Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible google redirect issue. Please Help.


  • This topic is locked This topic is locked
22 replies to this topic

#1 ImNotBruceClark

ImNotBruceClark

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 30 September 2012 - 02:21 AM

Redirects may be happening in other browsers as well, but I have started using Chrome more than explorer.

About a week ago I noticed that when I clicked on a Google link that my links were directed to buy-static.com and other such spam links.

When I click on the link I get redirected to random sites but not always. Sometimes I get redirected and sometimes I don't.

DDS log below and attach.txt is attached. I am 64-bit so did not run GMER.

Thanks for any help and thank you for your time.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Tak at 0:13:08 on 2012-09-30
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.8190.6643 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Tak\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=6598d59d-98ec-4e8d-93be-33813f956241&searchtype=ds&q={searchTerms}
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=6598d59d-98ec-4e8d-93be-33813f956241&searchtype=ds&q={searchTerms}
uSearchAssistant = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=6598d59d-98ec-4e8d-93be-33813f956241&searchtype=ds&q={searchTerms}
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
uRun: [Spotify Web Helper] "C:\Users\Tak\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{3DA17852-8BC3-4820-ABF7-854EEED66A32} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-9-29 108392]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-13 1258856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-6 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-15 250568]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-6 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-30 05:52:45 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-09-30 05:52:40 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-09-30 05:52:19 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-30 05:33:58 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D0DE17A-E5F8-427C-BC2B-B56427B328D3}\mpengine.dll
2012-09-29 18:58:46 -------- d-----w- C:\Windows\System32\appmgmt
2012-09-29 18:49:25 -------- d-----w- C:\Program Files\HitmanPro
2012-09-29 18:47:55 -------- d-----w- C:\ProgramData\HitmanPro
2012-09-29 09:49:16 -------- d-----w- C:\temp
2012-09-29 00:56:14 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-26 16:07:43 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-12 01:34:51 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 01:34:51 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 01:34:50 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 01:34:50 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 01:34:49 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 01:34:49 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 01:34:49 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-06 20:49:20 -------- d-----w- C:\Users\Tak\AppData\Local\Google
2012-09-05 07:02:58 -------- d-----w- C:\Windows\ShellNew
2012-09-05 07:02:58 -------- d-----w- C:\Program Files (x86)\AutoHotkey
.
==================== Find3M ====================
.
2012-09-30 05:52:14 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-30 05:52:14 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-06 20:49:08 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-06 20:49:08 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-30 17:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-08-30 16:18:04 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 15:25:21 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-07-03 15:25:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-07-03 07:37:57 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 0:13:19.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:00 PM

Posted 30 September 2012 - 12:20 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ImNotBruceClark

ImNotBruceClark
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 30 September 2012 - 01:55 PM

Hi Gringo,

Thank you for your quick reply.

Below is the report from the following.

Security Check:

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 7
Adobe Reader X (10.1.4)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````









AdwCleaner:

# AdwCleaner v2.003 - Logfile created 09/30/2012 at 11:41:23
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate N Service Pack 1 (64 bits)
# User : Tak - TAK-PC
# Boot Mode : Normal
# Running from : C:\Users\Tak\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-2740114171-2027067231-2779275368-1001\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=6598d59d-98ec-4e8d-93be-33813f956241&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=6598d59d-98ec-4e8d-93be-33813f956241&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=6598d59d-98ec-4e8d-93be-33813f956241&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=6598d59d-98ec-4e8d-93be-33813f956241&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Tak\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3005 octets] - [30/09/2012 11:41:23]

########## EOF - C:\AdwCleaner[S1].txt - [3065 octets] ##########









RogueKiller:

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tak [Admin rights]
Mode : Scan -- Date : 09/30/2012 11:48:40

Bad processes : 0

Registry Entries : 3
[TASK][SUSP PATH] {EEA4588C-DA30-4DCC-90E0-A3AD8DABF4B2} : C:\Users\Tak\Desktop\MSSetupv110.exe -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] e927fc6e48681ac4dd971b888216e4a7
[BSP] ccbeb9c18bba1d79b91de9c96b88dbf9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt





Again thank you for your help and time.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:00 PM

Posted 30 September 2012 - 02:02 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ImNotBruceClark

ImNotBruceClark
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 30 September 2012 - 06:05 PM

Hi,

Below is the log from combofix.
I tried using Google but I am still getting redirected.


ComboFix:

ComboFix 12-09-30.01 - Tak 09/30/2012 15:51:45.2.2 - x64
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.8190.6860 [GMT -7:00]
Running from: c:\users\Tak\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))))
.
.
2012-09-30 22:53 . 2012-09-30 22:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-30 22:53 . 2012-09-30 22:53 -------- d-----w- c:\users\Mcx1-TAK-PC\AppData\Local\temp
2012-09-30 22:53 . 2012-09-30 22:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-30 05:52 . 2012-09-30 05:52 -------- d-----w- c:\programdata\McAfee Security Scan
2012-09-30 05:52 . 2012-09-30 05:52 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-09-30 05:52 . 2012-09-30 05:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-30 05:52 . 2012-09-30 05:52 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-30 05:52 . 2012-09-30 05:52 -------- d-----w- c:\program files (x86)\Java
2012-09-30 05:33 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D0DE17A-E5F8-427C-BC2B-B56427B328D3}\mpengine.dll
2012-09-29 18:58 . 2012-09-29 18:58 -------- d-----w- c:\windows\system32\appmgmt
2012-09-29 18:49 . 2012-09-29 18:49 -------- d-----w- c:\program files\HitmanPro
2012-09-29 18:47 . 2012-09-29 18:51 -------- d-----w- c:\programdata\HitmanPro
2012-09-29 09:49 . 2012-09-29 09:49 -------- d-----w- C:\temp
2012-09-29 00:56 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-26 16:07 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-12 01:34 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 01:34 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 01:34 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 01:34 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 01:34 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 01:34 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 01:34 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-06 20:49 . 2012-09-06 20:49 -------- d-----w- c:\program files\Google
2012-09-06 20:49 . 2012-09-28 02:17 -------- d-----w- c:\users\Tak\AppData\Local\Google
2012-09-06 20:49 . 2012-09-06 20:50 -------- d-----w- c:\program files (x86)\Google
2012-09-05 07:02 . 2012-09-05 07:02 -------- d-----w- c:\program files (x86)\AutoHotkey
2012-09-05 07:02 . 2012-09-05 07:02 -------- d-----w- c:\windows\ShellNew
2012-09-03 22:55 . 2012-09-03 22:55 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 05:52 . 2012-07-21 20:36 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-30 05:52 . 2012-07-21 20:36 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-12 10:00 . 2012-05-14 01:48 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-06 20:49 . 2012-05-16 00:46 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-06 20:49 . 2012-05-16 00:46 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-30 19:14 . 2012-05-14 01:39 971624 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-08-30 19:14 . 2012-05-14 01:39 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2012-05-14 01:39 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-30 19:14 . 2012-05-14 01:39 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2012-05-14 01:39 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-08-30 17:40 . 2012-08-30 17:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-30 16:18 . 2012-05-14 01:39 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2012-05-14 01:39 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2012-05-14 01:39 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2012-05-14 01:39 3487434 ----a-w- c:\windows\system32\nvcoproc.bin
2012-08-30 16:18 . 2012-05-14 01:39 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2012-05-14 01:39 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-07-18 18:15 . 2012-08-15 22:18 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 16:33 . 2012-07-09 16:33 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-07-09 16:33 . 2012-07-09 16:33 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-09 16:33 . 2012-07-09 16:33 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-04 22:16 . 2012-08-15 22:18 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 22:18 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 22:18 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 22:18 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-03 07:37 . 2012-05-14 01:39 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Tak\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-26 1193176]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-06 250568]
R3 cpuz134;cpuz134;c:\users\Tak\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 cpuz135;cpuz135;c:\users\Tak\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-14 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-09-29 108392]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 20:49]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06 20:49]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06 20:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-30 15:54:45
ComboFix-quarantined-files.txt 2012-09-30 22:54
ComboFix2.txt 2012-09-30 22:44
.
Pre-Run: 926,072,950,784 bytes free
Post-Run: 926,003,556,352 bytes free
.
- - End Of File - - B5805F5B79E754F5FE42CFF589EA5294



Thanks,

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:00 PM

Posted 30 September 2012 - 06:31 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ImNotBruceClark

ImNotBruceClark
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 30 September 2012 - 08:33 PM

Hi,

I am getting a "access violation" error when I try to run this program.

The exact error is

access violation at address CCCC0460. Read of address CCCC0460.



Please let me know my next steps.

Thanks,

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:00 PM

Posted 01 October 2012 - 01:02 AM

try to run in safe mode


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ImNotBruceClark

ImNotBruceClark
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 01 October 2012 - 03:48 AM

Hi Gringo,

I have tried in safe mode and I am still getting the same error.

Tried using Google but still am being redirected.

Thanks,

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:00 PM

Posted 01 October 2012 - 05:53 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ImNotBruceClark

ImNotBruceClark
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 01 October 2012 - 11:06 AM

Hi Gringo,

The report from TDSSkiller:


08:51:35.0319 3696 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:51:35.0693 3696 ============================================================
08:51:35.0693 3696 Current date / time: 2012/10/01 08:51:35.0693
08:51:35.0693 3696 SystemInfo:
08:51:35.0693 3696
08:51:35.0693 3696 OS Version: 6.1.7601 ServicePack: 1.0
08:51:35.0693 3696 Product type: Workstation
08:51:35.0693 3696 ComputerName: TAK-PC
08:51:35.0694 3696 UserName: Tak
08:51:35.0694 3696 Windows directory: C:\Windows
08:51:35.0694 3696 System windows directory: C:\Windows
08:51:35.0694 3696 Running under WOW64
08:51:35.0694 3696 Processor architecture: Intel x64
08:51:35.0694 3696 Number of processors: 2
08:51:35.0694 3696 Page size: 0x1000
08:51:35.0694 3696 Boot type: Normal boot
08:51:35.0694 3696 ============================================================
08:51:36.0745 3696 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:51:36.0747 3696 ============================================================
08:51:36.0748 3696 \Device\Harddisk0\DR0:
08:51:36.0748 3696 MBR partitions:
08:51:36.0748 3696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:51:36.0748 3696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
08:51:36.0748 3696 ============================================================
08:51:36.0767 3696 C: <-> \Device\Harddisk0\DR0\Partition2
08:51:36.0767 3696 ============================================================
08:51:36.0768 3696 Initialize success
08:51:36.0768 3696 ============================================================
08:52:03.0066 1704 ============================================================
08:52:03.0066 1704 Scan started
08:52:03.0066 1704 Mode: Manual;
08:52:03.0066 1704 ============================================================
08:52:03.0374 1704 ================ Scan system memory ========================
08:52:03.0374 1704 System memory - ok
08:52:03.0374 1704 ================ Scan services =============================
08:52:03.0455 1704 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:52:03.0458 1704 1394ohci - ok
08:52:03.0493 1704 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:52:03.0496 1704 ACPI - ok
08:52:03.0512 1704 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:52:03.0513 1704 AcpiPmi - ok
08:52:03.0573 1704 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:52:03.0574 1704 AdobeARMservice - ok
08:52:03.0680 1704 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:52:03.0681 1704 AdobeFlashPlayerUpdateSvc - ok
08:52:03.0707 1704 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:52:03.0711 1704 adp94xx - ok
08:52:03.0728 1704 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:52:03.0732 1704 adpahci - ok
08:52:03.0746 1704 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:52:03.0748 1704 adpu320 - ok
08:52:03.0776 1704 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:52:03.0777 1704 AeLookupSvc - ok
08:52:03.0809 1704 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:52:03.0814 1704 AFD - ok
08:52:03.0841 1704 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:52:03.0842 1704 agp440 - ok
08:52:03.0855 1704 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:52:03.0856 1704 ALG - ok
08:52:03.0878 1704 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:52:03.0879 1704 aliide - ok
08:52:03.0886 1704 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:52:03.0887 1704 amdide - ok
08:52:03.0896 1704 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:52:03.0897 1704 AmdK8 - ok
08:52:03.0919 1704 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:52:03.0919 1704 AmdPPM - ok
08:52:03.0949 1704 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:52:03.0951 1704 amdsata - ok
08:52:03.0967 1704 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:52:03.0969 1704 amdsbs - ok
08:52:03.0983 1704 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:52:03.0983 1704 amdxata - ok
08:52:04.0005 1704 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:52:04.0006 1704 AppID - ok
08:52:04.0024 1704 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:52:04.0025 1704 AppIDSvc - ok
08:52:04.0048 1704 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:52:04.0049 1704 Appinfo - ok
08:52:04.0086 1704 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
08:52:04.0088 1704 AppMgmt - ok
08:52:04.0091 1704 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
08:52:04.0092 1704 arc - ok
08:52:04.0102 1704 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:52:04.0103 1704 arcsas - ok
08:52:04.0126 1704 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:52:04.0127 1704 AsyncMac - ok
08:52:04.0136 1704 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:52:04.0137 1704 atapi - ok
08:52:04.0159 1704 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:52:04.0165 1704 AudioEndpointBuilder - ok
08:52:04.0173 1704 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:52:04.0176 1704 AudioSrv - ok
08:52:04.0198 1704 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:52:04.0199 1704 AxInstSV - ok
08:52:04.0226 1704 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:52:04.0230 1704 b06bdrv - ok
08:52:04.0249 1704 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:52:04.0252 1704 b57nd60a - ok
08:52:04.0263 1704 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:52:04.0264 1704 BDESVC - ok
08:52:04.0281 1704 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:52:04.0281 1704 Beep - ok
08:52:04.0306 1704 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:52:04.0312 1704 BFE - ok
08:52:04.0335 1704 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
08:52:04.0343 1704 BITS - ok
08:52:04.0357 1704 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:52:04.0358 1704 blbdrive - ok
08:52:04.0383 1704 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:52:04.0384 1704 bowser - ok
08:52:04.0392 1704 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:52:04.0392 1704 BrFiltLo - ok
08:52:04.0395 1704 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:52:04.0396 1704 BrFiltUp - ok
08:52:04.0431 1704 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:52:04.0433 1704 BridgeMP - ok
08:52:04.0458 1704 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:52:04.0459 1704 Browser - ok
08:52:04.0473 1704 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:52:04.0476 1704 Brserid - ok
08:52:04.0488 1704 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:52:04.0488 1704 BrSerWdm - ok
08:52:04.0491 1704 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:52:04.0492 1704 BrUsbMdm - ok
08:52:04.0501 1704 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:52:04.0502 1704 BrUsbSer - ok
08:52:04.0505 1704 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:52:04.0506 1704 BTHMODEM - ok
08:52:04.0514 1704 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:52:04.0515 1704 bthserv - ok
08:52:04.0522 1704 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:52:04.0523 1704 cdfs - ok
08:52:04.0553 1704 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
08:52:04.0555 1704 cdrom - ok
08:52:04.0577 1704 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:52:04.0578 1704 CertPropSvc - ok
08:52:04.0591 1704 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:52:04.0592 1704 circlass - ok
08:52:04.0609 1704 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:52:04.0612 1704 CLFS - ok
08:52:04.0655 1704 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:52:04.0657 1704 clr_optimization_v2.0.50727_32 - ok
08:52:04.0705 1704 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:52:04.0706 1704 clr_optimization_v2.0.50727_64 - ok
08:52:04.0758 1704 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:52:04.0760 1704 clr_optimization_v4.0.30319_32 - ok
08:52:04.0778 1704 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:52:04.0780 1704 clr_optimization_v4.0.30319_64 - ok
08:52:04.0792 1704 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:52:04.0792 1704 CmBatt - ok
08:52:04.0801 1704 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:52:04.0801 1704 cmdide - ok
08:52:04.0826 1704 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:52:04.0828 1704 CNG - ok
08:52:04.0840 1704 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:52:04.0841 1704 Compbatt - ok
08:52:04.0870 1704 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:52:04.0871 1704 CompositeBus - ok
08:52:04.0873 1704 COMSysApp - ok
08:52:04.0988 1704 cpuz134 - ok
08:52:04.0990 1704 cpuz135 - ok
08:52:04.0994 1704 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:52:04.0995 1704 crcdisk - ok
08:52:05.0058 1704 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:52:05.0060 1704 CryptSvc - ok
08:52:05.0086 1704 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
08:52:05.0090 1704 CSC - ok
08:52:05.0117 1704 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
08:52:05.0123 1704 CscService - ok
08:52:05.0153 1704 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:52:05.0159 1704 DcomLaunch - ok
08:52:05.0183 1704 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:52:05.0186 1704 defragsvc - ok
08:52:05.0194 1704 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:52:05.0195 1704 DfsC - ok
08:52:05.0219 1704 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:52:05.0222 1704 Dhcp - ok
08:52:05.0233 1704 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:52:05.0234 1704 discache - ok
08:52:05.0260 1704 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:52:05.0260 1704 Disk - ok
08:52:05.0275 1704 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:52:05.0277 1704 Dnscache - ok
08:52:05.0298 1704 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:52:05.0301 1704 dot3svc - ok
08:52:05.0325 1704 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:52:05.0326 1704 DPS - ok
08:52:05.0351 1704 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:52:05.0352 1704 drmkaud - ok
08:52:05.0374 1704 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:52:05.0378 1704 DXGKrnl - ok
08:52:05.0398 1704 EagleX64 - ok
08:52:05.0422 1704 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:52:05.0423 1704 EapHost - ok
08:52:05.0478 1704 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:52:05.0505 1704 ebdrv - ok
08:52:05.0530 1704 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:52:05.0532 1704 EFS - ok
08:52:05.0597 1704 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:52:05.0603 1704 ehRecvr - ok
08:52:05.0613 1704 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:52:05.0615 1704 ehSched - ok
08:52:05.0641 1704 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:52:05.0646 1704 elxstor - ok
08:52:05.0661 1704 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:52:05.0661 1704 ErrDev - ok
08:52:05.0681 1704 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:52:05.0685 1704 EventSystem - ok
08:52:05.0689 1704 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:52:05.0691 1704 exfat - ok
08:52:05.0697 1704 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:52:05.0699 1704 fastfat - ok
08:52:05.0734 1704 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:52:05.0741 1704 Fax - ok
08:52:05.0751 1704 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:52:05.0752 1704 fdc - ok
08:52:05.0772 1704 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:52:05.0773 1704 fdPHost - ok
08:52:05.0791 1704 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:52:05.0792 1704 FDResPub - ok
08:52:05.0798 1704 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:52:05.0798 1704 FileInfo - ok
08:52:05.0810 1704 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:52:05.0811 1704 Filetrace - ok
08:52:05.0814 1704 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:52:05.0815 1704 flpydisk - ok
08:52:05.0839 1704 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:52:05.0841 1704 FltMgr - ok
08:52:05.0871 1704 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:52:05.0881 1704 FontCache - ok
08:52:05.0913 1704 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:52:05.0914 1704 FontCache3.0.0.0 - ok
08:52:05.0928 1704 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:52:05.0929 1704 FsDepends - ok
08:52:05.0949 1704 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:52:05.0949 1704 Fs_Rec - ok
08:52:05.0978 1704 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:52:05.0979 1704 fvevol - ok
08:52:05.0998 1704 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:52:05.0999 1704 gagp30kx - ok
08:52:06.0027 1704 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:52:06.0034 1704 gpsvc - ok
08:52:06.0087 1704 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:52:06.0088 1704 gupdate - ok
08:52:06.0096 1704 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:52:06.0097 1704 gupdatem - ok
08:52:06.0115 1704 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:52:06.0116 1704 gusvc - ok
08:52:06.0128 1704 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:52:06.0129 1704 hcw85cir - ok
08:52:06.0158 1704 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:52:06.0161 1704 HdAudAddService - ok
08:52:06.0185 1704 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:52:06.0186 1704 HDAudBus - ok
08:52:06.0204 1704 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:52:06.0205 1704 HidBatt - ok
08:52:06.0208 1704 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:52:06.0209 1704 HidBth - ok
08:52:06.0215 1704 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:52:06.0216 1704 HidIr - ok
08:52:06.0223 1704 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
08:52:06.0224 1704 hidserv - ok
08:52:06.0250 1704 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:52:06.0278 1704 HidUsb - ok
08:52:06.0339 1704 [ 0926C3B5CBF64C88F432FF449B211807 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
08:52:06.0339 1704 HitmanProScheduler - ok
08:52:06.0358 1704 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:52:06.0359 1704 hkmsvc - ok
08:52:06.0388 1704 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:52:06.0390 1704 HomeGroupListener - ok
08:52:06.0417 1704 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:52:06.0419 1704 HomeGroupProvider - ok
08:52:06.0435 1704 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:52:06.0436 1704 HpSAMD - ok
08:52:06.0471 1704 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:52:06.0477 1704 HTTP - ok
08:52:06.0491 1704 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:52:06.0492 1704 hwpolicy - ok
08:52:06.0513 1704 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:52:06.0515 1704 i8042prt - ok
08:52:06.0535 1704 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:52:06.0539 1704 iaStorV - ok
08:52:06.0568 1704 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:52:06.0576 1704 idsvc - ok
08:52:06.0587 1704 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:52:06.0588 1704 iirsp - ok
08:52:06.0605 1704 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:52:06.0613 1704 IKEEXT - ok
08:52:06.0636 1704 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:52:06.0637 1704 intelide - ok
08:52:06.0654 1704 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:52:06.0655 1704 intelppm - ok
08:52:06.0671 1704 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:52:06.0673 1704 IPBusEnum - ok
08:52:06.0697 1704 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:52:06.0699 1704 IpFilterDriver - ok
08:52:06.0736 1704 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:52:06.0741 1704 iphlpsvc - ok
08:52:06.0766 1704 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:52:06.0767 1704 IPMIDRV - ok
08:52:06.0788 1704 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:52:06.0790 1704 IPNAT - ok
08:52:06.0810 1704 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:52:06.0811 1704 IRENUM - ok
08:52:06.0834 1704 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:52:06.0834 1704 isapnp - ok
08:52:06.0850 1704 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:52:06.0853 1704 iScsiPrt - ok
08:52:06.0876 1704 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:52:06.0876 1704 kbdclass - ok
08:52:06.0889 1704 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:52:06.0890 1704 kbdhid - ok
08:52:06.0892 1704 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:52:06.0893 1704 KeyIso - ok
08:52:06.0911 1704 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:52:06.0912 1704 KSecDD - ok
08:52:06.0938 1704 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:52:06.0938 1704 KSecPkg - ok
08:52:06.0958 1704 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:52:06.0958 1704 ksthunk - ok
08:52:06.0986 1704 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:52:06.0990 1704 KtmRm - ok
08:52:07.0017 1704 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:52:07.0020 1704 LanmanServer - ok
08:52:07.0040 1704 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:52:07.0042 1704 LanmanWorkstation - ok
08:52:07.0073 1704 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:52:07.0074 1704 lltdio - ok
08:52:07.0093 1704 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:52:07.0096 1704 lltdsvc - ok
08:52:07.0111 1704 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:52:07.0112 1704 lmhosts - ok
08:52:07.0139 1704 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:52:07.0140 1704 LSI_FC - ok
08:52:07.0144 1704 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:52:07.0145 1704 LSI_SAS - ok
08:52:07.0148 1704 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:52:07.0149 1704 LSI_SAS2 - ok
08:52:07.0167 1704 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:52:07.0168 1704 LSI_SCSI - ok
08:52:07.0181 1704 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:52:07.0182 1704 luafv - ok
08:52:07.0267 1704 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
08:52:07.0268 1704 McComponentHostService - ok
08:52:07.0312 1704 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:52:07.0314 1704 Mcx2Svc - ok
08:52:07.0317 1704 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:52:07.0317 1704 megasas - ok
08:52:07.0332 1704 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:52:07.0334 1704 MegaSR - ok
08:52:07.0353 1704 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:52:07.0354 1704 MMCSS - ok
08:52:07.0357 1704 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:52:07.0358 1704 Modem - ok
08:52:07.0378 1704 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:52:07.0378 1704 monitor - ok
08:52:07.0390 1704 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:52:07.0390 1704 mouclass - ok
08:52:07.0400 1704 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:52:07.0410 1704 mouhid - ok
08:52:07.0432 1704 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:52:07.0433 1704 mountmgr - ok
08:52:07.0454 1704 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
08:52:07.0455 1704 MpFilter - ok
08:52:07.0471 1704 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:52:07.0472 1704 mpio - ok
08:52:07.0487 1704 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:52:07.0488 1704 mpsdrv - ok
08:52:07.0519 1704 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:52:07.0526 1704 MpsSvc - ok
08:52:07.0541 1704 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:52:07.0543 1704 MRxDAV - ok
08:52:07.0564 1704 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:52:07.0566 1704 mrxsmb - ok
08:52:07.0577 1704 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:52:07.0580 1704 mrxsmb10 - ok
08:52:07.0591 1704 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:52:07.0593 1704 mrxsmb20 - ok
08:52:07.0614 1704 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:52:07.0614 1704 msahci - ok
08:52:07.0632 1704 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:52:07.0634 1704 msdsm - ok
08:52:07.0644 1704 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:52:07.0647 1704 MSDTC - ok
08:52:07.0668 1704 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:52:07.0668 1704 Msfs - ok
08:52:07.0675 1704 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:52:07.0675 1704 mshidkmdf - ok
08:52:07.0696 1704 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:52:07.0696 1704 msisadrv - ok
08:52:07.0725 1704 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:52:07.0727 1704 MSiSCSI - ok
08:52:07.0730 1704 msiserver - ok
08:52:07.0755 1704 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:52:07.0756 1704 MSKSSRV - ok
08:52:07.0781 1704 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:52:07.0782 1704 MsMpSvc - ok
08:52:07.0785 1704 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:52:07.0786 1704 MSPCLOCK - ok
08:52:07.0788 1704 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:52:07.0789 1704 MSPQM - ok
08:52:07.0813 1704 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:52:07.0816 1704 MsRPC - ok
08:52:07.0836 1704 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:52:07.0836 1704 mssmbios - ok
08:52:07.0851 1704 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:52:07.0852 1704 MSTEE - ok
08:52:07.0854 1704 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:52:07.0855 1704 MTConfig - ok
08:52:07.0874 1704 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:52:07.0875 1704 Mup - ok
08:52:07.0889 1704 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:52:07.0894 1704 napagent - ok
08:52:07.0911 1704 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:52:07.0914 1704 NativeWifiP - ok
08:52:07.0940 1704 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:52:07.0944 1704 NDIS - ok
08:52:07.0958 1704 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:52:07.0958 1704 NdisCap - ok
08:52:07.0974 1704 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:52:07.0975 1704 NdisTapi - ok
08:52:07.0996 1704 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:52:07.0997 1704 Ndisuio - ok
08:52:08.0008 1704 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:52:08.0010 1704 NdisWan - ok
08:52:08.0028 1704 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:52:08.0029 1704 NDProxy - ok
08:52:08.0032 1704 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:52:08.0033 1704 NetBIOS - ok
08:52:08.0040 1704 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:52:08.0042 1704 NetBT - ok
08:52:08.0045 1704 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:52:08.0046 1704 Netlogon - ok
08:52:08.0078 1704 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:52:08.0082 1704 Netman - ok
08:52:08.0088 1704 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:52:08.0093 1704 netprofm - ok
08:52:08.0115 1704 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:52:08.0117 1704 NetTcpPortSharing - ok
08:52:08.0144 1704 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:52:08.0145 1704 nfrd960 - ok
08:52:08.0156 1704 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:52:08.0157 1704 NisDrv - ok
08:52:08.0168 1704 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
08:52:08.0171 1704 NisSrv - ok
08:52:08.0199 1704 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:52:08.0203 1704 NlaSvc - ok
08:52:08.0215 1704 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:52:08.0215 1704 Npfs - ok
08:52:08.0233 1704 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:52:08.0234 1704 nsi - ok
08:52:08.0245 1704 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:52:08.0245 1704 nsiproxy - ok
08:52:08.0280 1704 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:52:08.0293 1704 Ntfs - ok
08:52:08.0296 1704 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:52:08.0297 1704 Null - ok
08:52:08.0322 1704 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
08:52:08.0323 1704 NVHDA - ok
08:52:08.0496 1704 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:52:08.0551 1704 nvlddmkm - ok
08:52:08.0573 1704 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:52:08.0575 1704 nvraid - ok
08:52:08.0599 1704 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:52:08.0601 1704 nvstor - ok
08:52:08.0636 1704 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
08:52:08.0640 1704 nvsvc - ok
08:52:08.0680 1704 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
08:52:08.0685 1704 nvUpdatusService - ok
08:52:08.0704 1704 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:52:08.0706 1704 nv_agp - ok
08:52:08.0726 1704 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:52:08.0728 1704 ohci1394 - ok
08:52:08.0753 1704 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:52:08.0756 1704 p2pimsvc - ok
08:52:08.0795 1704 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:52:08.0800 1704 p2psvc - ok
08:52:08.0809 1704 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:52:08.0811 1704 Parport - ok
08:52:08.0832 1704 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:52:08.0833 1704 partmgr - ok
08:52:08.0845 1704 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:52:08.0848 1704 PcaSvc - ok
08:52:08.0869 1704 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:52:08.0871 1704 pci - ok
08:52:08.0891 1704 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:52:08.0892 1704 pciide - ok
08:52:08.0918 1704 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:52:08.0920 1704 pcmcia - ok
08:52:08.0931 1704 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:52:08.0931 1704 pcw - ok
08:52:08.0946 1704 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:52:08.0952 1704 PEAUTH - ok
08:52:08.0986 1704 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
08:52:08.0998 1704 PeerDistSvc - ok
08:52:09.0051 1704 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:52:09.0052 1704 PerfHost - ok
08:52:09.0096 1704 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:52:09.0109 1704 pla - ok
08:52:09.0140 1704 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:52:09.0144 1704 PlugPlay - ok
08:52:09.0172 1704 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:52:09.0173 1704 PNRPAutoReg - ok
08:52:09.0178 1704 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:52:09.0180 1704 PNRPsvc - ok
08:52:09.0207 1704 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:52:09.0212 1704 PolicyAgent - ok
08:52:09.0235 1704 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:52:09.0237 1704 Power - ok
08:52:09.0250 1704 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:52:09.0251 1704 PptpMiniport - ok
08:52:09.0261 1704 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:52:09.0263 1704 Processor - ok
08:52:09.0296 1704 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:52:09.0299 1704 ProfSvc - ok
08:52:09.0307 1704 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:52:09.0307 1704 ProtectedStorage - ok
08:52:09.0326 1704 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:52:09.0327 1704 Psched - ok
08:52:09.0353 1704 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:52:09.0366 1704 ql2300 - ok
08:52:09.0370 1704 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:52:09.0372 1704 ql40xx - ok
08:52:09.0385 1704 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:52:09.0388 1704 QWAVE - ok
08:52:09.0398 1704 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:52:09.0399 1704 QWAVEdrv - ok
08:52:09.0402 1704 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:52:09.0403 1704 RasAcd - ok
08:52:09.0425 1704 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:52:09.0426 1704 RasAgileVpn - ok
08:52:09.0444 1704 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:52:09.0446 1704 RasAuto - ok
08:52:09.0468 1704 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:52:09.0469 1704 Rasl2tp - ok
08:52:09.0484 1704 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:52:09.0488 1704 RasMan - ok
08:52:09.0501 1704 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:52:09.0503 1704 RasPppoe - ok
08:52:09.0508 1704 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:52:09.0509 1704 RasSstp - ok
08:52:09.0518 1704 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:52:09.0521 1704 rdbss - ok
08:52:09.0533 1704 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:52:09.0534 1704 rdpbus - ok
08:52:09.0544 1704 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:52:09.0544 1704 RDPCDD - ok
08:52:09.0560 1704 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
08:52:09.0561 1704 RDPDR - ok
08:52:09.0578 1704 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:52:09.0578 1704 RDPENCDD - ok
08:52:09.0591 1704 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:52:09.0592 1704 RDPREFMP - ok
08:52:09.0650 1704 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:52:09.0651 1704 RdpVideoMiniport - ok
08:52:09.0672 1704 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:52:09.0674 1704 RDPWD - ok
08:52:09.0707 1704 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:52:09.0708 1704 rdyboost - ok
08:52:09.0731 1704 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:52:09.0733 1704 RemoteAccess - ok
08:52:09.0755 1704 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:52:09.0757 1704 RemoteRegistry - ok
08:52:09.0770 1704 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:52:09.0772 1704 RpcEptMapper - ok
08:52:09.0783 1704 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:52:09.0784 1704 RpcLocator - ok
08:52:09.0807 1704 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:52:09.0810 1704 RpcSs - ok
08:52:09.0828 1704 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:52:09.0829 1704 rspndr - ok
08:52:09.0858 1704 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:52:09.0859 1704 RTL8167 - ok
08:52:09.0878 1704 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
08:52:09.0878 1704 s3cap - ok
08:52:09.0881 1704 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:52:09.0882 1704 SamSs - ok
08:52:09.0894 1704 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:52:09.0895 1704 sbp2port - ok
08:52:09.0917 1704 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:52:09.0920 1704 SCardSvr - ok
08:52:09.0930 1704 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:52:09.0931 1704 scfilter - ok
08:52:09.0955 1704 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:52:09.0966 1704 Schedule - ok
08:52:09.0984 1704 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:52:09.0984 1704 SCPolicySvc - ok
08:52:09.0997 1704 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:52:10.0000 1704 SDRSVC - ok
08:52:10.0006 1704 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:52:10.0006 1704 secdrv - ok
08:52:10.0017 1704 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:52:10.0018 1704 seclogon - ok
08:52:10.0024 1704 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
08:52:10.0025 1704 SENS - ok
08:52:10.0052 1704 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:52:10.0053 1704 SensrSvc - ok
08:52:10.0059 1704 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:52:10.0059 1704 Serenum - ok
08:52:10.0066 1704 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:52:10.0067 1704 Serial - ok
08:52:10.0094 1704 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:52:10.0095 1704 sermouse - ok
08:52:10.0121 1704 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:52:10.0123 1704 SessionEnv - ok
08:52:10.0139 1704 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:52:10.0140 1704 sffdisk - ok
08:52:10.0143 1704 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:52:10.0143 1704 sffp_mmc - ok
08:52:10.0153 1704 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:52:10.0154 1704 sffp_sd - ok
08:52:10.0169 1704 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:52:10.0169 1704 sfloppy - ok
08:52:10.0211 1704 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:52:10.0215 1704 SharedAccess - ok
08:52:10.0233 1704 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:52:10.0237 1704 ShellHWDetection - ok
08:52:10.0245 1704 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:52:10.0246 1704 SiSRaid2 - ok
08:52:10.0249 1704 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:52:10.0251 1704 SiSRaid4 - ok
08:52:10.0262 1704 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:52:10.0264 1704 Smb - ok
08:52:10.0292 1704 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:52:10.0293 1704 SNMPTRAP - ok
08:52:10.0296 1704 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:52:10.0296 1704 spldr - ok
08:52:10.0324 1704 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:52:10.0330 1704 Spooler - ok
08:52:10.0390 1704 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:52:10.0420 1704 sppsvc - ok
08:52:10.0431 1704 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:52:10.0433 1704 sppuinotify - ok
08:52:10.0465 1704 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:52:10.0469 1704 srv - ok
08:52:10.0480 1704 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:52:10.0484 1704 srv2 - ok
08:52:10.0503 1704 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:52:10.0505 1704 srvnet - ok
08:52:10.0527 1704 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:52:10.0530 1704 SSDPSRV - ok
08:52:10.0539 1704 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:52:10.0541 1704 SstpSvc - ok
08:52:10.0583 1704 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:52:10.0584 1704 Stereo Service - ok
08:52:10.0614 1704 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:52:10.0615 1704 stexstor - ok
08:52:10.0638 1704 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:52:10.0644 1704 stisvc - ok
08:52:10.0666 1704 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
08:52:10.0667 1704 storflt - ok
08:52:10.0683 1704 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
08:52:10.0684 1704 storvsc - ok
08:52:10.0687 1704 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:52:10.0688 1704 swenum - ok
08:52:10.0759 1704 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:52:10.0793 1704 swprv - ok
08:52:10.0819 1704 Synth3dVsc - ok
08:52:10.0878 1704 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:52:10.0893 1704 SysMain - ok
08:52:10.0910 1704 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:52:10.0912 1704 TabletInputService - ok
08:52:10.0939 1704 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:52:10.0942 1704 TapiSrv - ok
08:52:10.0951 1704 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:52:10.0953 1704 TBS - ok
08:52:10.0994 1704 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:52:11.0002 1704 Tcpip - ok
08:52:11.0031 1704 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:52:11.0039 1704 TCPIP6 - ok
08:52:11.0056 1704 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:52:11.0057 1704 tcpipreg - ok
08:52:11.0074 1704 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:52:11.0074 1704 TDPIPE - ok
08:52:11.0099 1704 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:52:11.0100 1704 TDTCP - ok
08:52:11.0130 1704 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:52:11.0131 1704 tdx - ok
08:52:11.0137 1704 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:52:11.0138 1704 TermDD - ok
08:52:11.0166 1704 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:52:11.0173 1704 TermService - ok
08:52:11.0182 1704 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:52:11.0183 1704 Themes - ok
08:52:11.0195 1704 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:52:11.0196 1704 THREADORDER - ok
08:52:11.0218 1704 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:52:11.0220 1704 TrkWks - ok
08:52:11.0248 1704 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:52:11.0249 1704 TrustedInstaller - ok
08:52:11.0270 1704 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:52:11.0271 1704 tssecsrv - ok
08:52:11.0281 1704 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:52:11.0282 1704 TsUsbFlt - ok
08:52:11.0291 1704 tsusbhub - ok
08:52:11.0312 1704 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:52:11.0314 1704 tunnel - ok
08:52:11.0324 1704 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:52:11.0325 1704 uagp35 - ok
08:52:11.0337 1704 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:52:11.0340 1704 udfs - ok
08:52:11.0354 1704 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:52:11.0356 1704 UI0Detect - ok
08:52:11.0371 1704 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:52:11.0372 1704 uliagpkx - ok
08:52:11.0388 1704 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:52:11.0389 1704 umbus - ok
08:52:11.0415 1704 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:52:11.0416 1704 UmPass - ok
08:52:11.0439 1704 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
08:52:11.0442 1704 UmRdpService - ok
08:52:11.0461 1704 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:52:11.0465 1704 upnphost - ok
08:52:11.0482 1704 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:52:11.0491 1704 usbccgp - ok
08:52:11.0512 1704 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:52:11.0514 1704 usbcir - ok
08:52:11.0542 1704 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:52:11.0543 1704 usbehci - ok
08:52:11.0556 1704 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:52:11.0560 1704 usbhub - ok
08:52:11.0582 1704 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:52:11.0583 1704 usbohci - ok
08:52:11.0596 1704 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:52:11.0597 1704 usbprint - ok
08:52:11.0605 1704 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:52:11.0616 1704 USBSTOR - ok
08:52:11.0619 1704 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:52:11.0619 1704 usbuhci - ok
08:52:11.0625 1704 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:52:11.0627 1704 UxSms - ok
08:52:11.0630 1704 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:52:11.0631 1704 VaultSvc - ok
08:52:11.0650 1704 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:52:11.0651 1704 vdrvroot - ok
08:52:11.0680 1704 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:52:11.0686 1704 vds - ok
08:52:11.0697 1704 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:52:11.0698 1704 vga - ok
08:52:11.0710 1704 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:52:11.0710 1704 VgaSave - ok
08:52:11.0713 1704 VGPU - ok
08:52:11.0724 1704 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:52:11.0726 1704 vhdmp - ok
08:52:11.0741 1704 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:52:11.0742 1704 viaide - ok
08:52:11.0753 1704 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
08:52:11.0755 1704 vmbus - ok
08:52:11.0765 1704 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
08:52:11.0766 1704 VMBusHID - ok
08:52:11.0781 1704 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:52:11.0782 1704 volmgr - ok
08:52:11.0798 1704 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:52:11.0801 1704 volmgrx - ok
08:52:11.0809 1704 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:52:11.0812 1704 volsnap - ok
08:52:11.0840 1704 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:52:11.0842 1704 vsmraid - ok
08:52:11.0875 1704 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:52:11.0889 1704 VSS - ok
08:52:11.0897 1704 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
08:52:11.0898 1704 vwifibus - ok
08:52:11.0914 1704 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:52:11.0919 1704 W32Time - ok
08:52:11.0929 1704 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:52:11.0929 1704 WacomPen - ok
08:52:11.0955 1704 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:52:11.0956 1704 WANARP - ok
08:52:11.0959 1704 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:52:11.0959 1704 Wanarpv6 - ok
08:52:12.0005 1704 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:52:12.0016 1704 WatAdminSvc - ok
08:52:12.0050 1704 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:52:12.0064 1704 wbengine - ok
08:52:12.0077 1704 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:52:12.0080 1704 WbioSrvc - ok
08:52:12.0094 1704 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:52:12.0099 1704 wcncsvc - ok
08:52:12.0101 1704 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:52:12.0103 1704 WcsPlugInService - ok
08:52:12.0106 1704 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:52:12.0107 1704 Wd - ok
08:52:12.0126 1704 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:52:12.0131 1704 Wdf01000 - ok
08:52:12.0143 1704 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:52:12.0145 1704 WdiServiceHost - ok
08:52:12.0147 1704 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:52:12.0149 1704 WdiSystemHost - ok
08:52:12.0158 1704 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:52:12.0162 1704 WebClient - ok
08:52:12.0174 1704 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:52:12.0177 1704 Wecsvc - ok
08:52:12.0195 1704 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:52:12.0197 1704 wercplsupport - ok
08:52:12.0204 1704 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:52:12.0206 1704 WerSvc - ok
08:52:12.0230 1704 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:52:12.0231 1704 WfpLwf - ok
08:52:12.0246 1704 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:52:12.0246 1704 WIMMount - ok
08:52:12.0254 1704 WinDefend - ok
08:52:12.0257 1704 WinHttpAutoProxySvc - ok
08:52:12.0304 1704 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:52:12.0306 1704 Winmgmt - ok
08:52:12.0344 1704 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:52:12.0362 1704 WinRM - ok
08:52:12.0392 1704 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:52:12.0401 1704 Wlansvc - ok
08:52:12.0429 1704 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:52:12.0429 1704 WmiAcpi - ok
08:52:12.0441 1704 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:52:12.0443 1704 wmiApSrv - ok
08:52:12.0474 1704 WMPNetworkSvc - ok
08:52:12.0482 1704 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:52:12.0484 1704 WPCSvc - ok
08:52:12.0502 1704 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:52:12.0504 1704 WPDBusEnum - ok
08:52:12.0507 1704 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:52:12.0507 1704 ws2ifsl - ok
08:52:12.0515 1704 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
08:52:12.0517 1704 wscsvc - ok
08:52:12.0519 1704 WSearch - ok
08:52:12.0566 1704 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:52:12.0577 1704 wuauserv - ok
08:52:12.0603 1704 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:52:12.0604 1704 WudfPf - ok
08:52:12.0622 1704 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:52:12.0624 1704 WUDFRd - ok
08:52:12.0638 1704 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:52:12.0640 1704 wudfsvc - ok
08:52:12.0661 1704 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:52:12.0664 1704 WwanSvc - ok
08:52:12.0672 1704 ================ Scan global ===============================
08:52:12.0695 1704 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:52:12.0715 1704 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:52:12.0721 1704 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:52:12.0741 1704 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:52:12.0765 1704 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:52:12.0769 1704 [Global] - ok
08:52:12.0769 1704 ================ Scan MBR ==================================
08:52:12.0777 1704 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:52:12.0899 1704 \Device\Harddisk0\DR0 - ok
08:52:12.0899 1704 ================ Scan VBR ==================================
08:52:12.0901 1704 [ 4DF68F9E3EEF273F8F1BDD6B3535253B ] \Device\Harddisk0\DR0\Partition1
08:52:12.0902 1704 \Device\Harddisk0\DR0\Partition1 - ok
08:52:12.0915 1704 [ 3EACAEDCC3A8AE9B9E5BC7669FB5A652 ] \Device\Harddisk0\DR0\Partition2
08:52:12.0916 1704 \Device\Harddisk0\DR0\Partition2 - ok
08:52:12.0916 1704 ============================================================
08:52:12.0916 1704 Scan finished
08:52:12.0916 1704 ============================================================
08:52:12.0922 3468 Detected object count: 0
08:52:12.0922 3468 Actual detected object count: 0










and this is from aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-01 08:56:18
-----------------------------
08:56:18.824 OS Version: Windows x64 6.1.7601 Service Pack 1
08:56:18.824 Number of processors: 2 586 0x403
08:56:18.824 ComputerName: TAK-PC UserName: Tak
08:56:19.557 Initialize success
08:57:39.738 AVAST engine defs: 12100100
08:57:48.790 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-7
08:57:48.791 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10004 Size: 953869MB BusType: 11
08:57:48.808 Disk 0 MBR read successfully
08:57:48.810 Disk 0 MBR scan
08:57:48.813 Disk 0 Windows 7 default MBR code
08:57:48.822 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
08:57:48.855 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
08:57:48.911 Disk 0 scanning C:\Windows\system32\drivers
08:57:57.604 Service scanning
08:58:15.930 Modules scanning
08:58:15.934 Disk 0 trace - called modules:
08:58:15.947 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
08:58:15.949 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079ea060]
08:58:15.953 3 CLASSPNP.SYS[fffff880018d443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-7[0xfffffa8006b06060]
08:58:16.639 AVAST engine scan C:\Windows
08:58:20.178 AVAST engine scan C:\Windows\system32
09:00:49.859 AVAST engine scan C:\Windows\system32\drivers
09:00:59.927 AVAST engine scan C:\Users\Tak
09:03:03.816 AVAST engine scan C:\ProgramData
09:03:26.909 Scan finished successfully
09:03:47.850 Disk 0 MBR has been saved successfully to "C:\Users\Tak\Desktop\MBR.dat"
09:03:47.854 The log file has been saved successfully to "C:\Users\Tak\Desktop\aswMBR.txt"


Thanks again for your help

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:00 PM

Posted 01 October 2012 - 09:57 PM

in which browser are you getting redirected in



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ImNotBruceClark

ImNotBruceClark
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 01 October 2012 - 10:13 PM

Hi,

I am primarily using Chrome and that is where my problems are coming from.
I just tried using Google on Chrome and I am still having redirect issues.


I also use IE 9 but I try not to use it because I heard of its security issues but I just tried using Google from IE and it looks like I dont have any issues. It's only a small sample size (probably clicked 5 links) but I was not redirected.

Hope this information helps.


Thanks,

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:00 PM

Posted 01 October 2012 - 11:30 PM

It does


I want you to uninsta;l chrome and if asked about user data or settings then remove that also

restart the computer and reinstall chrome and check it out for me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ImNotBruceClark

ImNotBruceClark
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 02 October 2012 - 12:18 AM

Hi Gringo,

Thank you for all your help.

I think you fixed it. I am not seeing anymore redirects in Chrome.

Thanks again,

Now if you can only fix my kids....they are 30 pounds overweight and lazy. Do you know of any tools I can run to make them move?



Thanks again, you've been a great help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users