51:38.0696 5808 nsiproxy - ok
16:51:38.0743 5808 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:51:38.0743 5808 Ntfs - ok
16:51:38.0774 5808 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:51:38.0774 5808 Null - ok
16:51:38.0806 5808 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
16:51:38.0806 5808 nvraid - ok
16:51:38.0821 5808 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
16:51:38.0821 5808 nvstor - ok
16:51:38.0837 5808 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
16:51:38.0837 5808 nv_agp - ok
16:51:38.0915 5808 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:51:38.0915 5808 odserv - ok
16:51:38.0946 5808 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:51:38.0962 5808 ohci1394 - ok
16:51:39.0008 5808 [ D29D5E61A5722630BB58940D1E4E231A ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe
16:51:39.0008 5808 OpenVPNService - ok
16:51:39.0055 5808 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:51:39.0055 5808 ose - ok
16:51:39.0071 5808 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:51:39.0086 5808 p2pimsvc - ok
16:51:39.0102 5808 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:51:39.0118 5808 p2psvc - ok
16:51:39.0133 5808 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:51:39.0133 5808 Parport - ok
16:51:39.0196 5808 [ 6DDCF3F801EC15FE698F6A215CF30A1F ] Partizan C:\Windows\system32\drivers\Partizan.sys
16:51:39.0196 5808 Partizan - ok
16:51:39.0211 5808 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:51:39.0211 5808 partmgr - ok
16:51:39.0227 5808 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:51:39.0227 5808 Parvdm - ok
16:51:39.0289 5808 [ A1E779A0CF7A21B42E8FD3E8856D8481 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
16:51:39.0289 5808 PassThru Service - ok
16:51:39.0305 5808 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:51:39.0320 5808 PcaSvc - ok
16:51:39.0336 5808 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
16:51:39.0336 5808 pci - ok
16:51:39.0352 5808 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
16:51:39.0352 5808 pciide - ok
16:51:39.0367 5808 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:51:39.0367 5808 pcmcia - ok
16:51:39.0383 5808 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:51:39.0383 5808 pcw - ok
16:51:39.0414 5808 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:51:39.0414 5808 PEAUTH - ok
16:51:39.0445 5808 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:51:39.0476 5808 PeerDistSvc - ok
16:51:39.0539 5808 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
16:51:39.0586 5808 pla - ok
16:51:39.0632 5808 [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:51:39.0632 5808 PlugPlay - ok
16:51:39.0648 5808 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:51:39.0648 5808 PNRPAutoReg - ok
16:51:39.0679 5808 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:51:39.0679 5808 PNRPsvc - ok
16:51:39.0710 5808 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:51:39.0710 5808 PolicyAgent - ok
16:51:39.0742 5808 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
16:51:39.0742 5808 Power - ok
16:51:39.0773 5808 [ 4FB133321E33CF310B0010F7F3631536 ] pppop C:\Windows\system32\DRIVERS\pppop.sys
16:51:39.0773 5808 pppop - ok
16:51:39.0820 5808 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:51:39.0820 5808 PptpMiniport - ok
16:51:39.0820 5808 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:51:39.0820 5808 Processor - ok
16:51:39.0851 5808 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
16:51:39.0851 5808 ProfSvc - ok
16:51:39.0866 5808 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:51:39.0866 5808 ProtectedStorage - ok
16:51:39.0882 5808 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:51:39.0882 5808 Psched - ok
16:51:39.0929 5808 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:51:39.0976 5808 ql2300 - ok
16:51:40.0007 5808 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:51:40.0007 5808 ql40xx - ok
16:51:40.0022 5808 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:51:40.0022 5808 QWAVE - ok
16:51:40.0038 5808 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:51:40.0038 5808 QWAVEdrv - ok
16:51:40.0054 5808 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:51:40.0054 5808 RasAcd - ok
16:51:40.0069 5808 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:51:40.0069 5808 RasAgileVpn - ok
16:51:40.0100 5808 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:51:40.0100 5808 RasAuto - ok
16:51:40.0100 5808 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:51:40.0100 5808 Rasl2tp - ok
16:51:40.0132 5808 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
16:51:40.0132 5808 RasMan - ok
16:51:40.0147 5808 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:51:40.0147 5808 RasPppoe - ok
16:51:40.0163 5808 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:51:40.0163 5808 RasSstp - ok
16:51:40.0178 5808 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:51:40.0178 5808 rdbss - ok
16:51:40.0194 5808 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:51:40.0194 5808 rdpbus - ok
16:51:40.0210 5808 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:51:40.0210 5808 RDPCDD - ok
16:51:40.0225 5808 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:51:40.0241 5808 RDPDR - ok
16:51:40.0256 5808 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:51:40.0256 5808 RDPENCDD - ok
16:51:40.0272 5808 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:51:40.0272 5808 RDPREFMP - ok
16:51:40.0288 5808 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:51:40.0288 5808 RDPWD - ok
16:51:40.0303 5808 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:51:40.0319 5808 rdyboost - ok
16:51:40.0350 5808 [ 37ECEBDD930395A9C399FB18A3C236D3 ] RegGuard C:\Windows\system32\Drivers\regguard.sys
16:51:40.0350 5808 RegGuard - ok
16:51:40.0381 5808 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:51:40.0381 5808 RemoteAccess - ok
16:51:40.0397 5808 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:51:40.0412 5808 RemoteRegistry - ok
16:51:40.0444 5808 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
16:51:40.0444 5808 rpcapd - ok
16:51:40.0459 5808 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:51:40.0459 5808 RpcEptMapper - ok
16:51:40.0490 5808 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:51:40.0490 5808 RpcLocator - ok
16:51:40.0506 5808 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\System32\rpcss.dll
16:51:40.0506 5808 RpcSs - ok
16:51:40.0537 5808 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:51:40.0537 5808 rspndr - ok
16:51:40.0553 5808 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
16:51:40.0553 5808 s3cap - ok
16:51:40.0553 5808 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
16:51:40.0553 5808 SamSs - ok
16:51:40.0584 5808 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
16:51:40.0584 5808 sbp2port - ok
16:51:40.0615 5808 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:51:40.0615 5808 SCardSvr - ok
16:51:40.0662 5808 [ 3B35CE540758BBABB721E234CB5A4F3F ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
16:51:40.0662 5808 SCDEmu - ok
16:51:40.0678 5808 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:51:40.0678 5808 scfilter - ok
16:51:40.0709 5808 [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule C:\Windows\system32\schedsvc.dll
16:51:40.0724 5808 Schedule - ok
16:51:40.0740 5808 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:51:40.0740 5808 SCPolicySvc - ok
16:51:40.0756 5808 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:51:40.0756 5808 SDRSVC - ok
16:51:40.0787 5808 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:51:40.0787 5808 secdrv - ok
16:51:40.0787 5808 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:51:40.0802 5808 seclogon - ok
16:51:40.0802 5808 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
16:51:40.0818 5808 SENS - ok
16:51:40.0834 5808 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:51:40.0834 5808 SensrSvc - ok
16:51:40.0849 5808 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:51:40.0849 5808 Serenum - ok
16:51:40.0865 5808 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:51:40.0865 5808 Serial - ok
16:51:40.0896 5808 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:51:40.0896 5808 sermouse - ok
16:51:40.0943 5808 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
16:51:40.0943 5808 SessionEnv - ok
16:51:40.0943 5808 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:51:40.0958 5808 sffdisk - ok
16:51:40.0958 5808 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:51:40.0958 5808 sffp_mmc - ok
16:51:40.0990 5808 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:51:40.0990 5808 sffp_sd - ok
16:51:40.0990 5808 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:51:40.0990 5808 sfloppy - ok
16:51:41.0021 5808 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:51:41.0021 5808 SharedAccess - ok
16:51:41.0036 5808 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:51:41.0052 5808 ShellHWDetection - ok
16:51:41.0068 5808 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
16:51:41.0068 5808 sisagp - ok
16:51:41.0068 5808 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:51:41.0083 5808 SiSRaid2 - ok
16:51:41.0099 5808 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:51:41.0099 5808 SiSRaid4 - ok
16:51:41.0146 5808 [ 579BA0A911FF5EA70CB604CD3B744B0A ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:51:41.0146 5808 SkypeUpdate - ok
16:51:41.0161 5808 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:51:41.0161 5808 Smb - ok
16:51:41.0208 5808 [ C88EAD1E773C444F6ABBA21D01A83408 ] SndTDriverV32 C:\Windows\system32\drivers\SndTDriverV32.sys
16:51:41.0208 5808 SndTDriverV32 - ok
16:51:41.0224 5808 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:51:41.0224 5808 SNMPTRAP - ok
16:51:41.0302 5808 [ D8ABA1293B82E7AF2F78B67CA46FCB3D ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
16:51:41.0348 5808 SNP2UVC - ok
16:51:41.0411 5808 [ A0BFE0335DBE0D1EA371964EBC6719CE ] SoundMovieServer C:\Windows\system32\snmvtsvc.exe
16:51:41.0411 5808 SoundMovieServer - ok
16:51:41.0442 5808 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:51:41.0442 5808 spldr - ok
16:51:41.0458 5808 [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler C:\Windows\System32\spoolsv.exe
16:51:41.0458 5808 Spooler - ok
16:51:41.0504 5808 [ 706AF52894482155B9AA51B611B201E6 ] SpotUsb C:\Windows\system32\DRIVERS\MFUSB_Netduino.sys
16:51:41.0504 5808 SpotUsb - ok
16:51:41.0598 5808 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
16:51:41.0707 5808 sppsvc - ok
16:51:41.0738 5808 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:51:41.0738 5808 sppuinotify - ok
16:51:41.0754 5808 [ 2BA4EBC7DFBA845A1EDBE1F75913BE33 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:51:41.0754 5808 srv - ok
16:51:41.0770 5808 [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:51:41.0785 5808 srv2 - ok
16:51:41.0785 5808 [ B5665BAA2120B8A54E22E9CD07C05106 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:51:41.0801 5808 srvnet - ok
16:51:41.0816 5808 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:51:41.0816 5808 SSDPSRV - ok
16:51:41.0832 5808 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:51:41.0848 5808 SstpSvc - ok
16:51:41.0848 5808 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:51:41.0848 5808 stexstor - ok
16:51:41.0894 5808 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
16:51:41.0894 5808 StiSvc - ok
16:51:41.0910 5808 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
16:51:41.0910 5808 storflt - ok
16:51:41.0926 5808 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
16:51:41.0926 5808 StorSvc - ok
16:51:41.0941 5808 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
16:51:41.0941 5808 storvsc - ok
16:51:41.0941 5808 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:51:41.0941 5808 swenum - ok
16:51:41.0957 5808 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:51:41.0972 5808 swprv - ok
16:51:42.0004 5808 [ 1DE40024679CDE0E573465253519730E ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:51:42.0004 5808 SynTP - ok
16:51:42.0035 5808 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
16:51:42.0050 5808 SysMain - ok
16:51:42.0082 5808 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:51:42.0082 5808 TabletInputService - ok
16:51:42.0113 5808 [ 98A1E6BC9F766B0B0A5BF00AF847EF20 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
16:51:42.0113 5808 tap0901 - ok
16:51:42.0144 5808 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
16:51:42.0144 5808 TapiSrv - ok
16:51:42.0160 5808 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:51:42.0160 5808 TBS - ok
16:51:42.0206 5808 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:51:42.0222 5808 Tcpip - ok
16:51:42.0300 5808 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:51:42.0316 5808 TCPIP6 - ok
16:51:42.0331 5808 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:51:42.0331 5808 tcpipreg - ok
16:51:42.0347 5808 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:51:42.0347 5808 TDPIPE - ok
16:51:42.0362 5808 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:51:42.0362 5808 TDTCP - ok
16:51:42.0378 5808 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:51:42.0378 5808 tdx - ok
16:51:42.0394 5808 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:51:42.0394 5808 TermDD - ok
16:51:42.0425 5808 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
16:51:42.0425 5808 TermService - ok
16:51:42.0440 5808 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:51:42.0440 5808 Themes - ok
16:51:42.0456 5808 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:51:42.0472 5808 THREADORDER - ok
16:51:42.0472 5808 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:51:42.0472 5808 TrkWks - ok
16:51:42.0518 5808 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:51:42.0518 5808 TrustedInstaller - ok
16:51:42.0534 5808 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:51:42.0534 5808 tssecsrv - ok
16:51:42.0565 5808 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:51:42.0565 5808 tunnel - ok
16:51:42.0565 5808 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:51:42.0565 5808 uagp35 - ok
16:51:42.0596 5808 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:51:42.0596 5808 udfs - ok
16:51:42.0628 5808 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:51:42.0628 5808 UI0Detect - ok
16:51:42.0628 5808 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
16:51:42.0628 5808 uliagpkx - ok
16:51:42.0674 5808 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:51:42.0674 5808 umbus - ok
16:51:42.0690 5808 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:51:42.0690 5808 UmPass - ok
16:51:42.0706 5808 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
16:51:42.0706 5808 UmRdpService - ok
16:51:42.0768 5808 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:51:42.0784 5808 upnphost - ok
16:51:42.0815 5808 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:51:42.0815 5808 usbccgp - ok
16:51:42.0830 5808 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
16:51:42.0846 5808 usbcir - ok
16:51:42.0846 5808 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:51:42.0846 5808 usbehci - ok
16:51:42.0908 5808 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:51:42.0908 5808 usbhub - ok
16:51:42.0924 5808 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:51:42.0924 5808 usbohci - ok
16:51:42.0940 5808 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:51:42.0940 5808 usbprint - ok
16:51:42.0955 5808 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:51:42.0955 5808 USBSTOR - ok
16:51:42.0971 5808 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:51:42.0971 5808 usbuhci - ok
16:51:42.0986 5808 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:51:42.0986 5808 usbvideo - ok
16:51:43.0002 5808 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:51:43.0002 5808 UxSms - ok
16:51:43.0033 5808 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
16:51:43.0033 5808 VaultSvc - ok
16:51:43.0049 5808 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
16:51:43.0049 5808 vdrvroot - ok
16:51:43.0080 5808 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
16:51:43.0096 5808 vds - ok
16:51:43.0127 5808 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:51:43.0127 5808 vga - ok
16:51:43.0142 5808 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:51:43.0142 5808 VgaSave - ok
16:51:43.0158 5808 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
16:51:43.0158 5808 vhdmp - ok
16:51:43.0189 5808 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
16:51:43.0189 5808 viaagp - ok
16:51:43.0189 5808 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:51:43.0189 5808 ViaC7 - ok
16:51:43.0220 5808 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
16:51:43.0220 5808 viaide - ok
16:51:43.0236 5808 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
16:51:43.0236 5808 vmbus - ok
16:51:43.0236 5808 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
16:51:43.0236 5808 VMBusHID - ok
16:51:43.0252 5808 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
16:51:43.0252 5808 volmgr - ok
16:51:43.0283 5808 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:51:43.0283 5808 volmgrx - ok
16:51:43.0298 5808 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
16:51:43.0298 5808 volsnap - ok
16:51:43.0314 5808 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:51:43.0314 5808 vsmraid - ok
16:51:43.0345 5808 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
16:51:43.0392 5808 VSS - ok
16:51:43.0408 5808 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:51:43.0408 5808 vwifibus - ok
16:51:43.0423 5808 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:51:43.0423 5808 vwififlt - ok
16:51:43.0439 5808 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:51:43.0454 5808 W32Time - ok
16:51:43.0470 5808 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:51:43.0470 5808 WacomPen - ok
16:51:43.0486 5808 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:51:43.0486 5808 WANARP - ok
16:51:43.0501 5808 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:51:43.0501 5808 Wanarpv6 - ok
16:51:43.0532 5808 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
16:51:43.0579 5808 wbengine - ok
16:51:43.0595 5808 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:51:43.0610 5808 WbioSrvc - ok
16:51:43.0626 5808 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:51:43.0626 5808 wcncsvc - ok
16:51:43.0642 5808 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:51:43.0642 5808 WcsPlugInService - ok
16:51:43.0657 5808 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:51:43.0657 5808 Wd - ok
16:51:43.0657 5808 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:51:43.0673 5808 Wdf01000 - ok
16:51:43.0673 5808 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:51:43.0673 5808 WdiServiceHost - ok
16:51:43.0688 5808 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:51:43.0688 5808 WdiSystemHost - ok
16:51:43.0704 5808 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
16:51:43.0704 5808 WebClient - ok
16:51:43.0720 5808 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:51:43.0720 5808 Wecsvc - ok
16:51:43.0735 5808 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:51:43.0751 5808 wercplsupport - ok
16:51:43.0766 5808 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:51:43.0782 5808 WerSvc - ok
16:51:43.0782 5808 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:51:43.0782 5808 WfpLwf - ok
16:51:43.0798 5808 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:51:43.0798 5808 WIMMount - ok
16:51:43.0876 5808 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:51:43.0891 5808 WinDefend - ok
16:51:43.0907 5808 WinHttpAutoProxySvc - ok
16:51:43.0969 5808 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:51:43.0969 5808 Winmgmt - ok
16:51:44.0016 5808 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
16:51:44.0047 5808 WinRM - ok
16:51:44.0110 5808 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:51:44.0110 5808 WinUsb - ok
16:51:44.0125 5808 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:51:44.0141 5808 Wlansvc - ok
16:51:44.0250 5808 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:51:44.0266 5808 wlidsvc - ok
16:51:44.0312 5808 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:51:44.0312 5808 WmiAcpi - ok
16:51:44.0328 5808 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:51:44.0328 5808 wmiApSrv - ok
16:51:44.0375 5808 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:51:44.0375 5808 WMPNetworkSvc - ok
16:51:44.0390 5808 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:51:44.0390 5808 WPCSvc - ok
16:51:44.0406 5808 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:51:44.0406 5808 WPDBusEnum - ok
16:51:44.0422 5808 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:51:44.0422 5808 ws2ifsl - ok
16:51:44.0453 5808 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
16:51:44.0453 5808 wscsvc - ok
16:51:44.0453 5808 WSearch - ok
16:51:44.0531 5808 [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv C:\Windows\system32\wuaueng.dll
16:51:44.0593 5808 wuauserv - ok
16:51:44.0609 5808 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:51:44.0609 5808 WudfPf - ok
16:51:44.0640 5808 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:51:44.0640 5808 WUDFRd - ok
16:51:44.0656 5808 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:51:44.0656 5808 wudfsvc - ok
16:51:44.0671 5808 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:51:44.0671 5808 WwanSvc - ok
16:51:44.0718 5808 [ F0CEEA6CC0E5BFEFC745B66DC5E9816B ] yksvc C:\Windows\System32\yk62x86.dll
16:51:44.0718 5808 yksvc - ok
16:51:44.0749 5808 [ 3EB1576F77B60A6C79DD7742B67219B8 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
16:51:44.0749 5808 yukonw7 - ok
16:51:44.0765 5808 ================ Scan global ===============================
16:51:44.0796 5808 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
16:51:44.0812 5808 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
16:51:44.0827 5808 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
16:51:44.0858 5808 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:51:44.0874 5808 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:51:44.0874 5808 [Global] - ok
16:51:44.0874 5808 ================ Scan MBR ==================================
16:51:44.0874 5808 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:51:45.0311 5808 \Device\Harddisk0\DR0 - ok
16:51:45.0311 5808 ================ Scan VBR ==================================
16:51:45.0311 5808 [ 0F93389D29215ABBDBA9AB6BB5F37142 ] \Device\Harddisk0\DR0\Partition1
16:51:45.0311 5808 \Device\Harddisk0\DR0\Partition1 - ok
16:51:45.0326 5808 [ 0BC4D6E73256F5E67849D13A171C1EF8 ] \Device\Harddisk0\DR0\Partition2
16:51:45.0326 5808 \Device\Harddisk0\DR0\Partition2 - ok
16:51:45.0326 5808 ============================================================
16:51:45.0326 5808 Scan finished
16:51:45.0326 5808 ============================================================
16:51:45.0342 1272 Detected object count: 0
16:51:45.0342 1272 Actual detected object count: 0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 23 September 2012 - 08:45 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 killerfuse

killerfuse
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 23 September 2012 - 09:31 PM

Here is the Combofix log.

Unfortunately, I just tested a google search and it is still redirecting random search queries. This time it redirected a search to http://shop6-3.forless.com/.


ComboFix 12-09-23.03 - killerfuse 09/23/2012 22:00:01.5.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3000.1687 [GMT -4:00]
Running from: c:\users\killerfuse\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: FortiClient Personal Firewall *Disabled* {006D9983-6839-71D6-14E6-D7AD47ECD682}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\_ctypes.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\_elementtree.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\_hashlib.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\_socket.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\_ssl.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\pyexpat.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\pysqlite2._sqlite.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\python26.dll
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\pythoncom26.dll
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\pywintypes26.dll
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\select.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\unicodedata.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\win32api.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\win32com.shell.shell.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\win32crypt.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\win32event.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\win32file.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\win32inet.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\win32pdh.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\win32process.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\win32security.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\windows._cacheinvalidation.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\wx._controls_.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\wx._core_.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\wx._gdi_.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\wx._html2.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\wx._misc_.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\wx._windows_.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\wx._wizard.pyd
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\wxbase293u_net_vc.dll
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\wxbase293u_vc.dll
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\wxmsw293u_adv_vc.dll
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\wxmsw293u_core_vc.dll
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\wxmsw293u_html_vc.dll
c:\users\KILLER~1\AppData\Local\Temp\_MEI15562\wxmsw293u_webview_vc.dll
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\_ctypes.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\_elementtree.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\_hashlib.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\_socket.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\_ssl.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\pyexpat.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\pysqlite2._sqlite.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\python26.dll
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\pythoncom26.dll
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\pywintypes26.dll
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\select.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\unicodedata.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\win32api.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\win32com.shell.shell.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\win32crypt.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\win32event.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\win32file.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\win32inet.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\win32pdh.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\win32process.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\win32security.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\windows._cacheinvalidation.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\wx._controls_.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\wx._core_.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\wx._gdi_.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\wx._html2.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\wx._misc_.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\wx._windows_.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\wx._wizard.pyd
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\wxbase293u_net_vc.dll
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\wxbase293u_vc.dll
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\wxmsw293u_adv_vc.dll
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\wxmsw293u_core_vc.dll
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\wxmsw293u_html_vc.dll
c:\users\killerfuse\AppData\Local\Temp\_MEI15562\wxmsw293u_webview_vc.dll
c:\users\killerfuse\AppData\Roaming\D36943
c:\windows\system32\~.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
.
.
2012-09-24 02:05 . 2012-09-24 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-21 22:19 . 2012-07-29 17:59 81920 ----a-w- c:\windows\system32\pdfcmon.dll
2012-09-21 22:19 . 2012-05-05 15:54 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-09-21 22:19 . 2012-05-05 15:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-09-21 22:19 . 2012-09-21 22:19 -------- d-----w- c:\program files\PDFCreator
2012-09-21 22:19 . 2012-05-05 15:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-09-21 22:15 . 2012-09-21 22:16 87191 ----a-w- c:\windows\system32\~.tmp
2012-09-19 00:09 . 2012-09-19 00:09 135016 ----a-w- c:\windows\system32\LnkProtect.dll
2012-09-18 02:21 . 2012-09-18 02:21 14664 ----a-w- c:\windows\stinger.sys
2012-09-18 02:20 . 2012-09-18 02:31 -------- d-----w- c:\program files\stinger
2012-09-16 02:33 . 2012-09-16 02:33 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-09-16 02:24 . 2012-09-24 02:11 -------- d-----w- c:\programdata\RegRun
2012-09-16 02:24 . 2012-09-16 02:24 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-09-16 02:24 . 2012-09-16 02:24 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-09-16 02:24 . 2012-09-16 02:24 2 --shatr- c:\windows\winstart.bat
2012-09-16 02:24 . 2012-09-10 16:59 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-09-16 02:24 . 2012-09-24 02:11 -------- d-----w- c:\program files\UnHackMe
2012-09-15 00:06 . 2012-09-24 02:11 -------- d-----w- c:\users\killerfuse\AppData\Local\temp
2012-09-14 23:24 . 2012-09-14 23:24 388096 ----a-r- c:\users\killerfuse\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-14 23:24 . 2012-09-14 23:24 -------- d-----w- c:\program files\Trend Micro
2012-09-14 23:20 . 2012-09-14 23:20 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-09-14 23:07 . 2012-09-14 23:20 -------- d-----w- c:\programdata\HitmanPro
2012-09-07 23:14 . 2012-09-07 23:14 -------- d-----w- c:\program files\MediaInfo
2012-09-07 22:34 . 2012-09-07 23:16 -------- d-----w- c:\users\killerfuse\AppData\Roaming\avidemux
2012-09-07 22:34 . 2012-09-07 22:34 -------- d-----w- c:\program files\Avidemux 2.5
2012-09-03 19:48 . 2012-09-03 19:48 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-03 19:42 . 2012-09-03 19:42 -------- d-----w- c:\users\killerfuse\AppData\Local\{8FC9B471-F5FF-11E1-8270-B8AC6F996F26}
2012-09-03 02:12 . 2012-09-03 02:12 -------- d-----w- c:\program files\AAALOGO2009
2012-08-29 00:13 . 2012-08-29 00:13 -------- d-----w- c:\program files\Common Files\Java
2012-08-29 00:09 . 2012-08-29 00:09 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-28 23:16 . 2012-08-28 23:16 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 21:04 . 2012-03-07 23:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 19:43 . 2012-04-21 00:57 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-03 19:43 . 2011-06-24 02:03 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-29 00:09 . 2012-03-11 22:15 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 00:09 . 2011-08-07 20:19 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 19:43 . 2012-08-24 19:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-07-26 07:21 . 2012-07-26 07:21 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-07 03:10 . 2012-09-07 03:10 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\killerfuse\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\killerfuse\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\killerfuse\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-09-06 15668432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-02 151064]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
.
c:\users\killerfuse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\killerfuse\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0Partizan\0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R1 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys [x]
R3 GSService;GSService;c:\windows\system32\GSService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [x]
R3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [x]
R3 SpotUsb;SpotUsb;c:\windows\system32\DRIVERS\MFUSB_Netduino.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 fortiapd;fortiapd;c:\windows\system32\drivers\fortiapd.sys [x]
S1 FortiPFW;FortiPFW;c:\windows\system32\drivers\FortiPFW2.sys [x]
S1 FortiRdr;FortiRdr;c:\windows\system32\drivers\FortiRdr2.sys [x]
S1 FortiShield;FortiShield;c:\windows\system32\drivers\FortiShield.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [x]
S3 Fortidrv2;Fortinet Packet Filter Service;c:\windows\system32\DRIVERS\fortidrv.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [x]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Partizan
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 20:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-02 01:23]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-02 01:23]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1215852721-1282264924-1613360562-1000Core.job
- c:\users\killerfuse\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 23:56]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1215852721-1282264924-1613360562-1000UA.job
- c:\users\killerfuse\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 23:56]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\killerfuse\AppData\Roaming\Mozilla\Firefox\Profiles\h9etwuxn.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3820)
c:\users\killerfuse\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Fortinet\FortiClient\scheduler.exe
c:\program files\Fortinet\FortiClient\FCDBLog.exe
c:\program files\Fortinet\FortiClient\fcappdb.exe
c:\program files\Fortinet\FortiClient\FortiProxy.exe
c:\program files\Fortinet\FortiClient\fortifw.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\UnHackMe\hackmon.exe
c:\program files\Fortinet\FortiClient\FortiTray.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-09-23 22:14:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-24 02:14
ComboFix.txt 2012-09-24 01:59
.
Pre-Run: 46,863,454,208 bytes free
Post-Run: 46,750,097,408 bytes free
.
- - End Of File - - 0BACD57F3CFA0A705309271E483DD724

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 23 September 2012 - 09:49 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 killerfuse

killerfuse
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 23 September 2012 - 10:20 PM

Here is OTL.Txt:

OTL logfile created on: 9/23/2012 11:00:02 PM - Run 3
OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\killerfuse\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 60.66% Memory free
5.86 Gb Paging File | 4.59 Gb Available in Paging File | 78.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 43.52 Gb Free Space | 18.69% Space Free | Partition Type: NTFS

Computer Name: KILLERLAPTOP | User Name: killerfuse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\killerfuse\Desktop\bleepingcomputer\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\killerfuse\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files\Fortinet\FortiClient\FortiTray.exe (Fortinet Inc.)
PRC - C:\Program Files\Fortinet\FortiClient\fcappdb.exe (Fortinet Inc.)
PRC - C:\Program Files\Fortinet\FortiClient\FortiProxy.exe (Fortinet Inc.)
PRC - C:\Program Files\Fortinet\FortiClient\FCDBLog.exe (Fortinet Inc.)
PRC - C:\Program Files\Fortinet\FortiClient\fortifw.exe (Fortinet Inc.)
PRC - C:\Program Files\Fortinet\FortiClient\scheduler.exe (Fortinet Inc.)
PRC - C:\Windows\System32\FortiSSLVPNdaemon.exe (Fortinet Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\windows._cacheinvalidation.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\wx._gdi_.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\wx._misc_.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\pysqlite2._sqlite.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\pythoncom26.dll ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\win32com.shell.shell.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\win32api.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\_elementtree.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\_ctypes.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\wx._html2.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\_socket.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\win32crypt.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\wx._core_.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\wx._controls_.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\wx._windows_.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\_ssl.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\unicodedata.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\_hashlib.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\pyexpat.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\wx._wizard.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\win32file.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\win32security.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\pywintypes26.dll ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\win32inet.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\win32process.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\win32pdh.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\win32event.pyd ()
MOD - C:\Users\killerfuse\AppData\Local\temp\_MEI2322\select.pyd ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (GSService) -- C:\Windows\System32\GSService.exe ()
SRV - (OpenVPNService) -- C:\Program Files\OpenVPN\bin\openvpnserv.exe ()
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (FA_Scheduler) -- C:\Program Files\Fortinet\FortiClient\scheduler.exe (Fortinet Inc.)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (FortiSslvpnDaemon) -- C:\Windows\System32\FortiSSLVPNdaemon.exe (Fortinet Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (SoundMovieServer) -- C:\Windows\System32\snmvtsvc.exe (SoundMovieServer)


========== Driver Services (SafeList) ==========

DRV - (MCSTRM) -- File not found
DRV - (catchme) -- C:\Users\KILLER~1\AppData\Local\Temp\catchme.sys File not found
DRV - (RegGuard) -- C:\Windows\System32\drivers\regguard.sys (Greatis Software)
DRV - (Partizan) -- C:\Windows\System32\drivers\Partizan.sys (Greatis Software)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (FortiPFW) -- C:\Windows\System32\drivers\fortipfw2.sys (Fortinet Inc)
DRV - (FortiRdr) -- C:\Windows\System32\drivers\FortiRdr2.sys (Fortinet Inc)
DRV - (FortiShield) -- C:\Windows\System32\drivers\FortiShield.sys (Fortinet Inc)
DRV - (Fortips) -- C:\Windows\System32\drivers\fortips.sys (Fortinet Inc)
DRV - (fortiapd) -- C:\Windows\System32\drivers\fortiapd.sys (Fortinet Inc)
DRV - (SpotUsb) -- C:\Windows\System32\drivers\MFUSB_Netduino.sys (Microsoft Corporation)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV - (Fortidrv2) -- C:\Windows\System32\drivers\fortidrv.sys (Fortinet Inc)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (pppop) -- C:\Windows\System32\drivers\pppop.sys (Fortinet Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ft_vnic) -- C:\Windows\System32\drivers\ftvnic.sys (Fortinet Inc.)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (MovRVDrv32) -- C:\Windows\System32\drivers\MovRVDrv32.sys (Windows ® 2000 DDK provider)
DRV - (SndTDriverV32) -- C:\Windows\System32\drivers\SndTDriverV32.sys (Windows ® Codename Longhorn DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1215852721-1282264924-1613360562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1215852721-1282264924-1613360562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB C9 86 8E 95 8C CD 01 [binary data]
IE - HKU\S-1-5-21-1215852721-1282264924-1613360562-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1215852721-1282264924-1613360562-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1215852721-1282264924-1613360562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {8FC9B471-F5FF-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@FortinetCacheClean: C:\Program Files\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@FortinetTunnelControl: C:\Program Files\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\killerfuse\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\killerfuse\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\tenhands.net/TenHandsPlugin: C:\Users\killerfuse\AppData\Roaming\TenHandsInc\TenHandsPlugin\1.8.20.1291\npTenHandsPlugin.dll (TenHands Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 09:09:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 23:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/18 22:55:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8FC9B471-F5FF-11E1-8270-B8AC6F996F26}: C:\Users\killerfuse\AppData\Local\{8FC9B471-F5FF-11E1-8270-B8AC6F996F26}\ [2012/09/03 15:42:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 23:10:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/18 22:55:09 | 000,000,000 | ---D | M]

[2011/04/20 21:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\killerfuse\AppData\Roaming\Mozilla\Extensions
[2012/05/01 21:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\killerfuse\AppData\Roaming\Mozilla\Firefox\Profiles\h9etwuxn.default\extensions
[2012/09/06 23:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/03 15:42:57 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\killerfuse\APPDATA\LOCAL\{8FC9B471-F5FF-11E1-8270-B8AC6F996F26}
[2012/09/06 23:10:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 18:33:48 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/30 18:33:48 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\killerfuse\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\killerfuse\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\killerfuse\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\killerfuse\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: FortiClient SSL VPN CacheClean Service (Enabled) = C:\Program Files\Fortinet\SslvpnClient\npccplugin.dll
CHR - plugin: FortiClient SSL VPN Tunnel Service (Enabled) = C:\Program Files\Fortinet\SslvpnClient\nptcplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\killerfuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\killerfuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Fast save = C:\Users\killerfuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbbpdgilednknkplknpplccbnmbjnnfc\1.1_0\
CHR - Extension: AVG Do Not Track = C:\Users\killerfuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\killerfuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/23 22:11:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\S-1-5-21-1215852721-1282264924-1613360562-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Users\killerfuse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\killerfuse\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1215852721-1282264924-1613360562-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1215852721-1282264924-1613360562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O15 - HKU\S-1-5-21-1215852721-1282264924-1613360562-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1215852721-1282264924-1613360562-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1215852721-1282264924-1613360562-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1215852721-1282264924-1613360562-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4B6D699-6F1B-4DAA-AC4D-29347FA4E707}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (s2\{f6a3ff9c-7595-11df-a334-806e6f6e6963}\Shell)
O34 - HKLM BootExecute: (0)
O34 - HKLM BootExecute: (rives...)
O34 - HKLM BootExecute: (\AppData\Roaming\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/23 22:38:14 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/09/23 22:38:14 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/09/23 22:37:53 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/09/23 22:37:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/09/23 22:14:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/23 22:13:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/23 21:48:38 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{2ABB697D-ADBD-44CA-ADAE-9CE919030ED3}
[2012/09/23 15:03:06 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\Desktop\RK_Quarantine
[2012/09/22 19:01:07 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\Desktop\bleepingcomputer
[2012/09/22 18:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Reliable Controls
[2012/09/21 18:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012/09/21 18:19:22 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2012/09/21 18:19:22 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2012/09/21 18:19:22 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012/09/21 18:19:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2012/09/21 18:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012/09/19 09:46:22 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{7CE4814C-7538-4E45-A26E-D74B969D8C79}
[2012/09/18 21:45:57 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{364863DE-9B6A-4086-B516-DB1430CFCC2B}
[2012/09/18 20:09:54 | 000,135,016 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\LnkProtect.dll
[2012/09/18 09:45:33 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{1BE328E8-745E-4B18-B24C-B8A765EA5FD4}
[2012/09/18 08:59:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/09/17 22:21:00 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/09/17 22:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/09/16 09:44:33 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{2D05FB8E-0CD8-44C6-B703-A79C88A0F83D}
[2012/09/15 22:33:24 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2012/09/15 22:24:42 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2012/09/15 22:24:42 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2012/09/15 22:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012/09/15 22:24:20 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\Documents\RegRun2
[2012/09/15 22:24:17 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2012/09/15 22:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2012/09/15 22:24:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2012/09/15 22:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2012/09/14 21:43:45 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{036D6444-5E1D-4269-A102-54AEECD0B8D0}
[2012/09/14 20:06:57 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\temp
[2012/09/14 19:39:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/14 19:39:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/14 19:39:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/14 19:39:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/14 19:38:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/14 19:24:56 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/09/14 19:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/09/14 19:20:29 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/09/14 19:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/09/12 21:41:39 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{DD2B98DB-0746-4257-9BA2-F8AF3EEBC338}
[2012/09/11 14:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/11 13:55:34 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{AA4C874B-33E5-4239-98EC-BA4074092DAA}
[2012/09/07 19:14:26 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
[2012/09/07 19:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2012/09/07 18:34:25 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Roaming\avidemux
[2012/09/07 18:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux
[2012/09/07 18:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5
[2012/09/06 23:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/06 07:36:04 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{EBCC8656-732D-46F5-990C-38FF0AE154A7}
[2012/09/05 19:35:39 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{3857E5AF-F021-44A2-9BA9-585C3B65CFC6}
[2012/09/03 15:48:14 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/09/03 15:42:57 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{8FC9B471-F5FF-11E1-8270-B8AC6F996F26}
[2012/09/02 22:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AAA Logo 2009
[2012/09/02 22:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\AAALOGO2009
[2012/08/28 20:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/28 20:10:04 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/28 20:09:54 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/08/28 19:27:54 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{FA61BD58-8702-4213-B38F-DCA2B067DAED}
[2012/08/28 19:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/28 07:27:07 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{CC466BCD-BBD1-4C40-B965-BBD4451111C9}
[2012/08/27 19:26:33 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{493F9102-55B1-47BC-A6D7-946457BF8642}
[2012/08/27 07:26:00 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{E180E804-4FD3-464A-91DE-37227FB7D0E8}
[2012/08/26 19:25:23 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{DF212CE2-DC97-47FE-A38F-8C4E986431C2}
[2012/08/26 07:25:07 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{D5142B49-5C9C-40DC-A5E2-3AD20EC4EE54}
[2012/08/25 19:24:54 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{D692D4A1-4FAB-4934-BD73-A2370E8E273A}
[2012/08/25 07:24:31 | 000,000,000 | ---D | C] -- C:\Users\killerfuse\AppData\Local\{AD7EE3B5-89A9-4547-B6DB-4133070CC754}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/23 22:59:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/23 22:44:34 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 22:44:34 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 22:34:35 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/23 22:34:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/23 22:34:06 | 2359,504,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/23 22:21:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1215852721-1282264924-1613360562-1000UA.job
[2012/09/23 22:11:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/23 18:55:27 | 095,595,689 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/09/23 14:16:00 | 000,002,052 | -H-- | M] () -- C:\Users\killerfuse\Documents\Default.rdp
[2012/09/23 04:21:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1215852721-1282264924-1613360562-1000Core.job
[2012/09/23 03:13:39 | 000,000,600 | ---- | M] () -- C:\Users\killerfuse\AppData\Local\PUTTY.RND
[2012/09/22 19:09:47 | 000,302,592 | ---- | M] () -- C:\Users\killerfuse\Desktop\gmer.exe
[2012/09/22 18:58:11 | 000,000,000 | ---- | M] () -- C:\Users\killerfuse\defogger_reenable
[2012/09/22 16:07:07 | 000,662,722 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/22 16:07:07 | 000,121,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/21 20:31:52 | 000,870,128 | ---- | M] () -- C:\Users\killerfuse\AppData\Roaming\mcs.rma
[2012/09/20 18:03:27 | 000,209,384 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/09/18 22:55:09 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/09/18 20:09:54 | 000,135,016 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\LnkProtect.dll
[2012/09/18 19:21:36 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/17 22:21:00 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/09/15 22:33:24 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2012/09/15 22:24:42 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2012/09/15 22:24:42 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2012/09/15 22:24:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/15 22:24:22 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2012/09/15 22:24:22 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/09/15 22:24:19 | 000,000,917 | ---- | M] () -- C:\Users\killerfuse\Desktop\UnHackMe.lnk
[2012/09/14 19:24:56 | 000,003,007 | ---- | M] () -- C:\Users\killerfuse\Desktop\HiJackThis.lnk
[2012/09/14 19:20:29 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/09/14 17:55:41 | 000,000,053 | ---- | M] () -- C:\Users\killerfuse\Desktop\google83e655503739bed7.html
[2012/09/14 16:06:07 | 000,020,136 | ---- | M] () -- C:\Users\killerfuse\.recently-used.xbel
[2012/09/11 15:32:51 | 000,000,000 | ---- | M] () -- C:\Users\killerfuse\AppData\Local\
[2012/09/10 12:59:28 | 000,012,800 | ---- | M] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/07 11:13:45 | 000,001,994 | ---- | M] () -- C:\Users\killerfuse\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/03 15:43:00 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/03 15:43:00 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/02 22:12:46 | 000,000,937 | ---- | M] () -- C:\Users\killerfuse\Application Data\Microsoft\Internet Explorer\Quick Launch\AAA Logo 2009.lnk
[2012/08/31 15:18:01 | 000,002,465 | ---- | M] () -- C:\Users\killerfuse\Desktop\Google Chrome.lnk
[2012/08/28 20:09:47 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/08/28 20:09:47 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/08/28 20:09:47 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/28 20:09:47 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/28 20:09:47 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/28 20:09:47 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/22 18:58:11 | 000,000,000 | ---- | C] () -- C:\Users\killerfuse\defogger_reenable
[2012/09/18 22:55:09 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/09/15 22:24:22 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/09/15 22:24:19 | 000,000,917 | ---- | C] () -- C:\Users\killerfuse\Desktop\UnHackMe.lnk
[2012/09/14 19:39:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/14 19:39:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/14 19:39:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/14 19:39:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/14 19:39:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/14 19:24:56 | 000,003,007 | ---- | C] () -- C:\Users\killerfuse\Desktop\HiJackThis.lnk
[2012/09/14 17:55:41 | 000,000,053 | ---- | C] () -- C:\Users\killerfuse\Desktop\google83e655503739bed7.html
[2012/09/14 16:06:07 | 000,020,136 | ---- | C] () -- C:\Users\killerfuse\.recently-used.xbel
[2012/09/05 18:07:00 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/03 15:42:57 | 000,000,000 | ---- | C] () -- C:\Users\killerfuse\AppData\Local\
[2012/09/02 22:12:46 | 000,000,937 | ---- | C] () -- C:\Users\killerfuse\Application Data\Microsoft\Internet Explorer\Quick Launch\AAA Logo 2009.lnk
[2011/11/07 19:50:18 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/11/07 19:50:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/11/06 22:25:38 | 000,000,229 | ---- | C] () -- C:\Users\killerfuse\.swfinfo
[2011/10/22 21:46:15 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/09/01 10:12:50 | 000,450,048 | ---- | C] () -- C:\Windows\System32\GSService.exe
[2011/06/22 18:03:38 | 000,870,128 | ---- | C] () -- C:\Users\killerfuse\AppData\Roaming\mcs.rma
[2011/06/22 18:00:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/03/29 15:26:25 | 000,000,089 | ---- | C] () -- C:\Users\killerfuse\userdic.tlx
[2011/03/29 10:02:49 | 000,003,584 | ---- | C] () -- C:\Users\killerfuse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/28 14:00:28 | 000,000,600 | ---- | C] () -- C:\Users\killerfuse\AppData\Local\PUTTY.RND

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 21:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\killerfuse\Desktop\Hurricane Fran.m4v:TOC.WMV

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 24 September 2012 - 07:32 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
    O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
    O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
    @Alternate Data Stream - 64 bytes -> C:\Users\killerfuse\Desktop\Hurricane Fran.m4v:TOC.WMV    
    [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    [2012/09/11 15:32:51 | 000,000,000 | ---- | M] () -- C:\Users\killerfuse\AppData\Local\
    [2012/09/03 15:42:57 | 000,000,000 | ---- | C] () -- C:\Users\killerfuse\AppData\Local\
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 killerfuse

killerfuse
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 24 September 2012 - 07:51 PM

Here is the OTL log. Problem is still here.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
ADS C:\Users\killerfuse\Desktop\Hurricane Fran.m4v:TOC.WMV deleted successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
C:\Users\killerfuse\AppData\Local\ moved successfully.
File C:\Users\killerfuse\AppData\Local\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\killerfuse\Desktop\bleepingcomputer\cmd.bat deleted successfully.
C:\Users\killerfuse\Desktop\bleepingcomputer\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: killerfuse
->Java cache emptied: 11619646 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 11.00 mb


[EMPTYFLASH]

User: All Users

User: killerfuse
->Flash cache emptied: 130665 bytes

User: Default
->Flash cache emptied: 56504 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.66.2 log created on 09242012_204223

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 25 September 2012 - 01:27 AM

Hello


In which browser does this happen in? please check all that are installed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 killerfuse

killerfuse
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 25 September 2012 - 09:16 AM

It seems to only happen in Firefox. Internet Explorer and Chrome aren't having any issues from what I can tell with several test search queries I tried.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 25 September 2012 - 01:03 PM

Hello

I want you to reset firefox back to defaults, to do this I need you to do this

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users