Shadowthrow
-
Posts
24 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Shadowthrow
-
My svhost.exe and MsMpEng.exe( Microsoft anti malware service) are both taking a lot of memory out my computer. When i'm in safe mode, I dont see the svhost taking up memory a lot, just the MsMpEng.exe taking up memory. Had this for a while, not sure when I first notice the memory going up. Addition.txt FRST.txt
-
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
Alright, thank you for your help =] -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
I've used a different headset and I still get screwed up sounds and this only seems to be the issue left with my computer, not sure it could be. I gotten this issue around the same time I got infected with the virus so, Im not sure if it damaged anything. -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
Actually, the svchost.exe memory usage dropped by ALOT. But I still have the same issue with the sounds to where it keeps getting choppy and cuts off. It only happens when I run any browser and whenever i'm watching a video. -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
ComboFix 12-06-11.04 - Eric 06/11/2012 19:58:50.8.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2073 [GMT -4:00] Running from: c:\users\Eric\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 ))))))))))))))))))))))))))))))) . . 2012-06-12 00:07 . 2012-06-12 00:07 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-06-12 00:07 . 2012-06-12 00:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-11 14:15 . 2012-06-11 14:15 -------- d-----w- c:\program files\ESET 2012-06-11 06:30 . 2012-06-11 06:30 388096 ----a-r- c:\users\Eric\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-11 06:30 . 2012-06-11 06:30 -------- d-----w- c:\program files\Trend Micro 2012-06-11 06:11 . 2012-06-11 06:11 -------- d-----w- c:\program files\VS Revo Group 2012-06-10 17:04 . 2012-06-10 17:23 -------- d-----w- C:\ijukjh 2012-06-10 10:38 . 2012-06-10 10:38 -------- d-----w- C:\FRST 2012-06-10 06:43 . 2012-06-12 00:08 -------- d-----w- c:\users\Eric\AppData\Local\temp 2012-06-10 03:38 . 2012-06-10 03:38 -------- d-----w- c:\program files\iPod 2012-06-10 03:38 . 2012-06-10 03:39 -------- d-----w- c:\program files\iTunes 2012-06-10 03:37 . 2012-06-10 03:37 -------- d-----w- c:\program files\Apple Software Update 2012-06-09 14:53 . 2012-06-09 14:56 -------- d-----w- c:\program files\Logitech Gaming Software 2012-06-09 08:56 . 2012-06-09 08:56 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-09 08:18 . 2012-06-09 08:48 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-09 05:20 . 2012-06-09 05:20 -------- d-----w- C:\found.000 2012-06-08 17:10 . 2012-06-08 17:10 -------- d-----w- c:\users\Eric\AppData\Roaming\SUPERAntiSpyware.com 2012-06-08 17:09 . 2012-06-08 17:10 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-06-08 17:09 . 2012-06-08 17:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-06-08 05:50 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D68408E-D63C-4ACC-83D3-3ED7513A8D04}\mpengine.dll 2012-06-01 21:10 . 2009-12-05 23:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2012-06-01 21:10 . 2012-06-01 21:10 -------- d-----w- c:\program files\ffdshow 2012-06-01 21:10 . 2012-06-01 21:10 -------- d-----w- c:\programdata\IObit 2012-06-01 21:10 . 2012-06-01 21:10 -------- d-----w- c:\program files\IObit 2012-06-01 17:49 . 2011-09-21 14:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys 2012-06-01 17:49 . 2012-06-01 17:49 -------- d-----w- c:\program files\CPUID 2012-06-01 03:32 . 2012-06-01 03:32 -------- d-----w- c:\program files\Realtek 2012-05-28 18:07 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-28 18:07 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-28 18:07 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-28 18:07 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-05-28 18:07 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll 2012-05-23 11:45 . 2012-05-23 11:45 -------- d-----w- c:\users\Eric\AppData\Roaming\LolClient2 2012-05-21 17:45 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-21 17:44 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-21 17:44 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe 2012-05-21 17:44 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-21 17:44 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-21 17:44 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-21 17:44 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll 2012-05-21 12:19 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-21 10:35 . 2012-05-21 10:35 -------- d-----w- c:\programdata\WeCareReminder 2012-05-21 10:35 . 2012-05-21 10:35 -------- d-----w- c:\users\Eric\AppData\Roaming\OpenCandy 2012-05-21 10:35 . 2012-03-22 17:43 2557952 ----a-w- c:\windows\system32\QtCore4.dll 2012-05-21 10:35 . 2012-04-18 17:49 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll 2012-05-21 02:37 . 2012-05-21 02:37 -------- d-----w- c:\program files\WinToFlash Suggestor 2012-05-21 01:51 . 2012-05-21 01:51 -------- d-----w- c:\program files\Common Files\Java 2012-05-21 01:51 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-05-21 01:45 . 2012-05-21 01:46 -------- d-----w- c:\program files\Common Files\Adobe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-21 02:02 . 2012-04-09 11:57 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-21 02:02 . 2011-06-08 12:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-09 02:34 . 2011-11-18 18:56 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-04-06 05:21 . 2012-04-06 05:21 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-04-06 02:34 . 2012-04-06 02:34 159232 ----a-w- c:\windows\system32\clinfo.exe 2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\system32\OpenVideo.dll 2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\system32\OVDecode.dll 2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\system32\amdocl.dll 2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\system32\aticfx32.dll 2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-04-06 02:16 . 2012-04-06 02:16 451072 ----a-w- c:\windows\system32\atieclxx.exe 2012-04-06 02:15 . 2012-04-06 02:15 217600 ----a-w- c:\windows\system32\atiesrxx.exe 2012-04-06 02:14 . 2012-04-06 02:14 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2012-04-06 02:14 . 2012-04-06 02:14 20992 ----a-w- c:\windows\system32\atimuixx.dll 2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\system32\atidxx32.dll 2012-04-06 02:00 . 2011-12-06 02:18 52736 ----a-w- c:\windows\system32\coinst.dll 2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\system32\atioglxx.dll 2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\system32\atiumdmv.dll 2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\system32\atiumdag.dll 2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\system32\aticalrt.dll 2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\system32\aticalcl.dll 2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\system32\aticaldd.dll 2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\system32\atiumdva.dll 2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\system32\atiadlxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\system32\atigktxx.dll 2012-04-06 01:10 . 2012-04-06 01:10 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\system32\atiuxpag.dll 2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\system32\atiu9pag.dll 2012-04-06 01:09 . 2012-04-06 01:09 37376 ----a-w- c:\windows\system32\atitmpxx.dll 2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\atimpc32.dll 2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\amdpcom32.dll 2012-04-04 22:47 . 2011-07-07 06:20 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 19:56 . 2010-08-07 10:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-25 11:07 . 2011-05-06 16:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD1.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD1.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] 2012-03-13 09:37 3331872 ----a-w- c:\users\Eric\AppData\Local\Akamai\netsession_win.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 04:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCore] 2012-05-21 15:10 5092152 ----a-w- c:\program files\Logitech Gaming Software\LCore.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lycosa] 2011-03-22 01:01 233984 ----a-w- c:\program files\Razer\Razer Lycosa\razerhid.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments] 2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2011-05-13 21:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService] 2007-10-26 16:51 184352 ----a-w- c:\windows\System32\nvraidservice.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe] 2011-12-12 23:21 22459984 ----a-w- c:\program files\ooVoo\ooVoo.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster] 2012-02-25 21:21 3087440 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-07-16 23:01 6253088 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-02-04 17:27 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-10-19 01:21 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0415Mon.exe] 2008-08-06 21:00 28672 ----a-w- c:\windows\V0415Mon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VERIZONDM] 2010-09-29 10:59 206120 ----a-w- c:\program files\VERIZONDM\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp] 2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia] 2011-05-10 16:01 5416794 ----a-w- c:\program files\Vidalia Bundle\Vidalia\vidalia.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe . R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 257696] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] 2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] 2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe . Contents of the 'Scheduled Tasks' folder . 2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:07] . 2012-06-11 c:\windows\Tasks\Game_Booster_AutoUpdate.job - c:\program files\IObit\Game Booster\AutoUpdate.exe [2012-06-01 15:21] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 20:49] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 20:49] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zne32cu7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Search the Web FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z207&install_date=20111103 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3001716&SearchSource=2&q= FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: network.protocol-handler.warn-external.dnupdate - false FF - user.js: browser.sessionstore.resume_from_crash - false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-11 20:07 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\users\Eric\AppData\Local\Temp\catchme.dll 53248 bytes executable . scan completed successfully hidden files: 1 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . Completion time: 2012-06-11 20:13:00 ComboFix-quarantined-files.txt 2012-06-12 00:12 . Pre-Run: 46,147,842,048 bytes free Post-Run: 45,410,324,480 bytes free . - - End Of File - - 1671B4079FC940593C390FA796842179 -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
By the way, whenever the sounds start to cut off, lag spikes occur once I have any videos open on firefox. -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
I'm still having a issue with my Logitech G930, the sounds are still cutting off and on whenever I have mozilla firefox on, but it works fine with itunes. Also, my svchost.exe is still running abit quite high. Currently its 79k of memory usage and all the other svchost.exe are between 4k to 20k. -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
I got the online scanner to work somehow -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
C:\ProgramData\Spybot - Search & Destroy\Recovery\BrothersoftExtremeCT.zip Win32/Bagle.gen.zip worm C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application C:\TDSSKiller_Quarantine\09.06.2012_04.54.43\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\09.06.2012_04.54.43\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.KS trojan C:\TDSSKiller_Quarantine\09.06.2012_04.54.43\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\09.06.2012_04.54.43\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan C:\TDSSKiller_Quarantine\09.06.2012_04.54.43\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan C:\Users\All Users\Spybot - Search & Destroy\Recovery\BrothersoftExtremeCT.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Users\Eric\AppData\Roaming\AusLogics\Rescue\Boost Speed\120425202215690.rsc multiple threats C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\components\pptlf.dll a variant of Win32/Adware.Gamevance.BH application C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\components\pptlf2.dll a variant of Win32/Adware.Gamevance.BH application C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\components\pptlf3.dll a variant of Win32/Adware.Gamevance.BH application C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zne32cu7.default\extensions\tmzbsegelh@tmzbsegelh.org.xpi JS/Redirector.NBX trojan C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zne32cu7.default\extensions\plugin2@gameplaylabs.com\chrome\content\overlay.js Win32/Adware.GamePlayLabs application C:\Users\Eric\Downloads\SVP 10 C..rar probably a variant of Win32/Agent.BCOVDCM trojan C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IMFUVV53\the-weekly-bite[1].htm JS/Kryptik.PH trojan D:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\1P2OM7BU\20100221_2311_004[1].zip probably a variant of Win32/Agent.HWPTJWY trojan D:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\1P2OM7BU\20100224_0433_002[1].zip probably a variant of Win32/Agent.HWPTJWY trojan -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
When i'm in internet explorer, most of the pictures and icons aren't showing up correctly. Instead of it showing the icons, it gives default icon for each picture. For some reason there is no pop up asking me to install activeX control so I can run the scanner. -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
I do have to say that the start up is slightly speeding up abit, but I still see the svchost.exe draining too much memory than it should be, and I still get lag spikes that make my sounds cut off and on. -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:31:17 AM, on 6/11/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.150\deploy\LolClient.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD1.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: WinToFlash Suggestor - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD1.dll O4 - HKLM\..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll O9 - Extra 'Tools' menuitem: WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - http://www.netgame.com/mplugin/mglaunch_USAv1005.cab O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 7531 bytes -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.11.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Eric :: ERIC-PC [administrator] 6/11/2012 2:23:37 AM mbam-log-2012-06-11 (02-23-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 217489 Time elapsed: 5 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
µTorrent AC Tool Ace of Spades Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) AIM 7 AIM Toolbar Akamai NetSession Interface Akamai NetSession Interface Service AMD APP SDK Runtime AMD Catalyst Install Manager Apple Application Support Apple Mobile Device Support Apple Software Update Ask Toolbar ATI AVIVO Codecs ATI Catalyst Registration Auslogics BoostSpeed AVS Update Manager 1.0 AVS Video Converter 6 AVS4YOU Software Navigator 1.3 Bonjour Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Cheat Engine 5.5 Cheat Engine 6.0 Compatibility Pack for the 2007 Office system COTM Reminder by We-Care.com v4.0.19.2 CPUID HWMonitor 1.19 Creative Live! Cam Video IM Ultra (VF0415) (1.01.03.00) Crystal Reports for Visual Studio D3DX10 DAEMON Tools Toolbar Defraggler Dell Resource CD Dotfuscator Software Services - Community Edition Download Manager 2.3.10 Download Updater (AOL LLC) DVDVideoSoftTB Toolbar ffdshow [rev 3154] [2009-12-09] Fraps (remove only) Free Audio CD Burner version 1.4.7 Free MP3 WMA OGG Converter 8.2.5 Free Video to iPod Converter version 4.0 Free YouTube Download 3 version 3.0.5.712 Free YouTube to iPod Converter version 3.10.22.508 Free YouTube to MP3 Converter version 3.11.22.508 Game Booster 3 Google Chrome Google Update Helper Hi-Rez Studios Games Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054) HydraVision IHA_MessageCenter ijji - Gunz ijji REACTOR IMCapture for Skype iPod Access for Windows v4.4.1 iTunes Java Auto Updater Java 6 Update 26 Java 7 Update 4 Java SE Development Kit 7 Update 1 JavaFX 2.1.0 Junk Mail filter update League of Legends Left 4 Dead Left 4 Dead 2 Logitech Gaming Software Logitech Gaming Software 8.30 Malwarebytes Anti-Malware version 1.61.0.1400 Mesh Runtime Messenger Companion Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 ?? ? - ??? Microsoft .NET Framework 3.5 Language Pack - kor Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft ASP.NET MVC 2 Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools Microsoft Help Viewer 1.0 Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 R2 Data-Tier Application Framework Microsoft SQL Server 2008 R2 Data-Tier Application Project Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 R2 Transact-SQL Language Service Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft SQL Server VSS Writer Microsoft Sync Framework Runtime v1.0 SP1 (x86) Microsoft Sync Framework SDK v1.0 SP1 Microsoft Sync Framework Services v1.0 SP1 (x86) Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) Microsoft Team Foundation Server 2010 Object Model - ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 Microsoft Visual F# 2.0 Runtime Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Office Developer Tools (x86) Microsoft Visual Studio 2010 Professional - ENU Microsoft Visual Studio 2010 SharePoint Developer Tools Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Visual Studio Macro Tools Microsoft XNA Framework Redistributable 3.1 Minecraft Cracked MorphVOX Junior Mount and Blade: Warband Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT Redists Nexon Game Manager NVIDIA Drivers NVIDIA PhysX OGA Notifier 2.0.0048.0 OGPlanet Game Launcher ooVoo OpenAL Pamela Pro 4.7 Pando Media Booster PeerBlock 1.1 (r518) Polipo 1.0.4.1 PowerDVD ProxyFirewall 1.0.4 Beta PunkBuster Services QuickTime Razer Lycosa RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Rumble Fighter Safari Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489) Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980) Security Update for Microsoft Visual Studio Macro Tools (KB2669970) Segoe UI Service Pack 1 for SQL Server 2008 (KB968369) Skype™ 4.0 SocksCap V2 Sony Vegas Pro 8.0 Spybot - Search & Destroy Sql Server Customer Experience Improvement Program Steam SUPERAntiSpyware TeamViewer 5 TeamViewer 6 The Lord of the Rings FREE Trial Tor 0.2.3.1-alpha Tunngle beta Ultimate Extras sounds from Microsoft® Tinker™ Uninstall 1.0.0.1 Unity Web Player Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Vegas Pro 10.0 Ventrilo Client Ventrilo Server Verizon Download Manager Verizon FiOS Activation Verizon Help and Support Tool Vidalia 0.3.0 Virtual Audio Cable 4.10 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU Vz In Home Agent Web Deployment Tool WEBZEN Browser Extension Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin Windows Sound Schemes WinPcap 4.1.1 WinRAR archiver WinToFlash Suggestor Wireshark 1.2.6 wxDev-C++ Web-based Installer Yontoo Layers Runtime 1.10.01 YouTube Downloader 2.6.1 -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
ComboFix 12-06-10.01 - Eric 06/10/2012 13:07:46.6.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2489 [GMT -4:00] Running from: c:\users\Eric\Desktop\ijukjh.exe Command switches used :: c:\users\Eric\Desktop\CFScript.txt.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Ask.com c:\program files\Ask.com\assets\oobe\b.png c:\program files\Ask.com\assets\oobe\bl.png c:\program files\Ask.com\assets\oobe\br.png c:\program files\Ask.com\assets\oobe\l.png c:\program files\Ask.com\assets\oobe\pointer.png c:\program files\Ask.com\assets\oobe\r.png c:\program files\Ask.com\assets\oobe\t.png c:\program files\Ask.com\assets\oobe\tl.png c:\program files\Ask.com\assets\oobe\tr.png c:\program files\Ask.com\cobrand.ico c:\program files\Ask.com\config.xml c:\program files\Ask.com\favicon.ico c:\program files\Ask.com\GenericAskToolbar.dll c:\program files\Ask.com\mupcfg.xml c:\program files\Ask.com\precache.exe c:\program files\Ask.com\SaUpdate.exe c:\program files\Ask.com\Updater\config.xml c:\program files\Ask.com\Updater\Updater.exe c:\program files\Ask.com\UpdateTask.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 ))))))))))))))))))))))))))))))) . . 2012-06-10 17:19 . 2012-06-10 17:19 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-06-10 17:19 . 2012-06-10 17:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-10 10:38 . 2012-06-10 10:38 -------- d-----w- C:\FRST 2012-06-10 06:43 . 2012-06-10 17:19 -------- d-----w- c:\users\Eric\AppData\Local\temp 2012-06-10 03:38 . 2012-06-10 03:38 -------- d-----w- c:\program files\iPod 2012-06-10 03:38 . 2012-06-10 03:39 -------- d-----w- c:\program files\iTunes 2012-06-10 03:37 . 2012-06-10 03:37 -------- d-----w- c:\program files\Apple Software Update 2012-06-09 14:53 . 2012-06-09 14:56 -------- d-----w- c:\program files\Logitech Gaming Software 2012-06-09 08:56 . 2012-06-09 08:56 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-09 08:18 . 2012-06-09 08:48 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-09 05:20 . 2012-06-09 05:20 -------- d-----w- C:\found.000 2012-06-08 17:10 . 2012-06-08 17:10 -------- d-----w- c:\users\Eric\AppData\Roaming\SUPERAntiSpyware.com 2012-06-08 17:09 . 2012-06-08 17:10 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-06-08 17:09 . 2012-06-08 17:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-06-08 05:50 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D68408E-D63C-4ACC-83D3-3ED7513A8D04}\mpengine.dll 2012-06-01 21:10 . 2009-12-05 23:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2012-06-01 21:10 . 2012-06-01 21:10 -------- d-----w- c:\program files\ffdshow 2012-06-01 21:10 . 2012-06-01 21:10 -------- d-----w- c:\programdata\IObit 2012-06-01 21:10 . 2012-06-01 21:10 -------- d-----w- c:\program files\IObit 2012-06-01 17:49 . 2011-09-21 14:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys 2012-06-01 17:49 . 2012-06-01 17:49 -------- d-----w- c:\program files\CPUID 2012-06-01 03:32 . 2012-06-01 03:32 -------- d-----w- c:\program files\Realtek 2012-05-28 18:07 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-28 18:07 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-28 18:07 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-28 18:07 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-05-28 18:07 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll 2012-05-23 11:45 . 2012-05-23 11:45 -------- d-----w- c:\users\Eric\AppData\Roaming\LolClient2 2012-05-21 17:45 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-21 17:44 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-21 17:44 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe 2012-05-21 17:44 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-21 17:44 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-21 17:44 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-21 17:44 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll 2012-05-21 12:19 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-21 10:35 . 2012-05-21 10:35 -------- d-----w- c:\programdata\WeCareReminder 2012-05-21 10:35 . 2012-05-21 10:35 -------- d-----w- c:\users\Eric\AppData\Roaming\OpenCandy 2012-05-21 10:35 . 2012-03-22 17:43 2557952 ----a-w- c:\windows\system32\QtCore4.dll 2012-05-21 10:35 . 2012-04-18 17:49 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll 2012-05-21 02:37 . 2012-05-21 02:37 -------- d-----w- c:\program files\WinToFlash Suggestor 2012-05-21 01:51 . 2012-05-21 01:51 -------- d-----w- c:\program files\Common Files\Java 2012-05-21 01:51 . 2012-05-21 01:51 -------- d-----w- c:\program files\Oracle 2012-05-21 01:51 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-05-21 01:45 . 2012-05-21 01:46 -------- d-----w- c:\program files\Common Files\Adobe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-21 02:02 . 2012-04-09 11:57 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-21 02:02 . 2011-06-08 12:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-09 02:34 . 2011-11-18 18:56 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-04-06 05:21 . 2012-04-06 05:21 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-04-06 02:34 . 2012-04-06 02:34 159232 ----a-w- c:\windows\system32\clinfo.exe 2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\system32\OpenVideo.dll 2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\system32\OVDecode.dll 2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\system32\amdocl.dll 2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\system32\aticfx32.dll 2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-04-06 02:16 . 2012-04-06 02:16 451072 ----a-w- c:\windows\system32\atieclxx.exe 2012-04-06 02:15 . 2012-04-06 02:15 217600 ----a-w- c:\windows\system32\atiesrxx.exe 2012-04-06 02:14 . 2012-04-06 02:14 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2012-04-06 02:14 . 2012-04-06 02:14 20992 ----a-w- c:\windows\system32\atimuixx.dll 2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\system32\atidxx32.dll 2012-04-06 02:00 . 2011-12-06 02:18 52736 ----a-w- c:\windows\system32\coinst.dll 2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\system32\atioglxx.dll 2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\system32\atiumdmv.dll 2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\system32\atiumdag.dll 2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\system32\aticalrt.dll 2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\system32\aticalcl.dll 2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\system32\aticaldd.dll 2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\system32\atiumdva.dll 2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\system32\atiadlxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\system32\atigktxx.dll 2012-04-06 01:10 . 2012-04-06 01:10 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\system32\atiuxpag.dll 2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\system32\atiu9pag.dll 2012-04-06 01:09 . 2012-04-06 01:09 37376 ----a-w- c:\windows\system32\atitmpxx.dll 2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\atimpc32.dll 2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\amdpcom32.dll 2012-04-04 22:47 . 2011-07-07 06:20 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 19:56 . 2010-08-07 10:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-25 11:07 . 2011-05-06 16:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD1.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}] 2012-04-09 13:03 301872 ----a-w- c:\program files\WinToFlash Suggestor\WinToFlashSuggestor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD1.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD1.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 5092152] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] 2012-03-13 09:37 3331872 ----a-w- c:\users\Eric\AppData\Local\Akamai\netsession_win.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCore] 2012-05-21 15:10 5092152 ----a-w- c:\program files\Logitech Gaming Software\LCore.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lycosa] 2011-03-22 01:01 233984 ----a-w- c:\program files\Razer\Razer Lycosa\razerhid.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments] 2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2011-05-13 21:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService] 2007-10-26 16:51 184352 ----a-w- c:\windows\System32\nvraidservice.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe] 2011-12-12 23:21 22459984 ----a-w- c:\program files\ooVoo\ooVoo.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster] 2012-02-25 21:21 3087440 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-07-16 23:01 6253088 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-02-04 17:27 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-10-19 01:21 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0415Mon.exe] 2008-08-06 21:00 28672 ----a-w- c:\windows\V0415Mon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VERIZONDM] 2010-09-29 10:59 206120 ----a-w- c:\program files\VERIZONDM\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp] 2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia] 2011-05-10 16:01 5416794 ----a-w- c:\program files\Vidalia Bundle\Vidalia\vidalia.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe . R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 257696] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] 2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] 2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe . Contents of the 'Scheduled Tasks' folder . 2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:07] . 2012-06-10 c:\windows\Tasks\Game_Booster_AutoUpdate.job - c:\program files\IObit\Game Booster\AutoUpdate.exe [2012-06-01 15:21] . 2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 20:49] . 2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 20:49] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to iPod Converter - c:\users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm IE: Free YouTube to Mp3 Converter - c:\users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zne32cu7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Search the Web FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z207&install_date=20111103 FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: network.protocol-handler.warn-external.dnupdate - false FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: extentions.y2layers.installId - aa5136da-a24e-4cf5-8cf7-9786300623f0 FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,DropDownDeals, . - - - - ORPHANS REMOVED - - - - . BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-10 13:19 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . Completion time: 2012-06-10 13:23:55 ComboFix-quarantined-files.txt 2012-06-10 17:23 ComboFix2.txt 2012-06-10 06:43 ComboFix3.txt 2012-06-09 11:22 ComboFix4.txt 2012-06-08 15:46 ComboFix5.txt 2012-06-10 17:04 . Pre-Run: 52,431,327,232 bytes free Post-Run: 51,682,263,040 bytes free . - - End Of File - - 13CB3E5CDC67643114DEA4361FFF0FED -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-06-2012 07 Ran by SYSTEM at 10-06-2012 06:53:37 Running from F:\ Microsoft Windows XP (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x] HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x] HKLM\...\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2009-02-03] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-21] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated) HKLM\...\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [99600 2007-07-17] (Logitech Inc.) HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [1687824 2007-07-17] (Logitech Inc.) HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [2094352 2007-07-17] (Logitech Inc.) HKU\Eric\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation) Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.237.161.12 ================================ Services (Whitelisted) ================== 2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-02-03] () 2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation) 3 hkmsvc; C:\Windows\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation) 3 npggsvc; C:\WINDOWS\system32\GameMon.des -service [3272784 2009-08-04] (INCA Internet Co., Ltd.) 3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x] 3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x] 4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x] ========================== Drivers (Whitelisted) ============= 3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [3488768 2009-02-03] (ATI Technologies Inc.) 3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [93184 2008-10-31] (ATI Research Inc.) 3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) 3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [4620288 2007-11-01] (Realtek Semiconductor Corp.) 0 nvatabus; C:\Windows\System32\DRIVERS\nvatabus.sys [105472 2006-10-18] (NVIDIA Corporation) 3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation) 3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation) 3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) 3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.) 4 Abiosdsk; [x] 4 abp480n5; [x] 4 adpu160m; [x] 4 Aha154x; [x] 4 aic78u2; [x] 4 aic78xx; [x] 4 AliIde; [x] 4 amsint; [x] 4 asc; [x] 4 asc3350p; [x] 4 asc3550; [x] 4 Atdisk; [x] 4 cd20xrnt; [x] 1 Changer; [x] 4 CmdIde; [x] 4 Cpqarray; [x] 4 dac2w2k; [x] 4 dac960nt; [x] 4 dpti2o; [x] 3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [x] 4 hpn; [x] 1 i2omgmt; [x] 4 i2omp; [x] 4 ini910u; [x] 4 IntelIde; [x] 1 lbrtfdc; [x] 4 mraid35x; [x] 1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [x] 1 PCIDump; [x] 3 PDCOMP; [x] 3 PDFRAME; [x] 3 PDRELI; [x] 3 PDRFRAME; [x] 4 perc2; [x] 4 perc2hib; [x] 4 ql1080; [x] 4 Ql10wnt; [x] 4 ql12160; [x] 4 ql1240; [x] 4 ql1280; [x] 4 Simbad; [x] 4 Sparrow; [x] 4 symc810; [x] 4 symc8xx; [x] 4 sym_hi; [x] 4 sym_u3; [x] 4 TosIde; [x] 4 ultra; [x] 4 ViaIde; [x] 3 WDICA; [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-06-10 06:53 - 2012-06-10 06:53 - 00000000 ____D C:\FRST 2012-05-27 18:39 - 2012-05-27 18:39 - 00000000 ____D C:\7e4fc30aac86c9db96526c02d5cb4d ============ 3 Months Modified Files and Folders =============== 2012-06-10 06:53 - 2012-06-10 06:53 - 00000000 ____D C:\FRST 2012-05-27 18:39 - 2012-05-27 18:39 - 00000000 ____D C:\7e4fc30aac86c9db96526c02d5cb4d ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 11% Total physical RAM: 4092.68 MB Available physical RAM: 3615.98 MB Total Pagefile: 3833.07 MB Available Pagefile: 3650.08 MB Total Virtual: 2047.88 MB Available Virtual: 1983.94 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:230.04 GB) (Free:211.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: () (Fixed) (Total:235.72 GB) (Free:48.99 GB) NTFS 3 Drive e: (VISTA_32_ULTIMATE) (CDROM) (Total:2.84 GB) (Free:0 GB) CDFS 4 Drive f: (MULTIBOOT) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 466 GB 1032 KB Disk 1 Online 3824 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 230 GB 32 KB Partition 2 Primary 236 GB 230 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 C NTFS Partition 230 GB Healthy ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D NTFS Partition 236 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3824 MB 32 KB ====================================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 F MULTIBOOT FAT32 Removable 3824 MB Healthy ====================================================================================================== ======================= End Of Log ========================== -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
Nevermind, I didnt have to attach it -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-10 04:14:50 ----------------------------- 04:14:50.666 OS Version: Windows 6.0.6002 Service Pack 2 04:14:50.666 Number of processors: 2 586 0x1706 04:14:50.667 ComputerName: ERIC-PC UserName: Eric 04:14:51.615 Initialize success 04:16:38.205 AVAST engine defs: 12061000 04:16:49.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061 04:16:49.721 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 6 04:16:49.772 Disk 0 MBR read successfully 04:16:49.774 Disk 0 MBR scan 04:16:49.808 Disk 0 Windows VISTA default MBR code 04:16:49.811 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 235555 MB offset 63 04:16:49.834 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 241382 MB offset 482420736 04:16:49.840 Disk 0 scanning sectors +976771072 04:16:50.096 Disk 0 scanning C:\Windows\system32\drivers 04:17:00.326 Service scanning 04:17:26.583 Modules scanning 04:17:48.377 Disk 0 trace - called modules: 04:17:48.410 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys 04:17:48.415 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ea86030] 04:17:48.420 3 CLASSPNP.SYS[813868b3] -> nt!IofCallDriver -> [0x8e0e3f08] 04:17:48.426 5 acpi.sys[812896bc] -> nt!IofCallDriver -> \Device\00000061[0x8e0e98c8] 04:17:49.487 AVAST engine scan C:\Windows 04:18:03.859 AVAST engine scan C:\Windows\system32 04:22:09.504 AVAST engine scan C:\Windows\system32\drivers 04:22:23.420 AVAST engine scan C:\Users\Eric 04:41:58.152 AVAST engine scan C:\ProgramData 04:47:45.101 Scan finished successfully 04:49:30.103 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Documents\MBR.dat" 04:49:30.110 The log file has been saved successfully to "C:\Users\Eric\Documents\aswMBR.txt" -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
05:17:55.0322 2600 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 05:17:55.0542 2600 ============================================================ 05:17:55.0542 2600 Current date / time: 2012/06/10 05:17:55.0542 05:17:55.0542 2600 SystemInfo: 05:17:55.0543 2600 05:17:55.0543 2600 OS Version: 6.0.6002 ServicePack: 2.0 05:17:55.0543 2600 Product type: Workstation 05:17:55.0543 2600 ComputerName: ERIC-PC 05:17:55.0543 2600 UserName: Eric 05:17:55.0543 2600 Windows directory: C:\Windows 05:17:55.0543 2600 System windows directory: C:\Windows 05:17:55.0543 2600 Processor architecture: Intel x86 05:17:55.0543 2600 Number of processors: 2 05:17:55.0543 2600 Page size: 0x1000 05:17:55.0543 2600 Boot type: Normal boot 05:17:55.0543 2600 ============================================================ 05:17:56.0073 2600 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050 05:17:56.0074 2600 ============================================================ 05:17:56.0074 2600 \Device\Harddisk0\DR0: 05:17:56.0082 2600 MBR partitions: 05:17:56.0082 2600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1CC11FE1 05:17:56.0082 2600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1CC12800, BlocksNum 0x1D773000 05:17:56.0082 2600 ============================================================ 05:17:56.0121 2600 C: <-> \Device\Harddisk0\DR0\Partition1 05:17:56.0168 2600 D: <-> \Device\Harddisk0\DR0\Partition0 05:17:56.0169 2600 ============================================================ 05:17:56.0169 2600 Initialize success 05:17:56.0169 2600 ============================================================ 05:17:56.0999 3608 ============================================================ 05:17:56.0999 3608 Scan started 05:17:56.0999 3608 Mode: Manual; 05:17:56.0999 3608 ============================================================ 05:17:57.0382 3608 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 05:17:57.0384 3608 !SASCORE - ok 05:17:57.0568 3608 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 05:17:57.0571 3608 ACPI - ok 05:17:57.0612 3608 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 05:17:57.0613 3608 AdobeARMservice - ok 05:17:57.0661 3608 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 05:17:57.0677 3608 AdobeFlashPlayerUpdateSvc - ok 05:17:57.0730 3608 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 05:17:57.0735 3608 adp94xx - ok 05:17:57.0771 3608 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 05:17:57.0773 3608 adpahci - ok 05:17:57.0806 3608 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 05:17:57.0807 3608 adpu160m - ok 05:17:57.0827 3608 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 05:17:57.0828 3608 adpu320 - ok 05:17:57.0853 3608 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 05:17:57.0854 3608 AeLookupSvc - ok 05:17:57.0901 3608 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 05:17:57.0908 3608 AFD - ok 05:17:57.0931 3608 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 05:17:57.0932 3608 agp440 - ok 05:17:57.0951 3608 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 05:17:57.0952 3608 aic78xx - ok 05:17:58.0201 3608 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files\common files\akamai/netsession_win_80c2ffa.dll 05:17:58.0201 3608 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af 05:17:58.0209 3608 Akamai ( HiddenFile.Multi.Generic ) - warning 05:17:58.0209 3608 Akamai - detected HiddenFile.Multi.Generic (1) 05:17:58.0323 3608 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 05:17:58.0324 3608 ALG - ok 05:17:58.0359 3608 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys 05:17:58.0360 3608 aliide - ok 05:17:58.0391 3608 AMD External Events Utility (50ebbb86e493bd9ab7ddf914a90eef8e) C:\Windows\system32\atiesrxx.exe 05:17:58.0400 3608 AMD External Events Utility - ok 05:17:58.0421 3608 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 05:17:58.0422 3608 amdagp - ok 05:17:58.0437 3608 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys 05:17:58.0438 3608 amdide - ok 05:17:58.0453 3608 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 05:17:58.0454 3608 AmdK7 - ok 05:17:58.0463 3608 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 05:17:58.0464 3608 AmdK8 - ok 05:17:58.0931 3608 amdkmdag (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys 05:17:58.0995 3608 amdkmdag - ok 05:17:59.0167 3608 amdkmdap (ba99833bbde9c4ff389fc8114fb14843) C:\Windows\system32\DRIVERS\atikmpag.sys 05:17:59.0196 3608 amdkmdap - ok 05:17:59.0237 3608 apf001 (7b4beb577c5d0171f9b66f390ec29284) C:\Windows\system32\apf001.sys 05:17:59.0237 3608 apf001 - ok 05:17:59.0261 3608 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 05:17:59.0261 3608 Appinfo - ok 05:17:59.0408 3608 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 05:17:59.0409 3608 Apple Mobile Device - ok 05:17:59.0443 3608 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll 05:17:59.0444 3608 AppMgmt - ok 05:17:59.0478 3608 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 05:17:59.0479 3608 arc - ok 05:17:59.0497 3608 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 05:17:59.0498 3608 arcsas - ok 05:17:59.0578 3608 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 05:17:59.0579 3608 aspnet_state - ok 05:17:59.0612 3608 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 05:17:59.0612 3608 AsyncMac - ok 05:17:59.0630 3608 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 05:17:59.0631 3608 atapi - ok 05:17:59.0679 3608 AtiHDAudioService (35290682dbdb9cede934b73369f3cede) C:\Windows\system32\drivers\AtihdLH3.sys 05:17:59.0681 3608 AtiHDAudioService - ok 05:17:59.0712 3608 AtiHdmiService (5e1cbda7d52289579e25283549e99425) C:\Windows\system32\drivers\AtiHdmi.sys 05:17:59.0713 3608 AtiHdmiService - ok 05:18:00.0186 3608 atikmdag (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys 05:18:00.0234 3608 atikmdag - ok 05:18:00.0351 3608 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 05:18:00.0364 3608 AudioEndpointBuilder - ok 05:18:00.0368 3608 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 05:18:00.0370 3608 Audiosrv - ok 05:18:00.0440 3608 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 05:18:00.0441 3608 Beep - ok 05:18:00.0482 3608 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 05:18:00.0485 3608 BFE - ok 05:18:00.0567 3608 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll 05:18:00.0574 3608 BITS - ok 05:18:00.0580 3608 blbdrive - ok 05:18:00.0672 3608 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 05:18:00.0674 3608 Bonjour Service - ok 05:18:00.0738 3608 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 05:18:00.0739 3608 bowser - ok 05:18:00.0763 3608 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 05:18:00.0764 3608 BrFiltLo - ok 05:18:00.0779 3608 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 05:18:00.0779 3608 BrFiltUp - ok 05:18:00.0826 3608 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 05:18:00.0827 3608 Browser - ok 05:18:00.0844 3608 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 05:18:00.0845 3608 Brserid - ok 05:18:00.0869 3608 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 05:18:00.0870 3608 BrSerWdm - ok 05:18:00.0888 3608 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 05:18:00.0888 3608 BrUsbMdm - ok 05:18:00.0892 3608 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 05:18:00.0892 3608 BrUsbSer - ok 05:18:00.0906 3608 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 05:18:00.0907 3608 BTHMODEM - ok 05:18:00.0979 3608 catchme - ok 05:18:00.0996 3608 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 05:18:00.0997 3608 cdfs - ok 05:18:01.0042 3608 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 05:18:01.0042 3608 cdrom - ok 05:18:01.0064 3608 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 05:18:01.0066 3608 CertPropSvc - ok 05:18:01.0083 3608 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 05:18:01.0084 3608 circlass - ok 05:18:01.0116 3608 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 05:18:01.0118 3608 CLFS - ok 05:18:01.0167 3608 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 05:18:01.0168 3608 clr_optimization_v2.0.50727_32 - ok 05:18:01.0226 3608 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 05:18:01.0228 3608 clr_optimization_v4.0.30319_32 - ok 05:18:01.0258 3608 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys 05:18:01.0259 3608 cmdide - ok 05:18:01.0273 3608 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 05:18:01.0274 3608 Compbatt - ok 05:18:01.0278 3608 COMSysApp - ok 05:18:01.0321 3608 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\Windows\system32\drivers\cpuz135_x32.sys 05:18:01.0321 3608 cpuz135 - ok 05:18:01.0326 3608 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 05:18:01.0326 3608 crcdisk - ok 05:18:01.0344 3608 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 05:18:01.0345 3608 Crusoe - ok 05:18:01.0384 3608 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 05:18:01.0385 3608 CryptSvc - ok 05:18:01.0412 3608 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys 05:18:01.0415 3608 CSC - ok 05:18:01.0475 3608 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll 05:18:01.0481 3608 CscService - ok 05:18:01.0534 3608 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 05:18:01.0540 3608 DcomLaunch - ok 05:18:01.0593 3608 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 05:18:01.0594 3608 DfsC - ok 05:18:01.0721 3608 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 05:18:01.0760 3608 DFSR - ok 05:18:01.0858 3608 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 05:18:01.0867 3608 Dhcp - ok 05:18:01.0887 3608 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 05:18:01.0888 3608 disk - ok 05:18:01.0919 3608 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 05:18:01.0921 3608 Dnscache - ok 05:18:01.0956 3608 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 05:18:01.0968 3608 dot3svc - ok 05:18:02.0010 3608 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 05:18:02.0012 3608 DPS - ok 05:18:02.0071 3608 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 05:18:02.0071 3608 drmkaud - ok 05:18:02.0136 3608 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 05:18:02.0153 3608 DXGKrnl - ok 05:18:02.0187 3608 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 05:18:02.0188 3608 E1G60 - ok 05:18:02.0191 3608 EagleNT - ok 05:18:02.0196 3608 EagleXNt - ok 05:18:02.0244 3608 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 05:18:02.0246 3608 EapHost - ok 05:18:02.0266 3608 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 05:18:02.0268 3608 Ecache - ok 05:18:02.0327 3608 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 05:18:02.0334 3608 ehRecvr - ok 05:18:02.0350 3608 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 05:18:02.0352 3608 ehSched - ok 05:18:02.0396 3608 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 05:18:02.0397 3608 ehstart - ok 05:18:02.0430 3608 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 05:18:02.0432 3608 elxstor - ok 05:18:02.0503 3608 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 05:18:02.0507 3608 EMDMgmt - ok 05:18:02.0565 3608 EuMusDesignVirtualAudioCableWdm (6b93b103242c3c30f850f53dbe39ed88) C:\Windows\system32\DRIVERS\vrtaucbl.sys 05:18:02.0566 3608 EuMusDesignVirtualAudioCableWdm - ok 05:18:02.0614 3608 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 05:18:02.0617 3608 EventSystem - ok 05:18:02.0676 3608 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 05:18:02.0678 3608 exfat - ok 05:18:02.0756 3608 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 05:18:02.0758 3608 fastfat - ok 05:18:02.0812 3608 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe 05:18:02.0852 3608 Fax - ok 05:18:02.0881 3608 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 05:18:02.0882 3608 fdc - ok 05:18:02.0889 3608 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 05:18:02.0890 3608 fdPHost - ok 05:18:02.0906 3608 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 05:18:02.0908 3608 FDResPub - ok 05:18:02.0918 3608 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 05:18:02.0919 3608 FileInfo - ok 05:18:02.0931 3608 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 05:18:02.0932 3608 Filetrace - ok 05:18:02.0946 3608 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 05:18:02.0948 3608 flpydisk - ok 05:18:02.0970 3608 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 05:18:02.0974 3608 FltMgr - ok 05:18:03.0047 3608 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 05:18:03.0077 3608 FontCache - ok 05:18:03.0113 3608 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 05:18:03.0114 3608 FontCache3.0.0.0 - ok 05:18:03.0155 3608 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys 05:18:03.0157 3608 fssfltr - ok 05:18:03.0324 3608 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe 05:18:03.0333 3608 fsssvc - ok 05:18:03.0426 3608 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 05:18:03.0426 3608 Fs_Rec - ok 05:18:03.0446 3608 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys 05:18:03.0447 3608 fvevol - ok 05:18:03.0477 3608 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 05:18:03.0478 3608 gagp30kx - ok 05:18:03.0500 3608 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 05:18:03.0500 3608 GEARAspiWDM - ok 05:18:03.0546 3608 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 05:18:03.0554 3608 gpsvc - ok 05:18:03.0611 3608 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 05:18:03.0613 3608 gupdate - ok 05:18:03.0617 3608 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 05:18:03.0618 3608 gupdatem - ok 05:18:03.0640 3608 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys 05:18:03.0641 3608 hamachi - ok 05:18:03.0679 3608 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 05:18:03.0688 3608 HdAudAddService - ok 05:18:03.0735 3608 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 05:18:03.0738 3608 HDAudBus - ok 05:18:03.0757 3608 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 05:18:03.0758 3608 HidBth - ok 05:18:03.0773 3608 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 05:18:03.0774 3608 HidIr - ok 05:18:03.0818 3608 hidkmdf (bb1822838c0714b3c03efe0f209d135d) C:\Windows\system32\DRIVERS\hidkmdf.sys 05:18:03.0819 3608 hidkmdf - ok 05:18:03.0832 3608 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll 05:18:03.0833 3608 hidserv - ok 05:18:03.0837 3608 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 05:18:03.0837 3608 HidUsb - ok 05:18:03.0868 3608 HiPatchService (2128c21064eb436cb42b08a2589b9c07) C:\Program Files\Hi-Rez Studios\HiPatchService.exe 05:18:03.0869 3608 HiPatchService - ok 05:18:03.0886 3608 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 05:18:03.0888 3608 hkmsvc - ok 05:18:03.0904 3608 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 05:18:03.0905 3608 HpCISSs - ok 05:18:03.0942 3608 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 05:18:03.0947 3608 HTTP - ok 05:18:03.0966 3608 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 05:18:03.0969 3608 i2omp - ok 05:18:03.0990 3608 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 05:18:03.0991 3608 i8042prt - ok 05:18:04.0018 3608 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 05:18:04.0026 3608 iaStorV - ok 05:18:04.0128 3608 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 05:18:04.0142 3608 idsvc - ok 05:18:04.0245 3608 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe 05:18:04.0247 3608 IHA_MessageCenter - ok 05:18:04.0315 3608 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 05:18:04.0316 3608 iirsp - ok 05:18:04.0360 3608 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 05:18:04.0365 3608 IKEEXT - ok 05:18:04.0506 3608 IntcAzAudAddService (d9b869a909cc93aec507d4f7dfa24434) C:\Windows\system32\drivers\RTKVHDA.sys 05:18:04.0522 3608 IntcAzAudAddService - ok 05:18:04.0603 3608 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys 05:18:04.0604 3608 intelide - ok 05:18:04.0618 3608 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 05:18:04.0619 3608 intelppm - ok 05:18:04.0737 3608 iPAHelper.exe (bccac0016c1fb70cf48765dc342cfc5e) C:\Program Files\iPod Access for Windows\iPAHelper.exe 05:18:04.0747 3608 iPAHelper.exe - ok 05:18:04.0816 3608 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 05:18:04.0819 3608 IPBusEnum - ok 05:18:04.0872 3608 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 05:18:04.0873 3608 IpFilterDriver - ok 05:18:04.0913 3608 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 05:18:04.0923 3608 iphlpsvc - ok 05:18:04.0926 3608 IpInIp - ok 05:18:04.0960 3608 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 05:18:04.0961 3608 IPMIDRV - ok 05:18:04.0983 3608 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 05:18:04.0985 3608 IPNAT - ok 05:18:05.0066 3608 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe 05:18:05.0071 3608 iPod Service - ok 05:18:05.0097 3608 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 05:18:05.0098 3608 IRENUM - ok 05:18:05.0112 3608 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 05:18:05.0113 3608 isapnp - ok 05:18:05.0151 3608 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 05:18:05.0153 3608 iScsiPrt - ok 05:18:05.0179 3608 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 05:18:05.0181 3608 iteatapi - ok 05:18:05.0196 3608 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 05:18:05.0197 3608 iteraid - ok 05:18:05.0228 3608 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 05:18:05.0228 3608 kbdclass - ok 05:18:05.0268 3608 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 05:18:05.0269 3608 kbdhid - ok 05:18:05.0320 3608 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 05:18:05.0322 3608 KeyIso - ok 05:18:05.0387 3608 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 05:18:05.0390 3608 KSecDD - ok 05:18:05.0442 3608 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 05:18:05.0456 3608 KtmRm - ok 05:18:05.0518 3608 LADF_BakerCOnly (33cf4a1507fd0f6522799d132624948a) C:\Windows\system32\DRIVERS\ladfBakerCi386.sys 05:18:05.0547 3608 LADF_BakerCOnly - ok 05:18:05.0598 3608 LADF_BakerROnly (ba3eaae345b3737d3d2f1c491fb42adb) C:\Windows\system32\DRIVERS\ladfBakerRi386.sys 05:18:05.0604 3608 LADF_BakerROnly - ok 05:18:05.0661 3608 LADF_CaptureOnly (f824476e660dd910e627615c700d2bec) C:\Windows\system32\DRIVERS\ladfGSCi386.sys 05:18:05.0674 3608 LADF_CaptureOnly - ok 05:18:05.0721 3608 LADF_RenderOnly (36a5647162101c3497b821fd368ef736) C:\Windows\system32\DRIVERS\ladfGSRi386.sys 05:18:05.0752 3608 LADF_RenderOnly - ok 05:18:05.0799 3608 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll 05:18:05.0810 3608 LanmanServer - ok 05:18:05.0835 3608 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 05:18:05.0846 3608 LanmanWorkstation - ok 05:18:05.0879 3608 LGBusEnum (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys 05:18:05.0880 3608 LGBusEnum - ok 05:18:05.0909 3608 LGVirHid (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys 05:18:05.0910 3608 LGVirHid - ok 05:18:05.0937 3608 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 05:18:05.0938 3608 lltdio - ok 05:18:05.0977 3608 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 05:18:05.0987 3608 lltdsvc - ok 05:18:06.0030 3608 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 05:18:06.0032 3608 lmhosts - ok 05:18:06.0057 3608 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 05:18:06.0059 3608 LSI_FC - ok 05:18:06.0071 3608 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 05:18:06.0073 3608 LSI_SAS - ok 05:18:06.0088 3608 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 05:18:06.0091 3608 LSI_SCSI - ok 05:18:06.0122 3608 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 05:18:06.0124 3608 luafv - ok 05:18:06.0144 3608 LycoFltr (fee74a4398896793a62c6e8423edbd41) C:\Windows\system32\Drivers\Lycosa.sys 05:18:06.0145 3608 LycoFltr - ok 05:18:06.0149 3608 mbykw - ok 05:18:06.0218 3608 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe 05:18:06.0232 3608 McciCMService - ok 05:18:06.0260 3608 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 05:18:06.0263 3608 Mcx2Svc - ok 05:18:06.0279 3608 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 05:18:06.0280 3608 megasas - ok 05:18:06.0315 3608 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 05:18:06.0317 3608 MMCSS - ok 05:18:06.0340 3608 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 05:18:06.0341 3608 Modem - ok 05:18:06.0381 3608 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 05:18:06.0381 3608 monitor - ok 05:18:06.0416 3608 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 05:18:06.0416 3608 mouclass - ok 05:18:06.0444 3608 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 05:18:06.0445 3608 mouhid - ok 05:18:06.0460 3608 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 05:18:06.0461 3608 MountMgr - ok 05:18:06.0482 3608 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 05:18:06.0484 3608 MozillaMaintenance - ok 05:18:06.0514 3608 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 05:18:06.0515 3608 mpio - ok 05:18:06.0537 3608 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 05:18:06.0539 3608 mpsdrv - ok 05:18:06.0578 3608 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 05:18:06.0589 3608 MpsSvc - ok 05:18:06.0610 3608 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 05:18:06.0611 3608 Mraid35x - ok 05:18:06.0633 3608 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 05:18:06.0635 3608 MREMP50 - ok 05:18:06.0637 3608 MREMP50a64 - ok 05:18:06.0640 3608 MREMPR5 - ok 05:18:06.0645 3608 MRENDIS5 - ok 05:18:06.0678 3608 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 05:18:06.0679 3608 MRESP50 - ok 05:18:06.0682 3608 MRESP50a64 - ok 05:18:06.0714 3608 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 05:18:06.0716 3608 MRxDAV - ok 05:18:06.0761 3608 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 05:18:06.0763 3608 mrxsmb - ok 05:18:06.0800 3608 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 05:18:06.0803 3608 mrxsmb10 - ok 05:18:06.0812 3608 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 05:18:06.0814 3608 mrxsmb20 - ok 05:18:06.0839 3608 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys 05:18:06.0840 3608 msahci - ok 05:18:06.0865 3608 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 05:18:06.0867 3608 msdsm - ok 05:18:06.0908 3608 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 05:18:06.0912 3608 MSDTC - ok 05:18:06.0928 3608 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 05:18:06.0929 3608 Msfs - ok 05:18:06.0952 3608 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 05:18:06.0953 3608 msisadrv - ok 05:18:06.0980 3608 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 05:18:06.0984 3608 MSiSCSI - ok 05:18:06.0987 3608 msiserver - ok 05:18:07.0030 3608 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 05:18:07.0031 3608 MSKSSRV - ok 05:18:07.0068 3608 msloop (0a562f61d84bf1988e4dd6413b76c1d4) C:\Windows\system32\DRIVERS\loop.sys 05:18:07.0069 3608 msloop - ok 05:18:07.0092 3608 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 05:18:07.0093 3608 MSPCLOCK - ok 05:18:07.0107 3608 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 05:18:07.0108 3608 MSPQM - ok 05:18:07.0153 3608 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 05:18:07.0154 3608 MsRPC - ok 05:18:07.0181 3608 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 05:18:07.0182 3608 mssmbios - ok 05:18:07.0257 3608 MSSQL$SQLEXPRESS - ok 05:18:07.0325 3608 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 05:18:07.0326 3608 MSSQLServerADHelper100 - ok 05:18:07.0340 3608 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 05:18:07.0341 3608 MSTEE - ok 05:18:07.0357 3608 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 05:18:07.0358 3608 Mup - ok 05:18:07.0400 3608 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 05:18:07.0415 3608 napagent - ok 05:18:07.0454 3608 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 05:18:07.0455 3608 NativeWifiP - ok 05:18:07.0493 3608 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 05:18:07.0499 3608 NDIS - ok 05:18:07.0514 3608 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 05:18:07.0515 3608 NdisTapi - ok 05:18:07.0535 3608 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 05:18:07.0536 3608 Ndisuio - ok 05:18:07.0573 3608 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 05:18:07.0575 3608 NdisWan - ok 05:18:07.0583 3608 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 05:18:07.0584 3608 NDProxy - ok 05:18:07.0600 3608 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 05:18:07.0601 3608 NetBIOS - ok 05:18:07.0631 3608 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 05:18:07.0634 3608 netbt - ok 05:18:07.0670 3608 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 05:18:07.0671 3608 Netlogon - ok 05:18:07.0700 3608 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 05:18:07.0705 3608 Netman - ok 05:18:07.0765 3608 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 05:18:07.0769 3608 NetMsmqActivator - ok 05:18:07.0773 3608 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 05:18:07.0774 3608 NetPipeActivator - ok 05:18:07.0811 3608 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 05:18:07.0835 3608 netprofm - ok 05:18:07.0839 3608 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 05:18:07.0841 3608 NetTcpActivator - ok 05:18:07.0845 3608 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 05:18:07.0847 3608 NetTcpPortSharing - ok 05:18:07.0899 3608 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 05:18:07.0900 3608 nfrd960 - ok 05:18:07.0938 3608 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 05:18:07.0949 3608 NlaSvc - ok 05:18:07.0992 3608 nosGetPlusHelper (eb900c136e660a8deb657be134c3bcd9) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll 05:18:07.0994 3608 nosGetPlusHelper - ok 05:18:08.0021 3608 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys 05:18:08.0022 3608 NPF - ok 05:18:08.0047 3608 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 05:18:08.0048 3608 Npfs - ok 05:18:08.0051 3608 npggsvc - ok 05:18:08.0076 3608 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 05:18:08.0078 3608 nsi - ok 05:18:08.0095 3608 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 05:18:08.0096 3608 nsiproxy - ok 05:18:08.0181 3608 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 05:18:08.0188 3608 Ntfs - ok 05:18:08.0232 3608 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 05:18:08.0233 3608 ntrigdigi - ok 05:18:08.0247 3608 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 05:18:08.0250 3608 Null - ok 05:18:08.0332 3608 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys 05:18:08.0348 3608 NVENETFD - ok 05:18:08.0368 3608 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys 05:18:08.0369 3608 nvraid - ok 05:18:08.0389 3608 nvrd32 (049e81b6fb41c73619ed3fe4df7d8638) C:\Windows\system32\DRIVERS\nvrd32.sys 05:18:08.0392 3608 nvrd32 - ok 05:18:08.0397 3608 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys 05:18:08.0399 3608 nvstor - ok 05:18:08.0418 3608 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\DRIVERS\nvstor32.sys 05:18:08.0420 3608 nvstor32 - ok 05:18:08.0439 3608 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 05:18:08.0442 3608 nv_agp - ok 05:18:08.0445 3608 NwlnkFlt - ok 05:18:08.0453 3608 NwlnkFwd - ok 05:18:08.0476 3608 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 05:18:08.0477 3608 ohci1394 - ok 05:18:08.0481 3608 OMCI - ok 05:18:08.0537 3608 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 05:18:08.0539 3608 ose - ok 05:18:08.0591 3608 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 05:18:08.0604 3608 p2pimsvc - ok 05:18:08.0612 3608 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 05:18:08.0620 3608 p2psvc - ok 05:18:08.0640 3608 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 05:18:08.0643 3608 Parport - ok 05:18:08.0658 3608 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys 05:18:08.0660 3608 partmgr - ok 05:18:08.0672 3608 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 05:18:08.0673 3608 Parvdm - ok 05:18:08.0696 3608 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 05:18:08.0699 3608 PcaSvc - ok 05:18:08.0732 3608 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 05:18:08.0733 3608 pci - ok 05:18:08.0747 3608 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 05:18:08.0748 3608 pciide - ok 05:18:08.0775 3608 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 05:18:08.0783 3608 pcmcia - ok 05:18:08.0862 3608 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 05:18:08.0873 3608 PEAUTH - ok 05:18:08.0888 3608 pkhjddey - ok 05:18:08.0987 3608 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 05:18:09.0025 3608 pla - ok 05:18:09.0112 3608 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 05:18:09.0120 3608 PlugPlay - ok 05:18:09.0144 3608 PnkBstrA (681da309716aeb98bc901d7a0458d931) C:\Windows\system32\PnkBstrA.exe 05:18:09.0156 3608 PnkBstrA - ok 05:18:09.0185 3608 PnkBstrB (27f1be4a53441c9f1f48b9adc145b0a5) C:\Windows\system32\PnkBstrB.exe 05:18:09.0194 3608 PnkBstrB - ok 05:18:09.0240 3608 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 05:18:09.0246 3608 PNRPAutoReg - ok 05:18:09.0252 3608 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 05:18:09.0259 3608 PNRPsvc - ok 05:18:09.0282 3608 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 05:18:09.0294 3608 PolicyAgent - ok 05:18:09.0326 3608 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 05:18:09.0327 3608 PptpMiniport - ok 05:18:09.0348 3608 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 05:18:09.0349 3608 Processor - ok 05:18:09.0383 3608 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 05:18:09.0395 3608 ProfSvc - ok 05:18:09.0436 3608 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 05:18:09.0438 3608 ProtectedStorage - ok 05:18:09.0461 3608 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 05:18:09.0462 3608 PSched - ok 05:18:09.0530 3608 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 05:18:09.0543 3608 ql2300 - ok 05:18:09.0567 3608 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 05:18:09.0569 3608 ql40xx - ok 05:18:09.0601 3608 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 05:18:09.0610 3608 QWAVE - ok 05:18:09.0624 3608 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 05:18:09.0625 3608 QWAVEdrv - ok 05:18:09.0630 3608 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 05:18:09.0631 3608 RasAcd - ok 05:18:09.0647 3608 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 05:18:09.0651 3608 RasAuto - ok 05:18:09.0667 3608 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 05:18:09.0668 3608 Rasl2tp - ok 05:18:09.0700 3608 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 05:18:09.0716 3608 RasMan - ok 05:18:09.0742 3608 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 05:18:09.0743 3608 RasPppoe - ok 05:18:09.0758 3608 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 05:18:09.0760 3608 RasSstp - ok 05:18:09.0782 3608 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 05:18:09.0786 3608 rdbss - ok 05:18:09.0791 3608 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 05:18:09.0791 3608 RDPCDD - ok 05:18:09.0834 3608 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys 05:18:09.0836 3608 rdpdr - ok 05:18:09.0843 3608 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 05:18:09.0844 3608 RDPENCDD - ok 05:18:09.0888 3608 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys 05:18:09.0898 3608 RDPWD - ok 05:18:09.0945 3608 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 05:18:09.0949 3608 RemoteAccess - ok 05:18:09.0976 3608 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 05:18:09.0989 3608 RemoteRegistry - ok 05:18:10.0040 3608 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe 05:18:10.0042 3608 rpcapd - ok 05:18:10.0087 3608 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 05:18:10.0089 3608 RpcLocator - ok 05:18:10.0124 3608 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 05:18:10.0130 3608 RpcSs - ok 05:18:10.0183 3608 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys 05:18:10.0192 3608 RsFx0103 - ok 05:18:10.0225 3608 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 05:18:10.0226 3608 rspndr - ok 05:18:10.0247 3608 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 05:18:10.0249 3608 SamSs - ok 05:18:10.0298 3608 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 05:18:10.0299 3608 SASDIFSV - ok 05:18:10.0315 3608 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 05:18:10.0318 3608 SASKUTIL - ok 05:18:10.0346 3608 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 05:18:10.0348 3608 sbp2port - ok 05:18:10.0461 3608 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 05:18:10.0486 3608 SBSDWSCService - ok 05:18:10.0590 3608 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 05:18:10.0593 3608 SCardSvr - ok 05:18:10.0648 3608 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 05:18:10.0662 3608 Schedule - ok 05:18:10.0689 3608 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 05:18:10.0690 3608 SCPolicySvc - ok 05:18:10.0713 3608 SCREAMINGBDRIVER (a643d6df1b7546256b11fb5d6b5d1375) C:\Windows\system32\drivers\ScreamingBAudio.sys 05:18:10.0714 3608 SCREAMINGBDRIVER - ok 05:18:10.0742 3608 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 05:18:10.0755 3608 SDRSVC - ok 05:18:10.0808 3608 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 05:18:10.0809 3608 secdrv - ok 05:18:10.0817 3608 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 05:18:10.0821 3608 seclogon - ok 05:18:10.0847 3608 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll 05:18:10.0851 3608 SENS - ok 05:18:10.0867 3608 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 05:18:10.0869 3608 Serenum - ok 05:18:10.0886 3608 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 05:18:10.0888 3608 Serial - ok 05:18:10.0908 3608 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 05:18:10.0910 3608 sermouse - ok 05:18:10.0955 3608 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 05:18:10.0959 3608 SessionEnv - ok 05:18:10.0977 3608 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 05:18:10.0978 3608 sffdisk - ok 05:18:10.0992 3608 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 05:18:10.0992 3608 sffp_mmc - ok 05:18:11.0009 3608 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 05:18:11.0010 3608 sffp_sd - ok 05:18:11.0025 3608 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 05:18:11.0026 3608 sfloppy - ok 05:18:11.0064 3608 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 05:18:11.0078 3608 SharedAccess - ok 05:18:11.0151 3608 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 05:18:11.0164 3608 ShellHWDetection - ok 05:18:11.0196 3608 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 05:18:11.0198 3608 sisagp - ok 05:18:11.0216 3608 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 05:18:11.0218 3608 SiSRaid2 - ok 05:18:11.0232 3608 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 05:18:11.0234 3608 SiSRaid4 - ok 05:18:11.0437 3608 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 05:18:11.0496 3608 slsvc - ok 05:18:11.0606 3608 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 05:18:11.0610 3608 SLUINotify - ok 05:18:11.0649 3608 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 05:18:11.0650 3608 Smb - ok 05:18:11.0679 3608 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 05:18:11.0682 3608 SNMPTRAP - ok 05:18:11.0711 3608 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 05:18:11.0712 3608 spldr - ok 05:18:11.0742 3608 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 05:18:11.0754 3608 Spooler - ok 05:18:11.0797 3608 sprtsvc_verizondm - ok 05:18:11.0869 3608 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 05:18:11.0883 3608 sptd - ok 05:18:11.0972 3608 SQLAgent$SQLEXPRESS (a687b5b326afcfcf182c4931d1ff9771) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE 05:18:11.0985 3608 SQLAgent$SQLEXPRESS - ok 05:18:12.0060 3608 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 05:18:12.0076 3608 SQLBrowser - ok 05:18:12.0101 3608 SQLWriter (637a0f23f9012358e92e6f99835494d1) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 05:18:12.0103 3608 SQLWriter - ok 05:18:12.0218 3608 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 05:18:12.0221 3608 srv - ok 05:18:12.0259 3608 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 05:18:12.0261 3608 srv2 - ok 05:18:12.0292 3608 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 05:18:12.0295 3608 srvnet - ok 05:18:12.0344 3608 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 05:18:12.0356 3608 SSDPSRV - ok 05:18:12.0397 3608 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 05:18:12.0410 3608 SstpSvc - ok 05:18:12.0438 3608 Steam Client Service - ok 05:18:12.0483 3608 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 05:18:12.0493 3608 stisvc - ok 05:18:12.0524 3608 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 05:18:12.0526 3608 swenum - ok 05:18:12.0570 3608 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 05:18:12.0584 3608 swprv - ok 05:18:12.0618 3608 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 05:18:12.0624 3608 Symc8xx - ok 05:18:12.0637 3608 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 05:18:12.0639 3608 Sym_hi - ok 05:18:12.0650 3608 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 05:18:12.0651 3608 Sym_u3 - ok 05:18:12.0714 3608 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 05:18:12.0729 3608 SysMain - ok 05:18:12.0752 3608 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 05:18:12.0756 3608 TabletInputService - ok 05:18:12.0770 3608 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\Windows\system32\DRIVERS\tap0901t.sys 05:18:12.0772 3608 tap0901t - ok 05:18:12.0812 3608 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 05:18:12.0837 3608 TapiSrv - ok 05:18:12.0864 3608 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 05:18:12.0868 3608 TBS - ok 05:18:12.0936 3608 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys 05:18:12.0942 3608 Tcpip - ok 05:18:12.0974 3608 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys 05:18:12.0980 3608 Tcpip6 - ok 05:18:13.0014 3608 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 05:18:13.0015 3608 tcpipreg - ok 05:18:13.0027 3608 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 05:18:13.0028 3608 TDPIPE - ok 05:18:13.0047 3608 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 05:18:13.0049 3608 TDTCP - ok 05:18:13.0085 3608 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 05:18:13.0087 3608 tdx - ok 05:18:13.0155 3608 TeamViewer5 (925f0c3e7e53f1ff76c7256df17b2d73) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe 05:18:13.0164 3608 TeamViewer5 - ok 05:18:13.0298 3608 TeamViewer6 (fe559178000347d2ca1b7847f0379749) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe 05:18:13.0347 3608 TeamViewer6 - ok 05:18:13.0461 3608 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 05:18:13.0462 3608 TermDD - ok 05:18:13.0500 3608 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 05:18:13.0518 3608 TermService - ok 05:18:13.0556 3608 tgsrvc_verizondm - ok 05:18:13.0605 3608 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 05:18:13.0609 3608 Themes - ok 05:18:13.0648 3608 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 05:18:13.0650 3608 THREADORDER - ok 05:18:13.0672 3608 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 05:18:13.0676 3608 TrkWks - ok 05:18:13.0717 3608 TrueSight (b3c9c35dc93563b8d19ad414edf2fc82) c:\windows\system32\drivers\TrueSight.sys 05:18:13.0718 3608 TrueSight - ok 05:18:13.0748 3608 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 05:18:13.0749 3608 TrustedInstaller - ok 05:18:13.0764 3608 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 05:18:13.0765 3608 tssecsrv - ok 05:18:13.0783 3608 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 05:18:13.0784 3608 tunmp - ok 05:18:13.0811 3608 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 05:18:13.0812 3608 tunnel - ok 05:18:13.0880 3608 TunngleService (7a34128510eeb13cf8583531c8fb081c) C:\Program Files\Tunngle\TnglCtrl.exe 05:18:13.0899 3608 TunngleService - ok 05:18:13.0938 3608 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 05:18:13.0940 3608 uagp35 - ok 05:18:13.0977 3608 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 05:18:13.0978 3608 udfs - ok 05:18:14.0030 3608 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 05:18:14.0033 3608 UI0Detect - ok 05:18:14.0052 3608 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 05:18:14.0054 3608 uliagpkx - ok 05:18:14.0080 3608 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 05:18:14.0088 3608 uliahci - ok 05:18:14.0122 3608 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 05:18:14.0124 3608 UlSata - ok 05:18:14.0148 3608 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 05:18:14.0160 3608 ulsata2 - ok 05:18:14.0196 3608 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 05:18:14.0197 3608 umbus - ok 05:18:14.0247 3608 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll 05:18:14.0281 3608 UmRdpService - ok 05:18:14.0349 3608 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 05:18:14.0390 3608 upnphost - ok 05:18:14.0397 3608 USBAAPL - ok 05:18:14.0452 3608 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 05:18:14.0454 3608 usbaudio - ok 05:18:14.0478 3608 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 05:18:14.0480 3608 usbccgp - ok 05:18:14.0508 3608 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 05:18:14.0509 3608 usbcir - ok 05:18:14.0533 3608 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 05:18:14.0535 3608 usbehci - ok 05:18:14.0568 3608 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 05:18:14.0571 3608 usbhub - ok 05:18:14.0586 3608 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 05:18:14.0588 3608 usbohci - ok 05:18:14.0630 3608 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 05:18:14.0631 3608 usbprint - ok 05:18:14.0663 3608 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 05:18:14.0665 3608 usbscan - ok 05:18:14.0681 3608 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 05:18:14.0682 3608 USBSTOR - ok 05:18:14.0697 3608 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 05:18:14.0698 3608 usbuhci - ok 05:18:14.0745 3608 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 05:18:14.0746 3608 usbvideo - ok 05:18:14.0764 3608 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 05:18:14.0768 3608 UxSms - ok 05:18:14.0817 3608 V0415Vid (b767129fd472e18a10d2553724ae79fe) C:\Windows\system32\DRIVERS\V0415Vid.sys 05:18:14.0830 3608 V0415Vid - ok 05:18:14.0911 3608 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 05:18:14.0939 3608 vds - ok 05:18:14.0991 3608 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 05:18:14.0993 3608 vga - ok 05:18:15.0017 3608 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 05:18:15.0018 3608 VgaSave - ok 05:18:15.0042 3608 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 05:18:15.0043 3608 viaagp - ok 05:18:15.0062 3608 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 05:18:15.0064 3608 ViaC7 - ok 05:18:15.0094 3608 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys 05:18:15.0096 3608 viaide - ok 05:18:15.0125 3608 VKbms (07c20e596a0838809bc5ff5de5a65973) C:\Windows\system32\DRIVERS\VKbms.sys 05:18:15.0126 3608 VKbms - ok 05:18:15.0153 3608 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 05:18:15.0155 3608 volmgr - ok 05:18:15.0198 3608 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 05:18:15.0200 3608 volmgrx - ok 05:18:15.0256 3608 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 05:18:15.0264 3608 volsnap - ok 05:18:15.0311 3608 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 05:18:15.0313 3608 vsmraid - ok 05:18:15.0384 3608 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 05:18:15.0401 3608 VSS - ok 05:18:15.0456 3608 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 05:18:15.0469 3608 W32Time - ok 05:18:15.0517 3608 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 05:18:15.0518 3608 WacomPen - ok 05:18:15.0542 3608 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 05:18:15.0545 3608 Wanarp - ok 05:18:15.0548 3608 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 05:18:15.0548 3608 Wanarpv6 - ok 05:18:15.0638 3608 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe 05:18:15.0660 3608 wbengine - ok 05:18:15.0682 3608 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 05:18:15.0691 3608 wcncsvc - ok 05:18:15.0724 3608 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 05:18:15.0728 3608 WcsPlugInService - ok 05:18:15.0749 3608 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 05:18:15.0750 3608 Wd - ok 05:18:15.0793 3608 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 05:18:15.0796 3608 Wdf01000 - ok 05:18:15.0831 3608 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 05:18:15.0835 3608 WdiServiceHost - ok 05:18:15.0838 3608 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 05:18:15.0841 3608 WdiSystemHost - ok 05:18:15.0870 3608 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 05:18:15.0888 3608 WebClient - ok 05:18:15.0953 3608 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 05:18:15.0957 3608 Wecsvc - ok 05:18:15.0978 3608 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 05:18:15.0982 3608 wercplsupport - ok 05:18:16.0032 3608 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 05:18:16.0062 3608 WerSvc - ok 05:18:16.0114 3608 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 05:18:16.0147 3608 WinDefend - ok 05:18:16.0155 3608 WinHttpAutoProxySvc - ok 05:18:16.0214 3608 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 05:18:16.0224 3608 Winmgmt - ok 05:18:16.0307 3608 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 05:18:16.0338 3608 WinRM - ok 05:18:16.0411 3608 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 05:18:16.0427 3608 Wlansvc - ok 05:18:16.0537 3608 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 05:18:16.0538 3608 wlcrasvc - ok 05:18:16.0678 3608 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 05:18:16.0725 3608 wlidsvc - ok 05:18:16.0956 3608 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 05:18:16.0957 3608 WmiAcpi - ok 05:18:17.0010 3608 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 05:18:17.0021 3608 wmiApSrv - ok 05:18:17.0126 3608 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 05:18:17.0141 3608 WMPNetworkSvc - ok 05:18:17.0172 3608 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 05:18:17.0184 3608 WPCSvc - ok 05:18:17.0207 3608 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 05:18:17.0221 3608 WPDBusEnum - ok 05:18:17.0245 3608 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 05:18:17.0246 3608 WpdUsb - ok 05:18:17.0355 3608 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 05:18:17.0375 3608 WPFFontCache_v0400 - ok 05:18:17.0401 3608 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 05:18:17.0402 3608 ws2ifsl - ok 05:18:17.0430 3608 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll 05:18:17.0435 3608 wscsvc - ok 05:18:17.0438 3608 WSearch - ok 05:18:17.0558 3608 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 05:18:17.0599 3608 wuauserv - ok 05:18:17.0696 3608 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 05:18:17.0697 3608 WUDFRd - ok 05:18:17.0725 3608 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 05:18:17.0729 3608 wudfsvc - ok 05:18:17.0732 3608 XDva285 - ok 05:18:17.0737 3608 XDva332 - ok 05:18:17.0747 3608 XDva344 - ok 05:18:17.0752 3608 XDva346 - ok 05:18:17.0758 3608 XDva351 - ok 05:18:17.0762 3608 XDva383 - ok 05:18:17.0766 3608 XDva385 - ok 05:18:17.0822 3608 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 05:18:18.0210 3608 \Device\Harddisk0\DR0 - ok 05:18:18.0214 3608 Boot (0x1200) (51e97dca87f6c15747aa2ae20978c5db) \Device\Harddisk0\DR0\Partition0 05:18:18.0216 3608 \Device\Harddisk0\DR0\Partition0 - ok 05:18:18.0235 3608 Boot (0x1200) (1edecc8ea700b2db32b2770a1e921924) \Device\Harddisk0\DR0\Partition1 05:18:18.0236 3608 \Device\Harddisk0\DR0\Partition1 - ok 05:18:18.0237 3608 ============================================================ 05:18:18.0237 3608 Scan finished 05:18:18.0237 3608 ============================================================ 05:18:18.0242 5844 Detected object count: 1 05:18:18.0242 5844 Actual detected object count: 1 05:18:27.0503 5844 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 05:18:27.0503 5844 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
One of my scan logs is too long to copy and paste, do you want a attachment? -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
I've been having a issue with my Logitech G930, whenever I have mozilla firefox open or any games, the sounds come out very static and sounds will cut off and on. I think the issue has to do with the memory or CPU being drained cause as of right now, I've been typing this and whenever I hear the sounds keep cutting off and on, my computer slows down slightly. I've also recently installed the latest drivers for my Logitech G930, so I dont think the drivers are the issue. But regardless, the computer is still running very slow cause of the svchost.exe -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
ComboFix 12-06-09.02 - Eric 06/10/2012 2:31.5.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.1928 [GMT -4:00] Running from: c:\users\Eric\Downloads\gkhygk.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\ladfGSRCoinst_i386.dll . . ((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 ))))))))))))))))))))))))))))))) . . 2012-06-10 06:40 . 2012-06-10 06:40 -------- d-----w- c:\users\Eric\AppData\Local\temp 2012-06-10 06:40 . 2012-06-10 06:40 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-06-10 06:40 . 2012-06-10 06:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-10 03:38 . 2012-06-10 03:38 -------- d-----w- c:\program files\iPod 2012-06-10 03:38 . 2012-06-10 03:39 -------- d-----w- c:\program files\iTunes 2012-06-10 03:37 . 2012-06-10 03:37 -------- d-----w- c:\program files\Apple Software Update 2012-06-09 14:54 . 2012-06-10 03:37 -------- d-----w- c:\windows\LastGood 2012-06-09 14:53 . 2012-06-09 14:56 -------- d-----w- c:\program files\Logitech Gaming Software 2012-06-09 08:56 . 2012-06-09 08:56 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-09 08:18 . 2012-06-09 08:48 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-09 05:20 . 2012-06-09 05:20 -------- d-----w- C:\found.000 2012-06-08 17:10 . 2012-06-08 17:10 -------- d-----w- c:\users\Eric\AppData\Roaming\SUPERAntiSpyware.com 2012-06-08 17:09 . 2012-06-08 17:10 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-06-08 17:09 . 2012-06-08 17:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-06-08 05:50 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D68408E-D63C-4ACC-83D3-3ED7513A8D04}\mpengine.dll 2012-06-01 21:10 . 2009-12-05 23:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2012-06-01 21:10 . 2012-06-01 21:10 -------- d-----w- c:\program files\ffdshow 2012-06-01 21:10 . 2012-06-01 21:10 -------- d-----w- c:\programdata\IObit 2012-06-01 21:10 . 2012-06-01 21:10 -------- d-----w- c:\program files\IObit 2012-06-01 17:49 . 2011-09-21 14:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys 2012-06-01 17:49 . 2012-06-01 17:49 -------- d-----w- c:\program files\CPUID 2012-06-01 03:32 . 2012-06-01 03:32 -------- d-----w- c:\program files\Realtek 2012-05-28 18:07 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-28 18:07 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-28 18:07 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-28 18:07 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-05-28 18:07 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll 2012-05-23 11:45 . 2012-05-23 11:45 -------- d-----w- c:\users\Eric\AppData\Roaming\LolClient2 2012-05-21 17:45 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-21 17:44 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-21 17:44 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe 2012-05-21 17:44 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-21 17:44 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-21 17:44 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-21 17:44 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll 2012-05-21 12:19 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-21 10:35 . 2012-05-21 10:35 -------- d-----w- c:\programdata\WeCareReminder 2012-05-21 10:35 . 2012-05-21 10:35 -------- d-----w- c:\users\Eric\AppData\Roaming\OpenCandy 2012-05-21 10:35 . 2012-03-22 17:43 2557952 ----a-w- c:\windows\system32\QtCore4.dll 2012-05-21 10:35 . 2012-04-18 17:49 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll 2012-05-21 02:37 . 2012-05-21 02:37 -------- d-----w- c:\program files\WinToFlash Suggestor 2012-05-21 01:51 . 2012-05-21 01:51 -------- d-----w- c:\program files\Common Files\Java 2012-05-21 01:51 . 2012-05-21 01:51 -------- d-----w- c:\program files\Oracle 2012-05-21 01:51 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-05-21 01:45 . 2012-05-21 01:46 -------- d-----w- c:\program files\Common Files\Adobe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-21 02:02 . 2012-04-09 11:57 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-21 02:02 . 2011-06-08 12:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-09 02:34 . 2011-11-18 18:56 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-04-06 05:21 . 2012-04-06 05:21 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-04-06 02:34 . 2012-04-06 02:34 159232 ----a-w- c:\windows\system32\clinfo.exe 2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\system32\OpenVideo.dll 2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\system32\OVDecode.dll 2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\system32\amdocl.dll 2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\system32\aticfx32.dll 2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-04-06 02:16 . 2012-04-06 02:16 451072 ----a-w- c:\windows\system32\atieclxx.exe 2012-04-06 02:15 . 2012-04-06 02:15 217600 ----a-w- c:\windows\system32\atiesrxx.exe 2012-04-06 02:14 . 2012-04-06 02:14 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2012-04-06 02:14 . 2012-04-06 02:14 20992 ----a-w- c:\windows\system32\atimuixx.dll 2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\system32\atidxx32.dll 2012-04-06 02:00 . 2011-12-06 02:18 52736 ----a-w- c:\windows\system32\coinst.dll 2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\system32\atioglxx.dll 2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\system32\atiumdmv.dll 2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\system32\atiumdag.dll 2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\system32\aticalrt.dll 2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\system32\aticalcl.dll 2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\system32\aticaldd.dll 2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\system32\atiumdva.dll 2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\system32\atiadlxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\system32\atigktxx.dll 2012-04-06 01:10 . 2012-04-06 01:10 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\system32\atiuxpag.dll 2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\system32\atiu9pag.dll 2012-04-06 01:09 . 2012-04-06 01:09 37376 ----a-w- c:\windows\system32\atitmpxx.dll 2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\atimpc32.dll 2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\amdpcom32.dll 2012-04-04 22:47 . 2011-07-07 06:20 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 19:56 . 2010-08-07 10:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-25 11:07 . 2011-05-06 16:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD1.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-08-24 01:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}] 2012-04-09 13:03 301872 ----a-w- c:\program files\WinToFlash Suggestor\WinToFlashSuggestor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD1.dll" [2011-05-09 176936] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD1.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 5092152] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088] "Skytel"="Skytel.exe" [2008-07-16 1833504] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] 2012-03-13 09:37 3331872 ----a-w- c:\users\Eric\AppData\Local\Akamai\netsession_win.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater] 2011-08-24 01:20 887976 ----a-w- c:\program files\Ask.com\Updater\Updater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCore] 2012-05-21 15:10 5092152 ----a-w- c:\program files\Logitech Gaming Software\LCore.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lycosa] 2011-03-22 01:01 233984 ----a-w- c:\program files\Razer\Razer Lycosa\razerhid.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments] 2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2011-05-13 21:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService] 2007-10-26 16:51 184352 ----a-w- c:\windows\System32\nvraidservice.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe] 2011-12-12 23:21 22459984 ----a-w- c:\program files\ooVoo\ooVoo.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster] 2012-02-25 21:21 3087440 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-07-16 23:01 6253088 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-02-04 17:27 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-10-19 01:21 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0415Mon.exe] 2008-08-06 21:00 28672 ----a-w- c:\windows\V0415Mon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VERIZONDM] 2010-09-29 10:59 206120 ----a-w- c:\program files\VERIZONDM\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp] 2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia] 2011-05-10 16:01 5416794 ----a-w- c:\program files\Vidalia Bundle\Vidalia\vidalia.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe . R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 257696] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - BONJOUR_SERVICE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] 2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] 2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe . Contents of the 'Scheduled Tasks' folder . 2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:07] . 2012-06-09 c:\windows\Tasks\Game_Booster_AutoUpdate.job - c:\program files\IObit\Game Booster\AutoUpdate.exe [2012-06-01 15:21] . 2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 20:49] . 2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 20:49] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to iPod Converter - c:\users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm IE: Free YouTube to Mp3 Converter - c:\users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zne32cu7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Search the Web FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z207&install_date=20111103 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3001716&SearchSource=2&q= FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: network.protocol-handler.warn-external.dnupdate - false FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: extentions.y2layers.installId - aa5136da-a24e-4cf5-8cf7-9786300623f0 FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,DropDownDeals, . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-10 02:40 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . Completion time: 2012-06-10 02:43:57 ComboFix-quarantined-files.txt 2012-06-10 06:43 ComboFix2.txt 2012-06-09 11:22 ComboFix3.txt 2012-06-08 15:46 ComboFix4.txt 2011-07-21 00:12 ComboFix5.txt 2012-06-10 06:29 . Pre-Run: 52,304,601,088 bytes free Post-Run: 51,585,028,096 bytes free . - - End Of File - - C334A54343F0529DC7DA12E8935B882B -
svchost.exe memory usage high/google redirect
Shadowthrow replied to Shadowthrow's topic in Resolved Malware Removal Logs
Results of screen317's Security Check version 0.99.41 Windows Vista Service Pack 2 x86 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy SUPERAntiSpyware Malwarebytes Anti-Malware version 1.61.0.1400 CCleaner JavaFX 2.1.0 Java 6 Update 26 Java 7 Update 4 Java SE Development Kit 7 Update 1 Adobe Flash Player 11.2.202.235 Adobe Reader X (10.1.3) Mozilla Firefox (12.0) Google Chrome 19.0.1084.46 Google Chrome 19.0.1084.52 ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log`````````````````````` -
Hello, I've been having a issue with my svchost.exe, it's take around 160k to 800k( it reaches higher the longer I leave the computer on). My start up is very slow and Im guessing it has to do with the memory that is being consumed. Anyways, Here is the logs: . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by Eric at 5:16:14 on 2012-06-09 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.1660 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> uURLSearchHooks: H - No File mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD1.dll BHO: AutorunsDisabled - No File BHO: Ask Toolbar BHO - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD1.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll BHO: WinToFlash Suggestor: {fc36b0bd-27f0-4cdd-8ab1-50651efc3efd} - c:\program files\wintoflash suggestor\WinToFlashSuggestor.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD1.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [RtHDVCpl] RtHDVCpl.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\eric\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm IE: Free YouTube to iPod Converter - c:\users\eric\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetoipodconverter.htm IE: Free YouTube to Mp3 Converter - c:\users\eric\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - c:\program files\wintoflash suggestor\WinToFlashSuggestor.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{57A175E1-2CD4-46D8-A7DE-7D0BFFE0319E} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration . ================= FIREFOX =================== . FF - ProfilePath - c:\users\eric\appdata\roaming\mozilla\firefox\profiles\zne32cu7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Search the Web FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z207&install_date=20111103 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3001716&SearchSource=2&q= FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\motive\npMotive.dll FF - plugin: c:\program files\download manager\npfpdlm.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\webzen\browserextension\NPWZCmnCtrl.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\eric\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\users\eric\appdata\roaming\mozilla\firefox\profiles\zne32cu7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\users\eric\appdata\roaming\mozilla\firefox\profiles\zne32cu7.default\extensions\{f689bafc-70f0-4550-9001-dc2a1cc8c0dd}\plugins\np-mswmp.dll FF - plugin: c:\users\eric\appdata\roaming\mozilla\firefox\profiles\zne32cu7.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}\plugins\np-mswmp.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - plugin: c:\windows\system32\npOGPPlugin.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: network.protocol-handler.warn-external.dnupdate - false FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: extentions.y2layers.installId - aa5136da-a24e-4cf5-8cf7-9786300623f0 FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,DropDownDeals, . ============= SERVICES / DRIVERS =============== . R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720] R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2012-4-28 23680] S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2010-1-26 21504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-6-1 21992] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-1-26 21504] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-10 1153368] S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-6 9334784] S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-5 275968] S3 apf001;apf001;c:\windows\system32\apf001.sys [2012-2-11 10872] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2012-2-23 83984] S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2010-8-9 50728] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-2-20 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840] S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [2012-4-28 6656] S3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\drivers\ladfBakerCi386.sys [2011-3-18 378568] S3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\drivers\ladfBakerRi386.sys [2011-3-18 312136] S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\drivers\ladfGSCi386.sys [2011-4-11 378568] S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\drivers\ladfGSRi386.sys [2011-4-11 317384] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2010-1-26 21504] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2012-2-13 27136] S3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;c:\windows\system32\drivers\V0415Vid.sys [2009-8-3 286208] S3 VKbms;Virtual HID Minidriver;c:\windows\system32\drivers\VKbms.sys [2012-4-28 10240] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928] S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 257696] S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-5 217600] S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-13 136176] S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-13 136176] S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-1-7 8704] S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832] S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128] S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-9-29 206120] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] S4 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-1-12 185640] S4 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-1-27 2253688] S4 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-9-29 185640] S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2012-2-13 736104] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-06-09 08:56:49 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-09 08:18:58 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-09 05:20:55 -------- d-sh--w- C:\found.000 2012-06-08 17:10:12 -------- d-----w- c:\users\eric\appdata\roaming\SUPERAntiSpyware.com 2012-06-08 17:09:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-06-08 17:09:38 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-06-08 15:46:24 -------- d-sh--w- C:\$RECYCLE.BIN 2012-06-08 15:46:22 -------- d-----w- c:\users\eric\appdata\local\temp 2012-06-08 05:50:52 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6d68408e-d63c-4acc-83d3-3ed7513a8d04}\mpengine.dll 2012-06-01 21:10:57 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2012-06-01 21:10:56 -------- d-----w- c:\program files\ffdshow 2012-06-01 21:10:36 -------- d-----w- c:\programdata\IObit 2012-06-01 21:10:36 -------- d-----w- c:\program files\IObit 2012-06-01 17:49:22 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys 2012-06-01 17:49:21 -------- d-----w- c:\program files\CPUID 2012-06-01 03:32:59 1933312 ----a-w- c:\windows\system32\MaxxAudioEQ.dll 2012-05-31 21:41:44 -------- d-----w- c:\program files\Logitech Gaming Software 2012-05-28 18:07:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-05-28 18:07:47 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-28 18:07:47 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-28 18:07:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-28 18:07:47 1069056 ----a-w- c:\windows\system32\DWrite.dll 2012-05-23 11:45:58 -------- d-----w- c:\users\eric\appdata\roaming\LolClient2 2012-05-21 17:45:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-21 17:44:36 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2012-05-21 17:44:36 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe 2012-05-21 17:44:35 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll 2012-05-21 17:44:35 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll 2012-05-21 17:44:35 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll 2012-05-21 17:44:35 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL 2012-05-21 12:19:14 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-21 10:35:48 -------- d-----w- c:\programdata\WeCareReminder 2012-05-21 10:35:20 -------- d-----w- c:\users\eric\appdata\roaming\OpenCandy 2012-05-21 10:35:11 2557952 ----a-w- c:\windows\system32\QtCore4.dll 2012-05-21 10:35:09 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll 2012-05-21 02:37:31 -------- d-----w- c:\program files\WinToFlash Suggestor 2012-05-21 01:51:24 -------- d-----w- c:\program files\Oracle 2012-05-21 01:51:13 772504 ----a-w- c:\windows\system32\npDeployJava1.dll . ==================== Find3M ==================== . 2012-06-01 03:33:03 319456 ----a-w- c:\windows\DIFxAPI.dll 2012-06-01 03:32:57 315392 ----a-w- c:\windows\HideWin.exe 2012-05-21 02:02:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-21 02:02:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-06 05:21:10 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-04-06 02:34:22 159232 ----a-w- c:\windows\system32\clinfo.exe 2012-04-06 02:34:04 64512 ----a-w- c:\windows\system32\OpenVideo.dll 2012-04-06 02:33:52 56320 ----a-w- c:\windows\system32\OVDecode.dll 2012-04-06 02:32:56 13007872 ----a-w- c:\windows\system32\amdocl.dll 2012-04-06 02:22:00 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2012-04-06 02:21:52 909312 ----a-w- c:\windows\system32\aticfx32.dll 2012-04-06 02:16:52 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-04-06 02:16:24 451072 ----a-w- c:\windows\system32\atieclxx.exe 2012-04-06 02:15:50 217600 ----a-w- c:\windows\system32\atiesrxx.exe 2012-04-06 02:14:36 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2012-04-06 02:14:28 20992 ----a-w- c:\windows\system32\atimuixx.dll 2012-04-06 02:14:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2012-04-06 02:13:42 6800896 ----a-w- c:\windows\system32\atidxx32.dll 2012-04-06 02:00:08 52736 ----a-w- c:\windows\system32\coinst.dll 2012-04-06 01:50:56 19753984 ----a-w- c:\windows\system32\atioglxx.dll 2012-04-06 01:34:50 1831424 ----a-w- c:\windows\system32\atiumdmv.dll 2012-04-06 01:34:04 6203392 ----a-w- c:\windows\system32\atiumdag.dll 2012-04-06 01:30:14 46080 ----a-w- c:\windows\system32\aticalrt.dll 2012-04-06 01:30:06 44032 ----a-w- c:\windows\system32\aticalcl.dll 2012-04-06 01:25:30 13764096 ----a-w- c:\windows\system32\aticaldd.dll 2012-04-06 01:22:54 4795904 ----a-w- c:\windows\system32\atiumdva.dll 2012-04-06 01:11:18 360448 ----a-w- c:\windows\system32\atiadlxx.dll 2012-04-06 01:11:04 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-04-06 01:10:52 33280 ----a-w- c:\windows\system32\atigktxx.dll 2012-04-06 01:10:22 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-04-06 01:09:48 41984 ----a-w- c:\windows\system32\atiuxpag.dll 2012-04-06 01:09:34 32256 ----a-w- c:\windows\system32\atiu9pag.dll 2012-04-06 01:09:10 37376 ----a-w- c:\windows\system32\atitmpxx.dll 2012-04-06 01:09:02 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-04-06 01:06:04 53760 ----a-w- c:\windows\system32\atimpc32.dll 2012-04-06 01:06:04 53760 ----a-w- c:\windows\system32\amdpcom32.dll 2012-04-04 22:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.0.6002 Disk: WDC_WD50 rev.01.0 -> Harddisk0\DR0 -> . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x9082E368]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, 0x909b3030; PUSH EAX; MOV ECX, [EBP+0xc]; PUSH ECX; MOV EDX, [EBP+0x8]; PUSH EDX; MOV ECX, [EAX+0x18]; CALL ECX; } 1 ntkrnlpa!IofCallDriver[0x80C89912] -> \Device\Harddisk0\DR0[0x8EC82030] 3 CLASSPNP[0x8138D8B3] -> ntkrnlpa!IofCallDriver[0x80C89912] -> [0x8E2E3A60] 5 acpi[0x812906BC] -> ntkrnlpa!IofCallDriver[0x80C89912] -> [0x8E2E1C90] \Driver\nvstor32[0x8EDD8100] -> IRP_MJ_CREATE -> 0x8EE384B1 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } detected disk devices: \Device\00000061 -> \??\SCSI#Disk&Ven_WDC_WD50&Prod_00AAKS-75A7B#4&3b9922aa&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 5:18:30.90 ===============