Jump to content

Redirect Virus


Recommended Posts

Hi,

Last weekend I had a faux AVG pop-up. I removed it (I think) but have been having redirect issues. When browsing, I am redirected through a few sites and usually end up at a "search-fast-results", or "63.209.69.107 .... " site. Hasn't been picked up with AVG, mbam, or hitman PRO. Just installed DDS with the following results:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_20

Run by MattAsus at 14:45:19 on 2011-10-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2425 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\AVG\AVG9\avgnsa.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\AVG\AVG9\avgemc.exe

C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\rundll32.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe

C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://asus.msn.com

uDefault_Page_URL = hxxp://asus.msn.com

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: {18b361c3-ac0c-414e-b293-930afbc1e6af} - C:\Users\MattAsus\AppData\Local\NetworkSys32.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - C:\Program Files (x86)\SMART Technologies\SMART Notebook\NotebookPlugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [AdobeBridge]

uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US

uRun: [MicrosoftServiceProfile] rundll32.exe "C:\ProgramData\MicrosoftServiceProfile.dll",DllRegisterServer

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [setwallpaper] c:\programdata\SetWallpaper.cmd

mRun: [sMART Board Service] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe

mRun: [sMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e

mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTB~1.LNK - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{06C2883D-D19B-44D1-890E-96396CE3205B} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{06C2883D-D19B-44D1-890E-96396CE3205B}\A434D44333 : DhcpNameServer = 192.168.1.1 71.250.0.12

TCP: Interfaces\{06C2883D-D19B-44D1-890E-96396CE3205B}\C696C626562656 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3BC4BAA9-A57E-4B1A-A766-463A8D84323F} : DhcpNameServer = 10.1.10.40 10.1.10.42

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

C:\Users\MattAsus\AppData\Local\NetworkSys32.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: CIEDownload Object: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\SMART Notebook\NotebookPlugin.dll

BHO-X64: SMART Notebook Download Plugin - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun-x64: [setwallpaper] c:\programdata\SetWallpaper.cmd

mRun-x64: [sMART Board Service] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe

mRun-x64: [sMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e

mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\MattAsus\AppData\Roaming\Mozilla\Firefox\Profiles\a8vbnqzw.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\MattAsus\AppData\Roaming\Mozilla\Firefox\Profiles\a8vbnqzw.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: SMART Notebook Extension: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262} - C:\Program Files (x86)\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG9\Firefox

FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com

FF - Ext: XUL Cache: {1b6b1361-4895-4b53-9eab-2854d6a4d769} - %profile%\extensions\{1b6b1361-4895-4b53-9eab-2854d6a4d769}

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]

R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]

R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-7-15 921952]

R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-15 308136]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys --> C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys [?]

R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys --> C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [?]

R3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys --> C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-16 136176]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-16 136176]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-10-28 14:27:41 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2011-10-28 14:27:05 -------- d-----w- C:\ProgramData\Hitman Pro

2011-10-24 18:07:34 -------- d-----w- C:\Program Files (x86)\Graph

2011-10-22 14:45:33 -------- d-----w- C:\Program Files (x86)\PC Tools Security

2011-10-22 14:45:33 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2011-10-22 14:44:22 -------- d-----w- C:\ProgramData\PC Tools

2011-10-16 19:03:29 -------- d-----w- C:\ProgramData\MFAData

2011-10-15 23:55:23 84144520 ----a-w- C:\Users\MattAsus\jdk-7-windows-x64.exe

.

==================== Find3M ====================

.

2011-10-16 18:58:35 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-15 23:57:16 627600 ----a-w- C:\Windows\System32\deployJava1.dll

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-12 22:26:56 35664 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll

2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll

.

============= FINISH: 14:46:29.92 ===============

Attach.zip

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Hello,

Below is the scan from today.

Using Firefox. This happens about 75% of the time. I type in something in the search bar and am brought to Yahoo's search result page just fine. When I select a link, I am redirect through about 3-4 different sites, none of which fully open. Then a page finally opens that is not what I chose. Most frequently, the above sites listed previously. If I back out to the search results page and open the link, it may or may not work the second time. Otherwise, I repeat until I'm successful. I am able to go directly to websites by typing in the search bar of Firefox, and have no problems. It is only when searching through Yahoo/Google.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8064

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

11/1/2011 6:12:40 PM

mbam-log-2011-11-01 (18-12-25).txt

Scan type: Full scan (C:\|E:\|)

Objects scanned: 333031

Time elapsed: 55 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicrosoftServiceProfile (Trojan.SHarpro.PGen) -> Value: MicrosoftServiceProfile -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\MattAsus\AppData\Local\Temp\thpm5278835783363488914.tmp (Exploit.Drop.3) -> No action taken.

Link to post
Share on other sites

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

01:02:06.0428 4636 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01

01:02:06.0709 4636 ============================================================

01:02:06.0709 4636 Current date / time: 2011/11/02 01:02:06.0709

01:02:06.0709 4636 SystemInfo:

01:02:06.0709 4636

01:02:06.0709 4636 OS Version: 6.1.7601 ServicePack: 1.0

01:02:06.0709 4636 Product type: Workstation

01:02:06.0709 4636 ComputerName: MATTASUS-PC

01:02:06.0709 4636 UserName: MattAsus

01:02:06.0709 4636 Windows directory: C:\Windows

01:02:06.0709 4636 System windows directory: C:\Windows

01:02:06.0709 4636 Running under WOW64

01:02:06.0709 4636 Processor architecture: Intel x64

01:02:06.0709 4636 Number of processors: 2

01:02:06.0709 4636 Page size: 0x1000

01:02:06.0709 4636 Boot type: Normal boot

01:02:06.0709 4636 ============================================================

01:02:07.0317 4636 Initialize success

01:02:09.0267 2752 ============================================================

01:02:09.0267 2752 Scan started

01:02:09.0267 2752 Mode: Manual;

01:02:09.0267 2752 ============================================================

01:02:10.0297 2752 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

01:02:10.0297 2752 1394ohci - ok

01:02:10.0359 2752 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

01:02:10.0375 2752 ACPI - ok

01:02:10.0422 2752 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

01:02:10.0422 2752 AcpiPmi - ok

01:02:10.0484 2752 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

01:02:10.0484 2752 adp94xx - ok

01:02:10.0515 2752 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

01:02:10.0531 2752 adpahci - ok

01:02:10.0546 2752 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

01:02:10.0562 2752 adpu320 - ok

01:02:10.0656 2752 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

01:02:10.0671 2752 AFD - ok

01:02:10.0734 2752 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

01:02:10.0734 2752 agp440 - ok

01:02:10.0827 2752 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

01:02:10.0827 2752 aliide - ok

01:02:10.0874 2752 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

01:02:10.0874 2752 amdide - ok

01:02:10.0921 2752 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

01:02:10.0921 2752 AmdK8 - ok

01:02:10.0952 2752 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

01:02:10.0952 2752 AmdPPM - ok

01:02:10.0999 2752 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys

01:02:10.0999 2752 amdsata - ok

01:02:11.0014 2752 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

01:02:11.0030 2752 amdsbs - ok

01:02:11.0046 2752 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys

01:02:11.0046 2752 amdxata - ok

01:02:11.0092 2752 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS

01:02:11.0124 2752 AmUStor - ok

01:02:11.0233 2752 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

01:02:11.0233 2752 AppID - ok

01:02:11.0326 2752 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

01:02:11.0326 2752 arc - ok

01:02:11.0358 2752 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

01:02:11.0358 2752 arcsas - ok

01:02:11.0404 2752 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys

01:02:11.0404 2752 AsDsm - ok

01:02:11.0545 2752 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

01:02:11.0560 2752 ASMMAP64 - ok

01:02:11.0654 2752 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

01:02:11.0670 2752 AsyncMac - ok

01:02:11.0732 2752 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

01:02:11.0732 2752 atapi - ok

01:02:11.0794 2752 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys

01:02:11.0857 2752 athr - ok

01:02:11.0982 2752 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys

01:02:11.0997 2752 AvgLdx64 - ok

01:02:12.0028 2752 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\system32\Drivers\avgmfx64.sys

01:02:12.0044 2752 AvgMfx64 - ok

01:02:12.0091 2752 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\system32\Drivers\avgtdia.sys

01:02:12.0106 2752 AvgTdiA - ok

01:02:12.0231 2752 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

01:02:12.0247 2752 b06bdrv - ok

01:02:12.0278 2752 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

01:02:12.0294 2752 b57nd60a - ok

01:02:12.0418 2752 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

01:02:12.0434 2752 Beep - ok

01:02:12.0481 2752 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

01:02:12.0496 2752 blbdrive - ok

01:02:12.0543 2752 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

01:02:12.0590 2752 bowser - ok

01:02:12.0637 2752 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

01:02:12.0637 2752 BrFiltLo - ok

01:02:12.0652 2752 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

01:02:12.0668 2752 BrFiltUp - ok

01:02:12.0699 2752 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

01:02:12.0715 2752 Brserid - ok

01:02:12.0730 2752 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

01:02:12.0730 2752 BrSerWdm - ok

01:02:12.0762 2752 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

01:02:12.0762 2752 BrUsbMdm - ok

01:02:12.0793 2752 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

01:02:12.0793 2752 BrUsbSer - ok

01:02:12.0824 2752 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

01:02:12.0824 2752 BTHMODEM - ok

01:02:12.0855 2752 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

01:02:12.0871 2752 cdfs - ok

01:02:12.0918 2752 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

01:02:12.0933 2752 cdrom - ok

01:02:13.0027 2752 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

01:02:13.0027 2752 circlass - ok

01:02:13.0074 2752 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

01:02:13.0089 2752 CLFS - ok

01:02:13.0167 2752 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

01:02:13.0167 2752 CmBatt - ok

01:02:13.0214 2752 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

01:02:13.0230 2752 cmdide - ok

01:02:13.0292 2752 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

01:02:13.0308 2752 CNG - ok

01:02:13.0354 2752 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

01:02:13.0370 2752 Compbatt - ok

01:02:13.0417 2752 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

01:02:13.0432 2752 CompositeBus - ok

01:02:13.0479 2752 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

01:02:13.0479 2752 crcdisk - ok

01:02:13.0620 2752 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

01:02:13.0620 2752 DfsC - ok

01:02:13.0666 2752 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

01:02:13.0666 2752 discache - ok

01:02:13.0729 2752 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

01:02:13.0729 2752 Disk - ok

01:02:13.0807 2752 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

01:02:13.0807 2752 drmkaud - ok

01:02:13.0869 2752 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

01:02:13.0916 2752 DXGKrnl - ok

01:02:14.0010 2752 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

01:02:14.0103 2752 ebdrv - ok

01:02:14.0244 2752 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

01:02:14.0259 2752 elxstor - ok

01:02:14.0322 2752 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

01:02:14.0322 2752 ErrDev - ok

01:02:14.0462 2752 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys

01:02:14.0462 2752 ETD - ok

01:02:14.0509 2752 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

01:02:14.0524 2752 exfat - ok

01:02:14.0618 2752 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

01:02:14.0758 2752 fastfat - ok

01:02:14.0805 2752 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

01:02:14.0821 2752 fdc - ok

01:02:14.0868 2752 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

01:02:14.0868 2752 FileInfo - ok

01:02:14.0883 2752 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

01:02:14.0883 2752 Filetrace - ok

01:02:15.0008 2752 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

01:02:15.0024 2752 flpydisk - ok

01:02:15.0070 2752 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

01:02:15.0086 2752 FltMgr - ok

01:02:15.0117 2752 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

01:02:15.0117 2752 FsDepends - ok

01:02:15.0164 2752 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys

01:02:15.0164 2752 fssfltr - ok

01:02:15.0195 2752 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

01:02:15.0195 2752 Fs_Rec - ok

01:02:15.0242 2752 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

01:02:15.0242 2752 fvevol - ok

01:02:15.0289 2752 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

01:02:15.0289 2752 gagp30kx - ok

01:02:15.0398 2752 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

01:02:15.0414 2752 hcw85cir - ok

01:02:15.0460 2752 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

01:02:15.0476 2752 HdAudAddService - ok

01:02:15.0538 2752 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

01:02:15.0538 2752 HDAudBus - ok

01:02:15.0570 2752 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

01:02:15.0570 2752 HidBatt - ok

01:02:15.0585 2752 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

01:02:15.0601 2752 HidBth - ok

01:02:15.0616 2752 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

01:02:15.0616 2752 HidIr - ok

01:02:15.0679 2752 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

01:02:15.0679 2752 HidUsb - ok

01:02:15.0710 2752 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

01:02:15.0726 2752 HpSAMD - ok

01:02:15.0788 2752 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

01:02:15.0804 2752 HTTP - ok

01:02:15.0850 2752 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

01:02:15.0850 2752 hwpolicy - ok

01:02:15.0913 2752 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

01:02:15.0913 2752 i8042prt - ok

01:02:15.0975 2752 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys

01:02:15.0975 2752 iaStor - ok

01:02:16.0038 2752 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

01:02:16.0038 2752 iaStorV - ok

01:02:16.0303 2752 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

01:02:16.0537 2752 igfx - ok

01:02:16.0630 2752 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

01:02:16.0630 2752 iirsp - ok

01:02:16.0708 2752 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

01:02:16.0724 2752 intelide - ok

01:02:16.0771 2752 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

01:02:16.0771 2752 intelppm - ok

01:02:16.0818 2752 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

01:02:16.0833 2752 IpFilterDriver - ok

01:02:16.0864 2752 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

01:02:16.0880 2752 IPMIDRV - ok

01:02:16.0896 2752 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

01:02:16.0911 2752 IPNAT - ok

01:02:16.0942 2752 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

01:02:16.0942 2752 IRENUM - ok

01:02:16.0989 2752 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

01:02:17.0005 2752 isapnp - ok

01:02:17.0036 2752 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

01:02:17.0036 2752 iScsiPrt - ok

01:02:17.0083 2752 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

01:02:17.0083 2752 kbdclass - ok

01:02:17.0130 2752 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

01:02:17.0130 2752 kbdhid - ok

01:02:17.0192 2752 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys

01:02:17.0192 2752 kbfiltr - ok

01:02:17.0239 2752 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

01:02:17.0239 2752 KSecDD - ok

01:02:17.0286 2752 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

01:02:17.0286 2752 KSecPkg - ok

01:02:17.0317 2752 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

01:02:17.0317 2752 ksthunk - ok

01:02:17.0379 2752 L1E (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys

01:02:17.0395 2752 L1E - ok

01:02:17.0504 2752 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

01:02:17.0504 2752 lltdio - ok

01:02:17.0582 2752 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

01:02:17.0582 2752 LSI_FC - ok

01:02:17.0613 2752 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

01:02:17.0613 2752 LSI_SAS - ok

01:02:17.0660 2752 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

01:02:17.0660 2752 LSI_SAS2 - ok

01:02:17.0707 2752 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

01:02:17.0707 2752 LSI_SCSI - ok

01:02:17.0754 2752 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

01:02:17.0754 2752 luafv - ok

01:02:17.0785 2752 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys

01:02:17.0785 2752 lullaby - ok

01:02:17.0847 2752 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

01:02:17.0847 2752 megasas - ok

01:02:17.0878 2752 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

01:02:17.0878 2752 MegaSR - ok

01:02:17.0941 2752 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

01:02:17.0941 2752 Modem - ok

01:02:18.0003 2752 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

01:02:18.0019 2752 monitor - ok

01:02:18.0097 2752 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

01:02:18.0097 2752 mouclass - ok

01:02:18.0190 2752 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

01:02:18.0190 2752 mouhid - ok

01:02:18.0237 2752 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

01:02:18.0253 2752 mountmgr - ok

01:02:18.0300 2752 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

01:02:18.0300 2752 mpio - ok

01:02:18.0331 2752 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

01:02:18.0331 2752 mpsdrv - ok

01:02:18.0378 2752 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

01:02:18.0378 2752 MRxDAV - ok

01:02:18.0424 2752 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

01:02:18.0440 2752 mrxsmb - ok

01:02:18.0487 2752 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

01:02:18.0487 2752 mrxsmb10 - ok

01:02:18.0534 2752 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

01:02:18.0534 2752 mrxsmb20 - ok

01:02:18.0580 2752 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

01:02:18.0580 2752 msahci - ok

01:02:18.0596 2752 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

01:02:18.0612 2752 msdsm - ok

01:02:18.0643 2752 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

01:02:18.0658 2752 Msfs - ok

01:02:18.0674 2752 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

01:02:18.0674 2752 mshidkmdf - ok

01:02:18.0690 2752 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

01:02:18.0690 2752 msisadrv - ok

01:02:18.0752 2752 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

01:02:18.0768 2752 MSKSSRV - ok

01:02:18.0783 2752 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

01:02:18.0799 2752 MSPCLOCK - ok

01:02:18.0830 2752 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

01:02:18.0830 2752 MSPQM - ok

01:02:18.0892 2752 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

01:02:18.0908 2752 MsRPC - ok

01:02:18.0955 2752 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

01:02:18.0955 2752 mssmbios - ok

01:02:19.0002 2752 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

01:02:19.0017 2752 MSTEE - ok

01:02:19.0048 2752 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

01:02:19.0048 2752 MTConfig - ok

01:02:19.0095 2752 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys

01:02:19.0111 2752 MTsensor - ok

01:02:19.0142 2752 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

01:02:19.0142 2752 Mup - ok

01:02:19.0204 2752 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

01:02:19.0220 2752 NativeWifiP - ok

01:02:19.0314 2752 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

01:02:19.0345 2752 NDIS - ok

01:02:19.0392 2752 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

01:02:19.0392 2752 NdisCap - ok

01:02:19.0423 2752 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

01:02:19.0423 2752 NdisTapi - ok

01:02:19.0485 2752 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

01:02:19.0485 2752 Ndisuio - ok

01:02:19.0532 2752 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

01:02:19.0532 2752 NdisWan - ok

01:02:19.0579 2752 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

01:02:19.0579 2752 NDProxy - ok

01:02:19.0626 2752 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

01:02:19.0626 2752 NetBIOS - ok

01:02:19.0672 2752 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

01:02:19.0672 2752 NetBT - ok

01:02:19.0797 2752 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

01:02:19.0813 2752 nfrd960 - ok

01:02:19.0844 2752 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

01:02:19.0860 2752 Npfs - ok

01:02:19.0906 2752 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

01:02:19.0906 2752 nsiproxy - ok

01:02:19.0984 2752 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

01:02:20.0031 2752 Ntfs - ok

01:02:20.0078 2752 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

01:02:20.0078 2752 Null - ok

01:02:20.0125 2752 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

01:02:20.0156 2752 nvraid - ok

01:02:20.0234 2752 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

01:02:20.0234 2752 nvstor - ok

01:02:20.0281 2752 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

01:02:20.0281 2752 nv_agp - ok

01:02:20.0374 2752 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

01:02:20.0374 2752 ohci1394 - ok

01:02:20.0484 2752 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

01:02:20.0499 2752 Parport - ok

01:02:20.0530 2752 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

01:02:20.0530 2752 partmgr - ok

01:02:20.0577 2752 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

01:02:20.0593 2752 pci - ok

01:02:20.0624 2752 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

01:02:20.0640 2752 pciide - ok

01:02:20.0671 2752 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

01:02:20.0686 2752 pcmcia - ok

01:02:20.0702 2752 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

01:02:20.0702 2752 pcw - ok

01:02:20.0749 2752 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

01:02:20.0764 2752 PEAUTH - ok

01:02:20.0936 2752 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

01:02:20.0936 2752 PptpMiniport - ok

01:02:20.0967 2752 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

01:02:20.0967 2752 Processor - ok

01:02:21.0030 2752 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

01:02:21.0030 2752 Psched - ok

01:02:21.0092 2752 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

01:02:21.0092 2752 PxHlpa64 - ok

01:02:21.0154 2752 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

01:02:21.0217 2752 ql2300 - ok

01:02:21.0264 2752 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

01:02:21.0264 2752 ql40xx - ok

01:02:21.0295 2752 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

01:02:21.0310 2752 QWAVEdrv - ok

01:02:21.0326 2752 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

01:02:21.0326 2752 RasAcd - ok

01:02:21.0373 2752 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

01:02:21.0373 2752 RasAgileVpn - ok

01:02:21.0435 2752 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

01:02:21.0435 2752 Rasl2tp - ok

01:02:21.0513 2752 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

01:02:21.0529 2752 RasPppoe - ok

01:02:21.0622 2752 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

01:02:21.0622 2752 RasSstp - ok

01:02:21.0685 2752 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

01:02:21.0685 2752 rdbss - ok

01:02:21.0716 2752 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

01:02:21.0716 2752 rdpbus - ok

01:02:21.0747 2752 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

01:02:21.0747 2752 RDPCDD - ok

01:02:21.0778 2752 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

01:02:21.0778 2752 RDPENCDD - ok

01:02:21.0810 2752 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

01:02:21.0810 2752 RDPREFMP - ok

01:02:21.0841 2752 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

01:02:21.0856 2752 RDPWD - ok

01:02:21.0903 2752 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

01:02:21.0903 2752 rdyboost - ok

01:02:22.0012 2752 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

01:02:22.0028 2752 rspndr - ok

01:02:22.0059 2752 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

01:02:22.0075 2752 sbp2port - ok

01:02:22.0122 2752 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

01:02:22.0122 2752 scfilter - ok

01:02:22.0168 2752 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

01:02:22.0184 2752 secdrv - ok

01:02:22.0231 2752 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

01:02:22.0231 2752 Serenum - ok

01:02:22.0278 2752 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

01:02:22.0278 2752 Serial - ok

01:02:22.0340 2752 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

01:02:22.0356 2752 sermouse - ok

01:02:22.0434 2752 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

01:02:22.0449 2752 sffdisk - ok

01:02:22.0480 2752 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

01:02:22.0496 2752 sffp_mmc - ok

01:02:22.0527 2752 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

01:02:22.0558 2752 sffp_sd - ok

01:02:22.0590 2752 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

01:02:22.0590 2752 sfloppy - ok

01:02:22.0621 2752 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys

01:02:22.0636 2752 SiSGbeLH - ok

01:02:22.0730 2752 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

01:02:22.0730 2752 SiSRaid2 - ok

01:02:22.0761 2752 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

01:02:22.0761 2752 SiSRaid4 - ok

01:02:22.0808 2752 SMARTMouseFilterx64 (323ddcd15db2a7fed09df1f835cafcfb) C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys

01:02:22.0808 2752 SMARTMouseFilterx64 - ok

01:02:22.0902 2752 SMARTVHidMiniVistaAmd64 (6c691320c71ca8e8c38f52b2ce652c64) C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys

01:02:22.0902 2752 SMARTVHidMiniVistaAmd64 - ok

01:02:22.0933 2752 SMARTVTabletPCx64 (20563f6830badd675407af0f5bca76ba) C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys

01:02:22.0933 2752 SMARTVTabletPCx64 - ok

01:02:22.0980 2752 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

01:02:22.0980 2752 Smb - ok

01:02:23.0104 2752 SNP2UVC (f06a6de8438f7446bff9e61f31356521) C:\Windows\system32\DRIVERS\snp2uvc.sys

01:02:23.0245 2752 SNP2UVC - ok

01:02:23.0323 2752 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

01:02:23.0323 2752 spldr - ok

01:02:23.0385 2752 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

01:02:23.0401 2752 srv - ok

01:02:23.0448 2752 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

01:02:23.0463 2752 srv2 - ok

01:02:23.0510 2752 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

01:02:23.0510 2752 srvnet - ok

01:02:23.0557 2752 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

01:02:23.0572 2752 stexstor - ok

01:02:23.0619 2752 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

01:02:23.0619 2752 swenum - ok

01:02:23.0822 2752 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

01:02:23.0869 2752 Tcpip - ok

01:02:23.0962 2752 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

01:02:23.0978 2752 TCPIP6 - ok

01:02:24.0025 2752 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

01:02:24.0040 2752 tcpipreg - ok

01:02:24.0087 2752 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

01:02:24.0103 2752 TDPIPE - ok

01:02:24.0134 2752 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

01:02:24.0150 2752 TDTCP - ok

01:02:24.0196 2752 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

01:02:24.0212 2752 tdx - ok

01:02:24.0243 2752 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

01:02:24.0243 2752 TermDD - ok

01:02:24.0399 2752 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

01:02:24.0399 2752 tssecsrv - ok

01:02:24.0462 2752 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

01:02:24.0462 2752 TsUsbFlt - ok

01:02:24.0524 2752 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

01:02:24.0540 2752 tunnel - ok

01:02:24.0602 2752 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

01:02:24.0618 2752 uagp35 - ok

01:02:24.0664 2752 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

01:02:24.0680 2752 udfs - ok

01:02:24.0742 2752 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

01:02:24.0758 2752 uliagpkx - ok

01:02:24.0789 2752 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

01:02:24.0789 2752 umbus - ok

01:02:24.0836 2752 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

01:02:24.0836 2752 UmPass - ok

01:02:24.0883 2752 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys

01:02:24.0898 2752 usbccgp - ok

01:02:24.0961 2752 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

01:02:24.0961 2752 usbcir - ok

01:02:25.0008 2752 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys

01:02:25.0023 2752 usbehci - ok

01:02:25.0101 2752 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys

01:02:25.0132 2752 usbhub - ok

01:02:25.0257 2752 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

01:02:25.0273 2752 usbohci - ok

01:02:25.0335 2752 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

01:02:25.0335 2752 usbprint - ok

01:02:25.0398 2752 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS

01:02:25.0413 2752 USBSTOR - ok

01:02:25.0444 2752 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

01:02:25.0444 2752 usbuhci - ok

01:02:25.0538 2752 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

01:02:25.0569 2752 usbvideo - ok

01:02:25.0632 2752 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

01:02:25.0647 2752 vdrvroot - ok

01:02:25.0694 2752 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

01:02:25.0694 2752 vga - ok

01:02:25.0725 2752 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

01:02:25.0725 2752 VgaSave - ok

01:02:25.0756 2752 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

01:02:25.0772 2752 vhdmp - ok

01:02:25.0850 2752 VIAHdAudAddService (fe595d1a1b781190bb483444b62cc607) C:\Windows\system32\drivers\viahduaa.sys

01:02:25.0881 2752 VIAHdAudAddService - ok

01:02:25.0959 2752 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

01:02:25.0959 2752 viaide - ok

01:02:26.0006 2752 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

01:02:26.0022 2752 volmgr - ok

01:02:26.0053 2752 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

01:02:26.0068 2752 volmgrx - ok

01:02:26.0100 2752 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

01:02:26.0100 2752 volsnap - ok

01:02:26.0146 2752 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

01:02:26.0162 2752 vsmraid - ok

01:02:26.0178 2752 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

01:02:26.0178 2752 vwifibus - ok

01:02:26.0209 2752 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

01:02:26.0209 2752 vwififlt - ok

01:02:26.0240 2752 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

01:02:26.0240 2752 WacomPen - ok

01:02:26.0302 2752 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

01:02:26.0318 2752 WANARP - ok

01:02:26.0334 2752 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

01:02:26.0334 2752 Wanarpv6 - ok

01:02:26.0427 2752 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

01:02:26.0443 2752 Wd - ok

01:02:26.0474 2752 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

01:02:26.0505 2752 Wdf01000 - ok

01:02:26.0614 2752 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

01:02:26.0630 2752 WfpLwf - ok

01:02:26.0661 2752 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

01:02:26.0677 2752 WimFltr - ok

01:02:26.0755 2752 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

01:02:26.0755 2752 WIMMount - ok

01:02:26.0895 2752 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

01:02:26.0895 2752 WinUsb - ok

01:02:26.0958 2752 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

01:02:27.0004 2752 WmiAcpi - ok

01:02:27.0114 2752 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

01:02:27.0129 2752 ws2ifsl - ok

01:02:27.0207 2752 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

01:02:27.0223 2752 WudfPf - ok

01:02:27.0254 2752 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

01:02:27.0270 2752 WUDFRd - ok

01:02:27.0316 2752 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

01:02:27.0332 2752 \Device\Harddisk0\DR0 - ok

01:02:27.0348 2752 Boot (0x1200) (df446c13128f400b8c34a66f75465476) \Device\Harddisk0\DR0\Partition0

01:02:27.0348 2752 \Device\Harddisk0\DR0\Partition0 - ok

01:02:27.0348 2752 ============================================================

01:02:27.0348 2752 Scan finished

01:02:27.0348 2752 ============================================================

01:02:27.0363 3856 Detected object count: 0

01:02:27.0363 3856 Actual detected object count: 0

Link to post
Share on other sites

You did have MBAM remove these, right?

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicrosoftServiceProfile (Trojan.SHarpro.PGen) -> Value: MicrosoftServiceProfile -> No action taken.

Files Infected:

c:\Users\MattAsus\AppData\Local\Temp\thpm5278835783363488914.tmp (Exploit.Drop.3) -> No action taken.

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 11-11-02.03 - MattAsus 11/02/2011 13:08:21.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2236 [GMT -4:00]

Running from: c:\users\MattAsus\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\MattAsus\jdk-7-windows-x64.exe

c:\users\MattAsus\Taskmgr.exe

c:\windows\security\Database\tmp.edb

.

.

((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))

.

.

2011-11-02 17:22 . 2011-11-02 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-02 03:59 . 2011-11-02 15:57 -------- d-----w- c:\users\MattAsus\AppData\Local\cache

2011-11-02 03:38 . 2011-11-02 03:46 -------- d-----w- c:\program files\Autodesk

2011-11-02 03:38 . 2011-11-02 03:38 -------- d-----w- c:\program files (x86)\Autodesk

2011-11-02 03:36 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-11-02 03:36 . 2009-09-04 21:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll

2011-11-02 03:36 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll

2011-11-02 03:36 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-11-02 03:36 . 2009-09-04 21:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll

2011-11-02 03:36 . 2009-09-04 21:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2011-11-02 03:36 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll

2011-11-02 03:36 . 2009-09-04 21:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll

2011-11-02 03:03 . 2011-11-02 17:25 -------- d-----w- c:\program files (x86)\Common Files\Akamai

2011-11-02 02:34 . 2011-11-02 02:47 -------- d-----w- c:\programdata\FLEXnet

2011-11-02 02:24 . 2011-11-02 02:24 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2011-11-02 02:21 . 2011-11-02 03:47 -------- d-----w- c:\program files\Common Files\Autodesk Shared

2011-11-02 02:21 . 2011-11-02 03:38 -------- d-----w- c:\users\MattAsus\AppData\Local\Autodesk

2011-11-02 02:19 . 2011-11-02 03:47 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared

2011-11-02 02:18 . 2009-03-09 19:27 520544 ----a-w- c:\windows\system32\d3dx10_41.dll

2011-11-02 02:18 . 2009-03-09 19:27 453456 ----a-w- c:\windows\SysWow64\d3dx10_41.dll

2011-11-02 02:18 . 2009-03-09 19:27 2430312 ----a-w- c:\windows\system32\D3DCompiler_41.dll

2011-11-02 02:18 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\SysWow64\D3DCompiler_41.dll

2011-11-02 02:18 . 2009-03-09 19:27 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll

2011-11-02 02:18 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2011-11-02 02:14 . 2011-11-02 04:00 -------- d-----w- c:\programdata\Autodesk

2011-11-02 02:14 . 2011-11-02 03:59 -------- d-----w- c:\users\MattAsus\AppData\Roaming\Autodesk

2011-11-02 02:06 . 2011-11-02 03:21 -------- d-----w- C:\Autodesk

2011-10-28 14:27 . 2011-10-28 14:27 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-10-28 14:27 . 2011-10-28 14:27 -------- d-----w- c:\programdata\Hitman Pro

2011-10-24 18:07 . 2011-10-24 18:07 -------- d-----w- c:\program files (x86)\Graph

2011-10-22 14:45 . 2011-10-22 14:59 -------- d-----w- c:\program files (x86)\PC Tools Security

2011-10-22 14:45 . 2011-10-22 14:59 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2011-10-22 14:44 . 2011-10-22 14:58 -------- d-----w- c:\programdata\PC Tools

2011-10-16 19:03 . 2011-10-16 19:05 -------- d-----w- c:\programdata\MFAData

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-16 18:58 . 2011-05-13 02:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-15 23:57 . 2010-06-14 02:41 627600 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-12 22:26 . 2010-03-29 02:12 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2011-08-31 21:00 . 2011-02-06 15:18 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll

2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-17 2245120]

"SMART Board Service"="c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-01-05 3372328]

"SMART SNMP Agent"="c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-01-05 1053992]

"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-2-7 12862]

SMART Board Tools.lnk - c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-1-5 11154728]

SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-2-7 156952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 136176]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-02 1431888]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 136176]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]

S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]

S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-07-30 921952]

S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [x]

S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x]

S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 22:52]

.

2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 22:52]

.

2011-11-02 c:\windows\Tasks\Norton Security Scan for MattAsus.job

- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-14 15:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\MattAsus\AppData\Roaming\Mozilla\Firefox\Profiles\a8vbnqzw.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: SMART Notebook Extension: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262} - c:\program files (x86)\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files (x86)\AVG\AVG9\Firefox

FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{18B361C3-AC0C-414E-B293-930AFBC1E6Af} - c:\users\MattAsus\AppData\Local\NetworkSys32.dll

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr

AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\Best Buy Software Installer Setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\windows\AsScrPro.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\AVG\AVG9\avgcsrvx.exe

c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

.

**************************************************************************

.

Completion time: 2011-11-02 13:47:27 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-02 17:47

.

Pre-Run: 398,500,581,376 bytes free

Post-Run: 401,133,232,128 bytes free

.

- - End Of File - - CA20FAEF080D24DC41BBA48F172C8EBE

Link to post
Share on other sites

Be sure to uninstall combofix.

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.