TechSpot

Google redirect virus and possibly others?

By tribute41
May 22, 2012
  1. Few days ago caught the bug, no clue how... thanks in advance for the help~

    Malwarebytes Anti-Malware Log:

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.22.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    owner :: ARL87TN3RFY [administrator]

    Protection: Enabled

    5/22/2012 12:17:21 PM
    mbam-log-2012-05-22 (12-17-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 219894
    Time elapsed: 5 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\owner\AppData\Roaming\ZiNixZ.txt (Stolen.Data) -> Quarantined and deleted successfully.
     
  2. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    GMER log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-05-22 18:15:11
    Windows 6.1.7601 Service Pack 1
    Running: idri9fe4.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x35 0x94 0x63 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA0 0xBD 0xE7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x03 0x9B 0x02 0x7C ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x1C 0xA5 0x91 0x61 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x35 0x94 0x63 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA0 0xBD 0xE7 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x03 0x9B 0x02 0x7C ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x1C 0xA5 0x91 0x61 ...

    ---- EOF - GMER 1.0.15 ----
     
  3. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    DDS.txt:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by owner at 18:15:26 on 2012-05-22
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6069.3255 [GMT -4:00]
    .
    AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\PROGRA~2\PharosSystems\Core\CTskMstr.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\notepad.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://asus.msn.com
    uDefault_Page_URL = hxxp://asus.msn.com
    uInternet Settings,ProxyOverride = local;*.local
    mWinlogon: Userinit=userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    mRun: [<NO NAME>]
    mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: mswsock.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{3D5A5C48-DA16-4099-9291-4CFADAD5E018} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{3D5A5C48-DA16-4099-9291-4CFADAD5E018}\2656C6B696E6E2132623 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{3D5A5C48-DA16-4099-9291-4CFADAD5E018}\34F62747C616E646D2355636572756 : DhcpNameServer = 137.123.3.218 137.123.221.69 137.123.221.100
    TCP: Interfaces\{3D5A5C48-DA16-4099-9291-4CFADAD5E018}\C696E6B6379737 : DhcpNameServer = 10.196.80.30 24.92.226.11 24.92.226.12
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO-X64: AVG Do Not Track - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    mRun-x64: [(Default)]
    mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\jn2g2mwy.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.bluegartr.com/index.php
    FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\jn2g2mwy.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\WINNT_x86-msvc\components\libchm.dll
    FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\jn2g2mwy.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-5-9 8704]
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-5-3 1226096]
    R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-22 654408]
    R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
    R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-2-10 2314240]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
    R3 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);C:\Windows\system32\DRIVERS\tcpz-x64d.sys --> C:\Windows\system32\DRIVERS\tcpz-x64d.sys [?]
    S1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
    S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-10 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-10 79360]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-10 129976]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
    S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
    S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
    S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-2-10 917768]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S4 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    .
    =============== Created Last 30 ================
    .
    2012-05-22 16:14:13 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes
    2012-05-22 16:13:53 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-05-22 16:13:53 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-05-22 16:13:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-05-22 15:27:55 -------- d-----w- C:\Users\owner\AppData\Local\adaware
    2012-05-22 15:27:54 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
    2012-05-22 15:27:49 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
    2012-05-22 15:27:40 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
    2012-05-22 15:27:39 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys
    2012-05-22 15:27:38 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
    2012-05-22 15:27:38 45936 ----a-w- C:\Windows\System32\sbbd.exe
    2012-05-22 15:27:37 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
    2012-05-22 15:26:00 -------- d-----w- C:\Users\owner\AppData\Roaming\Ad-Aware Antivirus
    2012-05-21 23:23:20 -------- d-----w- C:\Users\owner\AppData\Roaming\AVG2012
    2012-05-21 23:19:43 -------- d--h--w- C:\ProgramData\Common Files
    2012-05-21 23:14:37 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2012-05-21 23:14:01 -------- d--h--w- C:\$AVG
    2012-05-21 23:14:01 -------- d-----w- C:\Windows\System32\drivers\AVG
    2012-05-21 23:14:01 -------- d-----w- C:\ProgramData\AVG2012
    2012-05-21 23:13:18 -------- d-----w- C:\Program Files (x86)\AVG
    2012-05-21 23:09:58 -------- d-----w- C:\Users\owner\AppData\Roaming\GlarySoft
    2012-05-21 23:09:58 -------- d-----w- C:\Program Files (x86)\Glary Utilities
    2012-05-21 23:06:19 -------- d-----w- C:\ProgramData\MFAData
    2012-05-20 22:16:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-05-19 23:56:17 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0C7C7DFE-C675-4908-8E5B-A58A9213AAF7}\mpengine.dll
    2012-05-19 23:50:43 -------- d-----w- C:\ProgramData\Blizzard Entertainment
    2012-05-19 23:47:16 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-19 23:47:15 3146240 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-19 23:47:13 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-19 23:47:13 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-19 23:47:12 1544704 ----a-w- C:\Windows\System32\DWrite.dll
    2012-05-19 23:47:12 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-05-19 23:47:10 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-05-19 23:47:09 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-05-19 23:47:03 -------- d-----w- C:\ProgramData\Battle.net
    2012-05-19 23:44:40 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2012-05-19 23:44:40 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-19 23:44:39 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-19 23:44:39 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-05-19 23:44:38 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2012-05-19 23:36:29 -------- d-----w- C:\Program Files (x86)\Games
    2012-05-10 17:11:12 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2012-05-10 17:11:10 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-10 17:11:10 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-05-09 23:54:12 -------- d-----w- C:\Users\owner\AppData\Local\Chromium
    2012-05-09 22:40:29 -------- d-----w- C:\ProgramData\Hi-Rez Studios
    2012-05-09 22:40:27 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
    2012-05-04 13:38:09 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    .
    ==================== Find3M ====================
    .
    2012-05-22 15:03:07 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2012-05-20 22:04:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-04-11 17:07:15 117520 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
    2012-03-19 09:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    .
    ============= FINISH: 18:15:54.37 ===============
     
  4. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    Attached.txt log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/24/2010 11:02:35 AM
    System Uptime: 5/22/2012 9:10:49 AM (9 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | G73Jh
    Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | Socket 989 | 1600/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 446 GiB total, 141.172 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    G: is CDROM ()
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: HP LaserJet 4000 Series
    Device ID: ROOT\MULTIFUNCTION\0066
    Manufacturer:
    Name: HP LaserJet 4000 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0066
    Service:
    .
    Class GUID:
    Description: HP LaserJet 4000 Series
    Device ID: ROOT\MULTIFUNCTION\0069
    Manufacturer:
    Name: HP LaserJet 4000 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0069
    Service:
    .
    Class GUID:
    Description: Photosmart Prem C310 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer:
    Name: Photosmart Prem C310 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart Prem C310 series
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: HP
    Name: Photosmart Prem C310 series
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID:
    Description: HP LaserJet 4100 Series
    Device ID: ROOT\MULTIFUNCTION\0011
    Manufacturer:
    Name: HP LaserJet 4100 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0011
    Service:
    .
    Class GUID:
    Description: HP LaserJet 4100 Series
    Device ID: ROOT\MULTIFUNCTION\0012
    Manufacturer:
    Name: HP LaserJet 4100 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0012
    Service:
    .
    Class GUID:
    Description: HP LaserJet 4100 Series
    Device ID: ROOT\MULTIFUNCTION\0013
    Manufacturer:
    Name: HP LaserJet 4100 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0013
    Service:
    .
    Class GUID:
    Description: hp LaserJet 4200
    Device ID: ROOT\MULTIFUNCTION\0018
    Manufacturer:
    Name: hp LaserJet 4200
    PNP Device ID: ROOT\MULTIFUNCTION\0018
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&4240F00&4&05
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter #2
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&4240F00&4&05
    Service: vwifimp
    .
    Class GUID:
    Description: hp LaserJet 2430
    Device ID: ROOT\MULTIFUNCTION\0022
    Manufacturer:
    Name: hp LaserJet 2430
    PNP Device ID: ROOT\MULTIFUNCTION\0022
    Service:
    .
    Class GUID:
    Description: HP LaserJet 4050 Series
    Device ID: ROOT\MULTIFUNCTION\0032
    Manufacturer:
    Name: HP LaserJet 4050 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0032
    Service:
    .
    Class GUID:
    Description: hp LaserJet 2430
    Device ID: ROOT\MULTIFUNCTION\0034
    Manufacturer:
    Name: hp LaserJet 2430
    PNP Device ID: ROOT\MULTIFUNCTION\0034
    Service:
    .
    Class GUID:
    Description: HP LaserJet 4050 Series
    Device ID: ROOT\MULTIFUNCTION\0057
    Manufacturer:
    Name: HP LaserJet 4050 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0057
    Service:
    .
    Class GUID:
    Description: HP LaserJet 4000 Series
    Device ID: ROOT\MULTIFUNCTION\0063
    Manufacturer:
    Name: HP LaserJet 4000 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0063
    Service:
    .
    ==== System Restore Points ===================
    .
    RP169: 5/21/2012 7:03:40 PM - Removed TetrisZone.
    RP170: 5/21/2012 7:12:52 PM - Installed AVG 2012
    RP171: 5/21/2012 7:13:26 PM - Installed AVG 2012
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Acrobat.com
    Ad-Aware Antivirus
    Ad-Aware Browsing Protection
    Adobe AIR
    Adobe Reader 9.5.1 MUI
    Alcor Micro USB Card Reader
    Apple Application Support
    Apple Software Update
    Assassin's Creed II
    Assassin's Creed Revelations
    ASUS AI Recovery
    ASUS AP Bank
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS_Notebook_G73 Screen Saver
    ATK Package
    Bastion
    Battlefield 2(TM)
    Battlefield 3™
    Battlefield Play4Free
    Best Buy Software Installer
    Bing Bar
    Borderlands
    BovadaPoker
    BufferChm
    C310
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Choice Guard
    Compatibility Pack for the 2007 Office system
    ControlDeck
    Counter-Strike
    Creative MediaSource 5
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DeviceDiscovery
    Diablo.III.Collectors.Edition
    DivX Setup
    Dragon Age 2 - Class Item Pack 1 & 2 for all classes 1.03
    Dragon Age 2 Mark of the Assassin Expansion (c) EA version 1
    Dragon Age II
    Express Gate
    Fable III
    FINAL FANTASY XIV
    Foldit
    Glary Utilities 2.45.0.1486
    GPBaseService2
    Hi-Rez Studios Authenticate and Update Service
    HP Photo Creations
    HP Update
    HPAppStudio
    HPPhotoGadget
    HPProductAssistant
    Intel(R) Management Engine Components
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.61.0.1400
    MarketResearch
    Mass Effect 2
    Mass Effect™ 3 Demo
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 3.1
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP3 Parser (KB973685)
    NVIDIA PhysX
    Pharos
    Planetside
    Populus
    Portal 2
    PS_AIO_07_C310_SW_Min
    PunkBuster Services
    QuickTime
    QuickTransfer
    Rayman Origins
    Realtek High Definition Audio Driver
    Roxio Burn
    Roxio Roxio Burn
    Roxio Update Manager
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    SmartWebPrinting
    SolutionCenter
    Sound Blaster Audigy HD
    Station Launcher
    Status
    Steam
    TetrisZone
    Toolbox
    TrayApp
    Tribes Ascend
    Ubisoft Game Launcher
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.6195
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.11
    WebReg
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinFlash
    Wireless Console 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/22/2012 6:13:51 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    5/22/2012 6:13:51 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    5/22/2012 5:25:06 PM, Error: Service Control Manager [7000] - The sbwtis service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
    5/22/2012 2:00:15 PM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 1 time(s).
    5/22/2012 1:10:37 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    5/22/2012 1:10:37 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    5/21/2012 9:19:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    5/21/2012 9:18:15 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    5/21/2012 9:18:15 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    5/21/2012 9:18:05 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    5/20/2012 6:04:28 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    5/18/2012 8:03:45 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  6. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    bootkit remover log:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000004`e2300000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  7. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    while I was scanning aswMBR I BSOD'ed... heres the windows crash notification:

    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.1.7601.2.1.0.768.3
    Locale ID: 1033

    Additional information about the problem:
    BCCode: d1
    BCP1: 000000000000004B
    BCP2: 0000000000000002
    BCP3: 0000000000000000
    BCP4: FFFFF8800128EFEE
    OS Version: 6_1_7601
    Service Pack: 1_0
    Product: 768_1

    Files that help describe the problem:
    C:\Windows\Minidump\052212-58141-01.dmp
    C:\Users\owner\AppData\Local\Temp\WER-82243-0.sysdata.xml
     
  8. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    working on the aswMBR scan again will post when finished..

    some symptoms I've noticed the past few days are random tabs opening while on firefox (I have noscript so they've been annoying but I've been putting up with them until recently when they have come at more frequent intervals.)

    sometimes internet works as it should but others it seems incredibly bogged down as if a memory leak or system resources are being completely used...

    last thing is while most websites work fine and I can work around the google redirect easily enough for the time being, some websites give the following:

    The connection was interrupted
    The connection to [my school website (edited for privacy)] was interrupted while the page was loading.
    The site could be temporarily unavailable or too busy. Try again in a few
    moments.
    If you are unable to load any pages, check your computer's network
    connection.
    If your computer or network is protected by a firewall or proxy, make sure
    that Firefox is permitted to access the Web.

    Finally: before coming to these forums I have tried ad-aware, and avg 2012. I recently used Glary Utilities registry cleaner but it was after the symptoms had started.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Bad idea. Uninstall it as soon as possible.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==========================================================================

    If aswMBR still won't run....

    Please download and run ListParts by Farbar (for 32-bit system) to your desktop.

    Please download and run ListParts64 by Farbar (for 64-bit system) to your desktop.

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  10. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-23 09:43:29
    -----------------------------
    09:43:29.451 OS Version: Windows x64 6.1.7601 Service Pack 1
    09:43:29.451 Number of processors: 8 586 0x1E05
    09:43:29.451 ComputerName: ARL87TN3RFY UserName: owner
    09:43:50.667 Initialize success
    09:44:00.932 AVAST engine defs: 12052201
    09:44:59.432 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    09:44:59.432 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
    09:44:59.448 Disk 0 MBR read successfully
    09:44:59.448 Disk 0 MBR scan
    09:44:59.464 Disk 0 Windows VISTA default MBR code
    09:44:59.464 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20001 MB offset 2048
    09:44:59.479 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 456936 MB offset 40966144
    09:44:59.510 Disk 0 scanning C:\Windows\system32\drivers
    09:45:15.532 Service scanning
    09:45:43.300 Modules scanning
    09:45:43.315 Disk 0 trace - called modules:
    09:45:43.315 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys spfi.sys hal.dll
    09:45:43.331 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800666a790]
    09:45:43.331 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa800640e5f0]
    09:45:43.331 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006413050]
    09:45:47.402 AVAST engine scan C:\Windows
    09:45:53.284 AVAST engine scan C:\Windows\system32
    09:48:17.927 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    09:48:21.780 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    09:49:56.192 AVAST engine scan C:\Windows\system32\drivers
    09:50:27.984 AVAST engine scan C:\Users\owner
    10:12:33.154 AVAST engine scan C:\ProgramData
    10:15:22.923 Scan finished successfully
    10:19:46.498 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
    10:19:46.503 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
     
  11. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Very good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  12. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    tried running combofix after cleaning with appremover...

    .exe would extract files like it was going to run but then nothing happened after and I can't find a log in C:\.

    next tried rkill method both in safe mode and normal mode with your_name.exe and rkill worked but same issue with combofix.

    Here is the rkill log:

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 05/24/2012 at 17:12:50.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Users\owner\Desktop\your_name.exe
    C:\32788R22FWJFW\pev.3XE


    Rkill completed on 05/24/2012 at 17:13:01.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    What does actually happen when you try to run Combofix?
     
  14. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    last time I tried running combofix it says its extracting files and after extraction is seems like it reboots explorer.exe process along with internet and other active processes
     
  15. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    extraction is to an output folder c:\32788R22FWJFW but if I try to open it with explorer it just returns me to my computer
     
  16. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    You have to let Combofix alone, let it do its thing instead of trying to open some folders.
    It's not in my instructions.
    Be more patient.
     
  17. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    honestly I think something is keeping it from running or else its run and hasn't left a log file... I ran it in safe mode as your_name.exe with rkill last night and let it sit all overnight.

    when I run combofix or your_name.exe it'll extract but after the extraction window closes there has been no other windows that popup saying finished or anything of that nature

    if that seems strange I can take a few screen captures of the process as I run combofix to try and illustrate what I'm attempting to explain but I have a feeling something is awry when I'm trying to execute the program.
     
  18. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

  19. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  20. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    15:56:17.0662 0292 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
    15:56:17.0936 0292 ============================================================
    15:56:17.0936 0292 Current date / time: 2012/05/25 15:56:17.0936
    15:56:17.0936 0292 SystemInfo:
    15:56:17.0936 0292
    15:56:17.0936 0292 OS Version: 6.1.7601 ServicePack: 1.0
    15:56:17.0936 0292 Product type: Workstation
    15:56:17.0936 0292 ComputerName: ARL87TN3RFY
    15:56:17.0936 0292 UserName: owner
    15:56:17.0936 0292 Windows directory: C:\Windows
    15:56:17.0936 0292 System windows directory: C:\Windows
    15:56:17.0936 0292 Running under WOW64
    15:56:17.0936 0292 Processor architecture: Intel x64
    15:56:17.0936 0292 Number of processors: 8
    15:56:17.0936 0292 Page size: 0x1000
    15:56:17.0936 0292 Boot type: Normal boot
    15:56:17.0936 0292 ============================================================
    15:56:18.0395 0292 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    15:56:18.0402 0292 Drive \Device\Harddisk1\DR1 - Size: 0x7D00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    15:56:18.0480 0292 ============================================================
    15:56:18.0480 0292 \Device\Harddisk0\DR0:
    15:56:18.0481 0292 MBR partitions:
    15:56:18.0481 0292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711800, BlocksNum 0x37C74000
    15:56:18.0481 0292 \Device\Harddisk1\DR1:
    15:56:18.0481 0292 MBR partitions:
    15:56:18.0481 0292 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x2F, BlocksNum 0x3E7D1
    15:56:18.0481 0292 ============================================================
    15:56:18.0514 0292 C: <-> \Device\Harddisk0\DR0\Partition0
    15:56:18.0514 0292 ============================================================
    15:56:18.0514 0292 Initialize success
    15:56:18.0514 0292 ============================================================
    15:56:20.0813 4648 ============================================================
    15:56:20.0813 4648 Scan started
    15:56:20.0813 4648 Mode: Manual;
    15:56:20.0813 4648 ============================================================
    15:56:23.0925 4648 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    15:56:23.0940 4648 1394ohci - ok
    15:56:23.0990 4648 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    15:56:24.0002 4648 ACPI - ok
    15:56:24.0019 4648 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    15:56:24.0021 4648 AcpiPmi - ok
    15:56:24.0073 4648 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    15:56:24.0095 4648 adp94xx - ok
    15:56:24.0132 4648 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    15:56:24.0143 4648 adpahci - ok
    15:56:24.0161 4648 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    15:56:24.0169 4648 adpu320 - ok
    15:56:24.0201 4648 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    15:56:24.0203 4648 AeLookupSvc - ok
    15:56:24.0243 4648 AFBAgent (2d00d3dadc1d3326ba788eb071f2726e) C:\Windows\system32\FBAgent.exe
    15:56:24.0246 4648 AFBAgent - ok
    15:56:24.0325 4648 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    15:56:24.0339 4648 AFD - ok
    15:56:24.0393 4648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    15:56:24.0395 4648 agp440 - ok
    15:56:24.0415 4648 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    15:56:24.0418 4648 ALG - ok
    15:56:24.0450 4648 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    15:56:24.0452 4648 aliide - ok
    15:56:24.0518 4648 AMD External Events Utility (a2f5bea5b45a8e7c4776f39c25e8699d) C:\Windows\system32\atiesrxx.exe
    15:56:24.0519 4648 AMD External Events Utility - ok
    15:56:24.0535 4648 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    15:56:24.0537 4648 amdide - ok
    15:56:24.0565 4648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    15:56:24.0567 4648 AmdK8 - ok
    15:56:25.0280 4648 amdkmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
    15:56:25.0463 4648 amdkmdag - ok
    15:56:25.0668 4648 amdkmdap (35d2184a99ad4cd5d17284d6c9f382c9) C:\Windows\system32\DRIVERS\atikmpag.sys
    15:56:25.0683 4648 amdkmdap - ok
    15:56:25.0704 4648 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    15:56:25.0707 4648 AmdPPM - ok
    15:56:25.0757 4648 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    15:56:25.0760 4648 amdsata - ok
    15:56:25.0791 4648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    15:56:25.0807 4648 amdsbs - ok
    15:56:25.0825 4648 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    15:56:25.0827 4648 amdxata - ok
    15:56:25.0878 4648 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
    15:56:25.0881 4648 AmUStor - ok
    15:56:25.0939 4648 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    15:56:25.0941 4648 AppID - ok
    15:56:25.0963 4648 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    15:56:25.0965 4648 AppIDSvc - ok
    15:56:26.0022 4648 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    15:56:26.0025 4648 Appinfo - ok
    15:56:26.0188 4648 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    15:56:26.0188 4648 Apple Mobile Device - ok
    15:56:26.0246 4648 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    15:56:26.0249 4648 arc - ok
    15:56:26.0291 4648 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    15:56:26.0293 4648 arcsas - ok
    15:56:26.0342 4648 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    15:56:26.0342 4648 ASLDRService - ok
    15:56:26.0351 4648 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
    15:56:26.0352 4648 ASMMAP64 - ok
    15:56:26.0471 4648 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    15:56:26.0474 4648 aspnet_state - ok
    15:56:26.0493 4648 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:56:26.0496 4648 AsyncMac - ok
    15:56:26.0544 4648 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    15:56:26.0546 4648 atapi - ok
    15:56:26.0758 4648 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
    15:56:26.0829 4648 athr - ok
    15:56:26.0986 4648 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
    15:56:26.0990 4648 AtiHdmiService - ok
    15:56:27.0817 4648 atikmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
    15:56:27.0873 4648 atikmdag - ok
    15:56:27.0954 4648 ATKGFNEXSrv (63f1212ffe13e62ca1e8d8ee19abd9a7) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    15:56:27.0955 4648 ATKGFNEXSrv - ok
    15:56:28.0138 4648 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    15:56:28.0178 4648 AudioEndpointBuilder - ok
    15:56:28.0184 4648 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    15:56:28.0188 4648 AudioSrv - ok
    15:56:28.0261 4648 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    15:56:28.0264 4648 AxInstSV - ok
    15:56:28.0339 4648 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    15:56:28.0388 4648 b06bdrv - ok
    15:56:28.0436 4648 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    15:56:28.0449 4648 b57nd60a - ok
    15:56:28.0556 4648 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    15:56:28.0570 4648 BBSvc - ok
    15:56:28.0628 4648 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    15:56:28.0639 4648 BBUpdate - ok
    15:56:28.0670 4648 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    15:56:28.0673 4648 BDESVC - ok
    15:56:28.0696 4648 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    15:56:28.0697 4648 Beep - ok
    15:56:28.0791 4648 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    15:56:28.0852 4648 BITS - ok
    15:56:28.0871 4648 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    15:56:28.0873 4648 blbdrive - ok
    15:56:29.0018 4648 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    15:56:29.0021 4648 Bonjour Service - ok
    15:56:29.0079 4648 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    15:56:29.0088 4648 bowser - ok
    15:56:29.0115 4648 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    15:56:29.0117 4648 BrFiltLo - ok
    15:56:29.0140 4648 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    15:56:29.0142 4648 BrFiltUp - ok
    15:56:29.0175 4648 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    15:56:29.0178 4648 BridgeMP - ok
    15:56:29.0229 4648 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    15:56:29.0232 4648 Browser - ok
    15:56:29.0266 4648 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    15:56:29.0277 4648 Brserid - ok
    15:56:29.0294 4648 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    15:56:29.0297 4648 BrSerWdm - ok
    15:56:29.0301 4648 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    15:56:29.0302 4648 BrUsbMdm - ok
    15:56:29.0315 4648 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    15:56:29.0318 4648 BrUsbSer - ok
    15:56:29.0345 4648 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    15:56:29.0347 4648 BTHMODEM - ok
    15:56:29.0374 4648 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    15:56:29.0377 4648 bthserv - ok
    15:56:29.0398 4648 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    15:56:29.0401 4648 cdfs - ok
    15:56:29.0457 4648 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    15:56:29.0460 4648 cdrom - ok
    15:56:29.0509 4648 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    15:56:29.0512 4648 CertPropSvc - ok
    15:56:29.0531 4648 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    15:56:29.0533 4648 circlass - ok
    15:56:29.0564 4648 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    15:56:29.0582 4648 CLFS - ok
    15:56:29.0641 4648 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:56:29.0644 4648 clr_optimization_v2.0.50727_32 - ok
    15:56:29.0692 4648 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    15:56:29.0695 4648 clr_optimization_v2.0.50727_64 - ok
    15:56:29.0791 4648 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:56:29.0800 4648 clr_optimization_v4.0.30319_32 - ok
    15:56:29.0829 4648 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    15:56:29.0832 4648 clr_optimization_v4.0.30319_64 - ok
    15:56:29.0859 4648 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    15:56:29.0861 4648 CmBatt - ok
    15:56:29.0896 4648 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    15:56:29.0898 4648 cmdide - ok
    15:56:29.0972 4648 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    15:56:29.0998 4648 CNG - ok
    15:56:30.0019 4648 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    15:56:30.0021 4648 Compbatt - ok
    15:56:30.0064 4648 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    15:56:30.0066 4648 CompositeBus - ok
    15:56:30.0073 4648 COMSysApp - ok
    15:56:30.0085 4648 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    15:56:30.0087 4648 crcdisk - ok
    15:56:30.0157 4648 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    15:56:30.0161 4648 Creative ALchemy AL6 Licensing Service - ok
    15:56:30.0172 4648 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    15:56:30.0173 4648 Creative Audio Engine Licensing Service - ok
    15:56:30.0235 4648 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    15:56:30.0248 4648 CryptSvc - ok
    15:56:30.0310 4648 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
    15:56:30.0312 4648 dc3d - ok
    15:56:30.0386 4648 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    15:56:30.0415 4648 DcomLaunch - ok
    15:56:30.0466 4648 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    15:56:30.0479 4648 defragsvc - ok
    15:56:30.0524 4648 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    15:56:30.0527 4648 DfsC - ok
    15:56:30.0583 4648 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    15:56:30.0607 4648 Dhcp - ok
    15:56:30.0632 4648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    15:56:30.0634 4648 discache - ok
    15:56:30.0662 4648 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    15:56:30.0665 4648 Disk - ok
    15:56:30.0696 4648 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    15:56:30.0708 4648 Dnscache - ok
    15:56:30.0796 4648 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    15:56:30.0806 4648 dot3svc - ok
    15:56:30.0854 4648 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    15:56:30.0864 4648 DPS - ok
    15:56:30.0892 4648 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    15:56:30.0894 4648 drmkaud - ok
    15:56:31.0111 4648 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    15:56:31.0165 4648 DXGKrnl - ok
    15:56:31.0199 4648 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    15:56:31.0202 4648 EapHost - ok
    15:56:31.0423 4648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    15:56:31.0511 4648 ebdrv - ok
    15:56:31.0622 4648 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    15:56:31.0625 4648 EFS - ok
    15:56:31.0721 4648 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    15:56:31.0780 4648 ehRecvr - ok
    15:56:31.0812 4648 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    15:56:31.0820 4648 ehSched - ok
    15:56:31.0921 4648 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    15:56:31.0960 4648 elxstor - ok
    15:56:32.0004 4648 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    15:56:32.0006 4648 ErrDev - ok
    15:56:32.0062 4648 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    15:56:32.0107 4648 EventSystem - ok
    15:56:32.0147 4648 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    15:56:32.0150 4648 exfat - ok
    15:56:32.0195 4648 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    15:56:32.0208 4648 fastfat - ok
    15:56:32.0302 4648 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    15:56:32.0361 4648 Fax - ok
    15:56:32.0379 4648 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    15:56:32.0381 4648 fdc - ok
    15:56:32.0396 4648 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    15:56:32.0398 4648 fdPHost - ok
    15:56:32.0412 4648 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    15:56:32.0415 4648 FDResPub - ok
    15:56:32.0429 4648 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    15:56:32.0432 4648 FileInfo - ok
    15:56:32.0441 4648 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    15:56:32.0443 4648 Filetrace - ok
    15:56:32.0454 4648 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    15:56:32.0456 4648 flpydisk - ok
    15:56:32.0504 4648 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    15:56:32.0518 4648 FltMgr - ok
    15:56:32.0626 4648 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    15:56:32.0677 4648 FontCache - ok
    15:56:32.0736 4648 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    15:56:32.0737 4648 FontCache3.0.0.0 - ok
    15:56:32.0786 4648 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    15:56:32.0788 4648 FsDepends - ok
    15:56:32.0827 4648 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
    15:56:32.0829 4648 fssfltr - ok
    15:56:32.0942 4648 fsssvc (f6717211c1ec2cddaa81b97b0727c2e9) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    15:56:32.0974 4648 fsssvc - ok
    15:56:33.0022 4648 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    15:56:33.0024 4648 Fs_Rec - ok
    15:56:33.0082 4648 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    15:56:33.0095 4648 fvevol - ok
    15:56:33.0126 4648 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    15:56:33.0128 4648 gagp30kx - ok
    15:56:33.0186 4648 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:56:33.0189 4648 GEARAspiWDM - ok
    15:56:33.0274 4648 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    15:56:33.0310 4648 gpsvc - ok
    15:56:33.0323 4648 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    15:56:33.0325 4648 hcw85cir - ok
    15:56:33.0398 4648 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    15:56:33.0412 4648 HdAudAddService - ok
    15:56:33.0449 4648 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    15:56:33.0452 4648 HDAudBus - ok
    15:56:33.0477 4648 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    15:56:33.0480 4648 HECIx64 - ok
    15:56:33.0496 4648 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    15:56:33.0498 4648 HidBatt - ok
    15:56:33.0521 4648 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    15:56:33.0523 4648 HidBth - ok
    15:56:33.0536 4648 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    15:56:33.0538 4648 HidIr - ok
    15:56:33.0570 4648 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    15:56:33.0572 4648 hidserv - ok
    15:56:33.0588 4648 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    15:56:33.0590 4648 HidUsb - ok
    15:56:33.0683 4648 HiPatchService (5a457c3d00c1c701230a12aa1580114d) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    15:56:33.0685 4648 HiPatchService - ok
    15:56:33.0727 4648 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    15:56:33.0731 4648 hkmsvc - ok
    15:56:33.0776 4648 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    15:56:33.0789 4648 HomeGroupListener - ok
    15:56:33.0834 4648 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    15:56:33.0850 4648 HomeGroupProvider - ok
    15:56:33.0982 4648 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    15:56:33.0993 4648 hpqcxs08 - ok
    15:56:34.0013 4648 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    15:56:34.0021 4648 hpqddsvc - ok
    15:56:34.0075 4648 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    15:56:34.0078 4648 HpSAMD - ok
    15:56:34.0198 4648 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    15:56:34.0251 4648 HPSLPSVC - ok
    15:56:34.0337 4648 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    15:56:34.0366 4648 HTTP - ok
    15:56:34.0402 4648 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    15:56:34.0404 4648 hwpolicy - ok
    15:56:34.0432 4648 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    15:56:34.0434 4648 i8042prt - ok
    15:56:34.0483 4648 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
    15:56:34.0485 4648 iaStor - ok
    15:56:34.0557 4648 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    15:56:34.0570 4648 iaStorV - ok
    15:56:34.0698 4648 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    15:56:34.0735 4648 idsvc - ok
    15:56:34.0761 4648 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    15:56:34.0763 4648 iirsp - ok
    15:56:34.0866 4648 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    15:56:34.0908 4648 IKEEXT - ok
    15:56:35.0074 4648 IntcAzAudAddService (045555f0d572bb48498d040c31e9dc6a) C:\Windows\system32\drivers\RTKVHD64.sys
    15:56:35.0124 4648 IntcAzAudAddService - ok
    15:56:35.0267 4648 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    15:56:35.0270 4648 intelide - ok
    15:56:35.0294 4648 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    15:56:35.0297 4648 intelppm - ok
    15:56:35.0337 4648 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    15:56:35.0340 4648 IPBusEnum - ok
    15:56:35.0387 4648 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:56:35.0390 4648 IpFilterDriver - ok
    15:56:35.0488 4648 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    15:56:35.0520 4648 iphlpsvc - ok
    15:56:35.0563 4648 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    15:56:35.0566 4648 IPMIDRV - ok
    15:56:35.0594 4648 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    15:56:35.0597 4648 IPNAT - ok
    15:56:35.0766 4648 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
    15:56:35.0772 4648 iPod Service - ok
    15:56:35.0797 4648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    15:56:35.0799 4648 IRENUM - ok
    15:56:35.0835 4648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    15:56:35.0837 4648 isapnp - ok
    15:56:35.0882 4648 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    15:56:35.0893 4648 iScsiPrt - ok
    15:56:35.0952 4648 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
    15:56:35.0955 4648 ivusb - ok
    15:56:35.0978 4648 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    15:56:35.0980 4648 kbdclass - ok
    15:56:36.0018 4648 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    15:56:36.0020 4648 kbdhid - ok
    15:56:36.0055 4648 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
    15:56:36.0057 4648 kbfiltr - ok
    15:56:36.0102 4648 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:56:36.0104 4648 KeyIso - ok
    15:56:36.0124 4648 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    15:56:36.0126 4648 KSecDD - ok
    15:56:36.0146 4648 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    15:56:36.0154 4648 KSecPkg - ok
    15:56:36.0171 4648 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    15:56:36.0173 4648 ksthunk - ok
    15:56:36.0221 4648 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    15:56:36.0235 4648 KtmRm - ok
    15:56:36.0292 4648 L1C (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
    15:56:36.0295 4648 L1C - ok
    15:56:36.0356 4648 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    15:56:36.0369 4648 LanmanServer - ok
    15:56:36.0426 4648 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    15:56:36.0430 4648 LanmanWorkstation - ok
    15:56:36.0451 4648 libusb0 - ok
    15:56:36.0477 4648 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    15:56:36.0479 4648 lltdio - ok
    15:56:36.0533 4648 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    15:56:36.0548 4648 lltdsvc - ok
    15:56:36.0559 4648 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    15:56:36.0561 4648 lmhosts - ok
    15:56:36.0648 4648 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    15:56:36.0650 4648 LMS - ok
    15:56:36.0691 4648 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    15:56:36.0694 4648 LSI_FC - ok
    15:56:36.0722 4648 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    15:56:36.0725 4648 LSI_SAS - ok
    15:56:36.0742 4648 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    15:56:36.0745 4648 LSI_SAS2 - ok
    15:56:36.0763 4648 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    15:56:36.0766 4648 LSI_SCSI - ok
    15:56:36.0792 4648 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    15:56:36.0795 4648 luafv - ok
    15:56:36.0840 4648 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    15:56:36.0843 4648 Mcx2Svc - ok
    15:56:36.0863 4648 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    15:56:36.0865 4648 megasas - ok
    15:56:36.0904 4648 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    15:56:36.0910 4648 MegaSR - ok
    15:56:36.0986 4648 Microsoft SharePoint Workspace Audit Service - ok
    15:56:37.0024 4648 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    15:56:37.0027 4648 MMCSS - ok
    15:56:37.0047 4648 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    15:56:37.0049 4648 Modem - ok
    15:56:37.0064 4648 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    15:56:37.0064 4648 monitor - ok
    15:56:37.0130 4648 MotioninJoyXFilter (eb03d4164e7f10b601d280413655ade4) C:\Windows\system32\DRIVERS\MijXfilt.sys
    15:56:37.0132 4648 MotioninJoyXFilter - ok
    15:56:37.0183 4648 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    15:56:37.0186 4648 mouclass - ok
    15:56:37.0214 4648 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    15:56:37.0216 4648 mouhid - ok
    15:56:37.0267 4648 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    15:56:37.0269 4648 mountmgr - ok
    15:56:37.0323 4648 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    15:56:37.0326 4648 MozillaMaintenance - ok
    15:56:37.0369 4648 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    15:56:37.0377 4648 mpio - ok
    15:56:37.0412 4648 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    15:56:37.0414 4648 mpsdrv - ok
    15:56:37.0461 4648 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    15:56:37.0474 4648 MRxDAV - ok
    15:56:37.0523 4648 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:56:37.0532 4648 mrxsmb - ok
    15:56:37.0560 4648 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:56:37.0574 4648 mrxsmb10 - ok
    15:56:37.0598 4648 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:56:37.0607 4648 mrxsmb20 - ok
    15:56:37.0651 4648 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    15:56:37.0653 4648 msahci - ok
    15:56:37.0679 4648 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    15:56:37.0688 4648 msdsm - ok
    15:56:37.0724 4648 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    15:56:37.0733 4648 MSDTC - ok
    15:56:37.0757 4648 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    15:56:37.0760 4648 Msfs - ok
    15:56:37.0774 4648 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    15:56:37.0776 4648 mshidkmdf - ok
    15:56:37.0819 4648 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    15:56:37.0821 4648 msisadrv - ok
    15:56:37.0871 4648 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    15:56:37.0885 4648 MSiSCSI - ok
    15:56:37.0887 4648 msiserver - ok
    15:56:37.0913 4648 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    15:56:37.0915 4648 MSKSSRV - ok
    15:56:37.0932 4648 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    15:56:37.0935 4648 MSPCLOCK - ok
    15:56:37.0945 4648 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    15:56:37.0948 4648 MSPQM - ok
    15:56:38.0012 4648 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    15:56:38.0025 4648 MsRPC - ok
    15:56:38.0043 4648 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    15:56:38.0044 4648 mssmbios - ok
    15:56:38.0056 4648 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    15:56:38.0058 4648 MSTEE - ok
    15:56:38.0068 4648 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    15:56:38.0070 4648 MTConfig - ok
    15:56:38.0084 4648 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
    15:56:38.0086 4648 MTsensor - ok
    15:56:38.0100 4648 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    15:56:38.0103 4648 Mup - ok
    15:56:38.0169 4648 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    15:56:38.0200 4648 napagent - ok
    15:56:38.0238 4648 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    15:56:38.0254 4648 NativeWifiP - ok
    15:56:38.0340 4648 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    15:56:38.0382 4648 NDIS - ok
    15:56:38.0402 4648 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    15:56:38.0404 4648 NdisCap - ok
    15:56:38.0424 4648 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    15:56:38.0426 4648 NdisTapi - ok
    15:56:38.0470 4648 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    15:56:38.0474 4648 Ndisuio - ok
    15:56:38.0523 4648 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    15:56:38.0531 4648 NdisWan - ok
    15:56:38.0582 4648 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    15:56:38.0584 4648 NDProxy - ok
    15:56:38.0654 4648 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
    15:56:38.0657 4648 Net Driver HPZ12 - ok
    15:56:38.0686 4648 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    15:56:38.0689 4648 NetBIOS - ok
    15:56:38.0745 4648 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    15:56:38.0756 4648 NetBT - ok
    15:56:38.0800 4648 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:56:38.0801 4648 Netlogon - ok
    15:56:38.0858 4648 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    15:56:38.0873 4648 Netman - ok
    15:56:39.0014 4648 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:56:39.0026 4648 NetMsmqActivator - ok
    15:56:39.0035 4648 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:56:39.0036 4648 NetPipeActivator - ok
    15:56:39.0075 4648 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    15:56:39.0104 4648 netprofm - ok
    15:56:39.0122 4648 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:56:39.0123 4648 NetTcpActivator - ok
    15:56:39.0127 4648 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:56:39.0128 4648 NetTcpPortSharing - ok
    15:56:39.0199 4648 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    15:56:39.0202 4648 nfrd960 - ok
    15:56:39.0266 4648 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    15:56:39.0281 4648 NlaSvc - ok
    15:56:39.0299 4648 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    15:56:39.0301 4648 Npfs - ok
    15:56:39.0322 4648 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    15:56:39.0325 4648 nsi - ok
    15:56:39.0334 4648 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    15:56:39.0336 4648 nsiproxy - ok
    15:56:39.0484 4648 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    15:56:39.0527 4648 Ntfs - ok
    15:56:39.0654 4648 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    15:56:39.0657 4648 Null - ok
    15:56:39.0713 4648 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    15:56:39.0722 4648 nvraid - ok
    15:56:39.0770 4648 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    15:56:39.0783 4648 nvstor - ok
    15:56:39.0847 4648 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    15:56:39.0850 4648 nv_agp - ok
    15:56:39.0889 4648 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    15:56:39.0892 4648 ohci1394 - ok
    15:56:39.0991 4648 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:56:39.0999 4648 ose - ok
    15:56:40.0372 4648 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    15:56:40.0480 4648 osppsvc - ok
    15:56:40.0595 4648 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    15:56:40.0613 4648 p2pimsvc - ok
    15:56:40.0652 4648 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    15:56:40.0680 4648 p2psvc - ok
    15:56:40.0727 4648 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    15:56:40.0730 4648 Parport - ok
    15:56:40.0774 4648 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    15:56:40.0777 4648 partmgr - ok
    15:56:40.0796 4648 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    15:56:40.0808 4648 PcaSvc - ok
    15:56:40.0854 4648 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    15:56:40.0866 4648 pci - ok
    15:56:40.0874 4648 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    15:56:40.0876 4648 pciide - ok
    15:56:40.0907 4648 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    15:56:40.0920 4648 pcmcia - ok
    15:56:40.0941 4648 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    15:56:40.0944 4648 pcw - ok
    15:56:40.0997 4648 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    15:56:41.0021 4648 PEAUTH - ok
    15:56:41.0099 4648 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    15:56:41.0102 4648 PerfHost - ok
    15:56:41.0230 4648 Pharos Systems ComTaskMaster (bd24e98e6546adf6a31a41485483eb6c) C:\PROGRA~2\PharosSystems\Core\CTskMstr.exe
    15:56:41.0232 4648 Pharos Systems ComTaskMaster - ok
    15:56:41.0436 4648 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    15:56:41.0479 4648 pla - ok
    15:56:41.0552 4648 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    15:56:41.0582 4648 PlugPlay - ok
    15:56:41.0661 4648 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
    15:56:41.0664 4648 Pml Driver HPZ12 - ok
    15:56:41.0689 4648 PnkBstrA - ok
    15:56:41.0712 4648 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    15:56:41.0715 4648 PNRPAutoReg - ok
    15:56:41.0744 4648 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    15:56:41.0747 4648 PNRPsvc - ok
    15:56:41.0822 4648 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    15:56:41.0855 4648 PolicyAgent - ok
    15:56:41.0889 4648 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    15:56:41.0903 4648 Power - ok
    15:56:41.0978 4648 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    15:56:41.0981 4648 PptpMiniport - ok
    15:56:42.0003 4648 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    15:56:42.0006 4648 Processor - ok
    15:56:42.0064 4648 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    15:56:42.0077 4648 ProfSvc - ok
    15:56:42.0118 4648 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:56:42.0119 4648 ProtectedStorage - ok
    15:56:42.0167 4648 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    15:56:42.0177 4648 Psched - ok
    15:56:42.0207 4648 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
    15:56:42.0210 4648 PxHlpa64 - ok
    15:56:42.0311 4648 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    15:56:42.0357 4648 ql2300 - ok
    15:56:42.0494 4648 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    15:56:42.0504 4648 ql40xx - ok
    15:56:42.0545 4648 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    15:56:42.0556 4648 QWAVE - ok
     
  21. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    15:56:42.0574 4648 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    15:56:42.0576 4648 QWAVEdrv - ok
    15:56:42.0584 4648 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    15:56:42.0586 4648 RasAcd - ok
    15:56:42.0623 4648 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    15:56:42.0626 4648 RasAgileVpn - ok
    15:56:42.0640 4648 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    15:56:42.0644 4648 RasAuto - ok
    15:56:42.0692 4648 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:56:42.0701 4648 Rasl2tp - ok
    15:56:42.0761 4648 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    15:56:42.0776 4648 RasMan - ok
    15:56:42.0797 4648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    15:56:42.0800 4648 RasPppoe - ok
    15:56:42.0817 4648 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    15:56:42.0821 4648 RasSstp - ok
    15:56:42.0853 4648 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    15:56:42.0866 4648 rdbss - ok
    15:56:42.0880 4648 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    15:56:42.0883 4648 rdpbus - ok
    15:56:42.0894 4648 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:56:42.0896 4648 RDPCDD - ok
    15:56:42.0923 4648 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    15:56:42.0924 4648 RDPENCDD - ok
    15:56:42.0937 4648 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    15:56:42.0940 4648 RDPREFMP - ok
    15:56:42.0987 4648 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    15:56:42.0999 4648 RDPWD - ok
    15:56:43.0067 4648 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    15:56:43.0080 4648 rdyboost - ok
    15:56:43.0123 4648 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    15:56:43.0127 4648 RemoteAccess - ok
    15:56:43.0153 4648 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    15:56:43.0166 4648 RemoteRegistry - ok
    15:56:43.0186 4648 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    15:56:43.0189 4648 RpcEptMapper - ok
    15:56:43.0209 4648 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    15:56:43.0212 4648 RpcLocator - ok
    15:56:43.0278 4648 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    15:56:43.0283 4648 RpcSs - ok
    15:56:43.0335 4648 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    15:56:43.0338 4648 rspndr - ok
    15:56:43.0373 4648 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys
    15:56:43.0387 4648 RTHDMIAzAudService - ok
    15:56:43.0430 4648 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:56:43.0431 4648 SamSs - ok
    15:56:43.0481 4648 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    15:56:43.0484 4648 sbp2port - ok
    15:56:43.0519 4648 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    15:56:43.0534 4648 SCardSvr - ok
    15:56:43.0575 4648 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    15:56:43.0578 4648 scfilter - ok
    15:56:43.0688 4648 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    15:56:43.0726 4648 Schedule - ok
    15:56:43.0768 4648 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    15:56:43.0769 4648 SCPolicySvc - ok
    15:56:43.0791 4648 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    15:56:43.0804 4648 SDRSVC - ok
    15:56:43.0859 4648 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    15:56:43.0862 4648 secdrv - ok
    15:56:43.0897 4648 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    15:56:43.0900 4648 seclogon - ok
    15:56:43.0932 4648 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    15:56:43.0936 4648 SENS - ok
    15:56:43.0945 4648 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    15:56:43.0949 4648 SensrSvc - ok
    15:56:43.0959 4648 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    15:56:43.0961 4648 Serenum - ok
    15:56:43.0988 4648 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    15:56:43.0991 4648 Serial - ok
    15:56:44.0047 4648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    15:56:44.0049 4648 sermouse - ok
    15:56:44.0093 4648 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    15:56:44.0102 4648 SessionEnv - ok
    15:56:44.0135 4648 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    15:56:44.0137 4648 sffdisk - ok
    15:56:44.0149 4648 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    15:56:44.0151 4648 sffp_mmc - ok
    15:56:44.0164 4648 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    15:56:44.0166 4648 sffp_sd - ok
    15:56:44.0183 4648 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    15:56:44.0186 4648 sfloppy - ok
    15:56:44.0254 4648 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    15:56:44.0285 4648 ShellHWDetection - ok
    15:56:44.0312 4648 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
    15:56:44.0314 4648 SiSGbeLH - ok
    15:56:44.0330 4648 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    15:56:44.0332 4648 SiSRaid2 - ok
    15:56:44.0348 4648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    15:56:44.0351 4648 SiSRaid4 - ok
    15:56:44.0369 4648 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    15:56:44.0372 4648 Smb - ok
    15:56:44.0408 4648 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    15:56:44.0411 4648 SNMPTRAP - ok
    15:56:44.0541 4648 SNP2UVC (7aec460dbdd193680f0e77724e40e7b6) C:\Windows\system32\DRIVERS\snp2uvc.sys
    15:56:44.0588 4648 SNP2UVC - ok
    15:56:44.0705 4648 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    15:56:44.0707 4648 spldr - ok
    15:56:44.0785 4648 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    15:56:44.0814 4648 Spooler - ok
    15:56:45.0152 4648 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    15:56:45.0277 4648 sppsvc - ok
    15:56:45.0378 4648 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    15:56:45.0382 4648 sppuinotify - ok
    15:56:45.0523 4648 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
    15:56:45.0523 4648 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
    15:56:45.0524 4648 sptd ( LockedFile.Multi.Generic ) - warning
    15:56:45.0524 4648 sptd - detected LockedFile.Multi.Generic (1)
    15:56:45.0597 4648 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    15:56:45.0616 4648 srv - ok
    15:56:45.0658 4648 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    15:56:45.0674 4648 srv2 - ok
    15:56:45.0697 4648 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    15:56:45.0710 4648 srvnet - ok
    15:56:45.0745 4648 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    15:56:45.0760 4648 SSDPSRV - ok
    15:56:45.0774 4648 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    15:56:45.0777 4648 SstpSvc - ok
    15:56:45.0820 4648 Steam Client Service - ok
    15:56:45.0849 4648 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    15:56:45.0852 4648 stexstor - ok
    15:56:45.0897 4648 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    15:56:45.0899 4648 StillCam - ok
    15:56:45.0982 4648 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    15:56:46.0003 4648 stisvc - ok
    15:56:46.0049 4648 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    15:56:46.0050 4648 swenum - ok
    15:56:46.0108 4648 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    15:56:46.0126 4648 swprv - ok
    15:56:46.0205 4648 SynTP (01a658167619075baad31c96074c0b38) C:\Windows\system32\DRIVERS\SynTP.sys
    15:56:46.0229 4648 SynTP - ok
    15:56:46.0379 4648 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    15:56:46.0418 4648 SysMain - ok
    15:56:46.0536 4648 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    15:56:46.0539 4648 TabletInputService - ok
    15:56:46.0601 4648 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    15:56:46.0619 4648 TapiSrv - ok
    15:56:46.0644 4648 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    15:56:46.0647 4648 TBS - ok
    15:56:46.0836 4648 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    15:56:46.0877 4648 Tcpip - ok
    15:56:47.0078 4648 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    15:56:47.0089 4648 TCPIP6 - ok
    15:56:47.0214 4648 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    15:56:47.0216 4648 tcpipreg - ok
    15:56:47.0266 4648 TCPZ (8f2b629fb8db0b69b996b09d58bcd419) C:\Windows\system32\DRIVERS\tcpz-x64d.sys
    15:56:47.0268 4648 TCPZ - ok
    15:56:47.0289 4648 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    15:56:47.0291 4648 TDPIPE - ok
    15:56:47.0325 4648 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    15:56:47.0327 4648 TDTCP - ok
    15:56:47.0376 4648 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    15:56:47.0379 4648 tdx - ok
    15:56:47.0416 4648 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    15:56:47.0419 4648 TermDD - ok
    15:56:47.0477 4648 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    15:56:47.0496 4648 TermService - ok
    15:56:47.0520 4648 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    15:56:47.0523 4648 Themes - ok
    15:56:47.0553 4648 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    15:56:47.0554 4648 THREADORDER - ok
    15:56:47.0585 4648 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    15:56:47.0594 4648 TrkWks - ok
    15:56:47.0664 4648 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    15:56:47.0679 4648 TrustedInstaller - ok
    15:56:47.0723 4648 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:56:47.0726 4648 tssecsrv - ok
    15:56:47.0777 4648 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    15:56:47.0779 4648 TsUsbFlt - ok
    15:56:47.0838 4648 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    15:56:47.0848 4648 tunnel - ok
    15:56:47.0861 4648 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
    15:56:47.0862 4648 TurboB - ok
    15:56:47.0936 4648 TurboBoost (baef86ebeaece76573fa822dea256f6c) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    15:56:47.0937 4648 TurboBoost - ok
    15:56:47.0959 4648 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    15:56:47.0961 4648 uagp35 - ok
    15:56:48.0012 4648 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    15:56:48.0027 4648 udfs - ok
    15:56:48.0065 4648 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    15:56:48.0069 4648 UI0Detect - ok
    15:56:48.0115 4648 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    15:56:48.0118 4648 uliagpkx - ok
    15:56:48.0173 4648 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    15:56:48.0175 4648 umbus - ok
    15:56:48.0190 4648 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    15:56:48.0192 4648 UmPass - ok
    15:56:48.0360 4648 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    15:56:48.0404 4648 UNS - ok
    15:56:48.0526 4648 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    15:56:48.0539 4648 upnphost - ok
    15:56:48.0608 4648 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
    15:56:48.0610 4648 USBAAPL64 - ok
    15:56:48.0654 4648 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    15:56:48.0657 4648 usbccgp - ok
    15:56:48.0710 4648 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    15:56:48.0713 4648 usbcir - ok
    15:56:48.0735 4648 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    15:56:48.0737 4648 usbehci - ok
    15:56:48.0784 4648 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    15:56:48.0800 4648 usbhub - ok
    15:56:48.0813 4648 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    15:56:48.0815 4648 usbohci - ok
    15:56:48.0844 4648 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    15:56:48.0847 4648 usbprint - ok
    15:56:48.0893 4648 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    15:56:48.0896 4648 USBSTOR - ok
    15:56:48.0914 4648 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    15:56:48.0916 4648 usbuhci - ok
    15:56:48.0959 4648 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    15:56:48.0971 4648 usbvideo - ok
    15:56:49.0013 4648 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    15:56:49.0026 4648 UxSms - ok
    15:56:49.0064 4648 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:56:49.0066 4648 VaultSvc - ok
    15:56:49.0077 4648 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    15:56:49.0079 4648 vdrvroot - ok
    15:56:49.0157 4648 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    15:56:49.0189 4648 vds - ok
    15:56:49.0213 4648 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    15:56:49.0216 4648 vga - ok
    15:56:49.0233 4648 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    15:56:49.0236 4648 VgaSave - ok
    15:56:49.0265 4648 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    15:56:49.0279 4648 vhdmp - ok
    15:56:49.0303 4648 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    15:56:49.0305 4648 viaide - ok
    15:56:49.0323 4648 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    15:56:49.0327 4648 volmgr - ok
    15:56:49.0388 4648 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    15:56:49.0402 4648 volmgrx - ok
    15:56:49.0433 4648 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    15:56:49.0448 4648 volsnap - ok
    15:56:49.0475 4648 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    15:56:49.0489 4648 vsmraid - ok
    15:56:49.0628 4648 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    15:56:49.0680 4648 VSS - ok
    15:56:49.0799 4648 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    15:56:49.0801 4648 vwifibus - ok
    15:56:49.0815 4648 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    15:56:49.0817 4648 vwififlt - ok
    15:56:49.0856 4648 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    15:56:49.0858 4648 vwifimp - ok
    15:56:49.0898 4648 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    15:56:49.0928 4648 W32Time - ok
    15:56:49.0963 4648 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    15:56:49.0966 4648 WacomPen - ok
    15:56:50.0016 4648 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    15:56:50.0018 4648 WANARP - ok
    15:56:50.0021 4648 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    15:56:50.0022 4648 Wanarpv6 - ok
    15:56:50.0158 4648 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    15:56:50.0210 4648 WatAdminSvc - ok
    15:56:50.0357 4648 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    15:56:50.0391 4648 wbengine - ok
    15:56:50.0509 4648 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    15:56:50.0522 4648 WbioSrvc - ok
    15:56:50.0578 4648 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    15:56:50.0592 4648 wcncsvc - ok
    15:56:50.0606 4648 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    15:56:50.0609 4648 WcsPlugInService - ok
    15:56:50.0646 4648 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    15:56:50.0648 4648 Wd - ok
    15:56:50.0699 4648 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    15:56:50.0732 4648 Wdf01000 - ok
    15:56:50.0747 4648 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    15:56:50.0751 4648 WdiServiceHost - ok
    15:56:50.0754 4648 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    15:56:50.0756 4648 WdiSystemHost - ok
    15:56:50.0810 4648 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    15:56:50.0824 4648 WebClient - ok
    15:56:50.0847 4648 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    15:56:50.0859 4648 Wecsvc - ok
    15:56:50.0874 4648 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    15:56:50.0878 4648 wercplsupport - ok
    15:56:50.0907 4648 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    15:56:50.0911 4648 WerSvc - ok
    15:56:50.0937 4648 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    15:56:50.0939 4648 WfpLwf - ok
    15:56:50.0966 4648 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
    15:56:50.0976 4648 WimFltr - ok
    15:56:50.0989 4648 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    15:56:50.0992 4648 WIMMount - ok
    15:56:51.0042 4648 WinDefend - ok
    15:56:51.0049 4648 WinHttpAutoProxySvc - ok
    15:56:51.0235 4648 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    15:56:51.0248 4648 Winmgmt - ok
    15:56:51.0417 4648 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    15:56:51.0469 4648 WinRM - ok
    15:56:51.0629 4648 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    15:56:51.0632 4648 WinUsb - ok
    15:56:51.0703 4648 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    15:56:51.0732 4648 Wlansvc - ok
    15:56:51.0954 4648 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    15:56:52.0013 4648 wlidsvc - ok
    15:56:52.0130 4648 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
    15:56:52.0132 4648 WmBEnum - ok
    15:56:52.0150 4648 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
    15:56:52.0153 4648 WmFilter - ok
    15:56:52.0193 4648 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    15:56:52.0195 4648 WmiAcpi - ok
    15:56:52.0246 4648 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    15:56:52.0259 4648 wmiApSrv - ok
    15:56:52.0303 4648 WMPNetworkSvc - ok
    15:56:52.0320 4648 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
    15:56:52.0322 4648 WmVirHid - ok
    15:56:52.0339 4648 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
    15:56:52.0342 4648 WmXlCore - ok
    15:56:52.0367 4648 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    15:56:52.0370 4648 WPCSvc - ok
    15:56:52.0412 4648 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    15:56:52.0422 4648 WPDBusEnum - ok
    15:56:52.0447 4648 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    15:56:52.0449 4648 ws2ifsl - ok
    15:56:52.0486 4648 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    15:56:52.0490 4648 wscsvc - ok
    15:56:52.0540 4648 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    15:56:52.0542 4648 WSDPrintDevice - ok
    15:56:52.0544 4648 WSearch - ok
    15:56:52.0732 4648 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    15:56:52.0800 4648 wuauserv - ok
    15:56:52.0953 4648 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    15:56:52.0956 4648 WudfPf - ok
    15:56:52.0975 4648 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:56:52.0988 4648 WUDFRd - ok
    15:56:53.0048 4648 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    15:56:53.0060 4648 wudfsvc - ok
    15:56:53.0095 4648 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    15:56:53.0107 4648 WwanSvc - ok
    15:56:53.0157 4648 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
    15:56:53.0160 4648 xusb21 - ok
    15:56:53.0207 4648 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    15:56:53.0536 4648 \Device\Harddisk0\DR0 - ok
    15:56:53.0542 4648 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    15:56:53.0579 4648 \Device\Harddisk1\DR1 - ok
    15:56:53.0583 4648 Boot (0x1200) (e7edece59b8a4efd4e6ef4a1f731ba83) \Device\Harddisk0\DR0\Partition0
    15:56:53.0588 4648 \Device\Harddisk0\DR0\Partition0 - ok
    15:56:53.0591 4648 Boot (0x1200) (20e83444f74757cea9d299015cf52ea0) \Device\Harddisk1\DR1\Partition0
    15:56:53.0592 4648 \Device\Harddisk1\DR1\Partition0 - ok
    15:56:53.0592 4648 ============================================================
    15:56:53.0592 4648 Scan finished
    15:56:53.0592 4648 ============================================================
    15:56:53.0602 4392 Detected object count: 1
    15:56:53.0602 4392 Actual detected object count: 1
    15:57:16.0556 4392 sptd ( LockedFile.Multi.Generic ) - skipped by user
    15:57:16.0556 4392 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    15:57:18.0801 6012 Deinitialize success
     
  22. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Which browser is getting redirected?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  23. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    firefox is being redirected and has the popup issues. running OTL now and will reply when scan is complete
     
  24. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    just today firefox has started opening a new window with those 5 tabs being opened.. one has a c:\windows:\system32\..... address if thats of any help..

    file:///C:/Windows/system32/content=0;url=http://earthlink-help.com/main?Inte...8-1.90base&Referer=&Implementation=0/><script

    is part of the address..

    And I wanted to thank you for your help up until this point... usually I can figure stuff out on my own or through searches but this has just been to much for me to handle[/url]
     
  25. tribute41

    tribute41 TS Rookie Topic Starter Posts: 33

    OTL logfile created on: 5/25/2012 6:12:03 PM - Run 1
    OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\owner\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.93 Gb Total Physical Memory | 4.42 Gb Available Physical Memory | 74.53% Memory free
    11.85 Gb Paging File | 9.96 Gb Available in Paging File | 84.02% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.23 Gb Total Space | 158.08 Gb Free Space | 35.43% Space Free | Partition Type: NTFS
    Drive H: | 124.94 Mb Total Space | 96.63 Mb Free Space | 77.34% Space Free | Partition Type: FAT

    Computer Name: ARL87TN3RFY | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/05/25 18:06:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
    PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2010/05/17 11:06:10 | 001,079,936 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
    PRC - [2010/02/10 20:02:40 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
    PRC - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
    PRC - [2010/01/04 21:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    PRC - [2009/11/09 23:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    PRC - [2009/10/27 00:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    PRC - [2009/10/26 14:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    PRC - [2009/09/30 23:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 23:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/08/20 00:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    PRC - [2009/07/31 10:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    PRC - [2009/07/13 21:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
    PRC - [2009/06/19 14:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    PRC - [2009/06/19 14:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    PRC - [2009/06/15 21:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    PRC - [2008/12/22 21:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    PRC - [2007/11/30 15:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/20 08:40:03 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
    MOD - [2012/05/19 20:17:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/19 20:17:31 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
    MOD - [2012/05/19 20:17:20 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
    MOD - [2012/05/19 20:17:15 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
    MOD - [2012/05/19 20:17:12 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
    MOD - [2012/05/19 20:17:04 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/19 20:17:00 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/19 20:16:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/19 20:16:56 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/19 20:16:51 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
    MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
    MOD - [2010/02/23 15:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
    MOD - [2010/02/23 15:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
    MOD - [2010/02/23 15:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
    MOD - [2010/02/23 15:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
    MOD - [2010/01/04 21:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    MOD - [2007/11/30 15:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/07/28 17:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/12/07 20:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
    SRV:64bit: - [2009/08/06 18:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV - [2012/05/19 20:55:47 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/05/10 13:11:10 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/04/05 15:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2012/01/15 19:35:48 | 000,075,136 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/10 19:59:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2010/02/10 19:59:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
    SRV - [2009/11/09 23:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2009/09/30 23:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/09/30 23:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/06/15 21:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/11 13:07:15 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/07/28 16:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/06/27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/10/14 20:38:25 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
    DRV:64bit: - [2010/07/12 14:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/04/27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
    DRV:64bit: - [2010/04/27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
    DRV:64bit: - [2010/04/27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
    DRV:64bit: - [2010/04/27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
    DRV:64bit: - [2010/03/05 11:19:46 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/11/18 06:30:55 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/09/04 01:39:07 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
    DRV:64bit: - [2009/08/21 02:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2009/08/06 18:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2009/08/06 17:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/07/20 05:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/05 06:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV:64bit: - [2009/05/20 06:04:55 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/13 13:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
    DRV:64bit: - [2009/01/08 22:12:02 | 000,015,208 | ---- | M] (deepxw) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcpz-x64d.sys -- (TCPZ) TCP Half Open Limited Patcher ( TCP-Z)
    DRV:64bit: - [2008/12/08 21:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2008/05/23 21:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/02 21:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
    DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1808366419-1679787075-255637763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    IE - HKU\S-1-5-21-1808366419-1679787075-255637763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKU\S-1-5-21-1808366419-1679787075-255637763-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1808366419-1679787075-255637763-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1808366419-1679787075-255637763-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.bluegartr.com/index.php"
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.8rc1
    FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.27
    FF - prefs.js..extensions.enabledItems: {6e098d65-7d2d-46d4-ada0-2f882a29f795}:0.2.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
    FF - prefs.js..network.proxy.backup.ftp: "201.234.133.130"
    FF - prefs.js..network.proxy.backup.ftp_port: 8080
    FF - prefs.js..network.proxy.backup.gopher: "201.234.133.130"
    FF - prefs.js..network.proxy.backup.gopher_port: 8080
    FF - prefs.js..network.proxy.backup.socks: "201.234.133.130"
    FF - prefs.js..network.proxy.backup.socks_port: 8080
    FF - prefs.js..network.proxy.backup.ssl: "201.234.133.130"
    FF - prefs.js..network.proxy.backup.ssl_port: 8080
    FF - prefs.js..network.proxy.ftp: "61.129.126.147"
    FF - prefs.js..network.proxy.ftp_port: 1337
    FF - prefs.js..network.proxy.gopher: "61.129.126.147"
    FF - prefs.js..network.proxy.gopher_port: 1337
    FF - prefs.js..network.proxy.http: "61.129.126.147"
    FF - prefs.js..network.proxy.http_port: 1337
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "61.129.126.147"
    FF - prefs.js..network.proxy.socks_port: 1337
    FF - prefs.js..network.proxy.ssl: "61.129.126.147"
    FF - prefs.js..network.proxy.ssl_port: 1337
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/28 18:13:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/19 19:47:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/22 12:51:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/22 12:51:35 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/28 18:13:36 | 000,000,000 | ---D | M]

    [2010/09/23 18:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
    [2012/05/22 11:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\jn2g2mwy.default\extensions
    [2010/12/14 16:11:12 | 000,000,000 | ---D | M] (CHM Reader) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\jn2g2mwy.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}
    [2011/03/15 08:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\jn2g2mwy.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
    [2011/04/06 21:18:38 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\jn2g2mwy.default\extensions\battlefieldplay4free@ea.com
    [2012/01/09 12:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/05/19 19:33:36 | 000,524,264 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JN2G2MWY.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
    [2012/05/10 13:11:10 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/08/24 05:30:10 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/08/30 15:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/09 14:34:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1808366419-1679787075-255637763-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
    O4 - HKU\S-1-5-21-1808366419-1679787075-255637763-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 524288
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\S-1-5-21-1808366419-1679787075-255637763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-1808366419-1679787075-255637763-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1808366419-1679787075-255637763-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1808366419-1679787075-255637763-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1808366419-1679787075-255637763-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D5A5C48-DA16-4099-9291-4CFADAD5E018}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{350e5a30-e60b-11df-9a05-e0cb4eb0d20e}\Shell - "" = AutoRun
    O33 - MountPoints2\{350e5a30-e60b-11df-9a05-e0cb4eb0d20e}\Shell\AutoRun\command - "" = D:\Autorun.exe
    O33 - MountPoints2\{a9b6b790-d7f4-11df-a05e-e0cb4eb0d20e}\Shell - "" = AutoRun
    O33 - MountPoints2\{a9b6b790-d7f4-11df-a05e-e0cb4eb0d20e}\Shell\AutoRun\command - "" = D:\autorun.exe -auto
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...