Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STUBBORN ADWARE INFECTION - FIREFOX


  • This topic is locked This topic is locked
41 replies to this topic

#1 diamondstar693

diamondstar693

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 26 September 2012 - 11:45 AM

Hi...


I hope you can be of assistance...I need HELP!

Not sure how but my system, specifically FIREFOX 15.0.1(it seems) got infected by a STUBBORN Adware infection that generates POP-UP AD-PAGES by ad.adnetwork.net, ad.yieldmanager.com, ad.serverplus.com, etc, etc...when clicking on LOGIN FIELDS in normal, safe, webpages.

I ran SPYBOT S&D and it removed to issues that didn't help

LAVASOFT ADWARE found Trojan.Win32.Autoit.gen.1(v), Trojan.Win32.Generic.pak!cobra, Trojan.Win32.Generic!BT and it seems that these are being regenerated once cleaned...so they must be linked to the source.

I ran RSIT and I have attached the logs here. Can you please check them out and tell me if this is a system compromising BACKDOOR situation...if not can you let me know how to exterminate this pest...

Many thanks in advance.

Best

Attached Files

  • Attached File  log.txt   54.38KB   3 downloads
  • Attached File  info.txt   28.73KB   1 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 26 September 2012 - 03:20 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 diamondstar693

diamondstar693
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 27 September 2012 - 11:12 PM

Hi, thanks for your response. My Firfox is now worse...very lethargic, takes ages to open...I get script error windows asking me if I want to stop the script...absolutely non-functional. Something new seems to have emerged...clicking on my TASK BAR at the bottom of my DESKTOP after happily working with EXPLORER or CHROME for a while also now periodically causes a lethargic response with the blue wheel spinning round and round. In this state attempting to open my TASK MANAGER causes a black screen after a few minute wait, then an error window saying it couldn't be started...strangely enough after clicking "Accept" in the error window the TASK MANAGER is open and functional...other times not. A reboot is always necessary in either case. Below are the SECURITY CHECK log and the DDS logs: (NOTE: I only had AVAST BASIC installed when the issue occurred - using WINDOWS FIREWALL...SPYBOT, TEATIMER & AD-WARE were installed after the fact in an attempt to clean my system.)

SECURITY CHECK:
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Lavasoft Ad-Aware
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
MVPS Hosts File
Spybot - Search & Destroy
Java 7 Update 7
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Spybot Teatimer.exe is disabled!
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

END
--------------------------------------------------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Familia at 22:43:30 on 2012-09-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.52.3082.18.8069.5332 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
C:\Users\Familia\Documents\Peter's File\Computer Stuff\PCMeter\PCMeterV0.2.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\lucidservices.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\S5WOW_App\x64\S5wow_2005.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [Google Update] "C:\Users\Familia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [<NO NAME>]
mRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{08DC37DF-58DE-4080-82C2-1E692B4A7A7F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{734F5217-CE12-4AB2-9DF2-CC53F9076DA4} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\Windows\SysWOW64\appinit_dll.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{53707962-6F74-2D53-2644-206D7942484F}
{6c97a91e-4524-4019-86af-2aa2d567bf5c}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{6c97a91e-4524-4019-86af-2aa2d567bf5c}
mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun-x64: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [(Predeterminado)]
mRun-x64: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
AppInit_DLLs-X64: C:\Windows\SysWOW64\appinit_dll.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\2on6nc5y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sankiglobal.com/|http://www.immunotec.com/|https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2|http://mx.yahoo.com/?p=us|http://www.facebook.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Familia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\system32\DRIVERS\asahci64.sys --> C:\Windows\system32\DRIVERS\asahci64.sys [?]
R0 iusb3hcs;Controlador del conmutador de la controladora de host Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\system32\DRIVERS\ndisrd.sys --> C:\Windows\system32\DRIVERS\ndisrd.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-9-20 1236368]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-8-22 918448]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-8-22 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-8-22 149120]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [2012-8-22 1473664]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-22 44808]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-8-22 233328]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-22 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-22 161560]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-22 1258856]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-26 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-22 363800]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-8-22 160768]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 IntcDAud;Sonido Intel® para pantallas;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iusb3hub;Controlador del concentrador Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Controlador de la controladora de host Intel® USB 3.0 eXtensible;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\system32\DRIVERS\VirtuWDDM.sys --> C:\Windows\system32\DRIVERS\VirtuWDDM.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-22 250568]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-8-22 274200]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-8-22 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-8-22 8456]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-22 114144]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 StorSvc;Servicio de almacenamiento;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-26 15:25:27 -------- d-----w- C:\Program Files (x86)\trend micro
2012-09-26 15:08:03 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-09-26 13:47:50 -------- d-----w- C:\Users\Familia\AppData\Roaming\LavasoftStatistics
2012-09-26 13:46:25 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-09-26 13:46:25 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-09-26 13:46:25 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-09-26 13:46:24 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-09-26 13:46:17 -------- d-----w- C:\Users\Familia\AppData\Local\Downloaded Installations
2012-09-26 13:46:04 -------- d-----w- C:\ProgramData\blekko toolbars
2012-09-26 13:46:03 -------- d-----w- C:\Users\Familia\AppData\Local\adawarebp
2012-09-26 13:46:02 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-09-26 13:45:56 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-09-26 13:45:54 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-09-26 13:44:42 -------- d-----w- C:\Users\Familia\AppData\Roaming\Ad-Aware Antivirus
2012-09-26 13:16:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-09-26 13:16:13 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-25 17:50:08 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{470829E6-4ADD-4B67-A04F-84E1EDA252A0}\mpengine.dll
2012-09-25 17:50:08 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-20 14:01:10 -------- d-----r- C:\Program Files (x86)\Skype
2012-09-20 06:45:02 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-20 04:11:25 87040 ----a-w- C:\Windows\SysWow64\pdfmonnt.dll
2012-09-20 04:11:24 -------- d-----w- C:\Program Files (x86)\8848Soft
2012-09-15 08:28:20 -------- d-----w- C:\temp
2012-09-13 01:16:17 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-13 01:16:17 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-13 01:16:16 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-13 01:16:16 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-13 01:16:16 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-13 01:16:16 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-13 01:16:16 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-30 19:48:50 -------- d-----w- C:\Users\Familia\AppData\Local\Adobe
2012-08-30 15:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2012-09-28 03:12:42 1048576 ----a-w- C:\Windows\PE_Rom.dll
2012-09-20 06:45:00 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-20 06:45:00 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-08-30 16:18:05 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 20:31:11 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-22 20:31:10 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 18:22:55 13338112 ----a-w- C:\Users\Familia\PCPE_3.0.1.msi
2012-08-22 06:50:05 16896 ----a-w- C:\Windows\AsTaskSched.dll
2012-08-21 09:13:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-21 09:13:12 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-21 09:13:12 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-12 01:53:40 32400 ----a-w- C:\Windows\System32\drivers\ndisrd.sys
2012-08-12 01:29:06 46152 ----a-w- C:\Windows\SysWow64\drivers\ASUSFILTER.sys
2012-08-12 01:29:04 26136 ----a-w- C:\Windows\System32\drivers\ICCWDT.sys
2012-08-12 01:28:46 28672 ----a-w- C:\Windows\SysWow64\AsIO.dll
2012-08-12 01:28:46 13440 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
2012-08-12 01:28:44 11832 ------w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2012-08-12 01:28:44 10216 ------w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2012-08-12 01:28:43 14464 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys
2012-08-03 00:49:10 419144 ----a-w- C:\Windows\SysWow64\appinit_dll.dll
2012-08-03 00:48:58 75592 ----a-w- C:\Windows\System32\drivers\VirtuWDDM.sys
2012-08-03 00:48:44 464200 ----a-w- C:\Windows\System32\appinit_dll.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 15:25:21 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-07-03 15:25:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-07-03 07:37:57 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 22:43:45.46 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 22/08/2012 01:45:25 a.m.
System Uptime: 27/09/2012 10:11:48 p.m. (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-V PRO
Processor: Intel® Core™ i5-3550 CPU @ 3.30GHz | LGA1155 | 3301/103mhz
.
==== Disk Partitions =========================
.
A: is FIXED (NTFS) - 488 GiB total, 332.529 GiB free.
B: is FIXED (NTFS) - 488 GiB total, 109.42 GiB free.
C: is FIXED (NTFS) - 886 GiB total, 657.496 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 17.83 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 47.31 GiB free.
H: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: USB20 Camera
Device ID: USB\VID_0458&PID_702F\6&182A12DA&0&8
Manufacturer:
Name: USB20 Camera
PNP Device ID: USB\VID_0458&PID_702F\6&182A12DA&0&8
Service:
.
==== System Restore Points ===================
.
RP49: 18/09/2012 08:32:57 a.m. - Windows Update
RP50: 20/09/2012 01:44:44 a.m. - Installed Java 7 Update 7
RP51: 21/09/2012 02:16:23 p.m. - Windows Update
RP52: 22/09/2012 03:00:42 a.m. - Windows Update
RP53: 25/09/2012 12:49:54 p.m. - Windows Update
RP54: 26/09/2012 03:00:10 a.m. - Windows Update
RP55: 26/09/2012 10:07:56 a.m. - Windows Update
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Security Add-on
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AI Suite II
aioscnnr
Apple Application Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
ASUS PC Diagnostics
avast! Free Antivirus
center
EaseUS Partition Master 9.1.1 Home Edition
essentials
Google Chrome
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Watchdog Timer Driver (Intel® WDT)
Java 7 Update 7
Java Auto Updater
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (Spanish) 2007
Microsoft Office Outlook 2007 Help Actualización (KB963677)
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ocr
Plants vs. Zombies
PowerChute Personal Edition 3.0.2
PreReq
Qualcomm Atheros WiFi Driver Installation
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
Software de la impresora multifunción KODAK
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
.
==== Event Viewer Messages From Past Week ========
.
27/09/2012 10:12:25 p.m., Error: Service Control Manager [7000] - El servicio WinRing0_1_2_0 no pudo iniciarse debido al siguiente error: El sistema no puede encontrar el archivo especificado.
27/09/2012 09:32:18 a.m., Error: Service Control Manager [7001] - El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.
27/09/2012 09:18:11 a.m., Error: Microsoft-Windows-WLAN-AutoConfig [10000] - El módulo de extensibilidad de WLAN no se pudo iniciar. Ruta de acceso del módulo: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll Código de error: 21
27/09/2012 09:18:00 a.m., Error: Service Control Manager [7001] - El servicio Proveedor de Grupo Hogar depende del servicio Host de proveedor de detección de función, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.
27/09/2012 09:17:59 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {9E175B6D-F52A-11D8-B9A5-505054503030}
27/09/2012 09:17:59 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
27/09/2012 09:17:58 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/09/2012 09:17:53 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "" para ejecutar el servidor: {DD522ACC-F821-461A-A407-50B198B896DC}
27/09/2012 09:17:51 a.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: AsIO AsUpIO aswSnx aswSP aswTdi discache spldr Wanarpv6
27/09/2012 04:37:24 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:37:24 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:36:23 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:36:23 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:35:24 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:35:24 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:34:27 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:34:27 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:33:32 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:33:32 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:32:39 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:32:39 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:31:48 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:31:48 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:30:59 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:30:59 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:30:12 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:30:12 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:28:26 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:28:26 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:27:23 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:27:23 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:26:22 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:26:22 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:25:23 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:25:23 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:24:26 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:24:26 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:23:31 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:23:31 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:22:38 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:22:38 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:21:47 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:21:47 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:20:58 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:20:58 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:20:11 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:20:11 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:18:50 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:18:50 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:17:47 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:17:47 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:16:46 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:16:46 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:15:47 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:15:47 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:14:50 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:14:50 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:13:55 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:13:55 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:13:02 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:13:02 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:12:11 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:12:11 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:11:22 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:11:22 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:10:27 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instantáneas de volumen.
27/09/2012 04:10:27 p.m., Error: Service Control Manager [7000] - El servicio Instantáneas de volumen no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 04:10:27 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1053" al intentar iniciar el servicio VSS con argumentos "" para ejecutar el servidor: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
27/09/2012 03:21:58 p.m., Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio eventlog.
27/09/2012 03:21:28 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Intel® Management and Security Application User Notification Service.
27/09/2012 03:21:28 p.m., Error: Service Control Manager [7000] - El servicio Intel® Management and Security Application User Notification Service no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 03:20:58 p.m., Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio eventlog.
27/09/2012 03:20:42 p.m., Error: Service Control Manager [7022] - El servicio Windows Update no respondió después de iniciar.
27/09/2012 03:17:32 p.m., Error: Service Control Manager [7000] - El servicio NVIDIA Update Service Daemon no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
27/09/2012 03:17:16 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio NVIDIA Update Service Daemon.
27/09/2012 03:15:41 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Microsoft .NET Framework NGEN v4.0.30319_X64.
27/09/2012 03:14:39 p.m., Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Microsoft .NET Framework NGEN v4.0.30319_X86.
26/09/2012 08:57:19 p.m., Error: Microsoft-Windows-WMPNSS-Service [14365] - Error de detección de proximidad desconocido: "0x80004004". El mejor tiempo de proximidad detectado fue -1 milisegundos.
26/09/2012 03:10:22 a.m., Error: volsnap [36] - Se anularon las instantáneas del volumen A: porque el almacenamiento de instantáneas no pudo crecer debido a un límite impuesto por el usuario.
26/09/2012 02:08:29 a.m., Error: iaStor [9] - El dispositivo, \Device\Ide\iaStor0, no respondió en el tiempo de espera permitido.
26/09/2012 02:08:28 a.m., Error: iaStor [9] - El dispositivo, \Device\Ide\iaStor0, no respondió en el tiempo de espera permitido.
26/09/2012 02:08:27 a.m., Error: iaStor [9] - El dispositivo, \Device\Ide\iaStor0, no respondió en el tiempo de espera permitido.
.
==== End Of File ===========================

Hope that you can help...thanks for all of your efforts....

#4 diamondstar693

diamondstar693
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 27 September 2012 - 11:44 PM

Hi Again...

Upon further investigation it seems that when I open FIREFOX and go to a webpage that contains LOGIN fields (including www.bleepingcomputer.com) something is installing invisible links to ad-pages. The mouse arrow turns into a hand on different parts of the page...left clicking on the area and selecting INSPECT ELEMENT reveals the ad...a source code example is:

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright © 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "iframe"; rm_url = "http://ad.yieldmanager.com/imp?Z=300x250&s=3544490&T=3&_salt=249072224";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Array();if(rm_crex_data.length>0){rm_url+="&X=";for(var i=0;i<rm_crex_data.length;i++){rm_url+=rm_crex_data[i];if(i!=rm_crex_data.length-1){rm_url+=",";}}}}else{rm_pb_data.push(rm_crex_data.pop());rm_url+="&X=";for(var i=0;i<rm_pb_data.length;i++){rm_url+=rm_pb_data[i];if(i!=rm_pb_data.length-1){rm_url+=",";}}rm_url+="&Y=pb";}var flash=new Object();flash=flashDetection();if(cookiesEnabled()){rm_url+=(flash.installed?"&B=10":"&B=12");}else{rm_url+=(flash.installed?"&B=11":"&B=13");}if(!flash.installed||rm_ban_flash==1){rm_url+="&m=2";}if(rm_url.indexOf("&u=")==-1){var url='';try{if(rm_tag_type=="ad"){if(top==self){url=encodeURIComponent(top.location.href);url=url.substr(0,256);rm_url+="&u="+url;}}else if(rm_tag_type=="iframe"){url=encodeURIComponent(document.referrer);url=url.substr(0,256);rm_url+="&u="+url;}}catch(e){}}if(top==self){rm_url+="&r=1";}else{rm_url+="&r=0";}var rm_tag_src='<script TYPE="text/javascript" SRC="'+rm_url+'"><\/SCRIPT>';if(rm_pop_frequency){if(rmCanShowPop(rm_pop_id,rm_pop_times,rm_pop_frequency)||rm_pop_nofreqcap){document.write(rm_tag_src);}}else{document.write(rm_tag_src);}function cookiesEnabled(){var cookieEnabled=(navigator.cookieEnabled)?true:false;if(typeof navigator.cookieEnabled=="undefined"&&!cookieEnabled){document.cookie="testcookie";cookieEnabled=(document.cookie.indexOf("testcookie")!=-1)?true:false;}return cookieEnabled;}function rmGetCookie(Name){var search=Name+"=";var CookieString=document.cookie;var result=null;if(CookieString.length>0){offset=CookieString.indexOf(search);if(offset!=-1){offset+=search.length;end=CookieString.indexOf(";",offset);if(end==-1){end=CookieString.length;}result=unescape(CookieString.substring(offset,end));}}return result;}function flashDetection(){var flash=new Object();flash.installed=false;flash.version='0.0';if(navigator.plugins&&navigator.plugins.length){for(x=0;x<navigator.plugins.length;x++){if(navigator.plugins[x].name.indexOf('Shockwave Flash')!=-1){flash.version=navigator.plugins[x].description.split('Shockwave Flash ')[1];flash.installed=true;break;}}}else if(window.ActiveXObject){for(x=2;x<10;x++){try{oFlash=eval("new ActiveXObject('ShockwaveFlash.ShockwaveFlash."+x+"');");if(oFlash){flash.installed=true;flash.version=x+'.0';}}catch(e){}}}return flash;}function rmReplace(myString,toReplace,replaceBy){return(myString.replace(new RegExp(toReplace,'gi'),replaceBy));}function writeCookie(ckName,ckVal){var numdays=14;var today=new Date();var expires=new Date();expires.setTime(today.getTime()+(1000*60*60*24*numdays));var cookieText=ckName+"="+ckVal+";expires="+expires.toGMTString()+";path=/;";document.cookie=cookieText;return null;}function rmCanShowPop(rm_pop_id,pop_times,pop_frequency){var countCookieName=RM_POP_COOKIE_NAME+rm_pop_id;var expireCookieName=RM_POP_COOKIE_NAME+"_expiration"+rm_pop_id;var shownTimes=rmGetCookie(countCookieName);if(shownTimes==null){rmWriteExpirationCookie(expireCookieName,pop_frequency);shownTimes=0;}else{shownTimes=Number(shownTimes);}if(shownTimes<pop_times){shownTimes=1+shownTimes;var expiration=rmGetCookie(expireCookieName);rmWritePopFrequencyCookie(rm_pop_id,shownTimes,expiration);return_value=true;}else{return_value=false;}return return_value;}function rmWritePopFrequencyCookie(rm_pop_id,shownTimes,expiration){var cookieName=RM_POP_COOKIE_NAME+rm_pop_id;var cookieText=cookieName+"="+shownTimes+";"+"expires="+expiration+";path=/;";document.cookie=cookieText;}function rmWriteExpirationCookie(cookieName,frequency){var today=new Date();var expires=new Date();expires.setTime(today.getTime()+(1000*frequency));var cookieText=cookieName+"="+expires.toGMTString()+";"+"expires="+expires.toGMTString()+";path=/;";document.cookie=cookieText;}</script><noscript><a href="http://ad.yieldmanager.com/imageclick?Z=300x250&s=3544490&T=3&_salt=249072224&t=2" target="_parent"><img border="0" src="http://ad.yieldmanager.com/imp?Z=300x250&s=3544490&T=3&_salt=249072224&t=2"></img></a></noscript></body></html>

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 28 September 2012 - 02:40 AM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 diamondstar693

diamondstar693
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 28 September 2012 - 12:59 PM

Hi, Thanks for your response and all of your efforts...after running Adwcleaner & Roguekiller the problem still exists as before...below are the logs:


# AdwCleaner v2.003 - Logfile created 09/28/2012 at 12:35:23
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Familia - DESKTOP
# Boot Mode : Normal
# Running from : C:\Users\Familia\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\blekko toolbars

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-3157864256-3784605268-1552780951-1003\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\2on6nc5y.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1458 octets] - [28/09/2012 12:30:13]
AdwCleaner[S1].txt - [1876 octets] - [28/09/2012 12:35:23]

########## EOF - C:\AdwCleaner[S1].txt - [1936 octets] ##########

I ACCIDENTALLY RAN ROGUEKILLER NORMALLY (not as ADMINISTRATOR) the first time...it deleted some registry entries and Killed a .exe...I THEN RAN IT AS ADMINISTRATOR (log at bottom following the first)

RAN NORMAL (not as ADMINISTRATOR)1st time (Killed process & deleted Registry entries):

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Familia [Admin rights]
Mode : Remove -- Date : 09/28/2012 12:39:06

¤¤¤ Bad processes : 1 ¤¤¤
[BLACKLIST] S5wow_2005.exe -- -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> A:\Documents and Settings\Default\NTUSER.DAT
-> A:\Documents and Settings\Default User\NTUSER.DAT
-> A:\Documents and Settings\UpdatusUser\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\Familia\NTUSER.DAT
-> E:\Documents and Settings\LocalService\NTUSER.DAT
-> E:\Documents and Settings\NetworkService\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: 2W0FFBMN +++++
--- User ---
[MBR] 6f3f3024b01fd54c6f6498e0e15bf781
[BSP] 5b72bfcad081bace76b88b0cbc14e879 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 500000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024002048 | Size: 500000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048002048 | Size: 907723 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Hitachi HDP725025GLA380 +++++
--- User ---
[MBR] e51a531f674028dfee564f8f6b55cd21
[BSP] f676b0004622c61880425d16295519b6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3250310AS +++++
--- User ---
[MBR] d410bd7f204b6034eaa55286f1ae02fc
[BSP] 2b5fd65aafe9ced937a8a2e57b363139 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



RAN AS ADMINISTRATOR AFTER (nothing to delete):

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Familia [Admin rights]
Mode : Remove -- Date : 09/28/2012 12:45:00

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> A:\Documents and Settings\Default\NTUSER.DAT
-> A:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\Familia\NTUSER.DAT
-> E:\Documents and Settings\LocalService\NTUSER.DAT
-> E:\Documents and Settings\NetworkService\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: 2W0FFBMN +++++
--- User ---
[MBR] 6f3f3024b01fd54c6f6498e0e15bf781
[BSP] 5b72bfcad081bace76b88b0cbc14e879 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 500000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024002048 | Size: 500000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048002048 | Size: 907723 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Hitachi HDP725025GLA380 +++++
--- User ---
[MBR] e51a531f674028dfee564f8f6b55cd21
[BSP] f676b0004622c61880425d16295519b6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3250310AS +++++
--- User ---
[MBR] d410bd7f204b6034eaa55286f1ae02fc
[BSP] 2b5fd65aafe9ced937a8a2e57b363139 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 28 September 2012 - 01:09 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 diamondstar693

diamondstar693
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 28 September 2012 - 01:10 PM

Poops...I just noticed that RK produced other reports from the 1st run (not as ADMINISTRATOR) an 2nd RUn as ADMINISTRATOR...Thanks again:

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Familia [Admin rights]
Mode : Scan -- Date : 09/28/2012 12:38:38

¤¤¤ Bad processes : 1 ¤¤¤
[BLACKLIST] S5wow_2005.exe -- -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> A:\Documents and Settings\Default\NTUSER.DAT
-> A:\Documents and Settings\Default User\NTUSER.DAT
-> A:\Documents and Settings\UpdatusUser\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\Familia\NTUSER.DAT
-> E:\Documents and Settings\LocalService\NTUSER.DAT
-> E:\Documents and Settings\NetworkService\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: 2W0FFBMN +++++
--- User ---
[MBR] 6f3f3024b01fd54c6f6498e0e15bf781
[BSP] 5b72bfcad081bace76b88b0cbc14e879 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 500000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024002048 | Size: 500000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048002048 | Size: 907723 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Hitachi HDP725025GLA380 +++++
--- User ---
[MBR] e51a531f674028dfee564f8f6b55cd21
[BSP] f676b0004622c61880425d16295519b6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3250310AS +++++
--- User ---
[MBR] d410bd7f204b6034eaa55286f1ae02fc
[BSP] 2b5fd65aafe9ced937a8a2e57b363139 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Familia [Admin rights]
Mode : Remove -- Date : 09/28/2012 12:38:56

¤¤¤ Bad processes : 1 ¤¤¤
[BLACKLIST] S5wow_2005.exe -- -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> A:\Documents and Settings\Default\NTUSER.DAT
-> A:\Documents and Settings\Default User\NTUSER.DAT
-> A:\Documents and Settings\UpdatusUser\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\Familia\NTUSER.DAT
-> E:\Documents and Settings\LocalService\NTUSER.DAT
-> E:\Documents and Settings\NetworkService\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: 2W0FFBMN +++++
--- User ---
[MBR] 6f3f3024b01fd54c6f6498e0e15bf781
[BSP] 5b72bfcad081bace76b88b0cbc14e879 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 500000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024002048 | Size: 500000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048002048 | Size: 907723 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Hitachi HDP725025GLA380 +++++
--- User ---
[MBR] e51a531f674028dfee564f8f6b55cd21
[BSP] f676b0004622c61880425d16295519b6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3250310AS +++++
--- User ---
[MBR] d410bd7f204b6034eaa55286f1ae02fc
[BSP] 2b5fd65aafe9ced937a8a2e57b363139 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Familia [Admin rights]
Mode : Remove -- Date : 09/28/2012 12:39:06

¤¤¤ Bad processes : 1 ¤¤¤
[BLACKLIST] S5wow_2005.exe -- -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> A:\Documents and Settings\Default\NTUSER.DAT
-> A:\Documents and Settings\Default User\NTUSER.DAT
-> A:\Documents and Settings\UpdatusUser\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\Familia\NTUSER.DAT
-> E:\Documents and Settings\LocalService\NTUSER.DAT
-> E:\Documents and Settings\NetworkService\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: 2W0FFBMN +++++
--- User ---
[MBR] 6f3f3024b01fd54c6f6498e0e15bf781
[BSP] 5b72bfcad081bace76b88b0cbc14e879 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 500000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024002048 | Size: 500000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048002048 | Size: 907723 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Hitachi HDP725025GLA380 +++++
--- User ---
[MBR] e51a531f674028dfee564f8f6b55cd21
[BSP] f676b0004622c61880425d16295519b6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3250310AS +++++
--- User ---
[MBR] d410bd7f204b6034eaa55286f1ae02fc
[BSP] 2b5fd65aafe9ced937a8a2e57b363139 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


RUN AS ADMINISTRATOR:


RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Familia [Admin rights]
Mode : Scan -- Date : 09/28/2012 12:44:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> A:\Documents and Settings\Default\NTUSER.DAT
-> A:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\Familia\NTUSER.DAT
-> E:\Documents and Settings\LocalService\NTUSER.DAT
-> E:\Documents and Settings\NetworkService\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: 2W0FFBMN +++++
--- User ---
[MBR] 6f3f3024b01fd54c6f6498e0e15bf781
[BSP] 5b72bfcad081bace76b88b0cbc14e879 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 500000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024002048 | Size: 500000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048002048 | Size: 907723 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Hitachi HDP725025GLA380 +++++
--- User ---
[MBR] e51a531f674028dfee564f8f6b55cd21
[BSP] f676b0004622c61880425d16295519b6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3250310AS +++++
--- User ---
[MBR] d410bd7f204b6034eaa55286f1ae02fc
[BSP] 2b5fd65aafe9ced937a8a2e57b363139 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt



RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Familia [Admin rights]
Mode : Remove -- Date : 09/28/2012 12:45:00

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> A:\Documents and Settings\Default\NTUSER.DAT
-> A:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\Familia\NTUSER.DAT
-> E:\Documents and Settings\LocalService\NTUSER.DAT
-> E:\Documents and Settings\NetworkService\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: 2W0FFBMN +++++
--- User ---
[MBR] 6f3f3024b01fd54c6f6498e0e15bf781
[BSP] 5b72bfcad081bace76b88b0cbc14e879 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 500000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024002048 | Size: 500000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048002048 | Size: 907723 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Hitachi HDP725025GLA380 +++++
--- User ---
[MBR] e51a531f674028dfee564f8f6b55cd21
[BSP] f676b0004622c61880425d16295519b6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3250310AS +++++
--- User ---
[MBR] d410bd7f204b6034eaa55286f1ae02fc
[BSP] 2b5fd65aafe9ced937a8a2e57b363139 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 28 September 2012 - 01:13 PM

Hello


No problem and thanks for the reports - Go ahead and run post 7 and send me the report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 diamondstar693

diamondstar693
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 28 September 2012 - 01:45 PM

Hi again and thanks again for your efforts...unfortunately after running COMBOFIX, even though it deleted a number of files the problem still exists as before...here is the log:


ComboFix 12-09-27.03 - Familia 28/09/2012 13:33:04.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.52.3082.18.8069.5922 [GMT -5:00]
Running from: c:\users\Familia\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Familia\en_res.dll
c:\users\Familia\es_res.dll
c:\users\Familia\fr_res.dll
c:\users\Familia\grm_res.dll
c:\users\Familia\it_res.dll
c:\users\Familia\jp_res.dll
c:\users\Familia\mfc80u.dll
c:\users\Familia\msvcr80.dll
c:\users\Familia\PCPE Setup.exe
c:\users\Familia\pt_res.dll
c:\users\Familia\ResourceReader.dll
c:\users\Familia\ru_res.dll
c:\users\Familia\zh_res.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-28 18:36 . 2012-09-28 18:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-28 18:36 . 2012-09-28 18:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-26 15:25 . 2012-09-26 15:25 -------- d-----w- C:\rsit
2012-09-26 15:25 . 2012-09-26 15:25 -------- d-----w- c:\program files (x86)\trend micro
2012-09-26 15:08 . 2012-09-26 15:08 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-09-26 13:47 . 2012-09-26 13:47 -------- d-----w- c:\users\Familia\AppData\Roaming\LavasoftStatistics
2012-09-26 13:46 . 2011-12-19 18:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-09-26 13:46 . 2011-12-19 17:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-09-26 13:46 . 2011-10-26 19:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-09-26 13:46 . 2012-09-26 13:48 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-09-26 13:46 . 2012-09-26 13:46 -------- d-----w- c:\programdata\Lavasoft
2012-09-26 13:46 . 2012-09-26 13:46 -------- d-----w- c:\users\Familia\AppData\Local\Downloaded Installations
2012-09-26 13:46 . 2012-09-26 13:46 -------- d-----w- c:\users\Familia\AppData\Local\adawarebp
2012-09-26 13:46 . 2012-09-28 18:00 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-09-26 13:45 . 2012-09-26 13:45 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-09-26 13:45 . 2012-09-26 13:46 -------- d-----w- c:\program files (x86)\adawaretb
2012-09-26 13:44 . 2012-09-26 15:07 -------- d-----w- c:\users\Familia\AppData\Roaming\Ad-Aware Antivirus
2012-09-26 13:16 . 2012-09-27 14:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-26 13:16 . 2012-09-26 13:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-25 17:50 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{470829E6-4ADD-4B67-A04F-84E1EDA252A0}\mpengine.dll
2012-09-25 17:50 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-20 14:01 . 2012-09-28 18:25 -------- d-----w- c:\users\Familia\AppData\Roaming\Skype
2012-09-20 14:01 . 2012-09-20 14:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-20 14:01 . 2012-09-20 14:01 -------- d-----r- c:\program files (x86)\Skype
2012-09-20 14:01 . 2012-09-20 14:01 -------- d-----w- c:\programdata\Skype
2012-09-20 06:45 . 2012-09-20 06:45 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-20 06:44 . 2012-09-20 06:44 -------- d-----w- c:\program files (x86)\Java
2012-09-20 04:11 . 2005-03-12 14:07 87040 ----a-w- c:\windows\SysWow64\pdfmonnt.dll
2012-09-20 04:11 . 2012-09-20 04:11 -------- d-----w- c:\program files (x86)\8848Soft
2012-09-15 08:28 . 2012-09-15 08:28 -------- d-----w- C:\temp
2012-09-13 01:16 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-13 01:16 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 01:16 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-13 01:16 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-13 01:16 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 01:16 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-13 01:16 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-08-30 19:48 . 2012-08-30 19:48 -------- d-----w- c:\users\Familia\AppData\Local\Adobe
2012-08-30 15:40 . 2012-08-30 15:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-28 18:01 . 2012-08-22 08:06 1048576 ----a-w- c:\windows\PE_Rom.dll
2012-09-20 06:45 . 2012-08-22 19:50 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-20 06:45 . 2012-08-22 19:50 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-13 07:32 . 2012-08-22 19:08 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-30 19:14 . 2012-08-22 07:24 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2012-08-22 07:24 18229096 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-08-30 19:14 . 2012-08-22 07:24 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2012-08-22 07:24 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-30 16:18 . 2012-08-22 07:24 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2012-08-22 07:24 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2012-08-22 07:24 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 16:18 . 2012-08-22 07:24 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2012-08-22 07:24 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2012-08-22 07:24 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-22 20:31 . 2012-08-22 20:31 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-22 20:31 . 2012-08-22 20:31 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 19:17 . 2012-08-22 19:17 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-08-22 19:17 . 2012-08-22 19:17 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-08-22 19:17 . 2012-08-22 19:17 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-08-22 19:17 . 2012-08-22 19:17 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-08-22 19:17 . 2012-08-22 19:17 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-08-22 19:17 . 2012-08-22 19:17 82432 ----a-w- c:\windows\system32\icardie.dll
2012-08-22 19:17 . 2012-08-22 19:17 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-08-22 19:17 . 2012-08-22 19:17 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-08-22 19:17 . 2012-08-22 19:17 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-08-22 19:17 . 2012-08-22 19:17 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-08-22 19:17 . 2012-08-22 19:17 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-08-22 19:17 . 2012-08-22 19:17 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-08-22 19:17 . 2012-08-22 19:17 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-22 19:17 . 2012-08-22 19:17 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-08-22 19:17 . 2012-08-22 19:17 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-08-22 19:17 . 2012-08-22 19:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-08-22 19:17 . 2012-08-22 19:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-08-22 19:17 . 2012-08-22 19:17 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-08-22 19:17 . 2012-08-22 19:17 448512 ----a-w- c:\windows\system32\html.iec
2012-08-22 19:17 . 2012-08-22 19:17 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-22 19:17 . 2012-08-22 19:17 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-08-22 19:17 . 2012-08-22 19:17 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-08-22 19:17 . 2012-08-22 19:17 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-08-22 19:17 . 2012-08-22 19:17 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-08-22 19:17 . 2012-08-22 19:17 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-22 19:17 . 2012-08-22 19:17 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-08-22 19:17 . 2012-08-22 19:17 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-08-22 19:17 . 2012-08-22 19:17 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-08-22 19:17 . 2012-08-22 19:17 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-22 19:17 . 2012-08-22 19:17 222208 ----a-w- c:\windows\system32\msls31.dll
2012-08-22 19:17 . 2012-08-22 19:17 197120 ----a-w- c:\windows\system32\msrating.dll
2012-08-22 19:17 . 2012-08-22 19:17 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-08-22 19:17 . 2012-08-22 19:17 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-08-22 19:17 . 2012-08-22 19:17 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-08-22 19:17 . 2012-08-22 19:17 160256 ----a-w- c:\windows\system32\wextract.exe
2012-08-22 19:17 . 2012-08-22 19:17 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-08-22 19:17 . 2012-08-22 19:17 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-08-22 19:17 . 2012-08-22 19:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-08-22 19:17 . 2012-08-22 19:17 149504 ----a-w- c:\windows\system32\occache.dll
2012-08-22 19:17 . 2012-08-22 19:17 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-08-22 19:17 . 2012-08-22 19:17 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-08-22 19:17 . 2012-08-22 19:17 12288 ----a-w- c:\windows\system32\mshta.exe
2012-08-22 19:17 . 2012-08-22 19:17 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-08-22 19:17 . 2012-08-22 19:17 114176 ----a-w- c:\windows\system32\admparse.dll
2012-08-22 19:17 . 2012-08-22 19:17 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-22 19:17 . 2012-08-22 19:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-08-22 19:17 . 2012-08-22 19:17 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-22 19:17 . 2012-08-22 19:17 103936 ----a-w- c:\windows\system32\inseng.dll
2012-08-22 19:17 . 2012-08-22 19:17 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-08-22 18:22 . 2012-08-22 18:22 13338112 ----a-w- c:\users\Familia\PCPE_3.0.1.msi
2012-08-22 06:50 . 2012-08-22 06:50 16896 ----a-w- c:\windows\AsTaskSched.dll
2012-08-21 09:13 . 2012-08-22 18:14 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-08-22 18:14 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-08-22 18:14 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-08-22 18:14 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-08-22 18:14 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-08-22 18:15 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-08-22 18:14 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-08-22 18:14 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-08-22 18:14 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-12 01:53 . 2012-08-22 07:43 32400 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2012-08-12 01:29 . 2012-08-22 07:52 46152 ----a-w- c:\windows\SysWow64\drivers\ASUSFILTER.sys
2012-08-12 01:29 . 2012-08-22 06:47 26136 ----a-w- c:\windows\system32\drivers\ICCWDT.sys
2012-08-12 01:28 . 2012-08-22 07:32 28672 ----a-w- c:\windows\SysWow64\AsIO.dll
2012-08-12 01:28 . 2012-08-22 07:32 13440 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2012-08-12 01:28 . 2012-08-22 07:32 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2012-08-12 01:28 . 2012-08-22 07:32 10216 ------w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2012-08-12 01:28 . 2012-08-22 07:36 14464 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys
2012-08-03 00:49 . 2012-08-23 06:43 419144 ----a-w- c:\windows\SysWow64\appinit_dll.dll
2012-08-03 00:48 . 2012-08-23 06:43 75592 ----a-w- c:\windows\system32\drivers\VirtuWDDM.sys
2012-08-03 00:48 . 2012-08-23 06:43 464200 ----a-w- c:\windows\system32\appinit_dll.dll
2012-07-18 18:15 . 2012-08-22 08:03 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-22 08:13 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-22 08:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-22 08:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-22 08:13 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-03 07:37 . 2012-08-22 07:24 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-09-20 20:06 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-09-20 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]
"ASUS WiFi GO! FileTransfer Execute"="c:\program files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe" [2012-06-09 1384608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 250568]
R3 ALSysIO;ALSysIO;c:\users\Familia\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2011-12-21 274200]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-22 1255736]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]
S0 iusb3hcs;Controlador del conmutador de la controladora de host Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2012-08-12 32400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-09-20 1236368]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-08-22 918448]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-08-22 951936]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-08-22 149120]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [2012-08-22 1473664]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-24 233328]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2012-03-16 514736]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2012-08-12 26136]
S3 IntcDAud;Sonido Intel® para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Controlador del concentrador Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
S3 iusb3xhc;Controlador de la controladora de host Intel® USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2012-08-03 75592]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Familia\AppData\Local\Temp\tmp76F3.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 20:31]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157864256-3784605268-1552780951-1000Core.job
- c:\users\Familia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 18:11]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157864256-3784605268-1552780951-1000UA.job
- c:\users\Familia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 18:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-21 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-21 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-21 440600]
"VIRTU MVP"="c:\program files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe" [2012-08-03 3097416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\2on6nc5y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sankiglobal.com/|http://www.immunotec.com/|https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2|http://mx.yahoo.com/?p=us|http://www.facebook.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Familia\AppData\Local\Temp\tmp76F3.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-28 13:37:51
ComboFix-quarantined-files.txt 2012-09-28 18:37
.
Pre-Run: 708,969,082,880 bytes libres
Post-Run: 708,863,156,224 bytes libres
.
- - End Of File - - 4006B3F8B11165BA7AF09100A71FF07E

#11 diamondstar693

diamondstar693
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 28 September 2012 - 02:43 PM

It "seems" that the script is a widget from whos.amung.us, looks like their work anyways...and it seems that I am being tracked by them...as I browse data keeps being transferred to whos.amung.us.

Here is another example of the script that is being loaded/superimposed as I click on normal webpage links...it's not just LOGIN pages...

<script type="text/javascript">document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&size=300x250&inv_code=3544493&referrer=http%3A%2F%2Fwww.mediagroupz.org%2Fads.html%3Fw%3D300%26h%3D250&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dad%26ad_size%3D300x250%26section%3D3544493%26pub_url%3D%24%7Badserving.cpxinteractive.com.com%7D"></scr+ipt>');</script><p><noscript><a href="http://ad.yieldmanager.com/imageclick?Z=300x250&s=3544493&t=2" target="parent"><img border="0" src="http://ad.yieldmanager.com/imp?Z=300x250&s=3544493&t=2"></img></a></noscript></p>

It's driving me nuts...I don't like people messing with my kit...

Any ideas?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 28 September 2012 - 03:24 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 diamondstar693

diamondstar693
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 28 September 2012 - 05:29 PM

Ran TDSKILLER...found nothing. First time I ran aswMBR I got a BSOD...ran it on reboot and went through fine, problem still exists a before...logs below:

16:48:29.0890 7588 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:48:30.0439 7588 ============================================================
16:48:30.0439 7588 Current date / time: 2012/09/28 16:48:30.0439
16:48:30.0439 7588 SystemInfo:
16:48:30.0440 7588
16:48:30.0440 7588 OS Version: 6.1.7601 ServicePack: 1.0
16:48:30.0440 7588 Product type: Workstation
16:48:30.0440 7588 ComputerName: DESKTOP
16:48:30.0440 7588 UserName: Familia
16:48:30.0440 7588 Windows directory: C:\Windows
16:48:30.0440 7588 System windows directory: C:\Windows
16:48:30.0440 7588 Running under WOW64
16:48:30.0440 7588 Processor architecture: Intel x64
16:48:30.0440 7588 Number of processors: 4
16:48:30.0440 7588 Page size: 0x1000
16:48:30.0440 7588 Boot type: Normal boot
16:48:30.0440 7588 ============================================================
16:48:31.0281 7588 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C0EE0E00 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:48:31.0295 7588 Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:48:31.0310 7588 Drive \Device\Harddisk2\DR2 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:48:31.0316 7588 ============================================================
16:48:31.0316 7588 \Device\Harddisk0\DR0:
16:48:31.0316 7588 MBR partitions:
16:48:31.0316 7588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3D090000
16:48:31.0316 7588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3D090800, BlocksNum 0x3D090000
16:48:31.0316 7588 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7A120800, BlocksNum 0x6ECE5800
16:48:31.0316 7588 \Device\Harddisk1\DR1:
16:48:31.0316 7588 MBR partitions:
16:48:31.0316 7588 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
16:48:31.0316 7588 \Device\Harddisk2\DR2:
16:48:31.0317 7588 MBR partitions:
16:48:31.0317 7588 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
16:48:31.0317 7588 ============================================================
16:48:31.0318 7588 C: <-> \Device\Harddisk0\DR0\Partition3
16:48:31.0319 7588 A: <-> \Device\Harddisk0\DR0\Partition1
16:48:31.0320 7588 B: <-> \Device\Harddisk0\DR0\Partition2
16:48:31.0334 7588 D: <-> \Device\Harddisk1\DR1\Partition1
16:48:31.0354 7588 E: <-> \Device\Harddisk2\DR2\Partition1
16:48:31.0354 7588 ============================================================
16:48:31.0354 7588 Initialize success
16:48:31.0354 7588 ============================================================
16:48:34.0487 5116 ============================================================
16:48:34.0487 5116 Scan started
16:48:34.0487 5116 Mode: Manual;
16:48:34.0487 5116 ============================================================
16:48:34.0719 5116 ================ Scan system memory ========================
16:48:34.0719 5116 System memory - ok
16:48:34.0719 5116 ================ Scan services =============================
16:48:34.0739 5116 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:48:34.0742 5116 1394ohci - ok
16:48:34.0747 5116 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:48:34.0750 5116 ACPI - ok
16:48:34.0752 5116 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:48:34.0753 5116 AcpiPmi - ok
16:48:34.0766 5116 [ C59992E25F4EBAD9E5C15B0D5D225F99 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
16:48:34.0771 5116 Ad-Aware Service - ok
16:48:34.0776 5116 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:48:34.0778 5116 AdobeARMservice - ok
16:48:34.0806 5116 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:48:34.0808 5116 AdobeFlashPlayerUpdateSvc - ok
16:48:34.0815 5116 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:48:34.0821 5116 adp94xx - ok
16:48:34.0825 5116 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:48:34.0829 5116 adpahci - ok
16:48:34.0833 5116 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:48:34.0836 5116 adpu320 - ok
16:48:34.0839 5116 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:48:34.0841 5116 AeLookupSvc - ok
16:48:34.0847 5116 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:48:34.0856 5116 AFD - ok
16:48:34.0858 5116 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:48:34.0860 5116 agp440 - ok
16:48:34.0862 5116 [ A41B855EDC1F141851E27F984827942C ] AiCharger C:\Windows\syswow64\drivers\AiCharger.sys
16:48:34.0864 5116 AiCharger - ok
16:48:34.0866 5116 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:48:34.0868 5116 ALG - ok
16:48:34.0870 5116 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:48:34.0871 5116 aliide - ok
16:48:34.0876 5116 ALSysIO - ok
16:48:34.0878 5116 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:48:34.0880 5116 amdide - ok
16:48:34.0882 5116 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:48:34.0884 5116 AmdK8 - ok
16:48:34.0886 5116 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:48:34.0888 5116 AmdPPM - ok
16:48:34.0890 5116 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:48:34.0892 5116 amdsata - ok
16:48:34.0895 5116 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:48:34.0898 5116 amdsbs - ok
16:48:34.0900 5116 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:48:34.0901 5116 amdxata - ok
16:48:34.0903 5116 [ 107AB19CC1D40B9D04537F6EEAAC34C9 ] APC Data Service C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
16:48:34.0906 5116 APC Data Service - ok
16:48:34.0913 5116 [ C7F8C8080B055B3DE9A8141DFD8E308A ] APC UPS Service C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
16:48:34.0921 5116 APC UPS Service - ok
16:48:34.0924 5116 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:48:34.0926 5116 AppID - ok
16:48:34.0928 5116 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:48:34.0930 5116 AppIDSvc - ok
16:48:34.0932 5116 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:48:34.0933 5116 Appinfo - ok
16:48:34.0936 5116 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:48:34.0938 5116 Apple Mobile Device - ok
16:48:34.0942 5116 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:48:34.0945 5116 AppMgmt - ok
16:48:34.0947 5116 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:48:34.0949 5116 arc - ok
16:48:34.0951 5116 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:48:34.0953 5116 arcsas - ok
16:48:34.0955 5116 [ EB6DC008A1F36DFD7999EB57E97EAACE ] asahci64 C:\Windows\system32\DRIVERS\asahci64.sys
16:48:34.0958 5116 asahci64 - ok
16:48:34.0967 5116 [ F7692E60147E56A1CEEE144974F41830 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
16:48:35.0207 5116 asComSvc - ok
16:48:35.0216 5116 [ 0466B91EE5767A769E9F8EDB8EF94DDB ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
16:48:35.0219 5116 asHmComSvc - ok
16:48:35.0221 5116 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
16:48:35.0223 5116 AsIO - ok
16:48:35.0225 5116 [ 22842362DF890F5492F85AA60916A697 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
16:48:35.0320 5116 asmthub3 - ok
16:48:35.0326 5116 [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
16:48:35.0423 5116 asmtxhci - ok
16:48:35.0427 5116 [ AD8947D621FDCA48F1F39F4624B60AA1 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
16:48:35.0433 5116 AsSysCtrlService - ok
16:48:35.0435 5116 [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
16:48:35.0437 5116 AsUpIO - ok
16:48:35.0451 5116 [ DE41B14A85A3C85B4661B68E936D6DED ] AsusFanControlService C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
16:48:35.0470 5116 AsusFanControlService - ok
16:48:35.0472 5116 [ A5E4CDB420540095D1293C874B5F89AA ] ASUSFILTER C:\Windows\syswow64\drivers\ASUSFILTER.sys
16:48:35.0475 5116 ASUSFILTER - ok
16:48:35.0478 5116 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
16:48:35.0479 5116 aswFsBlk - ok
16:48:35.0481 5116 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:48:35.0482 5116 aswMonFlt - ok
16:48:35.0485 5116 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
16:48:35.0488 5116 aswRdr - ok
16:48:35.0498 5116 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:48:35.0502 5116 aswSnx - ok
16:48:35.0507 5116 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:48:35.0509 5116 aswSP - ok
16:48:35.0511 5116 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
16:48:35.0512 5116 aswTdi - ok
16:48:35.0514 5116 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:48:35.0516 5116 AsyncMac - ok
16:48:35.0518 5116 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:48:35.0519 5116 atapi - ok
16:48:35.0541 5116 [ 881AF14AD2F1207672873B65ACA6C92F ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:48:35.0669 5116 athr - ok
16:48:35.0677 5116 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:48:35.0681 5116 AudioEndpointBuilder - ok
16:48:35.0687 5116 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:48:35.0689 5116 AudioSrv - ok
16:48:35.0695 5116 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:48:35.0696 5116 avast! Antivirus - ok
16:48:35.0698 5116 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:48:35.0700 5116 AxInstSV - ok
16:48:35.0705 5116 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:48:35.0710 5116 b06bdrv - ok
16:48:35.0714 5116 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:48:35.0718 5116 b57nd60a - ok
16:48:35.0721 5116 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:48:35.0724 5116 BDESVC - ok
16:48:35.0726 5116 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:48:35.0727 5116 Beep - ok
16:48:35.0735 5116 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:48:35.0738 5116 BFE - ok
16:48:35.0747 5116 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:48:35.0760 5116 BITS - ok
16:48:35.0762 5116 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:48:35.0764 5116 blbdrive - ok
16:48:35.0770 5116 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:48:35.0772 5116 Bonjour Service - ok
16:48:35.0775 5116 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:48:35.0777 5116 bowser - ok
16:48:35.0779 5116 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:48:35.0780 5116 BrFiltLo - ok
16:48:35.0782 5116 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:48:35.0784 5116 BrFiltUp - ok
16:48:35.0787 5116 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:48:35.0790 5116 BridgeMP - ok
16:48:35.0793 5116 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:48:35.0794 5116 Browser - ok
16:48:35.0798 5116 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:48:35.0802 5116 Brserid - ok
16:48:35.0803 5116 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:48:35.0805 5116 BrSerWdm - ok
16:48:35.0807 5116 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:48:35.0808 5116 BrUsbMdm - ok
16:48:35.0809 5116 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:48:35.0811 5116 BrUsbSer - ok
16:48:35.0813 5116 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:48:35.0815 5116 BTHMODEM - ok
16:48:35.0819 5116 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:48:35.0821 5116 bthserv - ok
16:48:35.0823 5116 catchme - ok
16:48:35.0826 5116 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:48:35.0828 5116 cdfs - ok
16:48:35.0831 5116 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:48:35.0833 5116 cdrom - ok
16:48:35.0836 5116 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:48:35.0837 5116 CertPropSvc - ok
16:48:35.0839 5116 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:48:35.0841 5116 circlass - ok
16:48:35.0845 5116 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:48:35.0847 5116 CLFS - ok
16:48:35.0853 5116 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:35.0855 5116 clr_optimization_v2.0.50727_32 - ok
16:48:35.0860 5116 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:48:35.0862 5116 clr_optimization_v2.0.50727_64 - ok
16:48:35.0868 5116 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:48:35.0871 5116 clr_optimization_v4.0.30319_32 - ok
16:48:35.0876 5116 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:48:35.0878 5116 clr_optimization_v4.0.30319_64 - ok
16:48:35.0880 5116 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:48:35.0882 5116 CmBatt - ok
16:48:35.0884 5116 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:48:35.0885 5116 cmdide - ok
16:48:35.0891 5116 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:48:35.0897 5116 CNG - ok
16:48:35.0899 5116 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:48:35.0900 5116 Compbatt - ok
16:48:35.0902 5116 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:48:35.0903 5116 CompositeBus - ok
16:48:35.0905 5116 COMSysApp - ok
16:48:35.0909 5116 [ A0050420B91E097C178DFC3C0598F67B ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:48:35.0918 5116 cphs - ok
16:48:35.0921 5116 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
16:48:35.0924 5116 cpuz135 - ok
16:48:35.0927 5116 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:48:35.0928 5116 crcdisk - ok
16:48:35.0932 5116 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:48:35.0934 5116 CryptSvc - ok
16:48:35.0940 5116 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:48:35.0947 5116 CSC - ok
16:48:35.0955 5116 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:48:35.0957 5116 CscService - ok
16:48:35.0964 5116 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:48:35.0967 5116 DcomLaunch - ok
16:48:35.0972 5116 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:48:35.0976 5116 defragsvc - ok
16:48:35.0978 5116 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:48:35.0980 5116 DfsC - ok
16:48:35.0985 5116 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:48:35.0987 5116 Dhcp - ok
16:48:35.0989 5116 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:48:35.0991 5116 discache - ok
16:48:35.0993 5116 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:48:35.0994 5116 Disk - ok
16:48:35.0997 5116 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:48:35.0999 5116 dmvsc - ok
16:48:36.0002 5116 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:48:36.0003 5116 Dnscache - ok
16:48:36.0007 5116 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:48:36.0011 5116 dot3svc - ok
16:48:36.0014 5116 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:48:36.0015 5116 DPS - ok
16:48:36.0017 5116 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:48:36.0018 5116 drmkaud - ok
16:48:36.0022 5116 [ 426D951F2DE2D4DFCBE0D1A42BBBA72F ] DTSAudioSvc C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
16:48:36.0023 5116 DTSAudioSvc - ok
16:48:36.0032 5116 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:48:36.0037 5116 DXGKrnl - ok
16:48:36.0043 5116 [ E53D32044F4A03D64D6C91CF0A22A77E ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
16:48:36.0045 5116 e1cexpress - ok
16:48:36.0048 5116 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:48:36.0050 5116 EapHost - ok
16:48:36.0108 5116 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:48:36.0173 5116 ebdrv - ok
16:48:36.0177 5116 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:48:36.0183 5116 EFS - ok
16:48:36.0195 5116 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:48:36.0210 5116 ehRecvr - ok
16:48:36.0214 5116 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:48:36.0219 5116 ehSched - ok
16:48:36.0228 5116 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:48:36.0237 5116 elxstor - ok
16:48:36.0241 5116 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys
16:48:36.0453 5116 epmntdrv - ok
16:48:36.0454 5116 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:48:36.0456 5116 ErrDev - ok
16:48:36.0460 5116 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
16:48:36.0649 5116 EuGdiDrv - ok
16:48:36.0655 5116 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:48:36.0657 5116 EventSystem - ok
16:48:36.0660 5116 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:48:36.0663 5116 exfat - ok
16:48:36.0666 5116 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:48:36.0669 5116 fastfat - ok
16:48:36.0675 5116 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:48:36.0679 5116 Fax - ok
16:48:36.0681 5116 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:48:36.0683 5116 fdc - ok
16:48:36.0685 5116 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:48:36.0686 5116 fdPHost - ok
16:48:36.0688 5116 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:48:36.0690 5116 FDResPub - ok
16:48:36.0692 5116 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:48:36.0694 5116 FileInfo - ok
16:48:36.0696 5116 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:48:36.0697 5116 Filetrace - ok
16:48:36.0699 5116 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:48:36.0700 5116 flpydisk - ok
16:48:36.0704 5116 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:48:36.0707 5116 FltMgr - ok
16:48:36.0718 5116 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:48:36.0722 5116 FontCache - ok
16:48:36.0725 5116 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:48:36.0727 5116 FontCache3.0.0.0 - ok
16:48:36.0729 5116 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:48:36.0731 5116 FsDepends - ok
16:48:36.0733 5116 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:48:36.0734 5116 Fs_Rec - ok
16:48:36.0737 5116 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:48:36.0740 5116 fvevol - ok
16:48:36.0742 5116 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:48:36.0744 5116 gagp30kx - ok
16:48:36.0746 5116 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:48:36.0747 5116 GEARAspiWDM - ok
16:48:36.0755 5116 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:48:36.0759 5116 gpsvc - ok
16:48:36.0761 5116 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:48:36.0763 5116 hcw85cir - ok
16:48:36.0767 5116 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:48:36.0771 5116 HdAudAddService - ok
16:48:36.0773 5116 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:48:36.0775 5116 HDAudBus - ok
16:48:36.0777 5116 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:48:36.0778 5116 HidBatt - ok
16:48:36.0781 5116 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:48:36.0783 5116 HidBth - ok
16:48:36.0785 5116 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:48:36.0787 5116 HidIr - ok
16:48:36.0789 5116 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:48:36.0790 5116 hidserv - ok
16:48:36.0792 5116 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:48:36.0794 5116 HidUsb - ok
16:48:36.0797 5116 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:48:36.0799 5116 hkmsvc - ok
16:48:36.0802 5116 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:48:36.0806 5116 HomeGroupListener - ok
16:48:36.0809 5116 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:48:36.0812 5116 HomeGroupProvider - ok
16:48:36.0814 5116 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:48:36.0816 5116 HpSAMD - ok
16:48:36.0824 5116 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:48:36.0831 5116 HTTP - ok
16:48:36.0833 5116 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:48:36.0834 5116 hwpolicy - ok
16:48:36.0837 5116 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:48:36.0839 5116 i8042prt - ok
16:48:36.0846 5116 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:48:36.0848 5116 iaStor - ok
16:48:36.0851 5116 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:48:36.0853 5116 IAStorDataMgrSvc - ok
16:48:36.0859 5116 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:48:36.0863 5116 iaStorV - ok
16:48:36.0866 5116 [ 90D95B25F8413F937A2E155F196D892C ] ICCS C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
16:48:36.0868 5116 ICCS - ok
16:48:36.0871 5116 [ C1010ADD3DDAE1196ED21057AF7B2AAE ] ICCWDT C:\Windows\system32\DRIVERS\ICCWDT.sys
16:48:36.0872 5116 ICCWDT - ok
16:48:36.0880 5116 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:48:36.0887 5116 idsvc - ok
16:48:37.0008 5116 [ 0638D16029B1C800908D965AC78970C7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:48:37.0334 5116 igfx - ok
16:48:37.0338 5116 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:48:37.0340 5116 iirsp - ok
16:48:37.0349 5116 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:48:37.0353 5116 IKEEXT - ok
16:48:37.0394 5116 [ E83BB47C3446F0497019DE7FD6C6A86F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:48:37.0447 5116 IntcAzAudAddService - ok
16:48:37.0453 5116 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:48:37.0458 5116 IntcDAud - ok
16:48:37.0467 5116 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:48:37.0743 5116 Intel® Capability Licensing Service Interface - ok
16:48:37.0747 5116 [ 4A9EB8AC8959C580ADCADDBDBBEBE033 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
16:48:37.0750 5116 Intel® PROSet Monitoring Service - ok
16:48:37.0752 5116 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:48:37.0754 5116 intelide - ok
16:48:37.0756 5116 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:48:37.0757 5116 intelppm - ok
16:48:37.0760 5116 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:48:37.0762 5116 IPBusEnum - ok
16:48:37.0764 5116 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:48:37.0766 5116 IpFilterDriver - ok
16:48:37.0773 5116 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:48:37.0775 5116 iphlpsvc - ok
16:48:37.0777 5116 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:48:37.0780 5116 IPMIDRV - ok
16:48:37.0783 5116 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:48:37.0785 5116 IPNAT - ok
16:48:37.0794 5116 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:48:37.0798 5116 iPod Service - ok
16:48:37.0817 5116 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:48:37.0818 5116 IRENUM - ok
16:48:37.0820 5116 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:48:37.0822 5116 isapnp - ok
16:48:37.0825 5116 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:48:37.0829 5116 iScsiPrt - ok
16:48:37.0831 5116 [ B2381712638B0B714D0EEAB9A1F7C640 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
16:48:37.0832 5116 iusb3hcs - ok
16:48:37.0836 5116 [ FD2C6457232E95C014DAD21DEBC64867 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
16:48:37.0838 5116 iusb3hub - ok
16:48:37.0848 5116 [ F6A2B5D030BE7EDF8ADC12C9A40825A8 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:48:37.0852 5116 iusb3xhc - ok
16:48:37.0856 5116 [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
16:48:37.0862 5116 jhi_service - ok
16:48:37.0864 5116 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:48:37.0865 5116 kbdclass - ok
16:48:37.0868 5116 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:48:37.0869 5116 kbdhid - ok
16:48:37.0871 5116 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:48:37.0872 5116 KeyIso - ok
16:48:37.0880 5116 [ 162A5E3A691B903111526147C8D29E6D ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
16:48:37.0883 5116 Kodak AiO Network Discovery Service - ok
16:48:37.0891 5116 [ B5E53FCA219A6491E9A1BA146A5D2452 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
16:48:38.0125 5116 Kodak AiO Status Monitor Service - ok
16:48:38.0128 5116 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:48:38.0130 5116 KSecDD - ok
16:48:38.0133 5116 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:48:38.0135 5116 KSecPkg - ok
16:48:38.0137 5116 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:48:38.0138 5116 ksthunk - ok
16:48:38.0143 5116 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:48:38.0148 5116 KtmRm - ok
16:48:38.0152 5116 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:48:38.0155 5116 LanmanServer - ok
16:48:38.0158 5116 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:48:38.0161 5116 LanmanWorkstation - ok
16:48:38.0165 5116 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:48:38.0166 5116 lltdio - ok
16:48:38.0171 5116 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:48:38.0176 5116 lltdsvc - ok
16:48:38.0178 5116 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:48:38.0181 5116 lmhosts - ok
16:48:38.0185 5116 [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:48:38.0186 5116 LMS - ok
16:48:38.0189 5116 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:48:38.0192 5116 LSI_FC - ok
16:48:38.0194 5116 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:48:38.0197 5116 LSI_SAS - ok
16:48:38.0198 5116 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:48:38.0200 5116 LSI_SAS2 - ok
16:48:38.0204 5116 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:48:38.0206 5116 LSI_SCSI - ok
16:48:38.0208 5116 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:48:38.0210 5116 luafv - ok
16:48:38.0213 5116 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:48:38.0215 5116 Mcx2Svc - ok
16:48:38.0217 5116 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:48:38.0219 5116 megasas - ok
16:48:38.0223 5116 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:48:38.0226 5116 MegaSR - ok
16:48:38.0229 5116 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:48:38.0230 5116 MEIx64 - ok
16:48:38.0232 5116 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:48:38.0235 5116 MMCSS - ok
16:48:38.0236 5116 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:48:38.0238 5116 Modem - ok
16:48:38.0240 5116 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:48:38.0241 5116 monitor - ok
16:48:38.0244 5116 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:48:38.0245 5116 mouclass - ok
16:48:38.0247 5116 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:48:38.0249 5116 mouhid - ok
16:48:38.0251 5116 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:48:38.0253 5116 mountmgr - ok
16:48:38.0256 5116 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:48:38.0257 5116 MozillaMaintenance - ok
16:48:38.0260 5116 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:48:38.0263 5116 mpio - ok
16:48:38.0265 5116 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:48:38.0267 5116 mpsdrv - ok
16:48:38.0277 5116 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:48:38.0281 5116 MpsSvc - ok
16:48:38.0284 5116 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:48:38.0287 5116 MRxDAV - ok
16:48:38.0290 5116 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:48:38.0293 5116 mrxsmb - ok
16:48:38.0297 5116 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:48:38.0301 5116 mrxsmb10 - ok
16:48:38.0304 5116 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:48:38.0306 5116 mrxsmb20 - ok
16:48:38.0308 5116 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:48:38.0309 5116 msahci - ok
16:48:38.0312 5116 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:48:38.0314 5116 msdsm - ok
16:48:38.0317 5116 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:48:38.0321 5116 MSDTC - ok
16:48:38.0324 5116 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:48:38.0326 5116 Msfs - ok
16:48:38.0327 5116 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:48:38.0328 5116 mshidkmdf - ok
16:48:38.0330 5116 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:48:38.0331 5116 msisadrv - ok
16:48:38.0334 5116 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:48:38.0337 5116 MSiSCSI - ok
16:48:38.0339 5116 msiserver - ok
16:48:38.0341 5116 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:48:38.0343 5116 MSKSSRV - ok
16:48:38.0344 5116 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:48:38.0346 5116 MSPCLOCK - ok
16:48:38.0347 5116 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:48:38.0349 5116 MSPQM - ok
16:48:38.0353 5116 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:48:38.0357 5116 MsRPC - ok
16:48:38.0360 5116 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:48:38.0362 5116 mssmbios - ok
16:48:38.0364 5116 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:48:38.0365 5116 MSTEE - ok
16:48:38.0367 5116 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:48:38.0369 5116 MTConfig - ok
16:48:38.0371 5116 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:48:38.0372 5116 Mup - ok
16:48:38.0378 5116 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:48:38.0381 5116 napagent - ok
16:48:38.0386 5116 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:48:38.0390 5116 NativeWifiP - ok
16:48:38.0400 5116 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:48:38.0403 5116 NDIS - ok
16:48:38.0405 5116 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:48:38.0407 5116 NdisCap - ok
16:48:38.0409 5116 [ 270B10B8BD822DD4673781E0A1935DFB ] ndisrd C:\Windows\system32\DRIVERS\ndisrd.sys
16:48:38.0412 5116 ndisrd - ok
16:48:38.0414 5116 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:48:38.0416 5116 NdisTapi - ok
16:48:38.0418 5116 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:48:38.0420 5116 Ndisuio - ok
16:48:38.0423 5116 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:48:38.0426 5116 NdisWan - ok
16:48:38.0428 5116 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:48:38.0430 5116 NDProxy - ok
16:48:38.0432 5116 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:48:38.0433 5116 NetBIOS - ok
16:48:38.0437 5116 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:48:38.0441 5116 NetBT - ok
16:48:38.0443 5116 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:48:38.0444 5116 Netlogon - ok
16:48:38.0449 5116 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:48:38.0452 5116 Netman - ok
16:48:38.0458 5116 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:48:38.0462 5116 netprofm - ok
16:48:38.0464 5116 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:48:38.0467 5116 NetTcpPortSharing - ok
16:48:38.0469 5116 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:48:38.0471 5116 nfrd960 - ok
16:48:38.0475 5116 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:48:38.0478 5116 NlaSvc - ok
16:48:38.0480 5116 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:48:38.0482 5116 Npfs - ok
16:48:38.0484 5116 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:48:38.0486 5116 nsi - ok
16:48:38.0488 5116 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:48:38.0489 5116 nsiproxy - ok
16:48:38.0505 5116 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:48:38.0525 5116 Ntfs - ok
16:48:38.0528 5116 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:48:38.0529 5116 Null - ok
16:48:38.0533 5116 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
16:48:38.0538 5116 NVHDA - ok
16:48:38.0634 5116 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:48:38.0778 5116 nvlddmkm - ok
16:48:38.0783 5116 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:48:38.0785 5116 nvraid - ok
16:48:38.0788 5116 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:48:38.0791 5116 nvstor - ok
16:48:38.0800 5116 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
16:48:38.0804 5116 nvsvc - ok
16:48:38.0816 5116 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:48:38.0820 5116 nvUpdatusService - ok
16:48:38.0823 5116 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:48:38.0826 5116 nv_agp - ok
16:48:38.0832 5116 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:48:38.0836 5116 odserv - ok
16:48:38.0838 5116 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:48:38.0841 5116 ohci1394 - ok
16:48:38.0843 5116 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:48:38.0846 5116 ose - ok
16:48:38.0852 5116 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:48:38.0854 5116 p2pimsvc - ok
16:48:38.0860 5116 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:48:38.0866 5116 p2psvc - ok
16:48:38.0869 5116 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:48:38.0871 5116 Parport - ok
16:48:38.0874 5116 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:48:38.0875 5116 partmgr - ok
16:48:38.0878 5116 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:48:38.0881 5116 PcaSvc - ok
16:48:38.0884 5116 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:48:38.0887 5116 pci - ok
16:48:38.0889 5116 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:48:38.0890 5116 pciide - ok
16:48:38.0893 5116 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:48:38.0896 5116 pcmcia - ok
16:48:38.0899 5116 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:48:38.0900 5116 pcw - ok
16:48:38.0906 5116 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:48:38.0911 5116 PEAUTH - ok
16:48:38.0923 5116 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:48:38.0929 5116 PeerDistSvc - ok
16:48:38.0954 5116 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:48:38.0957 5116 PerfHost - ok
16:48:38.0972 5116 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:48:38.0995 5116 pla - ok
16:48:39.0000 5116 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:48:39.0004 5116 PlugPlay - ok
16:48:39.0006 5116 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:48:39.0009 5116 PNRPAutoReg - ok
16:48:39.0013 5116 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:48:39.0016 5116 PNRPsvc - ok
16:48:39.0019 5116 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
16:48:39.0025 5116 Point64 - ok
16:48:39.0031 5116 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:48:39.0039 5116 PolicyAgent - ok
16:48:39.0043 5116 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:48:39.0045 5116 Power - ok
16:48:39.0048 5116 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:48:39.0050 5116 PptpMiniport - ok
16:48:39.0052 5116 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:48:39.0054 5116 Processor - ok
16:48:39.0057 5116 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:48:39.0060 5116 ProfSvc - ok
16:48:39.0062 5116 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:48:39.0063 5116 ProtectedStorage - ok
16:48:39.0066 5116 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:48:39.0067 5116 Psched - ok
16:48:39.0080 5116 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:48:39.0093 5116 ql2300 - ok
16:48:39.0095 5116 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:48:39.0098 5116 ql40xx - ok
16:48:39.0101 5116 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:48:39.0107 5116 QWAVE - ok
16:48:39.0109 5116 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:48:39.0110 5116 QWAVEdrv - ok
16:48:39.0112 5116 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:48:39.0114 5116 RasAcd - ok
16:48:39.0116 5116 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:48:39.0118 5116 RasAgileVpn - ok
16:48:39.0121 5116 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:48:39.0124 5116 RasAuto - ok
16:48:39.0126 5116 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:39.0128 5116 Rasl2tp - ok
16:48:39.0133 5116 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:48:39.0139 5116 RasMan - ok
16:48:39.0141 5116 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:39.0144 5116 RasPppoe - ok
16:48:39.0146 5116 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:48:39.0148 5116 RasSstp - ok
16:48:39.0152 5116 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:48:39.0156 5116 rdbss - ok
16:48:39.0157 5116 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:48:39.0159 5116 rdpbus - ok
16:48:39.0161 5116 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:39.0162 5116 RDPCDD - ok
16:48:39.0166 5116 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:48:39.0169 5116 RDPDR - ok
16:48:39.0170 5116 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:48:39.0172 5116 RDPENCDD - ok
16:48:39.0174 5116 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:48:39.0175 5116 RDPREFMP - ok
16:48:39.0178 5116 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:48:39.0181 5116 RDPWD - ok
16:48:39.0185 5116 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:48:39.0188 5116 rdyboost - ok
16:48:39.0191 5116 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:48:39.0194 5116 RemoteAccess - ok
16:48:39.0197 5116 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:48:39.0200 5116 RemoteRegistry - ok
16:48:39.0203 5116 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:48:39.0205 5116 RpcEptMapper - ok
16:48:39.0207 5116 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:48:39.0209 5116 RpcLocator - ok
16:48:39.0215 5116 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:48:39.0218 5116 RpcSs - ok
16:48:39.0220 5116 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:48:39.0222 5116 rspndr - ok
16:48:39.0224 5116 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:48:39.0226 5116 s3cap - ok
16:48:39.0227 5116 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:48:39.0229 5116 SamSs - ok
16:48:39.0262 5116 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
16:48:39.0272 5116 SBAMSvc - ok
16:48:39.0276 5116 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
16:48:39.0277 5116 sbapifs - ok
16:48:39.0281 5116 [ B671EEF468D13016B9286F5835A06AE1 ] sbhips C:\Windows\system32\drivers\sbhips.sys
16:48:39.0283 5116 sbhips - ok
16:48:39.0286 5116 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:48:39.0288 5116 sbp2port - ok
16:48:39.0292 5116 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
16:48:39.0293 5116 SBRE - ok
16:48:39.0304 5116 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:48:39.0309 5116 SBSDWSCService - ok
16:48:39.0313 5116 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:48:39.0318 5116 SCardSvr - ok
16:48:39.0320 5116 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:48:39.0322 5116 scfilter - ok
16:48:39.0332 5116 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:48:39.0351 5116 Schedule - ok
16:48:39.0353 5116 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:48:39.0354 5116 SCPolicySvc - ok
16:48:39.0357 5116 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:48:39.0361 5116 SDRSVC - ok
16:48:39.0363 5116 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:48:39.0365 5116 secdrv - ok
16:48:39.0367 5116 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:48:39.0370 5116 seclogon - ok
16:48:39.0372 5116 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:48:39.0375 5116 SENS - ok
16:48:39.0377 5116 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:48:39.0380 5116 SensrSvc - ok
16:48:39.0382 5116 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:48:39.0384 5116 Serenum - ok
16:48:39.0386 5116 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:48:39.0388 5116 Serial - ok
16:48:39.0391 5116 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:48:39.0392 5116 sermouse - ok
16:48:39.0397 5116 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:48:39.0400 5116 SessionEnv - ok
16:48:39.0402 5116 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:48:39.0403 5116 sffdisk - ok
16:48:39.0405 5116 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:48:39.0407 5116 sffp_mmc - ok
16:48:39.0409 5116 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:48:39.0410 5116 sffp_sd - ok
16:48:39.0412 5116 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:48:39.0414 5116 sfloppy - ok
16:48:39.0418 5116 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:48:39.0424 5116 SharedAccess - ok
16:48:39.0428 5116 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:48:39.0432 5116 ShellHWDetection - ok
16:48:39.0434 5116 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:48:39.0436 5116 SiSRaid2 - ok
16:48:39.0438 5116 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:48:39.0440 5116 SiSRaid4 - ok
16:48:39.0469 5116 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:48:39.0479 5116 Skype C2C Service - ok
16:48:39.0483 5116 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:48:39.0486 5116 SkypeUpdate - ok
16:48:39.0488 5116 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:48:39.0491 5116 Smb - ok
16:48:39.0494 5116 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:48:39.0497 5116 SNMPTRAP - ok
16:48:39.0499 5116 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:48:39.0500 5116 spldr - ok
16:48:39.0506 5116 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:48:39.0515 5116 Spooler - ok
16:48:39.0673 5116 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:48:39.0686 5116 sppsvc - ok
16:48:39.0689 5116 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:48:39.0693 5116 sppuinotify - ok
16:48:39.0698 5116 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:48:39.0705 5116 srv - ok
16:48:39.0710 5116 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:48:39.0715 5116 srv2 - ok
16:48:39.0718 5116 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:48:39.0721 5116 srvnet - ok
16:48:39.0724 5116 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:48:39.0728 5116 SSDPSRV - ok
16:48:39.0731 5116 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:48:39.0735 5116 SstpSvc - ok
16:48:39.0741 5116 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:48:39.0743 5116 Stereo Service - ok
16:48:39.0746 5116 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:48:39.0747 5116 stexstor - ok
16:48:39.0754 5116 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:48:39.0767 5116 stisvc - ok
16:48:39.0769 5116 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:48:39.0770 5116 storflt - ok
16:48:39.0772 5116 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
16:48:39.0775 5116 StorSvc - ok
16:48:39.0777 5116 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:48:39.0779 5116 storvsc - ok
16:48:39.0781 5116 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:48:39.0782 5116 swenum - ok
16:48:39.0788 5116 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:48:39.0792 5116 swprv - ok
16:48:39.0807 5116 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:48:39.0814 5116 SysMain - ok
16:48:39.0817 5116 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:48:39.0821 5116 TabletInputService - ok
16:48:39.0825 5116 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:48:39.0831 5116 TapiSrv - ok
16:48:39.0833 5116 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:48:39.0835 5116 TBS - ok
16:48:39.0852 5116 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:48:39.0869 5116 Tcpip - ok
16:48:39.0884 5116 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:48:39.0890 5116 TCPIP6 - ok
16:48:39.0893 5116 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:48:39.0895 5116 tcpipreg - ok
16:48:39.0898 5116 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:48:39.0899 5116 TDPIPE - ok
16:48:39.0902 5116 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:48:39.0903 5116 TDTCP - ok
16:48:39.0906 5116 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:48:39.0908 5116 tdx - ok
16:48:39.0911 5116 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:48:39.0912 5116 TermDD - ok
16:48:39.0919 5116 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:48:39.0923 5116 TermService - ok
16:48:39.0926 5116 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:48:39.0928 5116 Themes - ok
16:48:39.0931 5116 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:48:39.0932 5116 THREADORDER - ok
16:48:39.0935 5116 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:48:39.0938 5116 TrkWks - ok
16:48:39.0941 5116 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:48:39.0943 5116 TrustedInstaller - ok
16:48:39.0946 5116 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:39.0948 5116 tssecsrv - ok
16:48:39.0950 5116 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:48:39.0952 5116 TsUsbFlt - ok
16:48:39.0954 5116 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:48:39.0956 5116 TsUsbGD - ok
16:48:39.0959 5116 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:48:39.0960 5116 tunnel - ok
16:48:39.0962 5116 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:48:39.0964 5116 uagp35 - ok
16:48:39.0969 5116 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:48:39.0973 5116 udfs - ok
16:48:39.0977 5116 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:48:39.0980 5116 UI0Detect - ok
16:48:39.0983 5116 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:48:39.0985 5116 uliagpkx - ok
16:48:39.0987 5116 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:48:39.0988 5116 umbus - ok
16:48:39.0991 5116 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:48:39.0992 5116 UmPass - ok
16:48:39.0996 5116 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:48:39.0999 5116 UmRdpService - ok
16:48:40.0004 5116 [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:48:40.0006 5116 UNS - ok
16:48:40.0010 5116 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:48:40.0016 5116 upnphost - ok
16:48:40.0019 5116 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:48:40.0021 5116 usbccgp - ok
16:48:40.0024 5116 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:48:40.0026 5116 usbcir - ok
16:48:40.0028 5116 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:48:40.0030 5116 usbehci - ok
16:48:40.0035 5116 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:48:40.0039 5116 usbhub - ok
16:48:40.0041 5116 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:48:40.0043 5116 usbohci - ok
16:48:40.0044 5116 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:48:40.0046 5116 usbprint - ok
16:48:40.0048 5116 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
16:48:40.0050 5116 USBSTOR - ok
16:48:40.0052 5116 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:48:40.0054 5116 usbuhci - ok
16:48:40.0056 5116 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:48:40.0058 5116 UxSms - ok
16:48:40.0060 5116 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:48:40.0061 5116 VaultSvc - ok
16:48:40.0063 5116 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:48:40.0065 5116 vdrvroot - ok
16:48:40.0071 5116 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:48:40.0078 5116 vds - ok
16:48:40.0081 5116 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:48:40.0082 5116 vga - ok
16:48:40.0084 5116 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:48:40.0086 5116 VgaSave - ok
16:48:40.0089 5116 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:48:40.0092 5116 vhdmp - ok
16:48:40.0094 5116 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:48:40.0095 5116 viaide - ok
16:48:40.0098 5116 [ 0CDB2633712FF61A7DC486A78A807842 ] VirtuWDDM C:\Windows\system32\DRIVERS\VirtuWDDM.sys
16:48:40.0200 5116 VirtuWDDM - ok
16:48:40.0204 5116 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:48:40.0207 5116 vmbus - ok
16:48:40.0209 5116 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:48:40.0211 5116 VMBusHID - ok
16:48:40.0213 5116 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:48:40.0215 5116 volmgr - ok
16:48:40.0219 5116 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:48:40.0223 5116 volmgrx - ok
16:48:40.0227 5116 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:48:40.0238 5116 volsnap - ok
16:48:40.0241 5116 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:48:40.0244 5116 vsmraid - ok
16:48:40.0258 5116 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:48:40.0266 5116 VSS - ok
16:48:40.0268 5116 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:48:40.0269 5116 vwifibus - ok
16:48:40.0272 5116 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:48:40.0274 5116 vwififlt - ok
16:48:40.0276 5116 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:48:40.0278 5116 vwifimp - ok
16:48:40.0283 5116 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:48:40.0286 5116 W32Time - ok
16:48:40.0289 5116 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:48:40.0291 5116 WacomPen - ok
16:48:40.0294 5116 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:48:40.0296 5116 WANARP - ok
16:48:40.0298 5116 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:48:40.0299 5116 Wanarpv6 - ok
16:48:40.0311 5116 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:48:40.0324 5116 WatAdminSvc - ok
16:48:40.0340 5116 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:48:40.0363 5116 wbengine - ok
16:48:40.0367 5116 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:48:40.0372 5116 WbioSrvc - ok
16:48:40.0377 5116 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:48:40.0380 5116 wcncsvc - ok
16:48:40.0382 5116 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:48:40.0385 5116 WcsPlugInService - ok
16:48:40.0387 5116 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:48:40.0389 5116 Wd - ok
16:48:40.0395 5116 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:48:40.0402 5116 Wdf01000 - ok
16:48:40.0404 5116 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:48:40.0407 5116 WdiServiceHost - ok
16:48:40.0409 5116 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:48:40.0411 5116 WdiSystemHost - ok
16:48:40.0415 5116 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:48:40.0420 5116 WebClient - ok
16:48:40.0424 5116 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:48:40.0430 5116 Wecsvc - ok
16:48:40.0432 5116 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:48:40.0434 5116 wercplsupport - ok
16:48:40.0437 5116 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:48:40.0440 5116 WerSvc - ok
16:48:40.0441 5116 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:48:40.0443 5116 WfpLwf - ok
16:48:40.0445 5116 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:48:40.0447 5116 WIMMount - ok
16:48:40.0448 5116 WinDefend - ok
16:48:40.0450 5116 WinHttpAutoProxySvc - ok
16:48:40.0458 5116 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:48:40.0462 5116 Winmgmt - ok
16:48:40.0468 5116 WinRing0_1_2_0 - ok
16:48:40.0485 5116 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:48:40.0512 5116 WinRM - ok
16:48:40.0524 5116 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:48:40.0530 5116 Wlansvc - ok
16:48:40.0532 5116 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:48:40.0534 5116 WmiAcpi - ok
16:48:40.0538 5116 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:48:40.0540 5116 wmiApSrv - ok
16:48:40.0542 5116 WMPNetworkSvc - ok
16:48:40.0544 5116 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:48:40.0547 5116 WPCSvc - ok
16:48:40.0550 5116 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:48:40.0554 5116 WPDBusEnum - ok
16:48:40.0556 5116 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:48:40.0557 5116 ws2ifsl - ok
16:48:40.0560 5116 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:48:40.0563 5116 wscsvc - ok
16:48:40.0565 5116 WSearch - ok
16:48:40.0586 5116 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:48:40.0595 5116 wuauserv - ok
16:48:40.0598 5116 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:48:40.0600 5116 WudfPf - ok
16:48:40.0603 5116 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:48:40.0606 5116 wudfsvc - ok
16:48:40.0610 5116 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:48:40.0615 5116 WwanSvc - ok
16:48:40.0619 5116 ================ Scan global ===============================
16:48:40.0621 5116 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:48:40.0625 5116 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:48:40.0631 5116 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:48:40.0635 5116 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:48:40.0641 5116 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:48:40.0645 5116 [Global] - ok
16:48:40.0645 5116 ================ Scan MBR ==================================
16:48:40.0669 5116 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:48:40.0766 5116 \Device\Harddisk0\DR0 - ok
16:48:40.0768 5116 [ 792F61657FECE3D17A9122B4EE282847 ] \Device\Harddisk1\DR1
16:48:40.0890 5116 \Device\Harddisk1\DR1 - ok
16:48:40.0897 5116 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
16:48:41.0035 5116 \Device\Harddisk2\DR2 - ok
16:48:41.0035 5116 ================ Scan VBR ==================================
16:48:41.0039 5116 [ A7BE2D0AEAB236C92516D8DE18D6AECF ] \Device\Harddisk0\DR0\Partition1
16:48:41.0040 5116 \Device\Harddisk0\DR0\Partition1 - ok
16:48:41.0043 5116 [ D75FCD7BC2B378BD1D8892C9BEEA65EF ] \Device\Harddisk0\DR0\Partition2
16:48:41.0044 5116 \Device\Harddisk0\DR0\Partition2 - ok
16:48:41.0047 5116 [ 98EAC3043516B3D4B1F45FD3BB2E3B38 ] \Device\Harddisk0\DR0\Partition3
16:48:41.0048 5116 \Device\Harddisk0\DR0\Partition3 - ok
16:48:41.0051 5116 [ AA29895E65A3BF6D94E75C63A0F344FD ] \Device\Harddisk1\DR1\Partition1
16:48:41.0052 5116 \Device\Harddisk1\DR1\Partition1 - ok
16:48:41.0055 5116 [ 487B8B408F7ACBF11D2CCD48B6F7309D ] \Device\Harddisk2\DR2\Partition1
16:48:41.0056 5116 \Device\Harddisk2\DR2\Partition1 - ok
16:48:41.0056 5116 ============================================================
16:48:41.0056 5116 Scan finished
16:48:41.0056 5116 ============================================================
16:48:41.0063 7212 Detected object count: 0
16:48:41.0063 7212 Actual detected object count: 0
16:49:16.0588 8132 Deinitialize success


aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-28 16:53:04
-----------------------------
16:53:04.985 OS Version: Windows x64 6.1.7601 Service Pack 1
16:53:04.986 Number of processors: 4 586 0x3A09
16:53:04.986 ComputerName: DESKTOP UserName: Familia
16:53:05.515 Initialize success
16:53:05.752 AVAST engine defs: 12092800
16:53:17.404 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-3
16:53:17.405 Disk 0 Vendor: Intel___ 1.0. Size: 1907726MB BusType: 8
16:53:17.406 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
16:53:17.407 Disk 1 Vendor: Size: 1907726MB BusType: 0
16:53:17.408 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-2
16:53:17.409 Disk 2 Vendor: Size: 1907726MB BusType: 0
16:53:17.411 Disk 0 MBR read successfully
16:53:17.413 Disk 0 MBR scan
16:53:17.414 Disk 0 Windows 7 default MBR code
16:53:17.416 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 500000 MB offset 2048
16:53:17.418 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 500000 MB offset 1024002048
16:53:17.419 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 907723 MB offset 2048002048
16:53:17.422 Disk 0 scanning C:\Windows\system32\drivers
16:53:20.727 Service scanning
16:53:24.546 Modules scanning
16:53:24.552 Disk 0 trace - called modules:
16:53:24.559 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:53:24.564 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8010ce6060]
16:53:24.569 3 CLASSPNP.SYS[fffff880017c243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-3[0xfffffa80075d1050]
16:53:25.147 AVAST engine scan C:\Windows
16:53:26.196 AVAST engine scan C:\Windows\system32
16:54:31.369 AVAST engine scan C:\Windows\system32\drivers
16:54:35.514 AVAST engine scan C:\Users\Familia
17:10:01.226 AVAST engine scan C:\ProgramData
17:10:12.321 Scan finished successfully
17:18:46.915 Disk 0 MBR has been saved successfully to "C:\Users\Familia\Documents\Peter's File\Computer Stuff\BLEEPING COMP\MBR.dat"
17:18:46.917 The log file has been saved successfully to "C:\Users\Familia\Documents\Peter's File\Computer Stuff\BLEEPING COMP\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 28 September 2012 - 06:42 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 diamondstar693

diamondstar693
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 28 September 2012 - 09:12 PM

Alright...sounds like a plan. Hasn't anybody over there ever come across this type of situation?

I'm on the road for a couple of days and won't have access to my kit until Sunday night...I'll have to do it then...will be on touch.

Cheers!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users