BleepingComputer.com: Dead Vista x64 - missing consrv

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Dead Vista x64 - missing consrv

#16 User is offline   nasdaq 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,053
  • Joined: 16-June 06
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 26 October 2011 - 01:21 PM

Correct. Just in case some good files are targeted.

#17 User is offline   Stone Rhino 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 17-October 11

Posted 26 October 2011 - 10:47 PM

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 10/26/2011 at 21:45:37.
Operating System: Windows ™ Vista Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 10/26/2011 at 21:45:52.


===================================

Next....

23:04:20.0889 4856 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
23:04:20.0967 4856 ============================================================
23:04:20.0967 4856 Current date / time: 2011/10/26 23:04:20.0967
23:04:20.0967 4856 SystemInfo:
23:04:20.0967 4856
23:04:20.0967 4856 OS Version: 6.0.6002 ServicePack: 2.0
23:04:20.0967 4856 Product type: Workstation
23:04:20.0967 4856 ComputerName: TORY
23:04:20.0967 4856 UserName: dennis
23:04:20.0967 4856 Windows directory: C:\Windows
23:04:20.0967 4856 System windows directory: C:\Windows
23:04:20.0967 4856 Running under WOW64
23:04:20.0967 4856 Processor architecture: Intel x64
23:04:20.0967 4856 Number of processors: 2
23:04:20.0967 4856 Page size: 0x1000
23:04:20.0967 4856 Boot type: Normal boot
23:04:20.0967 4856 ============================================================
23:04:24.0259 4856 Initialize success
23:04:28.0127 4724 ============================================================
23:04:28.0127 4724 Scan started
23:04:28.0127 4724 Mode: Manual;
23:04:28.0127 4724 ============================================================
23:04:31.0185 4724 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
23:04:31.0263 4724 ACPI - ok
23:04:31.0809 4724 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
23:04:32.0012 4724 adp94xx - ok
23:04:32.0527 4724 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
23:04:32.0527 4724 adpahci - ok
23:04:32.0776 4724 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
23:04:32.0792 4724 adpu160m - ok
23:04:33.0416 4724 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
23:04:33.0416 4724 adpu320 - ok
23:04:34.0274 4724 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
23:04:35.0319 4724 AFD - ok
23:04:36.0021 4724 AgereSoftModem (e59bc94c0fc336f2f6a07a7e16441c48) C:\Windows\system32\DRIVERS\agrsm64.sys
23:04:36.0380 4724 AgereSoftModem - ok
23:04:36.0785 4724 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
23:04:36.0785 4724 agp440 - ok
23:04:37.0051 4724 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
23:04:37.0066 4724 aic78xx - ok
23:04:37.0129 4724 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
23:04:37.0129 4724 aliide - ok
23:04:37.0160 4724 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
23:04:37.0175 4724 amdide - ok
23:04:37.0253 4724 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
23:04:37.0269 4724 AmdK8 - ok
23:04:37.0425 4724 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
23:04:37.0425 4724 arc - ok
23:04:37.0456 4724 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
23:04:37.0456 4724 arcsas - ok
23:04:37.0487 4724 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
23:04:37.0487 4724 AsyncMac - ok
23:04:37.0519 4724 atapi (b388797caab36d523840347cc6a39b96) C:\Windows\system32\drivers\atapi.sys
23:04:37.0519 4724 atapi - ok
23:04:37.0768 4724 AVGIDSDriver (4f1ae7de0cc6615323b7b959aa973b01) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
23:04:37.0768 4724 AVGIDSDriver - ok
23:04:37.0831 4724 AVGIDSEH (a14e9123764dcb4386066bd9cdccde8d) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
23:04:37.0831 4724 AVGIDSEH - ok
23:04:37.0893 4724 AVGIDSFilter (dd0aa3178b548a6d95e1d35d675de2cd) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
23:04:37.0893 4724 AVGIDSFilter - ok
23:04:38.0127 4724 Avgldx64 (91be0147bc27059aba6d0a478adeb1ee) C:\Windows\system32\DRIVERS\avgldx64.sys
23:04:38.0127 4724 Avgldx64 - ok
23:04:38.0205 4724 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys
23:04:38.0205 4724 Avgmfx64 - ok
23:04:38.0267 4724 Avgrkx64 (5b3f127b26c08b1c7df5c5f111ca4030) C:\Windows\system32\DRIVERS\avgrkx64.sys
23:04:38.0283 4724 Avgrkx64 - ok
23:04:38.0455 4724 Avgtdia (9140455490a9298f5a43500f1c886afe) C:\Windows\system32\DRIVERS\avgtdia.sys
23:04:38.0455 4724 Avgtdia - ok
23:04:38.0657 4724 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
23:04:38.0657 4724 blbdrive - ok
23:04:38.0704 4724 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
23:04:38.0704 4724 bowser - ok
23:04:38.0767 4724 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
23:04:38.0767 4724 BrFiltLo - ok
23:04:38.0798 4724 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
23:04:38.0798 4724 BrFiltUp - ok
23:04:38.0829 4724 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
23:04:38.0829 4724 Brserid - ok
23:04:38.0860 4724 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
23:04:38.0860 4724 BrSerWdm - ok
23:04:38.0923 4724 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
23:04:38.0923 4724 BrUsbMdm - ok
23:04:38.0954 4724 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
23:04:38.0969 4724 BrUsbSer - ok
23:04:38.0985 4724 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
23:04:38.0985 4724 BTHMODEM - ok
23:04:39.0016 4724 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
23:04:39.0016 4724 cdfs - ok
23:04:39.0079 4724 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
23:04:39.0094 4724 cdrom - ok
23:04:39.0141 4724 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
23:04:39.0141 4724 circlass - ok
23:04:39.0328 4724 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
23:04:39.0344 4724 CLFS - ok
23:04:39.0765 4724 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
23:04:40.0732 4724 CmBatt - ok
23:04:41.0138 4724 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
23:04:41.0169 4724 cmdide - ok
23:04:41.0637 4724 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
23:04:41.0668 4724 Compbatt - ok
23:04:41.0996 4724 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
23:04:41.0996 4724 crcdisk - ok
23:04:42.0791 4724 DC1150.X64 (4cd54015981a19540cceac9a9f1feea1) C:\Windows\system32\DRIVERS\DC1150.X64.SYS
23:04:43.0135 4724 DC1150.X64 - ok
23:04:43.0681 4724 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
23:04:43.0681 4724 DfsC - ok
23:04:44.0039 4724 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
23:04:44.0039 4724 disk - ok
23:04:44.0367 4724 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
23:04:44.0367 4724 drmkaud - ok
23:04:45.0022 4724 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
23:04:45.0038 4724 DXGKrnl - ok
23:04:45.0459 4724 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
23:04:45.0459 4724 E1G60 - ok
23:04:45.0927 4724 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
23:04:45.0927 4724 Ecache - ok
23:04:46.0738 4724 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
23:04:46.0816 4724 elxstor - ok
23:04:47.0237 4724 EraserUtilRebootDrv - ok
23:04:48.0080 4724 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
23:04:48.0080 4724 ErrDev - ok
23:04:48.0610 4724 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
23:04:48.0610 4724 exfat - ok
23:04:49.0453 4724 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
23:04:49.0468 4724 fastfat - ok
23:04:50.0014 4724 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
23:04:50.0014 4724 fdc - ok
23:04:50.0498 4724 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
23:04:50.0498 4724 FileInfo - ok
23:04:50.0935 4724 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
23:04:50.0935 4724 Filetrace - ok
23:04:51.0559 4724 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:04:51.0559 4724 flpydisk - ok
23:04:51.0949 4724 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
23:04:52.0136 4724 FltMgr - ok
23:04:52.0963 4724 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
23:04:52.0994 4724 Fs_Rec - ok
23:04:53.0306 4724 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
23:04:53.0306 4724 gagp30kx - ok
23:04:53.0696 4724 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:04:53.0696 4724 GEARAspiWDM - ok
23:04:54.0242 4724 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
23:04:54.0257 4724 HdAudAddService - ok
23:04:55.0240 4724 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:04:55.0989 4724 HDAudBus - ok
23:04:56.0270 4724 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
23:04:56.0285 4724 HidBth - ok
23:04:56.0753 4724 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
23:04:56.0769 4724 HidIr - ok
23:04:57.0299 4724 hidshim (8f86e034495d2f9006693091fd4e7f4f) C:\Windows\system32\DRIVERS\hidshim.sys
23:04:57.0299 4724 hidshim - ok
23:04:57.0783 4724 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
23:04:57.0783 4724 HidUsb - ok
23:04:58.0189 4724 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
23:04:58.0189 4724 HpCISSs - ok
23:04:58.0797 4724 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
23:04:58.0797 4724 HTTP - ok
23:04:59.0296 4724 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
23:04:59.0296 4724 i2omp - ok
23:04:59.0795 4724 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
23:04:59.0795 4724 i8042prt - ok
23:05:00.0232 4724 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
23:05:00.0248 4724 iaStor - ok
23:05:00.0763 4724 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
23:05:00.0872 4724 iaStorV - ok
23:05:01.0387 4724 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
23:05:01.0387 4724 iirsp - ok
23:05:01.0964 4724 IntcAzAudAddService (b6e61b181884527cc5b68c2d79504b43) C:\Windows\system32\drivers\RTKVHD64.sys
23:05:01.0995 4724 IntcAzAudAddService - ok
23:05:02.0401 4724 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
23:05:02.0401 4724 intelide - ok
23:05:02.0666 4724 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
23:05:02.0666 4724 intelppm - ok
23:05:02.0993 4724 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:05:02.0993 4724 IpFilterDriver - ok
23:05:03.0352 4724 IpInIp - ok
23:05:03.0805 4724 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
23:05:03.0805 4724 IPMIDRV - ok
23:05:04.0366 4724 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
23:05:04.0366 4724 IPNAT - ok
23:05:04.0850 4724 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
23:05:04.0865 4724 IRENUM - ok
23:05:05.0255 4724 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
23:05:05.0333 4724 isapnp - ok
23:05:05.0661 4724 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
23:05:05.0661 4724 iScsiPrt - ok
23:05:05.0942 4724 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
23:05:05.0957 4724 iteatapi - ok
23:05:06.0254 4724 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
23:05:06.0254 4724 iteraid - ok
23:05:06.0519 4724 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
23:05:06.0519 4724 kbdclass - ok
23:05:07.0174 4724 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
23:05:07.0174 4724 kbdhid - ok
23:05:07.0954 4724 KR10I64 (7c999f96b239e214154db3c808e6736a) C:\Windows\system32\drivers\kr10i64.sys
23:05:08.0360 4724 KR10I64 - ok
23:05:08.0937 4724 KR10N64 (8cb9a9164d4e789424f943fa718fa3f2) C:\Windows\system32\drivers\kr10n64.sys
23:05:09.0405 4724 KR10N64 - ok
23:05:11.0043 4724 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
23:05:11.0386 4724 KSecDD - ok
23:05:11.0807 4724 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
23:05:11.0823 4724 ksthunk - ok
23:05:12.0868 4724 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
23:05:12.0868 4724 lltdio - ok
23:05:13.0305 4724 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
23:05:13.0305 4724 LSI_FC - ok
23:05:13.0757 4724 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
23:05:13.0757 4724 LSI_SAS - ok
23:05:14.0522 4724 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
23:05:14.0522 4724 LSI_SCSI - ok
23:05:14.0803 4724 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
23:05:14.0803 4724 luafv - ok
23:05:15.0146 4724 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
23:05:15.0146 4724 MBAMProtector - ok
23:05:15.0661 4724 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
23:05:15.0661 4724 megasas - ok
23:05:16.0238 4724 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
23:05:16.0550 4724 MegaSR - ok
23:05:16.0877 4724 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
23:05:16.0877 4724 Modem - ok
23:05:17.0174 4724 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
23:05:17.0189 4724 monitor - ok
23:05:17.0548 4724 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
23:05:17.0548 4724 mouclass - ok
23:05:17.0845 4724 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
23:05:17.0845 4724 mouhid - ok
23:05:18.0141 4724 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
23:05:18.0141 4724 MountMgr - ok
23:05:18.0422 4724 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
23:05:18.0422 4724 mpio - ok
23:05:18.0687 4724 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
23:05:18.0687 4724 mpsdrv - ok
23:05:19.0030 4724 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
23:05:19.0030 4724 Mraid35x - ok
23:05:19.0436 4724 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
23:05:19.0436 4724 MRxDAV - ok
23:05:19.0795 4724 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:05:19.0795 4724 mrxsmb - ok
23:05:20.0169 4724 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:05:20.0185 4724 mrxsmb10 - ok
23:05:20.0497 4724 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:05:20.0497 4724 mrxsmb20 - ok
23:05:20.0855 4724 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys
23:05:20.0855 4724 msahci - ok
23:05:21.0261 4724 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
23:05:21.0323 4724 msdsm - ok
23:05:21.0729 4724 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
23:05:21.0729 4724 Msfs - ok
23:05:22.0088 4724 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
23:05:22.0088 4724 msisadrv - ok
23:05:22.0462 4724 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
23:05:22.0478 4724 MSKSSRV - ok
23:05:22.0837 4724 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
23:05:22.0837 4724 MSPCLOCK - ok
23:05:23.0289 4724 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
23:05:23.0305 4724 MSPQM - ok
23:05:23.0788 4724 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
23:05:23.0804 4724 MsRPC - ok
23:05:24.0085 4724 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
23:05:24.0085 4724 mssmbios - ok
23:05:24.0475 4724 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
23:05:24.0475 4724 MSTEE - ok
23:05:24.0553 4724 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
23:05:24.0553 4724 Mup - ok
23:05:24.0927 4724 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
23:05:24.0927 4724 NativeWifiP - ok
23:05:25.0005 4724 NCHGBIOS2x64 - ok
23:05:25.0598 4724 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
23:05:25.0613 4724 NDIS - ok
23:05:25.0988 4724 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
23:05:25.0988 4724 NdisTapi - ok
23:05:26.0347 4724 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
23:05:26.0347 4724 Ndisuio - ok
23:05:26.0799 4724 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
23:05:26.0815 4724 NdisWan - ok
23:05:27.0220 4724 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
23:05:27.0220 4724 NDProxy - ok
23:05:27.0626 4724 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
23:05:27.0626 4724 NetBIOS - ok
23:05:28.0016 4724 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
23:05:28.0031 4724 netbt - ok
23:05:30.0808 4724 NETw5v64 (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys
23:05:31.0417 4724 NETw5v64 - ok
23:05:31.0931 4724 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
23:05:31.0947 4724 nfrd960 - ok
23:05:32.0306 4724 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
23:05:32.0321 4724 Npfs - ok
23:05:32.0633 4724 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
23:05:32.0633 4724 nsiproxy - ok
23:05:33.0413 4724 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
23:05:33.0523 4724 Ntfs - ok
23:05:33.0944 4724 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
23:05:33.0944 4724 Null - ok
23:05:37.0922 4724 nvlddmkm (1f76d6e464e11563ed9a7d83433624b4) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:05:37.0984 4724 nvlddmkm - ok
23:05:38.0437 4724 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
23:05:38.0437 4724 nvraid - ok
23:05:38.0873 4724 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
23:05:38.0889 4724 nvstor - ok
23:05:39.0326 4724 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
23:05:39.0326 4724 nv_agp - ok
23:05:39.0685 4724 NwlnkFlt - ok
23:05:39.0731 4724 NwlnkFwd - ok
23:05:39.0856 4724 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
23:05:39.0856 4724 ohci1394 - ok
23:05:40.0168 4724 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
23:05:40.0184 4724 Parport - ok
23:05:40.0309 4724 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
23:05:40.0309 4724 partmgr - ok
23:05:40.0948 4724 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
23:05:40.0948 4724 pci - ok
23:05:41.0557 4724 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
23:05:41.0557 4724 pciide - ok
23:05:42.0118 4724 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
23:05:42.0118 4724 pcmcia - ok
23:05:43.0007 4724 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
23:05:43.0023 4724 PEAUTH - ok
23:05:43.0787 4724 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
23:05:43.0787 4724 PptpMiniport - ok
23:05:44.0068 4724 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
23:05:44.0068 4724 Processor - ok
23:05:44.0474 4724 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
23:05:44.0474 4724 PSched - ok
23:05:44.0911 4724 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
23:05:44.0942 4724 ql2300 - ok
23:05:45.0332 4724 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
23:05:45.0347 4724 ql40xx - ok
23:05:45.0425 4724 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
23:05:45.0425 4724 QWAVEdrv - ok
23:05:45.0566 4724 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
23:05:45.0566 4724 RasAcd - ok
23:05:45.0769 4724 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:05:45.0800 4724 Rasl2tp - ok
23:05:46.0642 4724 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
23:05:46.0658 4724 RasPppoe - ok
23:05:47.0063 4724 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
23:05:47.0063 4724 RasSstp - ok
23:05:47.0453 4724 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
23:05:47.0453 4724 rdbss - ok
23:05:48.0062 4724 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:05:48.0077 4724 RDPCDD - ok
23:05:48.0857 4724 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
23:05:48.0889 4724 rdpdr - ok
23:05:49.0325 4724 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
23:05:49.0325 4724 RDPENCDD - ok
23:05:49.0731 4724 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
23:05:49.0747 4724 RDPWD - ok
23:05:50.0121 4724 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
23:05:50.0137 4724 rimmptsk - ok
23:05:50.0558 4724 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
23:05:50.0558 4724 rimsptsk - ok
23:05:50.0963 4724 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
23:05:50.0963 4724 RimUsb - ok
23:05:51.0026 4724 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
23:05:51.0026 4724 rismxdp - ok
23:05:51.0478 4724 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
23:05:51.0494 4724 rspndr - ok
23:05:51.0853 4724 RTL8169 (bf55641fc2f759281b9bf59d5daa8fde) C:\Windows\system32\DRIVERS\Rtlh64.sys
23:05:51.0853 4724 RTL8169 - ok
23:05:52.0196 4724 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
23:05:52.0196 4724 sbp2port - ok
23:05:52.0601 4724 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
23:05:52.0617 4724 sdbus - ok
23:05:52.0960 4724 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:05:52.0960 4724 secdrv - ok
23:05:53.0366 4724 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
23:05:53.0366 4724 Serenum - ok
23:05:53.0678 4724 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
23:05:53.0693 4724 Serial - ok
23:05:54.0037 4724 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
23:05:54.0052 4724 sermouse - ok
23:05:54.0473 4724 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
23:05:54.0473 4724 sffdisk - ok
23:05:54.0770 4724 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
23:05:54.0785 4724 sffp_mmc - ok
23:05:54.0926 4724 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:05:54.0941 4724 sffp_sd - ok
23:05:55.0051 4724 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
23:05:55.0051 4724 sfloppy - ok
23:05:55.0597 4724 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
23:05:55.0612 4724 SiSRaid2 - ok
23:05:55.0877 4724 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
23:05:55.0877 4724 SiSRaid4 - ok
23:05:56.0314 4724 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
23:05:56.0314 4724 Smb - ok
23:05:56.0735 4724 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
23:05:56.0735 4724 spldr - ok
23:05:57.0141 4724 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
23:05:57.0157 4724 srv - ok
23:05:57.0422 4724 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
23:05:57.0422 4724 srv2 - ok
23:05:57.0796 4724 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
23:05:57.0812 4724 srvnet - ok
23:05:58.0046 4724 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
23:05:58.0046 4724 swenum - ok
23:05:58.0171 4724 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
23:05:58.0171 4724 Symc8xx - ok
23:05:58.0639 4724 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
23:05:58.0639 4724 Sym_hi - ok
23:05:58.0873 4724 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
23:05:58.0873 4724 Sym_u3 - ok
23:05:59.0138 4724 SynTP (e978d62c22286cdd1d83a05d3dee37ae) C:\Windows\system32\DRIVERS\SynTP.sys
23:05:59.0138 4724 SynTP - ok
23:06:00.0136 4724 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
23:06:00.0869 4724 Tcpip - ok
23:06:01.0431 4724 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
23:06:01.0447 4724 Tcpip6 - ok
23:06:01.0759 4724 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
23:06:01.0759 4724 tcpipreg - ok
23:06:02.0071 4724 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:06:02.0071 4724 tdcmdpst - ok
23:06:02.0523 4724 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
23:06:02.0570 4724 TDPIPE - ok
23:06:02.0991 4724 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
23:06:02.0991 4724 TDTCP - ok
23:06:03.0553 4724 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
23:06:03.0553 4724 tdx - ok
23:06:04.0005 4724 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
23:06:04.0021 4724 TermDD - ok
23:06:04.0771 4724 Tosrfcom - ok
23:06:04.0901 4724 tosrfec (9fb4aa68d4e833c795994513bc9e3aca) C:\Windows\system32\DRIVERS\tosrfec.sys
23:06:04.0906 4724 tosrfec - ok
23:06:05.0151 4724 tos_sps64 (711ee5ea958c345a50b69abbbd74d646) C:\Windows\system32\DRIVERS\tos_sps64.sys
23:06:05.0161 4724 tos_sps64 - ok
23:06:05.0276 4724 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:06:05.0281 4724 tssecsrv - ok
23:06:05.0296 4724 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
23:06:05.0301 4724 tunmp - ok
23:06:05.0341 4724 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
23:06:05.0346 4724 tunnel - ok
23:06:05.0431 4724 TVALZ (d1026d82cc40e38ff75dc53c80aac370) C:\Windows\system32\DRIVERS\TVALZ.SYS
23:06:05.0431 4724 TVALZ - ok
23:06:06.0096 4724 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
23:06:06.0101 4724 uagp35 - ok
23:06:06.0746 4724 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
23:06:06.0756 4724 udfs - ok
23:06:07.0236 4724 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
23:06:07.0241 4724 uliagpkx - ok
23:06:07.0351 4724 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
23:06:07.0356 4724 uliahci - ok
23:06:07.0801 4724 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
23:06:07.0806 4724 UlSata - ok
23:06:08.0286 4724 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
23:06:08.0291 4724 ulsata2 - ok
23:06:08.0861 4724 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
23:06:08.0861 4724 umbus - ok
23:06:09.0411 4724 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
23:06:09.0431 4724 USBAAPL64 - ok
23:06:10.0031 4724 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
23:06:10.0036 4724 usbaudio - ok
23:06:10.0431 4724 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
23:06:10.0436 4724 usbccgp - ok
23:06:10.0786 4724 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
23:06:10.0791 4724 usbcir - ok
23:06:10.0901 4724 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
23:06:10.0926 4724 usbehci - ok
23:06:11.0101 4724 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
23:06:11.0111 4724 usbhub - ok
23:06:11.0166 4724 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
23:06:11.0171 4724 usbohci - ok
23:06:11.0276 4724 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
23:06:11.0281 4724 usbprint - ok
23:06:11.0396 4724 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
23:06:11.0401 4724 usbscan - ok
23:06:11.0491 4724 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:06:11.0491 4724 USBSTOR - ok
23:06:11.0556 4724 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
23:06:11.0561 4724 usbuhci - ok
23:06:11.0616 4724 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
23:06:11.0616 4724 usbvideo - ok
23:06:11.0761 4724 UVCFTR (060b7863943625e0193a3575c0c59e52) C:\Windows\system32\Drivers\UVCFTR_S.SYS
23:06:11.0761 4724 UVCFTR - ok
23:06:11.0906 4724 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
23:06:11.0906 4724 vga - ok
23:06:11.0966 4724 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
23:06:11.0966 4724 VgaSave - ok
23:06:12.0026 4724 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
23:06:12.0026 4724 viaide - ok
23:06:12.0076 4724 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
23:06:12.0081 4724 volmgr - ok
23:06:12.0201 4724 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
23:06:12.0211 4724 volmgrx - ok
23:06:12.0311 4724 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
23:06:12.0316 4724 volsnap - ok
23:06:12.0491 4724 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
23:06:12.0496 4724 vsmraid - ok
23:06:12.0751 4724 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
23:06:12.0756 4724 WacomPen - ok
23:06:12.0851 4724 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:06:12.0851 4724 Wanarp - ok
23:06:12.0856 4724 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:06:12.0856 4724 Wanarpv6 - ok
23:06:13.0006 4724 wbondir (dde9912c19ad8cca256aad947823a7f1) C:\Windows\system32\DRIVERS\wbondir.sys
23:06:13.0006 4724 wbondir - ok
23:06:13.0196 4724 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
23:06:13.0196 4724 Wd - ok
23:06:13.0456 4724 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
23:06:13.0476 4724 Wdf01000 - ok
23:06:14.0556 4724 winbondhidcir (073599e57d5e204d6b9ede385fc394eb) C:\Windows\system32\DRIVERS\winbondhidcir.sys
23:06:14.0556 4724 winbondhidcir - ok
23:06:14.0706 4724 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
23:06:14.0731 4724 WmiAcpi - ok
23:06:14.0911 4724 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
23:06:14.0916 4724 WpdUsb - ok
23:06:15.0076 4724 WQ_USBHWA (ee29e818172815a3107728a7f1fe0f91) C:\Windows\system32\DRIVERS\WQ_hwa.sys
23:06:15.0076 4724 WQ_USBHWA - ok
23:06:15.0136 4724 WQ_USBLOAD (83a402ff8f92c89fdd2aafbbabd7c53d) C:\Windows\system32\DRIVERS\WQ_ldr.sys
23:06:15.0136 4724 WQ_USBLOAD - ok
23:06:15.0211 4724 WQ_USBRCI (ba8ec3b2027969509e15112ad9d8ce3b) C:\Windows\system32\DRIVERS\WQ_rci.sys
23:06:15.0211 4724 WQ_USBRCI - ok
23:06:15.0311 4724 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
23:06:15.0316 4724 ws2ifsl - ok
23:06:15.0366 4724 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:06:15.0371 4724 WUDFRd - ok
23:06:15.0426 4724 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:06:15.0461 4724 \Device\Harddisk0\DR0 - ok
23:06:15.0471 4724 MBR (0x1B8) (aeea4d04a2b91d341a5c61a217ad2e9f) \Device\Harddisk1\DR1
23:06:19.0821 4724 \Device\Harddisk1\DR1 - ok
23:06:19.0871 4724 Boot (0x1200) (6211e3e72ef3f520443c92daa169f942) \Device\Harddisk0\DR0\Partition0
23:06:19.0876 4724 \Device\Harddisk0\DR0\Partition0 - ok
23:06:19.0886 4724 Boot (0x1200) (9ea193c0ee51ed2663f1804522064ff0) \Device\Harddisk1\DR1\Partition0
23:06:19.0886 4724 \Device\Harddisk1\DR1\Partition0 - ok
23:06:19.0891 4724 ============================================================
23:06:19.0891 4724 Scan finished
23:06:19.0891 4724 ============================================================
23:06:19.0916 1256 Detected object count: 0
23:06:19.0916 1256 Actual detected object count: 0

#18 User is offline   Stone Rhino 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 17-October 11

Posted 26 October 2011 - 10:53 PM

I trust the fact that it hasnt found anything a plus?

But what is disturbing me is the fact that I have approx 30 seconds once the pc hits desktop, to perform any kind of UAC elevated tasks. After I receive the service host fault window (Attached JPG), anything that requires elevated rights just sits there and waits.

This started out as a simple hard drive replacement, now turned into a giant mess. I am learning should I come across this again, and I am quite sure I will.

Attached File(s)


#19 User is offline   nasdaq 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,053
  • Joined: 16-June 06
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 27 October 2011 - 09:44 AM

Please post the log of this scan if you can run the tool.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#20 User is offline   Stone Rhino 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 17-October 11

Posted 27 October 2011 - 02:14 PM

Awesome! Its combofix time! I am well aware of its capabilities.

I will likely have to remove AVG because it will interfere, correct? Derp, Forgot about the turn off feature.

This post has been edited by Stone Rhino: 27 October 2011 - 02:18 PM

#21 User is offline   Stone Rhino 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 17-October 11

Posted 27 October 2011 - 06:09 PM

ComboFix 11-10-27.06 - dennis 10/27/2011 17:10:30.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2552 [GMT -4:00]
Running from: c:\users\dennis\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\cb.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\cb.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\cid.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\cid.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\cid.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ddv.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\fix.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\fix.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\FS.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\FS.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\FS.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\FW.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\FW.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\gid.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\gid.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\gid.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\grid.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\grid.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\grid.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\grid.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\runddl.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\runddl.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\runddl.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\runddl.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\SM.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\SM.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\SM.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\snl2w.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\snl2w.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\snl2w.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\snl2w.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\std.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\std.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.tmp
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\system32\AutoRun.inf
c:\windows\system32\consrv.dll
c:\windows\system32\drivers\etc\host_new
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-27 21:22 . 2011-10-27 21:27 -------- d-----w- c:\users\dennis\AppData\Local\temp
2011-10-27 21:22 . 2011-10-27 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-13 00:26 . 2011-09-23 13:57 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E972E46-A25C-4F01-9FE7-2B0386E410E7}\mpengine.dll
2011-09-02 13:52 . 2011-09-02 13:52 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs
2011-09-02 13:52 . 2011-09-02 13:52 256 ----a-w- c:\windows\SysWow64\MSIevent.bat
2011-08-31 21:00 . 2010-01-21 16:39 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 01:09 . 2011-08-30 01:09 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-30 01:09 . 2011-08-30 01:09 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-30 01:09 . 2011-08-30 01:09 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-30 01:09 . 2011-08-30 01:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-30 01:09 . 2011-08-30 01:09 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-30 01:09 . 2011-08-30 01:09 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-08-30 01:09 . 2011-08-30 01:09 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-30 01:09 . 2011-08-30 01:09 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-30 01:09 . 2011-08-30 01:09 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-30 01:09 . 2011-08-30 01:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-30 01:09 . 2011-08-30 01:09 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-30 01:09 . 2011-08-30 01:09 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-30 01:09 . 2011-08-30 01:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-30 01:09 . 2011-08-30 01:09 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-30 01:09 . 2011-08-30 01:09 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-30 01:09 . 2011-08-30 01:09 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-08-30 01:09 . 2011-08-30 01:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-30 01:09 . 2011-08-30 01:09 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-30 01:09 . 2011-08-30 01:09 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-30 01:09 . 2011-08-30 01:09 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-30 01:09 . 2011-08-30 01:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-30 01:09 . 2011-08-30 01:09 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-30 01:09 . 2011-08-30 01:09 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-30 01:09 . 2011-08-30 01:09 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-30 01:09 . 2011-08-30 01:09 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-08-30 01:09 . 2011-08-30 01:09 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-08-30 01:09 . 2011-08-30 01:09 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-30 01:09 . 2011-08-30 01:09 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-30 01:09 . 2011-08-30 01:09 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-30 01:09 . 2011-08-30 01:09 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-30 01:09 . 2011-08-30 01:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-30 01:09 . 2011-08-30 01:09 448512 ----a-w- c:\windows\system32\html.iec
2011-08-30 01:09 . 2011-08-30 01:09 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-30 01:09 . 2011-08-30 01:09 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-30 01:09 . 2011-08-30 01:09 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-30 01:09 . 2011-08-30 01:09 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-30 01:09 . 2011-08-30 01:09 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-30 01:09 . 2011-08-30 01:09 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-30 01:09 . 2011-08-30 01:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-30 01:09 . 2011-08-30 01:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-30 01:09 . 2011-08-30 01:09 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-30 01:09 . 2011-08-30 01:09 160256 ----a-w- c:\windows\system32\wextract.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]
2011-04-05 00:37 81920 ----a-w- c:\program files (x86)\oovootoolbar\oovootoolbarX.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-11-25 13:49 2463048 ----a-w- c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-11-25 2463048]
"{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files (x86)\oovootoolbar\oovootoolbarX.dll" [2011-04-05 81920]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-01-25 22504120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2008-01-11 692224]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-01-07 2747744]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-05-16 206120]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-11-25 517448]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 NCHGBIOS2x64;NCHGBIOS2x64;c:\toshbios.upd\NCHGBIOS2x64.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WQ_USBLOAD;WiQuest WUSB Loader driver;c:\windows\system32\DRIVERS\WQ_ldr.sys [x]
R4 KR10I64;KR10I64;c:\windows\system32\drivers\kr10i64.sys [x]
R4 KR10N64;KR10N64;c:\windows\system32\drivers\kr10n64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-01-06 6128720]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-07-01 151552]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-05-16 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-05-16 185640]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 DC1150.X64;TOSHIBA FM Tuner, Service X64;c:\windows\system32\DRIVERS\DC1150.X64.SYS [x]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 wbondir;Winbond CIR Transceiver;c:\windows\system32\DRIVERS\wbondir.sys [x]
S3 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\DRIVERS\winbondhidcir.sys [x]
S3 WQ_USBHWA;WiQuest Host Wire Adapter driver;c:\windows\system32\DRIVERS\WQ_hwa.sys [x]
S3 WQ_USBRCI;WiQuest UltraWideBand driver;c:\windows\system32\DRIVERS\WQ_rci.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1235240]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-24 8081952]
"TosAutLk"="c:\program files (x86)\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2008-04-02 116040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-29 15859744]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-29 82464]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"combofix"="c:\combofix\CF1271.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\omgt88yn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.oovoostart.com/?cfg=2-201-0-0&engine_id=1&provider_id=1&product_id=201&country=US
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d8ca327&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files (x86)\AVG\AVG10\Firefox
FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ooVooToolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - %profile%\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{104CE627-BA62-4DFC-83E2-00D526802408} - (no file)
Wow6432Node-HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-TOSDCR - c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-10-27 17:36:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-27 21:36
.
Pre-Run: 108,937,900,032 bytes free
Post-Run: 108,488,388,608 bytes free
.
- - End Of File - - F05217EAF8DD37CB46ECDCEBF5398169

#22 User is offline   Stone Rhino 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 17-October 11

Posted 27 October 2011 - 06:14 PM

I am once again amazed by the power of combofix.

The laptop seems to be returning back to its normal operation. I can now perform UAC Elevated tasks in control panel and task manager.

Is there anything else you would like to do?

I thank you greatly for your assistance, nasdaq. My friend is ecstatic that this mess will be over soon.

#23 User is offline   nasdaq 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,053
  • Joined: 16-June 06
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 28 October 2011 - 07:20 AM

ComboFix remove this modified hosts file.
c:\windows\system32\drivers\etc\host_new

I know that this infection does modify the HOSTS file.

You may like this tool.

RESTORE ORIGINAL HOSTS FILE

Go to: http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=
Download the program HostsXpert to restore the default hosts file back onto your machine.
Unzip the program and execute it.
Select
"Restore MS Hosts File".
Close the application.


All you need to know about the hosts file.
http://www.mvps.org/winhelp2002/hosts.htm
=*=

The ComboFix log is clean. Lets check this out.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===

#24 User is offline   Stone Rhino 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 17-October 11

Posted 28 October 2011 - 09:54 PM

Results of screen317's Security Check version 0.99.24
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player ( 10.0.22.87) Flash Player Out of Date!
Mozilla Firefox (3.6.22) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

#25 User is offline   Stone Rhino 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 17-October 11

Posted 28 October 2011 - 10:06 PM

Java has been fixed by removing it.
Teatimer is intentionally off. TBH, it shouldn't but that is my friends choice. I will encourage him to tolerate it again.
Firefox nuked.
Adobe is now up to date.
AVG is now running 2012.
Service packing is in progress.

Out of curiosity, are there any known vectors that this sneaks in?

I generally make sure anyone's pc I touch, java is removed. I've had nothing but trouble from it and it tends to bypass the firefox plugin NoScript (which is unacceptable!).

Ive replaced the hosts file with a nice big blacklist of bad websites courtesy of spybotsd, made the file read only, and gave it the system attribute as an added measure.

I think we can say things are back to a "normal" state of affairs.

P.S.- As I was running an AVG sweep, it picked up 3 more bad files in the winSxS and assembly folder. Removed successfully.

This post has been edited by Stone Rhino: 28 October 2011 - 10:10 PM

#26 User is offline   nasdaq 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,053
  • Joined: 16-June 06
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 29 October 2011 - 09:13 AM

Quote

Out of curiosity, are there any known vectors that this sneaks in?

Sorry no.

This was the infection.
http://www.bleepingcomputer.com/virus-removal/remove-malware-destructor-2009
==

Time for some housekeeping
    The following will implement some cleanup procedures as well as reset System Restore points:

    Click Start > Run and copy/paste the following bold text into the Run box and click OK:

    ComboFix /Uninstall

===

Delete the other tools we used to clean this computer.

Surf Safely, and Think Prevention!
===

#27 User is offline   Stone Rhino 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 17-October 11

Posted 29 October 2011 - 11:11 AM

Thanks for the help nasdaq. Your efforts and everyone else here dont get enough credit for what you do! Kudos!

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users