Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacker?


  • This topic is locked This topic is locked
16 replies to this topic

#1 Timber!

Timber!

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Asheville, North Carolina
  • Local time:01:11 PM

Posted 23 September 2012 - 01:37 PM

Hi,

I think I have something not too nice on my PC.

Thanks in advance for any help,
Shannon

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 24 September 2012 - 01:11 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Timber!

Timber!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Asheville, North Carolina
  • Local time:01:11 PM

Posted 24 September 2012 - 09:02 AM

Here you go:


Security Check

Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Lavasoft Ad-Aware
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
Adobe Flash Player 11.4.402.265
Mozilla Firefox (15.0.1)
Google Chrome 15.0.874.120
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
MediaMall MediaMallServer.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````



ADW Cleaner

# AdwCleaner v2.003 - Logfile created 09/24/2012 at 09:54:58
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Shannon - SHANNON-PC
# Boot Mode : Normal
# Running from : C:\Users\Shannon\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Shannon\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Shannon\AppData\Local\Conduit
Folder Deleted : C:\Users\Shannon\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Shannon\AppData\Local\Temp\CT3072253
Folder Deleted : C:\Users\Shannon\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Shannon\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Shannon\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\gl85toj9.default\ConduitCommon
Folder Deleted : C:\Users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\gl85toj9.default\CT3072253
Folder Deleted : C:\Users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\gl85toj9.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B992625B-FA67-4617-ADDC-D9168A1F18D3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F919FB10-FAE8-410D-8C60-1628495F8696}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\gl85toj9.default\prefs.js

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "23-9-2012");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Sat Sep 22 2012 19:10:44 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "23-6-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FirstTimeHiddenVer", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072253.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "fft42D8.tmp.exe");
Deleted : user_pref("CT3072253.InstallationType", "XPE");
Deleted : user_pref("CT3072253.InstalledDate", "Fri Jun 22 2012 21:32:35 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Sat Sep 22 2012 20:17:07 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Mon Jul 16 2012 20:07:59 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Mon Sep 03 2012 08:46:13 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Sun Sep 23 2012 11:22:18 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3072253.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipShow", false);
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT3072253.RadioShrinked", "shrinked");
Deleted : user_pref("CT3072253.RadioShrinkedFromSetup", true);
Deleted : user_pref("CT3072253.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT3072253.SearchBoxWidth", 150);
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Sat Sep 22 2012 19:10:43 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Mon Sep 24 2012 09:22:47 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Sun Sep 23 2012 14:16:48 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1348408956");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Mon Sep 03 2012 10:58:19 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", true);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN89069183230182645");
Deleted : user_pref("CT3072253.ValidationData_Search", 2);
Deleted : user_pref("CT3072253.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.approveUntrustedApps", true);
Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "467269204A756E20323220323031322032313A33323A34302[...]
Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F75732E6D63313131372E6D61696C2E7[...]
Deleted : user_pref("CT3072253.components.129573915102477663", false);
Deleted : user_pref("CT3072253.components.129593762370823811", false);
Deleted : user_pref("CT3072253.components.129749445881800338", false);
Deleted : user_pref("CT3072253.components.129805375651312503", false);
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Sun Sep 23 2012 12:01:49 GMT-0400 (Eastern [...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false);
Deleted : user_pref("CT3072253.isFirstRadioInstallation", false);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
Deleted : user_pref("CT3072253.revertSettingsEnabled", false);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Sat Sep 22 2012 20:16:46 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Sat Sep 22 2012 19:10:44 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://newtab.conduit-hosting.com/newtab/?ctid=CT3072253", "\"38696[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?curre[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"9df[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Shannon\\AppData\\Roaming\\Mozilla\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7Ba05[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId", "a723bdc0-9c7f-4aa9-ad6d-60145d6635c6");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 22 2012 19:11:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Sep 24 2012 09:22:45 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "9b23e6a7-f45e-404b-972c-f5449e4ccea4");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]

*************************

AdwCleaner[S1].txt - [21018 octets] - [24/09/2012 09:54:58]

########## EOF - C:\AdwCleaner[S1].txt - [21079 octets] ##########


Rouge Killer
RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shannon [Admin rights]
Mode : Remove -- Date : 09/24/2012 09:43:19

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] SecurityCheck.exe -- C:\Users\Shannon\Desktop\SecurityCheck.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] CandyUpdater.job : C:\Users\Shannon\AppData\Local\ArcadeCandy\candyUpdater.exe -> DELETED
[TASK][SUSP PATH] CandyUpdater : C:\Users\Shannon\AppData\Local\ArcadeCandy\candyUpdater.exe -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 SATA Disk Device +++++
--- User ---
[MBR] 1d02b85cd41b6d796cf5612ab4ed51be
[BSP] e321fb9d60f48e0204fc4dd56fe97deb : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 307624 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 682444800 | Size: 382179 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 24 September 2012 - 11:30 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Timber!

Timber!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Asheville, North Carolina
  • Local time:01:11 PM

Posted 24 September 2012 - 03:53 PM

Thanks for your time Gringo!

I had a problem with aswMBR, first time I ran it I got a BSOD! Second time I ran it I am not sure if it completed, it kind of stalled... I waited 15 minuets for activity before I ran the report. Here it is:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-24 16:23:23
-----------------------------
16:23:23.617 OS Version: Windows x64 6.1.7601 Service Pack 1
16:23:23.617 Number of processors: 4 586 0x100
16:23:23.618 ComputerName: SHANNON-PC UserName: Shannon
16:23:25.483 Initialize success
16:23:42.790 AVAST engine defs: 12092400
16:23:45.516 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
16:23:45.521 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 11
16:23:45.542 Disk 0 MBR read successfully
16:23:45.548 Disk 0 MBR scan
16:23:45.558 Disk 0 Windows 7 default MBR code
16:23:45.565 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
16:23:45.588 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 307624 MB offset 52430848
16:23:45.622 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 382179 MB offset 682444800
16:23:45.672 Disk 0 scanning C:\Windows\system32\drivers
16:23:58.500 Service scanning
16:24:28.761 Modules scanning
16:24:28.779 Disk 0 trace - called modules:
16:24:28.826 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
16:24:28.839 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d42060]
16:24:28.851 3 CLASSPNP.SYS[fffff8800192743f] -> nt!IofCallDriver -> [0xfffffa80076a1ac0]
16:24:28.858 5 amd_xata.sys[fffff8800107fd2c] -> nt!IofCallDriver -> \Device\00000071[0xfffffa800769d9c0]
16:24:29.881 AVAST engine scan C:\Windows
16:24:33.681 AVAST engine scan C:\Windows\system32
16:28:22.567 AVAST engine scan C:\Windows\system32\drivers
16:28:36.492 AVAST engine scan C:\Users\Shannon
16:46:10.675 Disk 0 MBR has been saved successfully to "C:\Users\Shannon\Desktop\MBR.dat"
16:46:10.685 The log file has been saved successfully to "C:\Users\Shannon\Desktop\aswMBR2.txt"
tdssKiller, no threats found

16:45:50.0405 2680 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:45:50.0782 2680 ============================================================
16:45:50.0782 2680 Current date / time: 2012/09/24 16:45:50.0782
16:45:50.0783 2680 SystemInfo:
16:45:50.0783 2680
16:45:50.0783 2680 OS Version: 6.1.7601 ServicePack: 1.0
16:45:50.0783 2680 Product type: Workstation
16:45:50.0783 2680 ComputerName: SHANNON-PC
16:45:50.0783 2680 UserName: Shannon
16:45:50.0783 2680 Windows directory: C:\Windows
16:45:50.0783 2680 System windows directory: C:\Windows
16:45:50.0783 2680 Running under WOW64
16:45:50.0783 2680 Processor architecture: Intel x64
16:45:50.0783 2680 Number of processors: 4
16:45:50.0783 2680 Page size: 0x1000
16:45:50.0783 2680 Boot type: Normal boot
16:45:50.0783 2680 ============================================================
16:45:55.0148 2680 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:45:55.0192 2680 ============================================================
16:45:55.0192 2680 \Device\Harddisk0\DR0:
16:45:55.0221 2680 MBR partitions:
16:45:55.0221 2680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x258D4000
16:45:55.0221 2680 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x28AD4800, BlocksNum 0x2EA71800
16:45:55.0221 2680 ============================================================
16:45:55.0507 2680 C: <-> \Device\Harddisk0\DR0\Partition1
16:45:55.0670 2680 D: <-> \Device\Harddisk0\DR0\Partition2
16:45:55.0670 2680 ============================================================
16:45:55.0670 2680 Initialize success
16:45:55.0670 2680 ============================================================
16:46:23.0216 2904 ============================================================
16:46:23.0216 2904 Scan started
16:46:23.0216 2904 Mode: Manual;
16:46:23.0216 2904 ============================================================
16:46:27.0726 2904 ================ Scan system memory ========================
16:46:27.0727 2904 System memory - ok
16:46:27.0727 2904 ================ Scan services =============================
16:46:27.0988 2904 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:46:27.0993 2904 1394ohci - ok
16:46:28.0033 2904 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:46:28.0039 2904 ACPI - ok
16:46:28.0071 2904 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:46:28.0073 2904 AcpiPmi - ok
16:46:28.0286 2904 [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
16:46:28.0312 2904 Ad-Aware Service - ok
16:46:28.0476 2904 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:46:28.0483 2904 AdobeFlashPlayerUpdateSvc - ok
16:46:28.0578 2904 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:46:28.0586 2904 adp94xx - ok
16:46:28.0637 2904 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:46:28.0640 2904 adpahci - ok
16:46:28.0648 2904 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:46:28.0650 2904 adpu320 - ok
16:46:28.0671 2904 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:46:28.0672 2904 AeLookupSvc - ok
16:46:28.0718 2904 [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent C:\Windows\system32\FBAgent.exe
16:46:28.0722 2904 AFBAgent - ok
16:46:28.0761 2904 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:46:28.0766 2904 AFD - ok
16:46:28.0815 2904 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
16:46:28.0824 2904 AgereSoftModem - ok
16:46:28.0852 2904 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:46:28.0853 2904 agp440 - ok
16:46:28.0886 2904 [ 16F6F6B7903B913AB41AB848C8BB5658 ] AiCharger C:\Windows\system32\DRIVERS\AiCharger.sys
16:46:28.0887 2904 AiCharger - ok
16:46:28.0919 2904 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:46:28.0923 2904 ALG - ok
16:46:28.0962 2904 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:46:28.0963 2904 aliide - ok
16:46:29.0007 2904 [ A09FBEA815CAE862AA37D33959A57405 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:46:29.0010 2904 AMD External Events Utility - ok
16:46:29.0081 2904 AMD FUEL Service - ok
16:46:29.0099 2904 [ F1A84D67A03F7536EBDA9DB426EF0E00 ] amdhub30 C:\Windows\system32\DRIVERS\amdhub30.sys
16:46:29.0101 2904 amdhub30 - ok
16:46:29.0129 2904 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:46:29.0131 2904 amdide - ok
16:46:29.0152 2904 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
16:46:29.0154 2904 amdiox64 - ok
16:46:29.0166 2904 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:46:29.0169 2904 AmdK8 - ok
16:46:29.0408 2904 [ 20797BCA69DCCBAF6E87704C8C11CF1A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:46:29.0484 2904 amdkmdag - ok
16:46:29.0527 2904 [ 331DF39C419BB3B6E31D6BFC85649022 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:46:29.0531 2904 amdkmdap - ok
16:46:29.0565 2904 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:46:29.0566 2904 AmdPPM - ok
16:46:29.0593 2904 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:46:29.0596 2904 amdsata - ok
16:46:29.0608 2904 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:46:29.0611 2904 amdsbs - ok
16:46:29.0630 2904 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:46:29.0632 2904 amdxata - ok
16:46:29.0660 2904 [ D8C25FF90E2E8FC7CBE26E2203EC4757 ] amdxhc C:\Windows\system32\DRIVERS\amdxhc.sys
16:46:29.0663 2904 amdxhc - ok
16:46:29.0698 2904 [ 628EB24B46DAC369625883DCE82EEE26 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
16:46:29.0700 2904 amd_sata - ok
16:46:29.0721 2904 [ B9657CF8CB2A3FA53209A2638E8151B2 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
16:46:29.0723 2904 amd_xata - ok
16:46:29.0750 2904 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:46:29.0752 2904 AppID - ok
16:46:29.0778 2904 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:46:29.0780 2904 AppIDSvc - ok
16:46:29.0810 2904 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:46:29.0814 2904 Appinfo - ok
16:46:29.0833 2904 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:46:29.0835 2904 arc - ok
16:46:29.0850 2904 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:46:29.0851 2904 arcsas - ok
16:46:29.0924 2904 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
16:46:29.0931 2904 ASLDRService - ok
16:46:29.0959 2904 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
16:46:29.0961 2904 ASMMAP64 - ok
16:46:30.0076 2904 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:46:30.0083 2904 aspnet_state - ok
16:46:30.0111 2904 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:46:30.0114 2904 AsyncMac - ok
16:46:30.0144 2904 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:46:30.0146 2904 atapi - ok
16:46:30.0235 2904 [ B4174564AD5834A1680610572477878C ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:46:30.0256 2904 athr - ok
16:46:30.0289 2904 [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:46:30.0290 2904 AtiHDAudioService - ok
16:46:30.0326 2904 atillk64 - ok
16:46:30.0338 2904 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
16:46:30.0346 2904 ATKGFNEXSrv - ok
16:46:30.0391 2904 [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
16:46:30.0393 2904 ATKWMIACPIIO - ok
16:46:30.0450 2904 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:46:30.0462 2904 AudioEndpointBuilder - ok
16:46:30.0475 2904 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:46:30.0481 2904 AudioSrv - ok
16:46:30.0663 2904 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
16:46:30.0831 2904 AVGIDSAgent - ok
16:46:30.0857 2904 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
16:46:30.0859 2904 AVGIDSDriver - ok
16:46:30.0882 2904 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
16:46:30.0885 2904 AVGIDSFilter - ok
16:46:30.0898 2904 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
16:46:30.0900 2904 AVGIDSHA - ok
16:46:30.0951 2904 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
16:46:30.0956 2904 Avgldx64 - ok
16:46:30.0981 2904 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
16:46:30.0983 2904 Avgmfx64 - ok
16:46:31.0030 2904 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
16:46:31.0032 2904 Avgrkx64 - ok
16:46:31.0071 2904 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
16:46:31.0077 2904 Avgtdia - ok
16:46:31.0116 2904 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
16:46:31.0118 2904 avgtp - ok
16:46:31.0143 2904 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
16:46:31.0152 2904 avgwd - ok
16:46:31.0192 2904 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:46:31.0195 2904 AxInstSV - ok
16:46:31.0247 2904 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:46:31.0255 2904 b06bdrv - ok
16:46:31.0294 2904 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:46:31.0299 2904 b57nd60a - ok
16:46:31.0339 2904 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:46:31.0343 2904 BDESVC - ok
16:46:31.0349 2904 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:46:31.0351 2904 Beep - ok
16:46:31.0390 2904 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:46:31.0402 2904 BFE - ok
16:46:31.0449 2904 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:46:31.0465 2904 BITS - ok
16:46:31.0488 2904 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:46:31.0489 2904 blbdrive - ok
16:46:31.0520 2904 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:46:31.0523 2904 bowser - ok
16:46:31.0549 2904 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:46:31.0551 2904 BrFiltLo - ok
16:46:31.0557 2904 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:46:31.0559 2904 BrFiltUp - ok
16:46:31.0587 2904 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:46:31.0591 2904 Browser - ok
16:46:31.0616 2904 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:46:31.0621 2904 Brserid - ok
16:46:31.0627 2904 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:46:31.0629 2904 BrSerWdm - ok
16:46:31.0634 2904 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:46:31.0636 2904 BrUsbMdm - ok
16:46:31.0641 2904 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:46:31.0643 2904 BrUsbSer - ok
16:46:31.0692 2904 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:46:31.0693 2904 BthEnum - ok
16:46:31.0718 2904 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:46:31.0721 2904 BTHMODEM - ok
16:46:31.0729 2904 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:46:31.0732 2904 BthPan - ok
16:46:31.0768 2904 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:46:31.0778 2904 BTHPORT - ok
16:46:31.0809 2904 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:46:31.0812 2904 bthserv - ok
16:46:31.0836 2904 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:46:31.0839 2904 BTHUSB - ok
16:46:31.0888 2904 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:46:31.0891 2904 cdfs - ok
16:46:31.0914 2904 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:46:31.0918 2904 cdrom - ok
16:46:31.0952 2904 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:46:31.0955 2904 CertPropSvc - ok
16:46:31.0987 2904 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:46:31.0990 2904 circlass - ok
16:46:32.0018 2904 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:46:32.0025 2904 CLFS - ok
16:46:32.0083 2904 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:46:32.0090 2904 clr_optimization_v2.0.50727_32 - ok
16:46:32.0124 2904 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:46:32.0131 2904 clr_optimization_v2.0.50727_64 - ok
16:46:32.0220 2904 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:46:32.0228 2904 clr_optimization_v4.0.30319_32 - ok
16:46:32.0287 2904 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:46:32.0295 2904 clr_optimization_v4.0.30319_64 - ok
16:46:32.0330 2904 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:46:32.0335 2904 CmBatt - ok
16:46:32.0357 2904 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:46:32.0358 2904 cmdide - ok
16:46:32.0404 2904 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:46:32.0412 2904 CNG - ok
16:46:32.0442 2904 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:46:32.0444 2904 Compbatt - ok
16:46:32.0475 2904 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:46:32.0477 2904 CompositeBus - ok
16:46:32.0494 2904 COMSysApp - ok
16:46:32.0505 2904 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:46:32.0507 2904 crcdisk - ok
16:46:32.0536 2904 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:46:32.0540 2904 CryptSvc - ok
16:46:32.0579 2904 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:46:32.0588 2904 DcomLaunch - ok
16:46:32.0752 2904 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:46:32.0762 2904 defragsvc - ok
16:46:32.0781 2904 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:46:32.0784 2904 DfsC - ok
16:46:32.0821 2904 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:46:32.0828 2904 Dhcp - ok
16:46:32.0867 2904 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:46:32.0870 2904 discache - ok
16:46:32.0893 2904 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:46:32.0895 2904 Disk - ok
16:46:32.0921 2904 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:46:32.0924 2904 Dnscache - ok
16:46:32.0940 2904 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:46:32.0942 2904 dot3svc - ok
16:46:32.0952 2904 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:46:32.0955 2904 DPS - ok
16:46:32.0975 2904 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:46:32.0976 2904 drmkaud - ok
16:46:33.0028 2904 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:46:33.0039 2904 DXGKrnl - ok
16:46:33.0106 2904 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:46:33.0110 2904 EapHost - ok
16:46:33.0199 2904 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:46:33.0225 2904 ebdrv - ok
16:46:33.0253 2904 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:46:33.0255 2904 EFS - ok
16:46:33.0316 2904 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:46:33.0324 2904 ehRecvr - ok
16:46:33.0335 2904 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:46:33.0339 2904 ehSched - ok
16:46:33.0403 2904 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:46:33.0413 2904 elxstor - ok
16:46:33.0417 2904 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:46:33.0418 2904 ErrDev - ok
16:46:33.0481 2904 [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
16:46:33.0485 2904 ETD - ok
16:46:33.0533 2904 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:46:33.0540 2904 EventSystem - ok
16:46:33.0555 2904 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:46:33.0559 2904 exfat - ok
16:46:33.0590 2904 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:46:33.0593 2904 fastfat - ok
16:46:33.0634 2904 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:46:33.0647 2904 Fax - ok
16:46:33.0660 2904 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:46:33.0662 2904 fdc - ok
16:46:33.0682 2904 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:46:33.0686 2904 fdPHost - ok
16:46:33.0694 2904 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:46:33.0698 2904 FDResPub - ok
16:46:33.0730 2904 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:46:33.0731 2904 FileInfo - ok
16:46:33.0746 2904 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:46:33.0747 2904 Filetrace - ok
16:46:33.0762 2904 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:46:33.0763 2904 flpydisk - ok
16:46:33.0778 2904 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:46:33.0781 2904 FltMgr - ok
16:46:33.0825 2904 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:46:33.0835 2904 FontCache - ok
16:46:33.0896 2904 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:46:33.0902 2904 FontCache3.0.0.0 - ok
16:46:33.0929 2904 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:46:33.0930 2904 FsDepends - ok
16:46:33.0958 2904 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
16:46:33.0965 2904 fssfltr - ok
16:46:34.0048 2904 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:46:34.0116 2904 fsssvc - ok
16:46:34.0143 2904 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:46:34.0144 2904 Fs_Rec - ok
16:46:34.0160 2904 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:46:34.0162 2904 fvevol - ok
16:46:34.0179 2904 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:46:34.0180 2904 gagp30kx - ok
16:46:34.0232 2904 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:46:34.0252 2904 gpsvc - ok
16:46:34.0273 2904 gupdate - ok
16:46:34.0290 2904 gupdatem - ok
16:46:34.0303 2904 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:46:34.0306 2904 hcw85cir - ok
16:46:34.0347 2904 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:46:34.0354 2904 HdAudAddService - ok
16:46:34.0391 2904 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:46:34.0395 2904 HDAudBus - ok
16:46:34.0413 2904 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:46:34.0415 2904 HidBatt - ok
16:46:34.0429 2904 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:46:34.0432 2904 HidBth - ok
16:46:34.0452 2904 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:46:34.0455 2904 HidIr - ok
16:46:34.0477 2904 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:46:34.0486 2904 hidserv - ok
16:46:34.0518 2904 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:46:34.0520 2904 HidUsb - ok
16:46:34.0551 2904 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:46:34.0556 2904 hkmsvc - ok
16:46:34.0574 2904 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:46:34.0581 2904 HomeGroupListener - ok
16:46:34.0611 2904 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:46:34.0616 2904 HomeGroupProvider - ok
16:46:34.0637 2904 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:46:34.0639 2904 HpSAMD - ok
16:46:34.0680 2904 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:46:34.0688 2904 HTTP - ok
16:46:34.0705 2904 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:46:34.0706 2904 hwpolicy - ok
16:46:34.0736 2904 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:46:34.0738 2904 i8042prt - ok
16:46:34.0764 2904 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:46:34.0769 2904 iaStorV - ok
16:46:34.0813 2904 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:46:34.0825 2904 idsvc - ok
16:46:34.0841 2904 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:46:34.0843 2904 iirsp - ok
16:46:34.0884 2904 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:46:34.0894 2904 IKEEXT - ok
16:46:34.0980 2904 [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:46:35.0007 2904 IntcAzAudAddService - ok
16:46:35.0018 2904 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:46:35.0019 2904 intelide - ok
16:46:35.0038 2904 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
16:46:35.0039 2904 intelppm - ok
16:46:35.0064 2904 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:46:35.0067 2904 IPBusEnum - ok
16:46:35.0078 2904 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:46:35.0079 2904 IpFilterDriver - ok
16:46:35.0124 2904 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:46:35.0131 2904 iphlpsvc - ok
16:46:35.0153 2904 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:46:35.0155 2904 IPMIDRV - ok
16:46:35.0160 2904 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:46:35.0162 2904 IPNAT - ok
16:46:35.0188 2904 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:46:35.0189 2904 IRENUM - ok
16:46:35.0194 2904 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:46:35.0195 2904 isapnp - ok
16:46:35.0209 2904 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:46:35.0213 2904 iScsiPrt - ok
16:46:35.0237 2904 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:46:35.0239 2904 kbdclass - ok
16:46:35.0258 2904 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:46:35.0259 2904 kbdhid - ok
16:46:35.0287 2904 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
16:46:35.0289 2904 kbfiltr - ok
16:46:35.0297 2904 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:46:35.0300 2904 KeyIso - ok
16:46:35.0330 2904 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:46:35.0332 2904 KSecDD - ok
16:46:35.0360 2904 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:46:35.0363 2904 KSecPkg - ok
16:46:35.0396 2904 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:46:35.0397 2904 ksthunk - ok
16:46:35.0436 2904 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:46:35.0442 2904 KtmRm - ok
16:46:35.0460 2904 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
16:46:35.0462 2904 L1C - ok
16:46:35.0497 2904 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:46:35.0502 2904 LanmanServer - ok
16:46:35.0527 2904 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:46:35.0532 2904 LanmanWorkstation - ok
16:46:35.0561 2904 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:46:35.0563 2904 lltdio - ok
16:46:35.0595 2904 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:46:35.0604 2904 lltdsvc - ok
16:46:35.0632 2904 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:46:35.0641 2904 lmhosts - ok
16:46:35.0674 2904 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:46:35.0677 2904 LSI_FC - ok
16:46:35.0698 2904 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:46:35.0701 2904 LSI_SAS - ok
16:46:35.0708 2904 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:46:35.0711 2904 LSI_SAS2 - ok
16:46:35.0724 2904 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:46:35.0727 2904 LSI_SCSI - ok
16:46:35.0749 2904 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:46:35.0752 2904 luafv - ok
16:46:35.0778 2904 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:46:35.0782 2904 Mcx2Svc - ok
16:46:35.0899 2904 [ 165C8881EFC3AE4EA01CCCE7735BE68E ] MediaMall Server C:\Program Files (x86)\MediaMall\MediaMallServer.exe
16:46:36.0219 2904 MediaMall Server - ok
16:46:36.0239 2904 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:46:36.0243 2904 megasas - ok
16:46:36.0281 2904 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:46:36.0287 2904 MegaSR - ok
16:46:36.0314 2904 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:46:36.0319 2904 MMCSS - ok
16:46:36.0337 2904 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:46:36.0339 2904 Modem - ok
16:46:36.0364 2904 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:46:36.0366 2904 monitor - ok
16:46:36.0393 2904 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:46:36.0395 2904 mouclass - ok
16:46:36.0425 2904 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:46:36.0427 2904 mouhid - ok
16:46:36.0457 2904 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:46:36.0461 2904 mountmgr - ok
16:46:36.0505 2904 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:46:36.0512 2904 MozillaMaintenance - ok
16:46:36.0533 2904 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:46:36.0537 2904 mpio - ok
16:46:36.0549 2904 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:46:36.0552 2904 mpsdrv - ok
16:46:36.0595 2904 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:46:36.0615 2904 MpsSvc - ok
16:46:36.0624 2904 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:46:36.0627 2904 MRxDAV - ok
16:46:36.0654 2904 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:46:36.0657 2904 mrxsmb - ok
16:46:36.0679 2904 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:46:36.0684 2904 mrxsmb10 - ok
16:46:36.0701 2904 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:46:36.0705 2904 mrxsmb20 - ok
16:46:36.0715 2904 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:46:36.0717 2904 msahci - ok
16:46:36.0737 2904 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:46:36.0740 2904 msdsm - ok
16:46:36.0768 2904 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:46:36.0774 2904 MSDTC - ok
16:46:36.0795 2904 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:46:36.0797 2904 Msfs - ok
16:46:36.0824 2904 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:46:36.0825 2904 mshidkmdf - ok
16:46:36.0840 2904 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:46:36.0842 2904 msisadrv - ok
16:46:36.0866 2904 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:46:36.0871 2904 MSiSCSI - ok
16:46:36.0877 2904 msiserver - ok
16:46:36.0902 2904 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:46:36.0903 2904 MSKSSRV - ok
16:46:36.0907 2904 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:46:36.0908 2904 MSPCLOCK - ok
16:46:36.0912 2904 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:46:36.0913 2904 MSPQM - ok
16:46:36.0932 2904 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:46:36.0936 2904 MsRPC - ok
16:46:36.0953 2904 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:46:36.0954 2904 mssmbios - ok
16:46:36.0975 2904 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:46:36.0976 2904 MSTEE - ok
16:46:37.0012 2904 [ C83829C280F0207677B7AAA151EF9C4D ] msvad_simple C:\Windows\system32\drivers\povrtdev.sys
16:46:37.0013 2904 msvad_simple - ok
16:46:37.0021 2904 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:46:37.0024 2904 MTConfig - ok
16:46:37.0043 2904 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:46:37.0046 2904 Mup - ok
16:46:37.0091 2904 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:46:37.0100 2904 napagent - ok
16:46:37.0133 2904 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:46:37.0138 2904 NativeWifiP - ok
16:46:37.0193 2904 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:46:37.0206 2904 NDIS - ok
16:46:37.0241 2904 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:46:37.0243 2904 NdisCap - ok
16:46:37.0272 2904 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:46:37.0274 2904 NdisTapi - ok
16:46:37.0293 2904 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:46:37.0296 2904 Ndisuio - ok
16:46:37.0309 2904 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:46:37.0314 2904 NdisWan - ok
16:46:37.0333 2904 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:46:37.0336 2904 NDProxy - ok
16:46:37.0373 2904 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:46:37.0375 2904 NetBIOS - ok
16:46:37.0399 2904 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:46:37.0405 2904 NetBT - ok
16:46:37.0431 2904 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:46:37.0436 2904 Netlogon - ok
16:46:37.0467 2904 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:46:37.0477 2904 Netman - ok
16:46:37.0506 2904 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:46:37.0515 2904 NetMsmqActivator - ok
16:46:37.0531 2904 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:46:37.0535 2904 NetPipeActivator - ok
16:46:37.0567 2904 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:46:37.0577 2904 netprofm - ok
16:46:37.0585 2904 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:46:37.0587 2904 NetTcpActivator - ok
16:46:37.0591 2904 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:46:37.0593 2904 NetTcpPortSharing - ok
16:46:37.0619 2904 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:46:37.0620 2904 nfrd960 - ok
16:46:37.0649 2904 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:46:37.0653 2904 NlaSvc - ok
16:46:37.0663 2904 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:46:37.0665 2904 Npfs - ok
16:46:37.0680 2904 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:46:37.0685 2904 nsi - ok
16:46:37.0692 2904 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:46:37.0693 2904 nsiproxy - ok
16:46:37.0746 2904 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:46:37.0759 2904 Ntfs - ok
16:46:37.0805 2904 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:46:37.0807 2904 Null - ok
16:46:37.0856 2904 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:46:37.0860 2904 nvraid - ok
16:46:37.0881 2904 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:46:37.0885 2904 nvstor - ok
16:46:37.0927 2904 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:46:37.0930 2904 nv_agp - ok
16:46:37.0938 2904 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:46:37.0941 2904 ohci1394 - ok
16:46:37.0977 2904 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:46:37.0986 2904 p2pimsvc - ok
16:46:38.0005 2904 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:46:38.0010 2904 p2psvc - ok
16:46:38.0025 2904 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:46:38.0027 2904 Parport - ok
16:46:38.0052 2904 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:46:38.0053 2904 partmgr - ok
16:46:38.0068 2904 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:46:38.0080 2904 PcaSvc - ok
16:46:38.0094 2904 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:46:38.0097 2904 pci - ok
16:46:38.0114 2904 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:46:38.0115 2904 pciide - ok
16:46:38.0129 2904 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:46:38.0132 2904 pcmcia - ok
16:46:38.0144 2904 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:46:38.0145 2904 pcw - ok
16:46:38.0191 2904 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:46:38.0202 2904 PEAUTH - ok
16:46:38.0278 2904 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:46:38.0286 2904 PerfHost - ok
16:46:38.0345 2904 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:46:38.0366 2904 pla - ok
16:46:38.0410 2904 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:46:38.0421 2904 PlugPlay - ok
16:46:38.0439 2904 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:46:38.0442 2904 PNRPAutoReg - ok
16:46:38.0463 2904 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:46:38.0468 2904 PNRPsvc - ok
16:46:38.0490 2904 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:46:38.0496 2904 PolicyAgent - ok
16:46:38.0517 2904 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:46:38.0520 2904 Power - ok
16:46:38.0558 2904 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:46:38.0560 2904 PptpMiniport - ok
16:46:38.0578 2904 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:46:38.0580 2904 Processor - ok
16:46:38.0612 2904 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:46:38.0616 2904 ProfSvc - ok
16:46:38.0631 2904 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:46:38.0633 2904 ProtectedStorage - ok
16:46:38.0652 2904 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:46:38.0656 2904 Psched - ok
16:46:38.0713 2904 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:46:38.0730 2904 ql2300 - ok
16:46:38.0744 2904 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:46:38.0746 2904 ql40xx - ok
16:46:38.0768 2904 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:46:38.0772 2904 QWAVE - ok
16:46:38.0783 2904 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:46:38.0785 2904 QWAVEdrv - ok
16:46:38.0798 2904 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:46:38.0799 2904 RasAcd - ok
16:46:38.0819 2904 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:46:38.0820 2904 RasAgileVpn - ok
16:46:38.0835 2904 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:46:38.0838 2904 RasAuto - ok
16:46:38.0856 2904 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:46:38.0857 2904 Rasl2tp - ok
16:46:38.0875 2904 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:46:38.0880 2904 RasMan - ok
16:46:38.0896 2904 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:46:38.0898 2904 RasPppoe - ok
16:46:38.0915 2904 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:46:38.0917 2904 RasSstp - ok
16:46:38.0935 2904 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:46:38.0938 2904 rdbss - ok
16:46:38.0959 2904 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:46:38.0960 2904 rdpbus - ok
16:46:38.0982 2904 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:46:38.0983 2904 RDPCDD - ok
16:46:39.0011 2904 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:46:39.0012 2904 RDPENCDD - ok
16:46:39.0022 2904 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:46:39.0023 2904 RDPREFMP - ok
16:46:39.0048 2904 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:46:39.0051 2904 RDPWD - ok
16:46:39.0098 2904 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:46:39.0100 2904 rdyboost - ok
16:46:39.0124 2904 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:46:39.0127 2904 RemoteAccess - ok
16:46:39.0155 2904 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:46:39.0159 2904 RemoteRegistry - ok
16:46:39.0188 2904 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:46:39.0190 2904 RFCOMM - ok
16:46:39.0220 2904 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:46:39.0226 2904 RpcEptMapper - ok
16:46:39.0259 2904 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:46:39.0263 2904 RpcLocator - ok
16:46:39.0291 2904 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:46:39.0299 2904 RpcSs - ok
16:46:39.0329 2904 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:46:39.0331 2904 rspndr - ok
16:46:39.0364 2904 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
16:46:39.0368 2904 RSUSBSTOR - ok
16:46:39.0413 2904 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:46:39.0422 2904 RTL8167 - ok
16:46:39.0442 2904 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:46:39.0447 2904 SamSs - ok
16:46:39.0596 2904 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
16:46:39.0637 2904 SBAMSvc - ok
16:46:39.0666 2904 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
16:46:39.0668 2904 sbapifs - ok
16:46:39.0709 2904 [ B671EEF468D13016B9286F5835A06AE1 ] sbhips C:\Windows\system32\drivers\sbhips.sys
16:46:39.0711 2904 sbhips - ok
16:46:39.0729 2904 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:46:39.0731 2904 sbp2port - ok
16:46:39.0744 2904 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
16:46:39.0746 2904 SBRE - ok
16:46:39.0843 2904 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:46:39.0868 2904 SBSDWSCService - ok
16:46:39.0897 2904 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:46:39.0903 2904 SCardSvr - ok
16:46:39.0920 2904 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:46:39.0922 2904 scfilter - ok
16:46:39.0951 2904 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:46:39.0962 2904 Schedule - ok
16:46:39.0985 2904 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:46:39.0986 2904 SCPolicySvc - ok
16:46:40.0021 2904 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:46:40.0024 2904 sdbus - ok
16:46:40.0056 2904 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:46:40.0060 2904 SDRSVC - ok
16:46:40.0089 2904 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:46:40.0090 2904 secdrv - ok
16:46:40.0107 2904 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:46:40.0112 2904 seclogon - ok
16:46:40.0127 2904 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:46:40.0130 2904 SENS - ok
16:46:40.0152 2904 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:46:40.0155 2904 SensrSvc - ok
16:46:40.0186 2904 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:46:40.0187 2904 Serenum - ok
16:46:40.0227 2904 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:46:40.0231 2904 Serial - ok
16:46:40.0244 2904 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:46:40.0246 2904 sermouse - ok
16:46:40.0282 2904 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:46:40.0285 2904 SessionEnv - ok
16:46:40.0289 2904 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:46:40.0290 2904 sffdisk - ok
16:46:40.0294 2904 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:46:40.0295 2904 sffp_mmc - ok
16:46:40.0299 2904 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:46:40.0300 2904 sffp_sd - ok
16:46:40.0304 2904 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:46:40.0305 2904 sfloppy - ok
16:46:40.0339 2904 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:46:40.0344 2904 SharedAccess - ok
16:46:40.0375 2904 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:46:40.0380 2904 ShellHWDetection - ok
16:46:40.0407 2904 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
16:46:40.0408 2904 SiSGbeLH - ok
16:46:40.0432 2904 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:46:40.0433 2904 SiSRaid2 - ok
16:46:40.0437 2904 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:46:40.0439 2904 SiSRaid4 - ok
16:46:40.0455 2904 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:46:40.0457 2904 Smb - ok
16:46:40.0502 2904 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:46:40.0507 2904 SNMPTRAP - ok
16:46:40.0523 2904 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:46:40.0525 2904 spldr - ok
16:46:40.0560 2904 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:46:40.0571 2904 Spooler - ok
16:46:40.0674 2904 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:46:40.0703 2904 sppsvc - ok
16:46:40.0724 2904 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:46:40.0727 2904 sppuinotify - ok
16:46:40.0748 2904 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:46:40.0752 2904 srv - ok
16:46:40.0782 2904 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:46:40.0786 2904 srv2 - ok
16:46:40.0801 2904 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:46:40.0803 2904 srvnet - ok
16:46:40.0829 2904 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
16:46:40.0831 2904 sscdbus - ok
16:46:40.0858 2904 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
16:46:40.0860 2904 sscdmdfl - ok
16:46:40.0872 2904 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
16:46:40.0874 2904 sscdmdm - ok
16:46:40.0888 2904 [ 05FFA552F578E27AB2D41B6828DB477F ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
16:46:40.0890 2904 sscdserd - ok
16:46:40.0911 2904 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:46:40.0914 2904 SSDPSRV - ok
16:46:40.0940 2904 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:46:40.0942 2904 SstpSvc - ok
16:46:40.0955 2904 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:46:40.0956 2904 stexstor - ok
16:46:41.0013 2904 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:46:41.0027 2904 stisvc - ok
16:46:41.0062 2904 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:46:41.0063 2904 swenum - ok
16:46:41.0106 2904 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:46:41.0116 2904 swprv - ok
16:46:41.0151 2904 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:46:41.0166 2904 SysMain - ok
16:46:41.0194 2904 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:46:41.0197 2904 TabletInputService - ok
16:46:41.0211 2904 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:46:41.0216 2904 TapiSrv - ok
16:46:41.0230 2904 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:46:41.0233 2904 TBS - ok
16:46:41.0305 2904 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:46:41.0324 2904 Tcpip - ok
16:46:41.0361 2904 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:46:41.0376 2904 TCPIP6 - ok
16:46:41.0400 2904 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:46:41.0401 2904 tcpipreg - ok
16:46:41.0426 2904 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:46:41.0427 2904 TDPIPE - ok
16:46:41.0453 2904 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:46:41.0454 2904 TDTCP - ok
16:46:41.0470 2904 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:46:41.0472 2904 tdx - ok
16:46:41.0484 2904 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:46:41.0486 2904 TermDD - ok
16:46:41.0509 2904 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:46:41.0517 2904 TermService - ok
16:46:41.0526 2904 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:46:41.0529 2904 Themes - ok
16:46:41.0536 2904 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:46:41.0538 2904 THREADORDER - ok
16:46:41.0565 2904 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
16:46:41.0567 2904 TPM - ok
16:46:41.0588 2904 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:46:41.0592 2904 TrkWks - ok
16:46:41.0632 2904 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:46:41.0639 2904 TrustedInstaller - ok
16:46:41.0664 2904 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:46:41.0665 2904 tssecsrv - ok
16:46:41.0689 2904 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:46:41.0690 2904 TsUsbFlt - ok
16:46:41.0699 2904 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:46:41.0700 2904 TsUsbGD - ok
16:46:41.0731 2904 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:46:41.0733 2904 tunnel - ok
16:46:41.0738 2904 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:46:41.0740 2904 uagp35 - ok
16:46:41.0753 2904 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:46:41.0756 2904 udfs - ok
16:46:41.0781 2904 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:46:41.0784 2904 UI0Detect - ok
16:46:41.0801 2904 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:46:41.0806 2904 uliagpkx - ok
16:46:41.0825 2904 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:46:41.0827 2904 umbus - ok
16:46:41.0843 2904 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:46:41.0844 2904 UmPass - ok
16:46:41.0864 2904 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:46:41.0869 2904 upnphost - ok
16:46:41.0882 2904 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:46:41.0884 2904 usbccgp - ok
16:46:41.0896 2904 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:46:41.0898 2904 usbcir - ok
16:46:41.0914 2904 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:46:41.0915 2904 usbehci - ok
16:46:41.0935 2904 [ B7037444DC5138FC7D3D3968B4DE5C4B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
16:46:41.0936 2904 usbfilter - ok
16:46:41.0973 2904 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:46:41.0980 2904 usbhub - ok
16:46:41.0994 2904 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:46:41.0995 2904 usbohci - ok
16:46:42.0004 2904 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:46:42.0005 2904 usbprint - ok
16:46:42.0021 2904 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:46:42.0022 2904 USBSTOR - ok
16:46:42.0027 2904 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:46:42.0028 2904 usbuhci - ok
16:46:42.0051 2904 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:46:42.0053 2904 usbvideo - ok
16:46:42.0066 2904 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:46:42.0069 2904 UxSms - ok
16:46:42.0087 2904 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:46:42.0089 2904 VaultSvc - ok
16:46:42.0116 2904 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:46:42.0118 2904 vdrvroot - ok
16:46:42.0158 2904 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:46:42.0172 2904 vds - ok
16:46:42.0188 2904 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:46:42.0189 2904 vga - ok
16:46:42.0202 2904 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:46:42.0203 2904 VgaSave - ok
16:46:42.0218 2904 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:46:42.0220 2904 vhdmp - ok
16:46:42.0225 2904 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:46:42.0226 2904 viaide - ok
16:46:42.0236 2904 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:46:42.0237 2904 volmgr - ok
16:46:42.0275 2904 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:46:42.0279 2904 volmgrx - ok
16:46:42.0294 2904 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:46:42.0297 2904 volsnap - ok
16:46:42.0327 2904 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:46:42.0329 2904 vsmraid - ok
16:46:42.0374 2904 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:46:42.0389 2904 VSS - ok
16:46:42.0481 2904 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
16:46:42.0511 2904 vToolbarUpdater12.2.6 - ok
16:46:42.0523 2904 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:46:42.0524 2904 vwifibus - ok
16:46:42.0541 2904 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:46:42.0542 2904 vwififlt - ok
16:46:42.0571 2904 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:46:42.0583 2904 W32Time - ok
16:46:42.0605 2904 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:46:42.0606 2904 WacomPen - ok
16:46:42.0639 2904 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:46:42.0642 2904 WANARP - ok
16:46:42.0650 2904 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:46:42.0654 2904 Wanarpv6 - ok
16:46:42.0730 2904 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:46:42.0750 2904 WatAdminSvc - ok
16:46:42.0805 2904 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:46:42.0826 2904 wbengine - ok
16:46:42.0845 2904 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:46:42.0849 2904 WbioSrvc - ok
16:46:42.0865 2904 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:46:42.0870 2904 wcncsvc - ok
16:46:42.0879 2904 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:46:42.0882 2904 WcsPlugInService - ok
16:46:42.0897 2904 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:46:42.0898 2904 Wd - ok
16:46:42.0925 2904 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:46:42.0931 2904 Wdf01000 - ok
16:46:42.0947 2904 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:46:42.0951 2904 WdiServiceHost - ok
16:46:42.0955 2904 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:46:42.0958 2904 WdiSystemHost - ok
16:46:42.0990 2904 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:46:42.0994 2904 WebClient - ok
16:46:43.0013 2904 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:46:43.0018 2904 Wecsvc - ok
16:46:43.0026 2904 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:46:43.0030 2904 wercplsupport - ok
16:46:43.0065 2904 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:46:43.0068 2904 WerSvc - ok
16:46:43.0092 2904 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:46:43.0094 2904 WfpLwf - ok
16:46:43.0124 2904 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
16:46:43.0126 2904 WimFltr - ok
16:46:43.0146 2904 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:46:43.0147 2904 WIMMount - ok
16:46:43.0177 2904 WinDefend - ok
16:46:43.0191 2904 WinHttpAutoProxySvc - ok
16:46:43.0250 2904 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:46:43.0258 2904 Winmgmt - ok
16:46:43.0329 2904 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:46:43.0351 2904 WinRM - ok
16:46:43.0399 2904 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
16:46:43.0400 2904 WinUsb - ok
16:46:43.0449 2904 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:46:43.0461 2904 Wlansvc - ok
16:46:43.0538 2904 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:46:43.0542 2904 wlcrasvc - ok
16:46:43.0638 2904 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:46:43.0659 2904 wlidsvc - ok
16:46:43.0675 2904 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:46:43.0676 2904 WmiAcpi - ok
16:46:43.0704 2904 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:46:43.0708 2904 wmiApSrv - ok
16:46:43.0743 2904 WMPNetworkSvc - ok
16:46:43.0769 2904 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:46:43.0776 2904 WPCSvc - ok
16:46:43.0799 2904 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:46:43.0807 2904 WPDBusEnum - ok
16:46:43.0832 2904 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:46:43.0835 2904 ws2ifsl - ok
16:46:43.0848 2904 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:46:43.0855 2904 wscsvc - ok
16:46:43.0862 2904 WSearch - ok
16:46:43.0947 2904 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:46:43.0971 2904 wuauserv - ok
16:46:44.0001 2904 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:46:44.0003 2904 WudfPf - ok
16:46:44.0042 2904 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:46:44.0044 2904 WUDFRd - ok
16:46:44.0063 2904 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:46:44.0067 2904 wudfsvc - ok
16:46:44.0089 2904 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:46:44.0093 2904 WwanSvc - ok
16:46:44.0126 2904 ================ Scan global ===============================
16:46:44.0154 2904 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:46:44.0189 2904 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:46:44.0200 2904 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:46:44.0229 2904 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:46:44.0246 2904 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:46:44.0251 2904 [Global] - ok
16:46:44.0252 2904 ================ Scan MBR ==================================
16:46:44.0267 2904 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:46:44.0532 2904 \Device\Harddisk0\DR0 - ok
16:46:44.0533 2904 ================ Scan VBR ==================================
16:46:44.0547 2904 [ EB73B0226745DE0262D1276EA12B1770 ] \Device\Harddisk0\DR0\Partition1
16:46:44.0549 2904 \Device\Harddisk0\DR0\Partition1 - ok
16:46:44.0570 2904 [ C386FCB2AD6C036AD3799038F2229A13 ] \Device\Harddisk0\DR0\Partition2
16:46:44.0572 2904 \Device\Harddisk0\DR0\Partition2 - ok
16:46:44.0572 2904 ============================================================
16:46:44.0572 2904 Scan finished
16:46:44.0572 2904 ============================================================
16:46:44.0574 4360 Detected object count: 0
16:46:44.0574 4360 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 24 September 2012 - 04:43 PM

Hello Timber!

After you run combofix I would like to know how the computer is doing so take a min and check things out for me

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Timber!

Timber!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Asheville, North Carolina
  • Local time:01:11 PM

Posted 24 September 2012 - 05:42 PM

I am not getting the browser redirects I was, so that's good! Here is the combofix log:

ComboFix 12-09-24.02 - Shannon 09/24/2012 17:56:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7657.5518 [GMT -4:00]
Running from: c:\users\Shannon\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
.
.
2012-09-24 22:08 . 2012-09-24 22:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-24 22:08 . 2012-09-24 22:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-23 16:07 . 2012-09-23 16:07 -------- d-----w- c:\users\Shannon\AppData\Local\ElevatedDiagnostics
2012-09-23 14:55 . 2012-09-23 14:55 -------- d-----w- c:\users\Shannon\AppData\Local\Unity
2012-09-19 12:21 . 2012-09-19 12:21 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2012-09-18 14:41 . 2012-09-18 14:41 -------- d-----w- c:\users\Shannon\AppData\Roaming\Malwarebytes
2012-09-18 14:41 . 2012-09-18 14:41 -------- d-----w- c:\programdata\Malwarebytes
2012-09-18 14:41 . 2012-09-18 14:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-18 14:41 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-18 13:35 . 2012-09-18 13:35 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-09-14 20:42 . 2012-09-14 20:42 -------- d-----w- c:\program files (x86)\Common Files\ffdshowEx
2012-09-14 20:42 . 2012-09-14 20:43 -------- d-----w- c:\program files (x86)\MediaMall
2012-09-14 20:41 . 2012-09-24 13:57 -------- d-----w- c:\programdata\MediaMall
2012-09-14 20:40 . 2012-09-14 20:40 -------- d-----w- c:\windows\Downloaded Installations
2012-09-14 13:50 . 2012-09-14 13:50 -------- d-----w- c:\users\Shannon\AppData\Local\adaware
2012-09-14 13:50 . 2012-09-24 20:21 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-09-14 13:50 . 2011-12-19 16:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-09-14 13:49 . 2011-12-19 17:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-09-14 13:49 . 2011-10-26 18:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-09-14 13:49 . 2012-09-14 13:49 -------- d-----w- c:\programdata\Lavasoft
2012-09-14 13:49 . 2012-09-14 14:47 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-09-14 13:49 . 2012-09-14 13:49 -------- d-----w- c:\users\Shannon\AppData\Local\Downloaded Installations
2012-09-14 13:48 . 2012-09-15 12:11 -------- d-----w- c:\users\Shannon\AppData\Roaming\Ad-Aware Antivirus
2012-09-14 13:28 . 2012-09-14 13:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-14 13:28 . 2012-09-14 13:28 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-12 10:58 . 2012-09-12 10:58 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-12 07:22 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 07:22 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 07:22 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 07:22 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 07:22 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 07:22 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 07:22 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 03:07 . 2012-09-11 03:07 -------- d-----w- c:\users\Shannon\AppData\Roaming\Amazon
2012-09-11 03:07 . 2012-09-11 03:07 -------- d-----w- c:\program files (x86)\Amazon
2012-09-04 03:02 . 2012-09-04 03:02 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 20:21 . 2012-06-20 00:34 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2012-09-22 00:18 . 2012-06-21 04:13 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-22 00:18 . 2012-06-21 04:13 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-15 11:52 . 2012-07-14 14:19 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 12:23 . 2012-07-13 01:13 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-08-31 12:22 . 2012-07-13 01:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-03 22:22 . 2012-08-03 22:22 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-08-03 22:21 . 2012-08-03 22:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-03 22:19 . 2012-08-03 22:19 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-03 22:19 . 2012-08-03 22:19 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-07-18 18:15 . 2012-08-15 14:16 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 01:13 . 2012-07-13 01:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-13 01:12 . 2012-07-13 01:12 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-08 20:04 . 2012-07-08 20:04 28528 ----a-w- c:\windows\system32\drivers\povrtdev.sys
2012-07-06 20:07 . 2012-08-16 12:22 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-15 14:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 14:16 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 14:16 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 14:16 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-27 01:37 . 2011-03-29 02:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-2-18 549040]
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2012-4-20 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 250288]
R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-12 114144]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-01-18 250984]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-22 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-10-28 80512]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-10-28 42624]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-02 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-02 361984]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2012-09-10 3057528]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-10-15 17152]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-07-15 96896]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-02 10208256]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-02 317952]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-07-15 214144]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 97683692
*Deregistered* - 97683692
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-18 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-07-12 22:32]
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 00:18]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:37]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\gl85toj9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-{6A2EF989-A524-48bf-985F-9D076B334980} - c:\users\Shannon\AppData\Local\ArcadeCandy\candyRemove.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-24 18:38:28
ComboFix-quarantined-files.txt 2012-09-24 22:38
.
Pre-Run: 207,203,012,608 bytes free
Post-Run: 207,028,977,664 bytes free
.
- - End Of File - - 6B5CED1D45431FEC449BAED733A4FE6D

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 24 September 2012 - 06:19 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Timber!

Timber!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Asheville, North Carolina
  • Local time:01:11 PM

Posted 24 September 2012 - 07:17 PM

Hi Gringo,

Not sure if this is related, when I restarted Firefox it was not my default browser (as it had been before)

Here is the new combofix log, is every thing checking out okay?

ComboFix 12-09-24.02 - Shannon 09/24/2012 19:28:54.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7657.5883 [GMT -4:00]
Running from: c:\users\Shannon\Desktop\ComboFix.exe
Command switches used :: c:\users\Shannon\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
.
.
2012-09-24 23:39 . 2012-09-24 23:39 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-24 23:39 . 2012-09-24 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-23 16:07 . 2012-09-23 16:07 -------- d-----w- c:\users\Shannon\AppData\Local\ElevatedDiagnostics
2012-09-23 14:55 . 2012-09-23 14:55 -------- d-----w- c:\users\Shannon\AppData\Local\Unity
2012-09-19 12:21 . 2012-09-19 12:21 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2012-09-18 14:41 . 2012-09-18 14:41 -------- d-----w- c:\users\Shannon\AppData\Roaming\Malwarebytes
2012-09-18 14:41 . 2012-09-18 14:41 -------- d-----w- c:\programdata\Malwarebytes
2012-09-18 14:41 . 2012-09-18 14:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-18 14:41 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-18 13:35 . 2012-09-18 13:35 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-09-14 20:42 . 2012-09-14 20:42 -------- d-----w- c:\program files (x86)\Common Files\ffdshowEx
2012-09-14 20:42 . 2012-09-14 20:43 -------- d-----w- c:\program files (x86)\MediaMall
2012-09-14 20:41 . 2012-09-24 13:57 -------- d-----w- c:\programdata\MediaMall
2012-09-14 20:40 . 2012-09-14 20:40 -------- d-----w- c:\windows\Downloaded Installations
2012-09-14 13:50 . 2012-09-14 13:50 -------- d-----w- c:\users\Shannon\AppData\Local\adaware
2012-09-14 13:50 . 2012-09-24 20:21 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-09-14 13:50 . 2011-12-19 16:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-09-14 13:49 . 2011-12-19 17:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-09-14 13:49 . 2011-10-26 18:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-09-14 13:49 . 2012-09-14 13:49 -------- d-----w- c:\programdata\Lavasoft
2012-09-14 13:49 . 2012-09-14 14:47 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-09-14 13:49 . 2012-09-14 13:49 -------- d-----w- c:\users\Shannon\AppData\Local\Downloaded Installations
2012-09-14 13:48 . 2012-09-15 12:11 -------- d-----w- c:\users\Shannon\AppData\Roaming\Ad-Aware Antivirus
2012-09-14 13:28 . 2012-09-14 13:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-14 13:28 . 2012-09-14 13:28 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-12 10:58 . 2012-09-12 10:58 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-12 07:22 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 07:22 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 07:22 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 07:22 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 07:22 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 07:22 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 07:22 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 03:07 . 2012-09-11 03:07 -------- d-----w- c:\users\Shannon\AppData\Roaming\Amazon
2012-09-11 03:07 . 2012-09-11 03:07 -------- d-----w- c:\program files (x86)\Amazon
2012-09-04 03:02 . 2012-09-04 03:02 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 20:21 . 2012-06-20 00:34 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2012-09-22 00:18 . 2012-06-21 04:13 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-22 00:18 . 2012-06-21 04:13 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-15 11:52 . 2012-07-14 14:19 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 12:23 . 2012-07-13 01:13 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-08-31 12:22 . 2012-07-13 01:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-03 22:22 . 2012-08-03 22:22 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-08-03 22:21 . 2012-08-03 22:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-03 22:19 . 2012-08-03 22:19 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-03 22:19 . 2012-08-03 22:19 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-07-18 18:15 . 2012-08-15 14:16 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 01:13 . 2012-07-13 01:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-13 01:12 . 2012-07-13 01:12 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-08 20:04 . 2012-07-08 20:04 28528 ----a-w- c:\windows\system32\drivers\povrtdev.sys
2012-07-06 20:07 . 2012-08-16 12:22 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-15 14:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 14:16 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 14:16 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 14:16 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-27 01:37 . 2011-03-29 02:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-2-18 549040]
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2012-4-20 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 250288]
R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-12 114144]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-01-18 250984]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-22 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-10-28 80512]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-10-28 42624]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-02 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-02 361984]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2012-09-10 3057528]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-10-15 17152]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-07-15 96896]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-02 10208256]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-02 317952]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-07-15 214144]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 97683692
*Deregistered* - 97683692
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-18 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-07-12 22:32]
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 00:18]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:37]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\gl85toj9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-24 20:13:12
ComboFix-quarantined-files.txt 2012-09-25 00:13
ComboFix2.txt 2012-09-24 22:38
.
Pre-Run: 207,073,030,144 bytes free
Post-Run: 207,008,768,000 bytes free
.
- - End Of File - - A80DCE125F4FC72DEB5316E2858081A5

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 24 September 2012 - 11:40 PM

Hello Timber!

Things are looking very good at this time!!

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
uTorrentControl2 Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Timber!

Timber!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Asheville, North Carolina
  • Local time:01:11 PM

Posted 25 September 2012 - 07:38 AM

Everything done, I am not not having any issues right now!

MBAM log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shannon :: SHANNON-PC [administrator]

9/25/2012 8:33:18 AM
mbam-log-2012-09-25 (08-33-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221707
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:37:36 AM, on 9/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Users\Shannon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files (x86)\MediaMall\MediaMallServer.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10483 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 25 September 2012 - 12:59 PM

Greetings Timber!

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - Global Startup: FancyStart daemon.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Timber!

Timber!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Asheville, North Carolina
  • Local time:01:11 PM

Posted 25 September 2012 - 03:44 PM

Nothing came up on the scan, everything is working very well!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 25 September 2012 - 04:05 PM

Hello


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Timber!

Timber!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Asheville, North Carolina
  • Local time:01:11 PM

Posted 25 September 2012 - 06:05 PM

Thank you so much for your help, Gringo!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users