Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Redirect Malware in IE and Firefox


  • This topic is locked This topic is locked
25 replies to this topic

#1 Anasazi25

Anasazi25

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 23 September 2011 - 09:39 AM

Referred from here: http://www.bleepingcomputer.com/forums/topic419874.html ~ OB

I was previously getting assistance on this site and was eventually sent to post a new topic here because we weren't having any luck was told it might be protected malware. I've run: SecurityCheck, MiniToolbox, Malwarebytes' Anti-Malware, GMER (I have a 64-bit operating system and ran it anyway - no report available), TDSSKiller, Norton Power Eraser, ESET OnlineScan, and DeFogger in addition to my Kaspersky software - nothing has been found.

The problem? I get a redirect when I click on anything from a search engine (have only tried Google and Bing with same results) in IE and Firefox, plus I'll sometimes get an automatic second spam window when I click to open a new IE browser.

Please help!

DDS.txt log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 10.0.0
Run by DJ at 9:29:38 on 2011-09-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8180.4022 [GMT -4:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Internet Security *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: Kaspersky Internet Security *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\QuickArticleSubmitter\AutoSubmission.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\SysWOW64\ping.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtblfs.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.cnn.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: Userinit=userinit.exe
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [IBP]
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
mRun: [QuickArticleSubmitter] C:\PROGRA~2\QUICKA~2\AutoSubmission.exe
mRun: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe
TCP: DhcpNameServer = 167.206.112.138 167.206.7.4 192.168.1.1
TCP: Interfaces\{603DADED-119D-4E0B-B0F4-F4F7B8993B2A} : DhcpNameServer = 167.206.112.138 167.206.7.4 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
BHO-X64: AC-Pro: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
BHO-X64: SuggestMeYesBHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
mRun-x64: [QuickArticleSubmitter] C:\PROGRA~2\QUICKA~2\AutoSubmission.exe
mRun-x64: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\1rg42svr.default\
FF - prefs.js: browser.startup.homepage - cnn.com
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-6-27 88576]
R2 AVP;Kaspersky Internet Security;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340520]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-21 366152]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2008-11-7 25824]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-20 1153368]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-7-24 118272]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-14 136176]
S2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000va.sys --> C:\Windows\system32\DRIVERS\ae1000va.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-8-6 1038088]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-14 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-09-23 06:14:32 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{026D3B59-F93D-4B1F-AB50-B65D24A93AB6}\offreg.dll
2011-09-23 06:14:30 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{026D3B59-F93D-4B1F-AB50-B65D24A93AB6}\mpengine.dll
2011-09-22 18:15:45 -------- d-----w- C:\Users\DJ\AppData\Local\CrashDumps
2011-09-22 17:37:18 -------- d-----w- C:\Program Files (x86)\ESET
2011-09-22 13:27:37 -------- d-----w- C:\Users\DJ\AppData\Local\NPE
2011-09-22 13:27:37 -------- d-----w- C:\ProgramData\Norton
2011-09-21 13:52:05 -------- d-----w- C:\Users\DJ\AppData\Roaming\Malwarebytes
2011-09-21 13:51:32 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-21 13:51:27 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-21 13:51:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-20 16:01:16 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-09-20 16:01:16 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-09-20 15:21:11 -------- d-----w- C:\ProgramData\PC Tools
2011-09-19 14:47:43 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-09-16 19:17:10 -------- d-----we C:\Windows\system64
2011-09-16 16:40:41 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-09-16 16:40:41 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-09-16 16:37:34 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-08-30 15:04:52 -------- d-----w- C:\Windows\pss
2011-08-30 14:58:21 -------- d-----w- C:\Users\DJ\AppData\Local\Innovative Solutions
2011-08-30 14:34:57 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-30 14:34:48 1427344 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-30 14:34:43 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-08-30 14:34:40 4699536 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-30 14:34:27 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-30 14:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-30 14:32:05 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-26 13:42:48 -------- d-----w- C:\Users\DJ\AppData\Local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2011-09-22 20:20:54 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-22 20:01:42 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-06 13:38:16 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-23 11:31:32 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-07-23 11:24:17 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-07-23 11:23:51 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-07-23 11:23:30 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-07-23 11:23:29 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-07-23 11:00:05 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-07-23 10:31:39 479232 ----a-w- C:\Windows\System32\html.iec
2011-07-23 10:03:47 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-07-23 09:50:14 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-07-23 09:48:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-23 09:27:04 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-06-30 18:08:25 72080 ----a-w- C:\Users\DJ\g2mdlhlpx.exe
.
============= FINISH: 9:31:12.55 ===============

Attached Files


Edited by Orange Blossom, 23 September 2011 - 05:20 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 28 September 2011 - 09:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420130 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Anasazi25

Anasazi25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 29 September 2011 - 01:35 PM

Original problem - I got a redirect when I clicked on anything from a search engine (only tried Google and Bing with same results) in IE and Firefox, plus I'd sometimes get an automatic second spam window when I clicked to open a new IE browser. After some assistance on this site (http://www.bleepingcomputer.com/forums/topic419874.html), I've run: SecurityCheck, MiniToolbox, Malwarebytes' Anti-Malware, GMER (I have a 64-bit operating system and ran it anyway - no report available), TDSSKiller, Norton Power Eraser, ESET OnlineScan, and DeFogger in addition to my Kaspersky software - nothing had been found.

I was still having the problems when I was directed to create a new post. However, after I downloaded some Windows Live updates a few days later, I had to restart my computer and the problem seemed to stop for the most part. I haven't been redirected anywhere in the search results, but a few times I've still gotten the second ad pop up window when I open a new browser - so I might still have something? I figure better safe than sorry.

Below is the new DDS.txt report. And as before, I ran the GMER on a 64 bit system - but it didn't give me anything at the end.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 10.0.0
Run by DJ at 14:16:55 on 2011-09-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8180.2414 [GMT -4:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Internet Security *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: Kaspersky Internet Security *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\QuickArticleSubmitter\AutoSubmission.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\SysWOW64\java.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtblfs.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\SysWOW64\ping.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Photoshop.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.cnn.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: Userinit=userinit.exe
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [IBP]
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
mRun: [QuickArticleSubmitter] C:\PROGRA~2\QUICKA~2\AutoSubmission.exe
mRun: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe
TCP: DhcpNameServer = 167.206.112.138 167.206.7.4 192.168.1.1
TCP: Interfaces\{603DADED-119D-4E0B-B0F4-F4F7B8993B2A} : DhcpNameServer = 167.206.112.138 167.206.7.4 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
BHO-X64: AC-Pro: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
BHO-X64: SuggestMeYesBHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
mRun-x64: [QuickArticleSubmitter] C:\PROGRA~2\QUICKA~2\AutoSubmission.exe
mRun-x64: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\1rg42svr.default\
FF - prefs.js: browser.startup.homepage - cnn.com
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-6-27 88576]
R2 AVP;Kaspersky Internet Security;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340520]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-21 366152]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2008-11-7 25824]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-20 1153368]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-7-24 118272]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-8-6 1038088]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-14 136176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000va.sys --> C:\Windows\system32\DRIVERS\ae1000va.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-14 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-09-27 13:33:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5E298E5-C894-4CF1-BBBE-E4A13E26FABF}\offreg.dll
2011-09-27 13:15:58 -------- d-----w- C:\Windows\en
2011-09-27 13:09:19 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-27 13:03:47 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e512c6e01cc7d1502\MeshBetaRemover.exe
2011-09-27 06:14:38 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5E298E5-C894-4CF1-BBBE-E4A13E26FABF}\mpengine.dll
2011-09-26 20:53:41 -------- d-----w- C:\Users\DJ\AppData\Local\{5A51BAF2-5A0E-414F-92E3-245C15B46221}
2011-09-22 18:15:45 -------- d-----w- C:\Users\DJ\AppData\Local\CrashDumps
2011-09-22 17:37:18 -------- d-----w- C:\Program Files (x86)\ESET
2011-09-22 13:27:37 -------- d-----w- C:\Users\DJ\AppData\Local\NPE
2011-09-22 13:27:37 -------- d-----w- C:\ProgramData\Norton
2011-09-21 13:52:05 -------- d-----w- C:\Users\DJ\AppData\Roaming\Malwarebytes
2011-09-21 13:51:32 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-21 13:51:27 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-21 13:51:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-20 16:01:16 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-09-20 16:01:16 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-09-20 15:21:11 -------- d-----w- C:\ProgramData\PC Tools
2011-09-19 14:47:43 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-09-16 19:17:10 -------- d-----we C:\Windows\system64
2011-09-16 16:40:41 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-09-16 16:40:41 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-09-16 16:37:34 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-09-22 20:20:54 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-22 20:01:42 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-06 13:38:16 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-23 11:31:32 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-07-23 11:24:17 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-07-23 11:23:51 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-07-23 11:23:30 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-07-23 11:23:29 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-07-23 11:04:29 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-07-23 10:31:39 479232 ----a-w- C:\Windows\System32\html.iec
2011-07-23 10:03:47 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-07-23 09:50:14 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-07-23 09:48:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-23 09:27:04 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-11 13:45:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-11 13:25:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-06 15:49:23 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 14:21:04.11 ===============

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:29 PM

Posted 29 September 2011 - 10:02 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Anasazi25

Anasazi25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 30 September 2011 - 08:46 AM

This is going to be a rough day.

I downloaded aswMBR to my desktop and ran it. As soon as I hit "Scan," I got the blue screen of death and my computer rebooted. My computer then froze upon restart and I had to force another restart. This time it booted okay. I opened IE and immediately got a pop up ad window with my original window. Out of curiosity, I did a quick google search and hit the first result that popped up and got redirected to a spam site. Seems whatever progress my computer made in the last week has gone out the window and I'm fully infested again.

Call it morbid curiosity, but I tried to run the aswMBR scan again (actually, it was probably because I figured you'd insist I try again anyway) and again - blue screen. Fortunately, I was ready with my phone and took a picture of it to share. It rebooted itself okay the first time. Came immediately here to post the bad news. I do not plan to run the aswMBR again.

Edit - When I first tried to attach the image of my blue screen, it appears it didn't work. Here is a link: http://www.flickr.com/photos/68131558@N04/6198320764/

I also see that you're in London, so we're going to have some time difference issues (I'm on EST). Wanted to give you a heads up that this is my work computer (desktop), so if you respond after 5pm my time I will not be able to try anything you suggest until Monday morning.

Edited by Anasazi25, 30 September 2011 - 11:04 AM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:29 PM

Posted 30 September 2011 - 05:28 PM

Thanks for the information. aswMBR is crashing and this usually means rootkit activity.

When you return to your desk, please run MBRCheck and see if we can get a scanner to run

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#7 Anasazi25

Anasazi25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 03 October 2011 - 08:11 AM

Ran the MBRCheck - didn't ask me to repair anything. Here's the log:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 545
Logical Drives Mask: 0x000005fc

Kernel Drivers (total 149):
0x07860000 \SystemRoot\system32\ntoskrnl.exe
0x0781A000 \SystemRoot\system32\hal.dll
0x0060E000 \SystemRoot\system32\kdcom.dll
0x00618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00653000 \SystemRoot\system32\PSHED.dll
0x00667000 \SystemRoot\system32\CLFS.SYS
0x006C4000 \SystemRoot\system32\CI.dll
0x00801000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008E9000 \SystemRoot\system32\drivers\acpi.sys
0x0093F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00948000 \SystemRoot\system32\drivers\msisadrv.sys
0x00952000 \SystemRoot\system32\drivers\pci.sys
0x00982000 \SystemRoot\System32\drivers\partmgr.sys
0x00997000 \SystemRoot\system32\drivers\volmgr.sys
0x00776000 \SystemRoot\System32\drivers\volmgrx.sys
0x009AB000 \SystemRoot\system32\DRIVERS\intelide.sys
0x009B3000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x009C3000 \SystemRoot\system32\drivers\pciide.sys
0x009CA000 \SystemRoot\System32\drivers\mountmgr.sys
0x009DD000 \SystemRoot\system32\drivers\atapi.sys
0x007DC000 \SystemRoot\system32\drivers\ataport.SYS
0x00A0A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A51000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A65000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00A71000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0D000 \SystemRoot\system32\drivers\ndis.sys
0x00AF8000 \SystemRoot\system32\drivers\msrpc.sys
0x00B48000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E0D000 \SystemRoot\System32\drivers\tcpip.sys
0x00F83000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0100F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0118F000 \SystemRoot\system32\drivers\volsnap.sys
0x011D3000 \SystemRoot\System32\Drivers\spldr.sys
0x011DB000 \SystemRoot\System32\Drivers\mup.sys
0x011ED000 \SystemRoot\system32\DRIVERS\klbg.sys
0x00FAF000 \SystemRoot\System32\drivers\ecache.sys
0x00FDB000 \SystemRoot\system32\drivers\disk.sys
0x00DD0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01000000 \SystemRoot\system32\drivers\crcdisk.sys
0x00BA1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00BAE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00BB7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02407000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02C0B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CEE000 \SystemRoot\System32\drivers\watchdog.sys
0x02CFE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02D0A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02D50000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E05000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02EF2000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x02F42000 \SystemRoot\system32\DRIVERS\CAXHWBS2.sys
0x02FB2000 \SystemRoot\system32\DRIVERS\ks.sys
0x03001000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x03203000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x032CE000 \SystemRoot\system32\drivers\modem.sys
0x032DD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x032F9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03306000 \SystemRoot\system32\DRIVERS\serscan.sys
0x0330E000 \SystemRoot\system32\drivers\ksthunk.sys
0x03314000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x0334D000 \SystemRoot\system32\DRIVERS\storport.sys
0x033AA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x033B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x033DA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03175000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x033E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x031A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x031C4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x031DC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x031EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02FE6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x033F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02FF2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02D61000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02D71000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02DB9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04005000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04180000 \SystemRoot\system32\drivers\portcls.sys
0x041BB000 \SystemRoot\system32\drivers\drmk.sys
0x02B8B000 \SystemRoot\system32\DRIVERS\klif.sys
0x041DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x041E8000 \SystemRoot\System32\Drivers\Null.SYS
0x033F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x041F1000 \SystemRoot\System32\drivers\vga.sys
0x02DCD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02DF2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02C00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02BE8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00BCA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02BF3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x00BDB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04206000 \SystemRoot\system32\DRIVERS\kl1.sys
0x0472F000 \SystemRoot\system32\DRIVERS\smb.sys
0x0474A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0478E000 \SystemRoot\system32\drivers\afd.sys
0x04806000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04824000 \SystemRoot\system32\DRIVERS\klim6.sys
0x0482E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0483D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04858000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x048A5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x048B1000 \SystemRoot\System32\Drivers\dfsc.sys
0x048CE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x048EA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x048EC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04904000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0490D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0491F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0492A000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x04934000 \SystemRoot\System32\Drivers\fastfat.SYS
0x04969000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x04974000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04982000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0498E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x04996000 \SystemRoot\System32\drivers\Dxapi.sys
0x049A2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x00800000 \SystemRoot\System32\ATMFD.DLL
0x049B5000 \SystemRoot\system32\drivers\luafv.sys
0x15E07000 \SystemRoot\system32\drivers\spsys.sys
0x15EA1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x15EB5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x15EE9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x15EF4000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x15F00000 \SystemRoot\system32\DRIVERS\purendis.sys
0x15F0C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x15F24000 \SystemRoot\system32\drivers\HTTP.sys
0x15FC7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x049D7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x1620D000 \SystemRoot\system32\drivers\mrxdav.sys
0x16234000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x1625D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x162A6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x162C5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x162F7000 \SystemRoot\System32\DRIVERS\srv.sys
0x1638A000 \SystemRoot\System32\Drivers\adfs.SYS
0x163A2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x16C02000 \SystemRoot\system32\drivers\peauth.sys
0x16CB8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x16CC3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x16CD3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x16CF3000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x16D09000 \SystemRoot\system32\DRIVERS\xaudio64.sys
0x16D11000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x16D2D000 \??\C:\Windows\system32\drivers\mbam.sys
0x77BA0000 \Windows\System32\ntdll.dll

Processes (total 86):
0 System Idle Process
4 System
492 C:\Windows\System32\smss.exe
560 csrss.exe
608 C:\Windows\System32\wininit.exe
616 csrss.exe
664 C:\Windows\System32\services.exe
720 C:\Windows\System32\lsass.exe
728 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\winlogon.exe
940 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
280 C:\Windows\System32\svchost.exe
548 C:\Windows\System32\svchost.exe
524 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\audiodg.exe
1180 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\SLsvc.exe
1276 C:\Windows\System32\svchost.exe
1384 C:\Program Files\Dell\DellDock\DockLogin.exe
1504 C:\Windows\System32\svchost.exe
1792 C:\Windows\explorer.exe
1880 C:\Windows\System32\dwm.exe
860 C:\Windows\System32\spoolsv.exe
1256 C:\Windows\System32\svchost.exe
1344 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
132 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1512 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1272 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
1804 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2060 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
2124 C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
2244 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2272 C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
2336 C:\Windows\SysWOW64\java.exe

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:29 PM

Posted 03 October 2011 - 08:10 PM

The log cut off. Make sure you are copying the whole thing and try again.
Posted Image
m0le is a proud member of UNITE

#9 Anasazi25

Anasazi25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 04 October 2011 - 08:10 AM

It must've gotten interrupted while it ran because that was all I had in that log. I ran MBRCheck a second time and got more info:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 545
Logical Drives Mask: 0x000005fc

Kernel Drivers (total 149):
0x07860000 \SystemRoot\system32\ntoskrnl.exe
0x0781A000 \SystemRoot\system32\hal.dll
0x0060E000 \SystemRoot\system32\kdcom.dll
0x00618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00653000 \SystemRoot\system32\PSHED.dll
0x00667000 \SystemRoot\system32\CLFS.SYS
0x006C4000 \SystemRoot\system32\CI.dll
0x00801000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008E9000 \SystemRoot\system32\drivers\acpi.sys
0x0093F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00948000 \SystemRoot\system32\drivers\msisadrv.sys
0x00952000 \SystemRoot\system32\drivers\pci.sys
0x00982000 \SystemRoot\System32\drivers\partmgr.sys
0x00997000 \SystemRoot\system32\drivers\volmgr.sys
0x00776000 \SystemRoot\System32\drivers\volmgrx.sys
0x009AB000 \SystemRoot\system32\DRIVERS\intelide.sys
0x009B3000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x009C3000 \SystemRoot\system32\drivers\pciide.sys
0x009CA000 \SystemRoot\System32\drivers\mountmgr.sys
0x009DD000 \SystemRoot\system32\drivers\atapi.sys
0x007DC000 \SystemRoot\system32\drivers\ataport.SYS
0x00A0A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A51000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A65000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00A71000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0D000 \SystemRoot\system32\drivers\ndis.sys
0x00AF8000 \SystemRoot\system32\drivers\msrpc.sys
0x00B48000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E0D000 \SystemRoot\System32\drivers\tcpip.sys
0x00F83000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0100F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0118F000 \SystemRoot\system32\drivers\volsnap.sys
0x011D3000 \SystemRoot\System32\Drivers\spldr.sys
0x011DB000 \SystemRoot\System32\Drivers\mup.sys
0x011ED000 \SystemRoot\system32\DRIVERS\klbg.sys
0x00FAF000 \SystemRoot\System32\drivers\ecache.sys
0x00FDB000 \SystemRoot\system32\drivers\disk.sys
0x00DD0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01000000 \SystemRoot\system32\drivers\crcdisk.sys
0x00BA1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00BAE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00BB7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02407000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02C0B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CEE000 \SystemRoot\System32\drivers\watchdog.sys
0x02CFE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02D0A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02D50000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E05000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02EF2000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x02F42000 \SystemRoot\system32\DRIVERS\CAXHWBS2.sys
0x02FB2000 \SystemRoot\system32\DRIVERS\ks.sys
0x03001000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x03203000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x032CE000 \SystemRoot\system32\drivers\modem.sys
0x032DD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x032F9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03306000 \SystemRoot\system32\DRIVERS\serscan.sys
0x0330E000 \SystemRoot\system32\drivers\ksthunk.sys
0x03314000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x0334D000 \SystemRoot\system32\DRIVERS\storport.sys
0x033AA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x033B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x033DA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03175000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x033E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x031A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x031C4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x031DC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x031EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02FE6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x033F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02FF2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02D61000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02D71000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02DB9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04005000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04180000 \SystemRoot\system32\drivers\portcls.sys
0x041BB000 \SystemRoot\system32\drivers\drmk.sys
0x02B8B000 \SystemRoot\system32\DRIVERS\klif.sys
0x041DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x041E8000 \SystemRoot\System32\Drivers\Null.SYS
0x033F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x041F1000 \SystemRoot\System32\drivers\vga.sys
0x02DCD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02DF2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02C00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02BE8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00BCA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02BF3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x00BDB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04206000 \SystemRoot\system32\DRIVERS\kl1.sys
0x0472F000 \SystemRoot\system32\DRIVERS\smb.sys
0x0474A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0478E000 \SystemRoot\system32\drivers\afd.sys
0x04806000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04824000 \SystemRoot\system32\DRIVERS\klim6.sys
0x0482E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0483D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04858000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x048A5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x048B1000 \SystemRoot\System32\Drivers\dfsc.sys
0x048CE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x048EA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x048EC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04904000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0490D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0491F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0492A000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x04934000 \SystemRoot\System32\Drivers\fastfat.SYS
0x04969000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x04974000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04982000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0498E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x04996000 \SystemRoot\System32\drivers\Dxapi.sys
0x049A2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x00800000 \SystemRoot\System32\ATMFD.DLL
0x049B5000 \SystemRoot\system32\drivers\luafv.sys
0x15E07000 \SystemRoot\system32\drivers\spsys.sys
0x15EA1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x15EB5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x15EE9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x15EF4000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x15F00000 \SystemRoot\system32\DRIVERS\purendis.sys
0x15F0C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x15F24000 \SystemRoot\system32\drivers\HTTP.sys
0x15FC7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x049D7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x1620D000 \SystemRoot\system32\drivers\mrxdav.sys
0x16234000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x1625D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x162A6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x162C5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x162F7000 \SystemRoot\System32\DRIVERS\srv.sys
0x1638A000 \SystemRoot\System32\Drivers\adfs.SYS
0x163A2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x16C02000 \SystemRoot\system32\drivers\peauth.sys
0x16CB8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x16CC3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x16CD3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x16CF3000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x16D09000 \SystemRoot\system32\DRIVERS\xaudio64.sys
0x16D11000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x16D2D000 \??\C:\Windows\system32\drivers\mbam.sys
0x77BA0000 \Windows\System32\ntdll.dll

Processes (total 89):
0 System Idle Process
4 System
492 C:\Windows\System32\smss.exe
560 csrss.exe
608 C:\Windows\System32\wininit.exe
616 csrss.exe
664 C:\Windows\System32\services.exe
720 C:\Windows\System32\lsass.exe
728 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\winlogon.exe
940 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
280 C:\Windows\System32\svchost.exe
548 C:\Windows\System32\svchost.exe
524 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\audiodg.exe
1180 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\SLsvc.exe
1276 C:\Windows\System32\svchost.exe
1384 C:\Program Files\Dell\DellDock\DockLogin.exe
1504 C:\Windows\System32\svchost.exe
1792 C:\Windows\explorer.exe
1880 C:\Windows\System32\dwm.exe
860 C:\Windows\System32\spoolsv.exe
1256 C:\Windows\System32\svchost.exe
1344 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
132 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1512 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1272 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
1804 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2060 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
2124 C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
2244 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2272 C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
2336 C:\Windows\SysWOW64\java.exe
2400 C:\Windows\System32\svchost.exe
2424 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
2528 C:\Windows\System32\svchost.exe
2568 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
2668 C:\Windows\System32\svchost.exe
2728 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2760 C:\Windows\System32\SearchIndexer.exe
2856 C:\Windows\System32\drivers\XAudio64.exe
1776 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1148 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2548 WUDFHost.exe
3232 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2560 C:\Program Files\Windows Defender\MSASCui.exe
2232 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4292 C:\Windows\System32\hkcmd.exe
4300 C:\Windows\System32\igfxpers.exe
4352 C:\Windows\System32\igfxsrvc.exe
4492 C:\Windows\ehome\ehtray.exe
4516 C:\Program Files (x86)\Digital Line Detect\DLG.exe
4672 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
4696 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
4760 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
4768 C:\Program Files (x86)\QuickArticleSubmitter\AutoSubmission.exe
4804 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
4812 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
4828 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2460 C:\Windows\ehome\ehmsas.exe
3360 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4992 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4280 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtblfs.exe
1176 C:\Windows\System32\svchost.exe
4620 C:\Windows\System32\svchost.exe
5324 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3168 C:\Program Files\Windows Media Player\wmpnetwk.exe
5760 C:\Windows\System32\taskeng.exe
6072 C:\Windows\System32\taskeng.exe
4800 C:\Windows\System32\wuauclt.exe
2892 C:\Windows\System32\svchost.exe
3852 C:\Windows\splwow64.exe
6392 C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
6908 C:\Windows\SysWOW64\wermgr.exe
5888 C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
7480 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4996 C:\Program Files (x86)\Internet Explorer\iexplore.exe
6180 C:\Program Files (x86)\Internet Explorer\iexplore.exe
164 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1544 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4044 C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
8456 C:\Windows\SysWOW64\PING.EXE
9996 C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
9352 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
9780 C:\Windows\System32\SearchProtocolHost.exe
8596 C:\Windows\System32\SearchFilterHost.exe
9320 C:\Users\DJ\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)
\\.\K: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST3750528AS, Rev: CC44
PhysicalDrive1 Model Number: WD5000BEV External, Rev: 1.75

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B
465 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: CE7DBBBEE43059700485C7835F4E1ED6D2FADB1C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:29 PM

Posted 04 October 2011 - 07:22 PM

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#11 Anasazi25

Anasazi25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 05 October 2011 - 08:16 AM

I ran the program the first time, but nothing was found. I changed the parameters to include "Verify driver digital signatures" and "Detect TDLFS file system" and ran it again. No malicious objects were found, but there was one suspicious object that I selected to copy to quarantine (cure wasn't an option) and my system didn't request a reboot. Here is the log:

09:07:00.0219 1068 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
09:07:00.0594 1068 ============================================================
09:07:00.0594 1068 Current date / time: 2011/10/05 09:07:00.0594
09:07:00.0594 1068 SystemInfo:
09:07:00.0594 1068
09:07:00.0594 1068 OS Version: 6.0.6002 ServicePack: 2.0
09:07:00.0594 1068 Product type: Workstation
09:07:00.0594 1068 ComputerName: DJ-PC
09:07:00.0594 1068 UserName: DJ
09:07:00.0594 1068 Windows directory: C:\Windows
09:07:00.0594 1068 System windows directory: C:\Windows
09:07:00.0595 1068 Running under WOW64
09:07:00.0595 1068 Processor architecture: Intel x64
09:07:00.0595 1068 Number of processors: 4
09:07:00.0595 1068 Page size: 0x1000
09:07:00.0595 1068 Boot type: Normal boot
09:07:00.0595 1068 ============================================================
09:07:04.0981 1068 Initialize success
09:07:18.0906 5356 ============================================================
09:07:18.0906 5356 Scan started
09:07:18.0906 5356 Mode: Manual;
09:07:18.0906 5356 ============================================================
09:07:26.0003 5356 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
09:07:26.0032 5356 ACPI - ok
09:07:26.0114 5356 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
09:07:26.0152 5356 adfs - ok
09:07:26.0232 5356 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
09:07:26.0266 5356 adp94xx - ok
09:07:26.0315 5356 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
09:07:26.0342 5356 adpahci - ok
09:07:26.0401 5356 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
09:07:26.0418 5356 adpu160m - ok
09:07:26.0441 5356 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
09:07:26.0465 5356 adpu320 - ok
09:07:26.0567 5356 AE1000 (852d8034ffd1a1f076318039872fc500) C:\Windows\system32\DRIVERS\ae1000va.sys
09:07:26.0664 5356 AE1000 - ok
09:07:26.0820 5356 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
09:07:26.0849 5356 AFD - ok
09:07:26.0875 5356 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
09:07:26.0922 5356 agp440 - ok
09:07:26.0948 5356 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
09:07:27.0002 5356 aic78xx - ok
09:07:27.0073 5356 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
09:07:27.0083 5356 aliide - ok
09:07:27.0095 5356 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
09:07:27.0105 5356 amdide - ok
09:07:27.0122 5356 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
09:07:27.0193 5356 AmdK8 - ok
09:07:27.0233 5356 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
09:07:27.0246 5356 arc - ok
09:07:27.0273 5356 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
09:07:27.0313 5356 arcsas - ok
09:07:27.0357 5356 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
09:07:27.0367 5356 AsyncMac - ok
09:07:27.0545 5356 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
09:07:27.0553 5356 atapi - ok
09:07:27.0651 5356 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
09:07:27.0683 5356 blbdrive - ok
09:07:27.0879 5356 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
09:07:27.0973 5356 bowser - ok
09:07:27.0980 5356 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
09:07:27.0989 5356 BrFiltLo - ok
09:07:27.0995 5356 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
09:07:28.0023 5356 BrFiltUp - ok
09:07:28.0034 5356 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
09:07:28.0063 5356 Brserid - ok
09:07:28.0070 5356 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
09:07:28.0079 5356 BrSerWdm - ok
09:07:28.0086 5356 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
09:07:28.0121 5356 BrUsbMdm - ok
09:07:28.0171 5356 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
09:07:28.0195 5356 BrUsbSer - ok
09:07:28.0225 5356 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
09:07:28.0243 5356 BTHMODEM - ok
09:07:28.0334 5356 CAXHWBS2 (6c2dd66a3db32450d661ba89b18b1941) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
09:07:28.0374 5356 CAXHWBS2 - ok
09:07:28.0423 5356 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
09:07:28.0452 5356 cdfs - ok
09:07:28.0558 5356 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
09:07:28.0582 5356 cdrom - ok
09:07:28.0637 5356 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
09:07:28.0656 5356 circlass - ok
09:07:28.0709 5356 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
09:07:28.0748 5356 CLFS - ok
09:07:28.0796 5356 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
09:07:28.0846 5356 cmdide - ok
09:07:28.0853 5356 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\drivers\compbatt.sys
09:07:28.0888 5356 Compbatt - ok
09:07:29.0066 5356 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
09:07:29.0141 5356 crcdisk - ok
09:07:29.0204 5356 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
09:07:29.0246 5356 DfsC - ok
09:07:29.0295 5356 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
09:07:29.0318 5356 disk - ok
09:07:29.0424 5356 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
09:07:29.0462 5356 drmkaud - ok
09:07:29.0554 5356 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
09:07:29.0603 5356 DXGKrnl - ok
09:07:29.0646 5356 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
09:07:29.0696 5356 e1express - ok
09:07:29.0879 5356 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
09:07:29.0911 5356 E1G60 - ok
09:07:29.0980 5356 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
09:07:29.0983 5356 Ecache - ok
09:07:30.0009 5356 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
09:07:30.0039 5356 elxstor - ok
09:07:30.0093 5356 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
09:07:30.0129 5356 ErrDev - ok
09:07:30.0398 5356 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
09:07:30.0419 5356 exfat - ok
09:07:30.0592 5356 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
09:07:30.0608 5356 fastfat - ok
09:07:30.0638 5356 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
09:07:30.0648 5356 fdc - ok
09:07:30.0856 5356 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
09:07:31.0251 5356 FileInfo - ok
09:07:31.0313 5356 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
09:07:31.0341 5356 Filetrace - ok
09:07:31.0394 5356 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:07:31.0409 5356 flpydisk - ok
09:07:31.0783 5356 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
09:07:31.0858 5356 FltMgr - ok
09:07:31.0914 5356 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
09:07:31.0917 5356 fssfltr - ok
09:07:31.0999 5356 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
09:07:32.0034 5356 Fs_Rec - ok
09:07:32.0203 5356 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
09:07:32.0301 5356 gagp30kx - ok
09:07:32.0378 5356 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:07:32.0429 5356 GEARAspiWDM - ok
09:07:32.0932 5356 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:07:33.0024 5356 HDAudBus - ok
09:07:33.0180 5356 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
09:07:33.0218 5356 HidBth - ok
09:07:33.0242 5356 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
09:07:33.0251 5356 HidIr - ok
09:07:33.0292 5356 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
09:07:33.0300 5356 HidUsb - ok
09:07:33.0335 5356 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
09:07:33.0345 5356 HpCISSs - ok
09:07:33.0486 5356 HSF_DPV (60f1d0ede7ae2b92b3a8886e825b7147) C:\Windows\system32\DRIVERS\CAX_DPV.sys
09:07:33.0521 5356 HSF_DPV - ok
09:07:33.0640 5356 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
09:07:33.0684 5356 HTTP - ok
09:07:33.0707 5356 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
09:07:33.0716 5356 i2omp - ok
09:07:33.0735 5356 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
09:07:33.0744 5356 i8042prt - ok
09:07:33.0813 5356 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\drivers\iastor.sys
09:07:33.0818 5356 iaStor - ok
09:07:33.0840 5356 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
09:07:33.0850 5356 iaStorV - ok
09:07:34.0185 5356 igfx (2161876969e428a494f8d7c38fa6f513) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:07:34.0276 5356 igfx - ok
09:07:34.0617 5356 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
09:07:34.0656 5356 iirsp - ok
09:07:34.0972 5356 IntcAzAudAddService (49a1c3833af724b2555c0689347dcd05) C:\Windows\system32\drivers\RTKVHD64.sys
09:07:35.0006 5356 IntcAzAudAddService - ok
09:07:35.0043 5356 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
09:07:35.0052 5356 intelide - ok
09:07:35.0061 5356 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
09:07:35.0071 5356 intelppm - ok
09:07:35.0139 5356 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:07:35.0161 5356 IpFilterDriver - ok
09:07:35.0184 5356 IpInIp - ok
09:07:35.0216 5356 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
09:07:35.0240 5356 IPMIDRV - ok
09:07:35.0272 5356 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
09:07:35.0283 5356 IPNAT - ok
09:07:35.0309 5356 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
09:07:35.0336 5356 IRENUM - ok
09:07:35.0365 5356 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
09:07:35.0377 5356 isapnp - ok
09:07:35.0458 5356 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
09:07:35.0485 5356 iScsiPrt - ok
09:07:35.0510 5356 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
09:07:35.0519 5356 iteatapi - ok
09:07:35.0545 5356 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
09:07:35.0554 5356 iteraid - ok
09:07:35.0568 5356 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
09:07:35.0576 5356 kbdclass - ok
09:07:35.0584 5356 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
09:07:35.0591 5356 kbdhid - ok
09:07:35.0647 5356 kl1 (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
09:07:35.0683 5356 kl1 - ok
09:07:35.0715 5356 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\Windows\system32\DRIVERS\klbg.sys
09:07:35.0750 5356 KLBG - ok
09:07:35.0833 5356 KLIF (09bad645d3843669c281431c7df2db2e) C:\Windows\system32\DRIVERS\klif.sys
09:07:35.0874 5356 KLIF - ok
09:07:35.0906 5356 KLIM6 (a1d045c763adec1c7bcb2150f36c60dc) C:\Windows\system32\DRIVERS\klim6.sys
09:07:35.0942 5356 KLIM6 - ok
09:07:35.0951 5356 klmouflt (786791291939abb11f6d0f040da23912) C:\Windows\system32\DRIVERS\klmouflt.sys
09:07:35.0993 5356 klmouflt - ok
09:07:36.0022 5356 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
09:07:36.0042 5356 KSecDD - ok
09:07:36.0070 5356 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
09:07:36.0080 5356 ksthunk - ok
09:07:36.0382 5356 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
09:07:36.0409 5356 lltdio - ok
09:07:36.0582 5356 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
09:07:36.0769 5356 LSI_FC - ok
09:07:36.0993 5356 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
09:07:37.0020 5356 LSI_SAS - ok
09:07:37.0056 5356 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
09:07:37.0128 5356 LSI_SCSI - ok
09:07:37.0160 5356 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
09:07:37.0192 5356 luafv - ok
09:07:37.0288 5356 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
09:07:37.0333 5356 MBAMProtector - ok
09:07:37.0430 5356 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:07:37.0495 5356 mdmxsdk - ok
09:07:37.0547 5356 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
09:07:37.0558 5356 megasas - ok
09:07:37.0578 5356 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
09:07:37.0633 5356 MegaSR - ok
09:07:37.0656 5356 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
09:07:37.0663 5356 Modem - ok
09:07:37.0714 5356 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
09:07:37.0774 5356 monitor - ok
09:07:37.0810 5356 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
09:07:37.0826 5356 mouclass - ok
09:07:37.0834 5356 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
09:07:37.0883 5356 mouhid - ok
09:07:38.0021 5356 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
09:07:38.0030 5356 MountMgr - ok
09:07:38.0070 5356 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
09:07:38.0198 5356 mpio - ok
09:07:38.0256 5356 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
09:07:38.0277 5356 mpsdrv - ok
09:07:38.0311 5356 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
09:07:38.0375 5356 Mraid35x - ok
09:07:38.0430 5356 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
09:07:38.0433 5356 MRxDAV - ok
09:07:38.0494 5356 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:07:38.0556 5356 mrxsmb - ok
09:07:38.0825 5356 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:07:38.0871 5356 mrxsmb10 - ok
09:07:38.0935 5356 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:07:38.0996 5356 mrxsmb20 - ok
09:07:39.0311 5356 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
09:07:39.0334 5356 msahci - ok
09:07:39.0569 5356 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
09:07:39.0596 5356 msdsm - ok
09:07:39.0766 5356 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
09:07:39.0787 5356 Msfs - ok
09:07:39.0815 5356 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
09:07:39.0838 5356 msisadrv - ok
09:07:39.0958 5356 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
09:07:40.0017 5356 MSKSSRV - ok
09:07:40.0051 5356 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
09:07:40.0061 5356 MSPCLOCK - ok
09:07:40.0068 5356 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
09:07:40.0078 5356 MSPQM - ok
09:07:40.0458 5356 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
09:07:40.0462 5356 MsRPC - ok
09:07:40.0483 5356 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
09:07:40.0510 5356 mssmbios - ok
09:07:40.0519 5356 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
09:07:40.0587 5356 MSTEE - ok
09:07:40.0626 5356 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
09:07:40.0648 5356 Mup - ok
09:07:40.0905 5356 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
09:07:40.0913 5356 NativeWifiP - ok
09:07:41.0023 5356 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
09:07:41.0049 5356 NDIS - ok
09:07:41.0079 5356 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
09:07:41.0088 5356 NdisTapi - ok
09:07:41.0095 5356 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
09:07:41.0104 5356 Ndisuio - ok
09:07:41.0361 5356 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
09:07:41.0389 5356 NdisWan - ok
09:07:41.0526 5356 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
09:07:41.0567 5356 NDProxy - ok
09:07:41.0635 5356 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
09:07:42.0044 5356 NetBIOS - ok
09:07:42.0265 5356 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
09:07:42.0332 5356 netbt - ok
09:07:42.0362 5356 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
09:07:42.0392 5356 nfrd960 - ok
09:07:42.0502 5356 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
09:07:42.0522 5356 Npfs - ok
09:07:42.0873 5356 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
09:07:42.0929 5356 nsiproxy - ok
09:07:43.0101 5356 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
09:07:43.0127 5356 Ntfs - ok
09:07:43.0245 5356 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
09:07:43.0285 5356 Null - ok
09:07:43.0496 5356 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
09:07:43.0523 5356 nvraid - ok
09:07:43.0688 5356 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
09:07:43.0716 5356 nvstor - ok
09:07:43.0743 5356 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
09:07:43.0766 5356 nv_agp - ok
09:07:43.0918 5356 NwlnkFlt - ok
09:07:43.0961 5356 NwlnkFwd - ok
09:07:44.0009 5356 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
09:07:44.0040 5356 ohci1394 - ok
09:07:44.0138 5356 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
09:07:44.0166 5356 Parport - ok
09:07:44.0437 5356 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
09:07:44.0463 5356 partmgr - ok
09:07:44.0530 5356 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
09:07:44.0579 5356 pci - ok
09:07:44.0659 5356 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
09:07:44.0667 5356 pciide - ok
09:07:44.0682 5356 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
09:07:44.0693 5356 pcmcia - ok
09:07:44.0721 5356 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
09:07:44.0753 5356 PEAUTH - ok
09:07:45.0016 5356 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
09:07:45.0019 5356 pnarp - ok
09:07:45.0085 5356 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
09:07:45.0151 5356 PptpMiniport - ok
09:07:45.0195 5356 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
09:07:45.0280 5356 Processor - ok
09:07:45.0355 5356 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
09:07:45.0404 5356 PSched - ok
09:07:45.0490 5356 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
09:07:45.0561 5356 purendis - ok
09:07:45.0610 5356 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
09:07:45.0640 5356 PxHlpa64 - ok
09:07:45.0713 5356 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
09:07:45.0832 5356 ql2300 - ok
09:07:45.0882 5356 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
09:07:45.0974 5356 ql40xx - ok
09:07:46.0001 5356 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
09:07:46.0010 5356 QWAVEdrv - ok
09:07:46.0121 5356 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
09:07:46.0246 5356 R300 - ok
09:07:46.0264 5356 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
09:07:46.0273 5356 RasAcd - ok
09:07:46.0494 5356 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:07:46.0544 5356 Rasl2tp - ok
09:07:46.0602 5356 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
09:07:46.0641 5356 RasPppoe - ok
09:07:46.0914 5356 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
09:07:46.0946 5356 RasSstp - ok
09:07:47.0185 5356 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
09:07:47.0247 5356 rdbss - ok
09:07:47.0351 5356 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:07:47.0376 5356 RDPCDD - ok
09:07:47.0396 5356 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
09:07:47.0408 5356 rdpdr - ok
09:07:47.0416 5356 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
09:07:47.0449 5356 RDPENCDD - ok
09:07:47.0499 5356 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
09:07:47.0525 5356 RDPWD - ok
09:07:47.0621 5356 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
09:07:47.0631 5356 rspndr - ok
09:07:47.0861 5356 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
09:07:47.0871 5356 RTL8169 - ok
09:07:47.0901 5356 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
09:07:47.0949 5356 sbp2port - ok
09:07:48.0101 5356 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:07:48.0109 5356 secdrv - ok
09:07:48.0130 5356 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
09:07:48.0139 5356 Serenum - ok
09:07:48.0153 5356 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
09:07:48.0233 5356 Serial - ok
09:07:48.0377 5356 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
09:07:48.0386 5356 sermouse - ok
09:07:48.0410 5356 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
09:07:48.0419 5356 sffdisk - ok
09:07:48.0577 5356 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
09:07:48.0653 5356 sffp_mmc - ok
09:07:48.0699 5356 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
09:07:48.0723 5356 sffp_sd - ok
09:07:48.0986 5356 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
09:07:49.0012 5356 sfloppy - ok
09:07:49.0122 5356 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
09:07:49.0141 5356 SiSRaid2 - ok
09:07:49.0169 5356 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
09:07:49.0237 5356 SiSRaid4 - ok
09:07:49.0315 5356 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
09:07:49.0360 5356 Smb - ok
09:07:49.0407 5356 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
09:07:49.0433 5356 spldr - ok
09:07:49.0710 5356 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
09:07:49.0794 5356 srv - ok
09:07:49.0883 5356 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
09:07:49.0909 5356 srv2 - ok
09:07:49.0942 5356 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
09:07:49.0967 5356 srvnet - ok
09:07:50.0089 5356 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
09:07:50.0092 5356 StillCam - ok
09:07:50.0118 5356 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
09:07:50.0208 5356 swenum - ok
09:07:50.0281 5356 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
09:07:50.0326 5356 Symc8xx - ok
09:07:50.0438 5356 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
09:07:50.0460 5356 Sym_hi - ok
09:07:50.0489 5356 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
09:07:50.0512 5356 Sym_u3 - ok
09:07:50.0847 5356 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
09:07:50.0955 5356 Tcpip - ok
09:07:50.0989 5356 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
09:07:50.0996 5356 Tcpip6 - ok
09:07:51.0259 5356 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
09:07:51.0294 5356 tcpipreg - ok
09:07:51.0501 5356 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
09:07:51.0546 5356 TDPIPE - ok
09:07:51.0576 5356 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
09:07:51.0585 5356 TDTCP - ok
09:07:51.0634 5356 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
09:07:51.0658 5356 tdx - ok
09:07:51.0700 5356 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
09:07:51.0725 5356 TermDD - ok
09:07:51.0734 5356 TfFsMon - ok
09:07:51.0743 5356 TfNetMon - ok
09:07:51.0751 5356 TfSysMon - ok
09:07:51.0796 5356 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:07:51.0805 5356 tssecsrv - ok
09:07:51.0848 5356 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
09:07:51.0857 5356 tunmp - ok
09:07:51.0897 5356 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
09:07:51.0916 5356 tunnel - ok
09:07:51.0942 5356 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
09:07:51.0969 5356 uagp35 - ok
09:07:51.0997 5356 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
09:07:52.0002 5356 udfs - ok
09:07:52.0020 5356 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
09:07:52.0030 5356 uliagpkx - ok
09:07:52.0045 5356 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
09:07:52.0056 5356 uliahci - ok
09:07:52.0072 5356 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
09:07:52.0081 5356 UlSata - ok
09:07:52.0094 5356 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
09:07:52.0104 5356 ulsata2 - ok
09:07:52.0117 5356 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
09:07:52.0127 5356 umbus - ok
09:07:52.0169 5356 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
09:07:52.0197 5356 USBAAPL64 - ok
09:07:52.0236 5356 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
09:07:52.0247 5356 usbaudio - ok
09:07:52.0266 5356 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
09:07:52.0275 5356 usbccgp - ok
09:07:52.0283 5356 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
09:07:52.0292 5356 usbcir - ok
09:07:52.0378 5356 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
09:07:53.0000 5356 usbehci - ok
09:07:53.0330 5356 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
09:07:53.0353 5356 usbhub - ok
09:07:53.0383 5356 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
09:07:53.0391 5356 usbohci - ok
09:07:53.0425 5356 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
09:07:53.0443 5356 usbprint - ok
09:07:53.0495 5356 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
09:07:53.0497 5356 usbscan - ok
09:07:53.0516 5356 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:07:53.0523 5356 USBSTOR - ok
09:07:53.0774 5356 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
09:07:53.0828 5356 usbuhci - ok
09:07:53.0865 5356 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
09:07:53.0875 5356 vga - ok
09:07:53.0885 5356 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
09:07:53.0894 5356 VgaSave - ok
09:07:53.0905 5356 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
09:07:53.0914 5356 viaide - ok
09:07:53.0922 5356 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
09:07:53.0945 5356 volmgr - ok
09:07:54.0042 5356 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
09:07:54.0057 5356 volmgrx - ok
09:07:54.0089 5356 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
09:07:54.0099 5356 volsnap - ok
09:07:54.0112 5356 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
09:07:54.0121 5356 vsmraid - ok
09:07:54.0157 5356 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
09:07:54.0174 5356 WacomPen - ok
09:07:54.0242 5356 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
09:07:54.0266 5356 Wanarp - ok
09:07:54.0270 5356 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
09:07:54.0271 5356 Wanarpv6 - ok
09:07:54.0309 5356 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
09:07:54.0319 5356 Wd - ok
09:07:54.0375 5356 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
09:07:54.0393 5356 Wdf01000 - ok
09:07:54.0467 5356 winachsf (a53cde6beea165fe9b430476eede3c54) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
09:07:54.0497 5356 winachsf - ok
09:07:54.0651 5356 WmiAcpi (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\drivers\wmiacpi.sys
09:07:54.0660 5356 WmiAcpi - ok
09:07:54.0744 5356 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
09:07:54.0771 5356 WpdUsb - ok
09:07:54.0809 5356 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
09:07:54.0844 5356 ws2ifsl - ok
09:07:54.0890 5356 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:07:54.0899 5356 WUDFRd - ok
09:07:54.0947 5356 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
09:07:54.0955 5356 XAudio - ok
09:07:54.0980 5356 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
09:07:54.0989 5356 \Device\Harddisk0\DR0 - ok
09:07:54.0993 5356 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk1\DR1
09:07:54.0998 5356 \Device\Harddisk1\DR1 - ok
09:07:55.0040 5356 Boot (0x1200) (f7b3d4355901439c142a635e5e09771e) \Device\Harddisk0\DR0\Partition0
09:07:55.0076 5356 \Device\Harddisk0\DR0\Partition0 - ok
09:07:55.0079 5356 Boot (0x1200) (03ff3b6fadddba8b46cc06b9759eab41) \Device\Harddisk0\DR0\Partition1
09:07:55.0080 5356 \Device\Harddisk0\DR0\Partition1 - ok
09:07:55.0084 5356 Boot (0x1200) (04f647d5450f32d00b21dace0e72b660) \Device\Harddisk1\DR1\Partition0
09:07:55.0085 5356 \Device\Harddisk1\DR1\Partition0 - ok
09:07:55.0086 5356 ============================================================
09:07:55.0086 5356 Scan finished
09:07:55.0086 5356 ============================================================
09:07:55.0096 9004 Detected object count: 0
09:07:55.0096 9004 Actual detected object count: 0
09:08:11.0487 1228 ============================================================
09:08:11.0487 1228 Scan started
09:08:11.0487 1228 Mode: Manual; SigCheck; TDLFS;
09:08:11.0487 1228 ============================================================
09:08:12.0784 1228 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
09:08:13.0017 1228 ACPI - ok
09:08:13.0137 1228 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
09:08:13.0235 1228 adfs - ok
09:08:13.0495 1228 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
09:08:13.0548 1228 adp94xx - ok
09:08:13.0602 1228 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
09:08:13.0624 1228 adpahci - ok
09:08:13.0706 1228 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
09:08:13.0726 1228 adpu160m - ok
09:08:13.0746 1228 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
09:08:13.0764 1228 adpu320 - ok
09:08:13.0950 1228 AE1000 (852d8034ffd1a1f076318039872fc500) C:\Windows\system32\DRIVERS\ae1000va.sys
09:08:13.0991 1228 AE1000 - ok
09:08:14.0162 1228 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
09:08:14.0586 1228 AFD - ok
09:08:14.0762 1228 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
09:08:14.0778 1228 agp440 - ok
09:08:14.0978 1228 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
09:08:14.0997 1228 aic78xx - ok
09:08:15.0286 1228 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
09:08:15.0303 1228 aliide - ok
09:08:15.0541 1228 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
09:08:15.0557 1228 amdide - ok
09:08:15.0660 1228 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
09:08:15.0919 1228 AmdK8 - ok
09:08:15.0979 1228 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
09:08:15.0997 1228 arc - ok
09:08:16.0062 1228 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
09:08:16.0079 1228 arcsas - ok
09:08:16.0338 1228 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
09:08:16.0442 1228 AsyncMac - ok
09:08:16.0525 1228 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
09:08:16.0541 1228 atapi - ok
09:08:16.0706 1228 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
09:08:16.0796 1228 blbdrive - ok
09:08:16.0850 1228 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
09:08:17.0019 1228 bowser - ok
09:08:17.0224 1228 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
09:08:17.0443 1228 BrFiltLo - ok
09:08:17.0568 1228 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
09:08:17.0635 1228 BrFiltUp - ok
09:08:17.0712 1228 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
09:08:18.0053 1228 Brserid - ok
09:08:18.0066 1228 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
09:08:18.0191 1228 BrSerWdm - ok
09:08:18.0383 1228 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
09:08:18.0490 1228 BrUsbMdm - ok
09:08:18.0670 1228 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
09:08:18.0726 1228 BrUsbSer - ok
09:08:18.0878 1228 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
09:08:19.0010 1228 BTHMODEM - ok
09:08:19.0119 1228 CAXHWBS2 (6c2dd66a3db32450d661ba89b18b1941) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
09:08:19.0291 1228 CAXHWBS2 - ok
09:08:19.0301 1228 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
09:08:19.0355 1228 cdfs - ok
09:08:19.0585 1228 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
09:08:19.0654 1228 cdrom - ok
09:08:19.0707 1228 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
09:08:19.0781 1228 circlass - ok
09:08:20.0076 1228 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
09:08:20.0157 1228 CLFS - ok
09:08:20.0584 1228 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
09:08:20.0600 1228 cmdide - ok
09:08:20.0880 1228 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\drivers\compbatt.sys
09:08:20.0897 1228 Compbatt - ok
09:08:20.0919 1228 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
09:08:20.0934 1228 crcdisk - ok
09:08:20.0993 1228 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
09:08:21.0076 1228 DfsC - ok
09:08:21.0130 1228 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
09:08:21.0149 1228 disk - ok
09:08:21.0617 1228 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
09:08:21.0686 1228 drmkaud - ok
09:08:21.0995 1228 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
09:08:22.0069 1228 DXGKrnl - ok
09:08:22.0236 1228 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
09:08:22.0286 1228 e1express - ok
09:08:22.0610 1228 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
09:08:22.0692 1228 E1G60 - ok
09:08:22.0789 1228 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
09:08:22.0808 1228 Ecache - ok
09:08:22.0910 1228 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
09:08:22.0932 1228 elxstor - ok
09:08:22.0952 1228 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
09:08:22.0988 1228 ErrDev - ok
09:08:23.0014 1228 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
09:08:23.0088 1228 exfat - ok
09:08:23.0226 1228 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
09:08:23.0308 1228 fastfat - ok
09:08:23.0322 1228 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
09:08:23.0364 1228 fdc - ok
09:08:23.0723 1228 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
09:08:23.0739 1228 FileInfo - ok
09:08:24.0031 1228 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
09:08:24.0430 1228 Filetrace - ok
09:08:24.0536 1228 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:08:24.0700 1228 flpydisk - ok
09:08:24.0923 1228 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
09:08:24.0944 1228 FltMgr - ok
09:08:24.0990 1228 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
09:08:25.0005 1228 fssfltr - ok
09:08:25.0099 1228 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
09:08:25.0160 1228 Fs_Rec - ok
09:08:25.0187 1228 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
09:08:25.0203 1228 gagp30kx - ok
09:08:25.0453 1228 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:08:25.0471 1228 GEARAspiWDM - ok
09:08:25.0568 1228 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:08:25.0727 1228 HDAudBus - ok
09:08:25.0756 1228 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
09:08:25.0857 1228 HidBth - ok
09:08:25.0893 1228 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
09:08:25.0967 1228 HidIr - ok
09:08:25.0994 1228 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
09:08:26.0032 1228 HidUsb - ok
09:08:26.0062 1228 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
09:08:26.0078 1228 HpCISSs - ok
09:08:26.0217 1228 HSF_DPV (60f1d0ede7ae2b92b3a8886e825b7147) C:\Windows\system32\DRIVERS\CAX_DPV.sys
09:08:26.0287 1228 HSF_DPV - ok
09:08:26.0352 1228 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
09:08:26.0389 1228 HTTP - ok
09:08:26.0401 1228 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
09:08:26.0417 1228 i2omp - ok
09:08:26.0467 1228 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
09:08:26.0509 1228 i8042prt - ok
09:08:26.0640 1228 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\drivers\iastor.sys
09:08:26.0667 1228 iaStor - ok
09:08:26.0747 1228 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
09:08:26.0767 1228 iaStorV - ok
09:08:27.0029 1228 igfx (2161876969e428a494f8d7c38fa6f513) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:08:27.0259 1228 igfx - ok
09:08:27.0285 1228 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
09:08:27.0301 1228 iirsp - ok
09:08:27.0492 1228 IntcAzAudAddService (49a1c3833af724b2555c0689347dcd05) C:\Windows\system32\drivers\RTKVHD64.sys
09:08:27.0556 1228 IntcAzAudAddService - ok
09:08:27.0595 1228 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
09:08:27.0613 1228 intelide - ok
09:08:27.0680 1228 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
09:08:28.0020 1228 intelppm - ok
09:08:28.0082 1228 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:08:28.0149 1228 IpFilterDriver - ok
09:08:28.0341 1228 IpInIp - ok
09:08:28.0609 1228 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
09:08:28.0645 1228 IPMIDRV - ok
09:08:28.0823 1228 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
09:08:28.0902 1228 IPNAT - ok
09:08:28.0943 1228 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
09:08:29.0000 1228 IRENUM - ok
09:08:29.0099 1228 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
09:08:29.0117 1228 isapnp - ok
09:08:29.0260 1228 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
09:08:29.0283 1228 iScsiPrt - ok
09:08:29.0393 1228 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
09:08:29.0412 1228 iteatapi - ok
09:08:29.0596 1228 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
09:08:29.0614 1228 iteraid - ok
09:08:29.0685 1228 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
09:08:29.0702 1228 kbdclass - ok
09:08:29.0804 1228 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
09:08:29.0852 1228 kbdhid - ok
09:08:30.0053 1228 kl1 (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
09:08:30.0070 1228 kl1 - ok
09:08:30.0107 1228 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\Windows\system32\DRIVERS\klbg.sys
09:08:30.0125 1228 KLBG - ok
09:08:30.0330 1228 KLIF (09bad645d3843669c281431c7df2db2e) C:\Windows\system32\DRIVERS\klif.sys
09:08:30.0380 1228 KLIF - ok
09:08:30.0647 1228 KLIM6 (a1d045c763adec1c7bcb2150f36c60dc) C:\Windows\system32\DRIVERS\klim6.sys
09:08:30.0665 1228 KLIM6 - ok
09:08:30.0865 1228 klmouflt (786791291939abb11f6d0f040da23912) C:\Windows\system32\DRIVERS\klmouflt.sys
09:08:30.0879 1228 klmouflt - ok
09:08:31.0283 1228 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
09:08:31.0324 1228 KSecDD - ok
09:08:31.0618 1228 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
09:08:31.0703 1228 ksthunk - ok
09:08:31.0963 1228 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
09:08:32.0078 1228 lltdio - ok
09:08:32.0255 1228 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
09:08:32.0279 1228 LSI_FC - ok
09:08:32.0340 1228 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
09:08:32.0363 1228 LSI_SAS - ok
09:08:32.0604 1228 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
09:08:32.0622 1228 LSI_SCSI - ok
09:08:32.0816 1228 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
09:08:32.0930 1228 luafv - ok
09:08:32.0996 1228 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
09:08:33.0014 1228 MBAMProtector - ok
09:08:33.0120 1228 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:08:33.0185 1228 mdmxsdk - ok
09:08:33.0519 1228 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
09:08:33.0536 1228 megasas - ok
09:08:33.0766 1228 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
09:08:33.0828 1228 MegaSR - ok
09:08:33.0953 1228 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
09:08:34.0004 1228 Modem - ok
09:08:34.0302 1228 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
09:08:34.0340 1228 monitor - ok
09:08:34.0515 1228 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
09:08:34.0530 1228 mouclass - ok
09:08:34.0682 1228 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
09:08:35.0105 1228 mouhid - ok
09:08:35.0157 1228 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
09:08:35.0173 1228 MountMgr - ok
09:08:35.0400 1228 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
09:08:35.0416 1228 mpio - ok
09:08:35.0618 1228 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
09:08:35.0684 1228 mpsdrv - ok
09:08:35.0707 1228 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
09:08:35.0724 1228 Mraid35x - ok
09:08:35.0992 1228 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
09:08:36.0062 1228 MRxDAV - ok
09:08:36.0334 1228 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:08:36.0547 1228 mrxsmb - ok
09:08:36.0630 1228 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:08:36.0685 1228 mrxsmb10 - ok
09:08:36.0703 1228 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:08:36.0757 1228 mrxsmb20 - ok
09:08:36.0983 1228 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
09:08:37.0001 1228 msahci - ok
09:08:37.0065 1228 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
09:08:37.0084 1228 msdsm - ok
09:08:37.0255 1228 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
09:08:37.0342 1228 Msfs - ok
09:08:37.0350 1228 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
09:08:37.0367 1228 msisadrv - ok
09:08:37.0554 1228 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
09:08:37.0637 1228 MSKSSRV - ok
09:08:37.0856 1228 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
09:08:37.0937 1228 MSPCLOCK - ok
09:08:37.0944 1228 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
09:08:38.0014 1228 MSPQM - ok
09:08:38.0314 1228 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
09:08:38.0334 1228 MsRPC - ok
09:08:38.0588 1228 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
09:08:38.0606 1228 mssmbios - ok
09:08:38.0824 1228 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
09:08:38.0902 1228 MSTEE - ok
09:08:39.0014 1228 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
09:08:39.0033 1228 Mup - ok
09:08:39.0306 1228 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
09:08:39.0369 1228 NativeWifiP - ok
09:08:39.0453 1228 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
09:08:39.0518 1228 NDIS - ok
09:08:39.0526 1228 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
09:08:39.0583 1228 NdisTapi - ok
09:08:39.0804 1228 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
09:08:39.0897 1228 Ndisuio - ok
09:08:40.0011 1228 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
09:08:40.0093 1228 NdisWan - ok
09:08:40.0221 1228 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
09:08:40.0251 1228 NDProxy - ok
09:08:40.0322 1228 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
09:08:40.0364 1228 NetBIOS - ok
09:08:40.0561 1228 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
09:08:40.0639 1228 netbt - ok
09:08:40.0750 1228 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
09:08:40.0767 1228 nfrd960 - ok
09:08:40.0839 1228 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
09:08:40.0894 1228 Npfs - ok
09:08:40.0994 1228 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
09:08:41.0055 1228 nsiproxy - ok
09:08:41.0239 1228 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
09:08:41.0294 1228 Ntfs - ok
09:08:41.0443 1228 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
09:08:41.0506 1228 Null - ok
09:08:41.0667 1228 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
09:08:41.0684 1228 nvraid - ok
09:08:41.0868 1228 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
09:08:41.0886 1228 nvstor - ok
09:08:41.0964 1228 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
09:08:41.0981 1228 nv_agp - ok
09:08:41.0988 1228 NwlnkFlt - ok
09:08:41.0996 1228 NwlnkFwd - ok
09:08:42.0080 1228 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
09:08:42.0171 1228 ohci1394 - ok
09:08:42.0418 1228 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
09:08:42.0520 1228 Parport - ok
09:08:42.0799 1228 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
09:08:42.0817 1228 partmgr - ok
09:08:42.0998 1228 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
09:08:43.0021 1228 pci - ok
09:08:43.0080 1228 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
09:08:43.0100 1228 pciide - ok
09:08:43.0234 1228 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
09:08:43.0253 1228 pcmcia - ok
09:08:43.0475 1228 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
09:08:43.0587 1228 PEAUTH - ok
09:08:43.0820 1228 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
09:08:43.0835 1228 pnarp - ok
09:08:44.0005 1228 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
09:08:44.0052 1228 PptpMiniport - ok
09:08:44.0099 1228 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
09:08:44.0168 1228 Processor - ok
09:08:44.0350 1228 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
09:08:44.0436 1228 PSched - ok
09:08:44.0644 1228 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
09:08:44.0662 1228 purendis - ok
09:08:44.0769 1228 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
09:08:44.0784 1228 PxHlpa64 - ok
09:08:45.0216 1228 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
09:08:45.0277 1228 ql2300 - ok
09:08:45.0293 1228 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
09:08:45.0310 1228 ql40xx - ok
09:08:45.0453 1228 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
09:08:45.0738 1228 QWAVEdrv - ok
09:08:45.0931 1228 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
09:08:46.0067 1228 R300 - ok
09:08:46.0100 1228 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
09:08:46.0139 1228 RasAcd - ok
09:08:46.0380 1228 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:08:46.0452 1228 Rasl2tp - ok
09:08:46.0641 1228 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
09:08:46.0672 1228 RasPppoe - ok
09:08:46.0841 1228 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
09:08:46.0892 1228 RasSstp - ok
09:08:46.0970 1228 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
09:08:47.0021 1228 rdbss - ok
09:08:47.0103 1228 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:08:47.0140 1228 RDPCDD - ok
09:08:47.0540 1228 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
09:08:47.0598 1228 rdpdr - ok
09:08:47.0649 1228 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
09:08:47.0728 1228 RDPENCDD - ok
09:08:47.0984 1228 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
09:08:48.0038 1228 RDPWD - ok
09:08:48.0265 1228 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
09:08:48.0311 1228 rspndr - ok
09:08:48.0572 1228 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
09:08:48.0591 1228 RTL8169 - ok
09:08:48.0703 1228 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
09:08:48.0719 1228 sbp2port - ok
09:08:49.0002 1228 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:08:49.0100 1228 secdrv - ok
09:08:49.0149 1228 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
09:08:49.0210 1228 Serenum - ok
09:08:49.0413 1228 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
09:08:49.0518 1228 Serial - ok
09:08:49.0762 1228 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
09:08:49.0840 1228 sermouse - ok
09:08:49.0986 1228 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
09:08:50.0031 1228 sffdisk - ok
09:08:50.0079 1228 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
09:08:50.0131 1228 sffp_mmc - ok
09:08:50.0391 1228 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
09:08:50.0465 1228 sffp_sd - ok
09:08:50.0720 1228 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
09:08:50.0814 1228 sfloppy - ok
09:08:50.0931 1228 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
09:08:50.0947 1228 SiSRaid2 - ok
09:08:51.0003 1228 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
09:08:51.0021 1228 SiSRaid4 - ok
09:08:51.0090 1228 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
09:08:51.0131 1228 Smb - ok
09:08:51.0216 1228 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
09:08:51.0232 1228 spldr - ok
09:08:51.0612 1228 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
09:08:51.0687 1228 srv - ok
09:08:51.0819 1228 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
09:08:51.0907 1228 srv2 - ok
09:08:51.0934 1228 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
09:08:51.0993 1228 srvnet - ok
09:08:52.0157 1228 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
09:08:52.0203 1228 StillCam - ok
09:08:52.0325 1228 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
09:08:52.0342 1228 swenum - ok
09:08:52.0556 1228 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
09:08:52.0572 1228 Symc8xx - ok
09:08:52.0746 1228 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
09:08:52.0762 1228 Sym_hi - ok
09:08:52.0881 1228 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
09:08:52.0897 1228 Sym_u3 - ok
09:08:53.0022 1228 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
09:08:53.0076 1228 Tcpip - ok
09:08:53.0149 1228 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
09:08:53.0233 1228 Tcpip6 - ok
09:08:53.0284 1228 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
09:08:53.0382 1228 tcpipreg - ok
09:08:53.0402 1228 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
09:08:53.0452 1228 TDPIPE - ok
09:08:53.0477 1228 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
09:08:53.0554 1228 TDTCP - ok
09:08:53.0609 1228 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
09:08:53.0653 1228 tdx - ok
09:08:53.0734 1228 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
09:08:53.0751 1228 TermDD - ok
09:08:53.0852 1228 TfFsMon - ok
09:08:53.0958 1228 TfNetMon - ok
09:08:53.0967 1228 TfSysMon - ok
09:08:54.0113 1228 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:08:54.0186 1228 tssecsrv - ok
09:08:54.0348 1228 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
09:08:54.0426 1228 tunmp - ok
09:08:54.0497 1228 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
09:08:54.0558 1228 tunnel - ok
09:08:54.0575 1228 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
09:08:54.0592 1228 uagp35 - ok
09:08:54.0866 1228 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
09:08:54.0918 1228 udfs - ok
09:08:54.0987 1228 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
09:08:55.0005 1228 uliagpkx - ok
09:08:55.0086 1228 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
09:08:55.0109 1228 uliahci - ok
09:08:55.0348 1228 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
09:08:55.0366 1228 UlSata - ok
09:08:55.0495 1228 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
09:08:55.0512 1228 ulsata2 - ok
09:08:55.0666 1228 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
09:08:55.0704 1228 umbus - ok
09:08:55.0885 1228 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
09:08:55.0891 1228 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
09:08:55.0891 1228 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
09:08:56.0035 1228 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
09:08:56.0569 1228 usbaudio - ok
09:08:56.0624 1228 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
09:08:56.0668 1228 usbccgp - ok
09:08:56.0696 1228 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
09:08:56.0787 1228 usbcir - ok
09:08:56.0977 1228 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
09:08:57.0023 1228 usbehci - ok
09:08:57.0072 1228 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
09:08:57.0114 1228 usbhub - ok
09:08:57.0141 1228 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
09:08:57.0191 1228 usbohci - ok
09:08:57.0216 1228 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
09:08:57.0253 1228 usbprint - ok
09:08:57.0419 1228 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
09:08:57.0489 1228 usbscan - ok
09:08:57.0549 1228 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:08:57.0611 1228 USBSTOR - ok
09:08:57.0664 1228 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
09:08:57.0718 1228 usbuhci - ok
09:08:57.0839 1228 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
09:08:57.0875 1228 vga - ok
09:08:57.0964 1228 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
09:08:58.0017 1228 VgaSave - ok
09:08:58.0080 1228 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
09:08:58.0095 1228 viaide - ok
09:08:58.0121 1228 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
09:08:58.0138 1228 volmgr - ok
09:08:58.0452 1228 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
09:08:58.0484 1228 volmgrx - ok
09:08:58.0569 1228 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
09:08:58.0589 1228 volsnap - ok
09:08:58.0855 1228 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
09:08:58.0873 1228 vsmraid - ok
09:08:58.0964 1228 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
09:08:59.0038 1228 WacomPen - ok
09:08:59.0207 1228 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
09:08:59.0251 1228 Wanarp - ok
09:08:59.0255 1228 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
09:08:59.0290 1228 Wanarpv6 - ok
09:08:59.0490 1228 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
09:08:59.0505 1228 Wd - ok
09:08:59.0790 1228 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
09:08:59.0832 1228 Wdf01000 - ok
09:09:00.0004 1228 winachsf (a53cde6beea165fe9b430476eede3c54) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
09:09:00.0041 1228 winachsf - ok
09:09:00.0083 1228 WmiAcpi (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\drivers\wmiacpi.sys
09:09:00.0139 1228 WmiAcpi - ok
09:09:00.0317 1228 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
09:09:00.0371 1228 WpdUsb - ok
09:09:00.0387 1228 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
09:09:00.0456 1228 ws2ifsl - ok
09:09:00.0638 1228 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:09:00.0694 1228 WUDFRd - ok
09:09:00.0861 1228 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
09:09:00.0924 1228 XAudio - ok
09:09:00.0961 1228 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
09:09:01.0080 1228 \Device\Harddisk0\DR0 - ok
09:09:01.0084 1228 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk1\DR1
09:09:01.0196 1228 \Device\Harddisk1\DR1 - ok
09:09:01.0229 1228 Boot (0x1200) (f7b3d4355901439c142a635e5e09771e) \Device\Harddisk0\DR0\Partition0
09:09:01.0230 1228 \Device\Harddisk0\DR0\Partition0 - ok
09:09:01.0232 1228 Boot (0x1200) (03ff3b6fadddba8b46cc06b9759eab41) \Device\Harddisk0\DR0\Partition1
09:09:01.0233 1228 \Device\Harddisk0\DR0\Partition1 - ok
09:09:01.0237 1228 Boot (0x1200) (04f647d5450f32d00b21dace0e72b660) \Device\Harddisk1\DR1\Partition0
09:09:01.0238 1228 \Device\Harddisk1\DR1\Partition0 - ok
09:09:01.0240 1228 ============================================================
09:09:01.0240 1228 Scan finished
09:09:01.0240 1228 ============================================================
09:09:01.0265 8304 Detected object count: 1
09:09:01.0265 8304 Actual detected object count: 1
09:10:16.0256 8304 C:\Windows\system32\Drivers\usbaapl64.sys - copied to quarantine
09:10:16.0258 8304 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:29 PM

Posted 05 October 2011 - 03:53 PM

That detection is a file from Apple's iTunes.

Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#13 Anasazi25

Anasazi25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 06 October 2011 - 10:17 AM

I followed the link about disabling/turning off all the antivirus/protection problems and turned off everything that was mentioned in the list that I knew was on my computer. However, when I first ran the comfix.exe, it still said:

ComboFix has detected the following real time scanner(s) to be active:
antivirus: Kaspersky Internet Security
antispyware: Kaspersky Internet Security

I went back and manually disabled every option in the program, then completely closed the program, but comfix.exe still said I had Kaspersky running. I closed comfix, even checked my task manager to see if it was running, but nothing. I reopened comfix to run and it still said Kaspersky was running. Since I didn't now what else to do, I ran the program anyway.

Before I get to the log, it seems that it messed with my WD backup files (and from the log it appears that a lot of WD files from my C drive were deleted - my backup is actually stored on my K external drive). The original backup folder is still there, but when my computer restarted it was trying to configure everything to a second backup folder and run a full system backup scan. Is this normal?


Here's the log:

ComboFix 11-10-06.03 - DJ 10/06/2011 9:33.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8180.5672 [GMT -4:00]
Running from: c:\users\DJ\Desktop\comfix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Internet Security *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
FW: Kaspersky Internet Security *Enabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Kaspersky Internet Security *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\AcRemoteUpdate.exe
c:\program files (x86)\AutocompletePro\AutocompletePro.dll
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\TaskScheduler.dll
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
c:\programdata\AudioDecoderFilterGraph.txt
c:\users\DJ\AppData\Roaming\EurekaLog
c:\users\DJ\AppData\Roaming\WD
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\BackupRules.xml
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\BackupRules.xml.bkp
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\Blacklist.ini
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\instances\5E27FFD5-CCCC-40AC-9D90-63F908C16D8F\5e27ffd5-cccc-40ac-9d90-63f908c16d8f-errors.db3
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\instances\5E27FFD5-CCCC-40AC-9D90-63F908C16D8F\5e27ffd5-cccc-40ac-9d90-63f908c16d8f-inq.db3
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\instances\5E27FFD5-CCCC-40AC-9D90-63F908C16D8F\5e27ffd5-cccc-40ac-9d90-63f908c16d8f-outq.bin
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\instances\5E27FFD5-CCCC-40AC-9D90-63F908C16D8F\5e27ffd5-cccc-40ac-9d90-63f908c16d8f-preinq.db3
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\instances\5E27FFD5-CCCC-40AC-9D90-63F908C16D8F\5E27FFD5-CCCC-40AC-9D90-63F908C16D8F.xml
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\instances\5E27FFD5-CCCC-40AC-9D90-63F908C16D8F\manifest.db3
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\instances\5E27FFD5-CCCC-40AC-9D90-63F908C16D8F\My WD_Backup
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\instances\D378F066-77C1-46E8-99CE-D3B4E3D9BDF1\d378f066-77c1-46e8-99ce-d3b4e3d9bdf1-errors.db3
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\instances\D378F066-77C1-46E8-99CE-D3B4E3D9BDF1\d378f066-77c1-46e8-99ce-d3b4e3d9bdf1-inq.db3
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\instances\D378F066-77C1-46E8-99CE-D3B4E3D9BDF1\d378f066-77c1-46e8-99ce-d3b4e3d9bdf1-outq.bin
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\instances\D378F066-77C1-46E8-99CE-D3B4E3D9BDF1\d378f066-77c1-46e8-99ce-d3b4e3d9bdf1-preinq.db3
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\instances\D378F066-77C1-46E8-99CE-D3B4E3D9BDF1\D378F066-77C1-46E8-99CE-D3B4E3D9BDF1.xml
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\instances\D378F066-77C1-46E8-99CE-D3B4E3D9BDF1\DJ-PC
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\instances\D378F066-77C1-46E8-99CE-D3B4E3D9BDF1\manifest.db3
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-10-1.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-10-2.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-10-3.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-10-4.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-10-5.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-10-6.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-9-21.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-9-22.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-9-23.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-9-24.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-9-25.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-9-26.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-9-27.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-9-28.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-9-29.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2011-9-30.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoLauncher2.exe.log-2011-10-5.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoLauncher2.exe.log-2011-9-22.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoLauncher2.exe.log-2011-9-27.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoLauncher2.exe.log-2011-9-30.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\logs\MemeoLauncher2.exe.log
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\Rss\memeo.rss
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\rssuserprefs.xml
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\sourceq.db3
c:\users\DJ\AppData\Roaming\WD\WD Anywhere Backup\UserPrefs.xml
c:\users\DJ\g2mdlhlpx.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\comct332.ocx
K:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 )))))))))))))))))))))))))))))))
.
.
2011-10-06 13:52 . 2011-10-06 13:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-05 13:58 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A75C788B-3D47-43E7-B3B8-CBD93BC6E321}\mpengine.dll
2011-10-05 13:10 . 2011-10-05 13:10 -------- d-----w- C:\TDSSKiller_Quarantine
2011-09-27 13:15 . 2011-09-27 13:15 -------- d-----w- c:\windows\en
2011-09-27 13:09 . 2011-09-27 13:09 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-27 13:03 . 2011-09-27 13:03 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e512c6e01cc7d1502\MeshBetaRemover.exe
2011-09-22 20:17 . 2011-09-22 20:20 -------- d-----w- c:\program files\Java
2011-09-22 20:03 . 2011-09-22 20:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-22 18:15 . 2011-10-05 16:11 -------- d-----w- c:\users\DJ\AppData\Local\CrashDumps
2011-09-22 17:37 . 2011-09-22 17:37 -------- d-----w- c:\program files (x86)\ESET
2011-09-22 13:27 . 2011-09-22 14:32 -------- d-----w- c:\users\DJ\AppData\Local\NPE
2011-09-22 13:27 . 2011-09-22 13:27 -------- d-----w- c:\programdata\Norton
2011-09-21 13:52 . 2011-09-21 13:52 -------- d-----w- c:\users\DJ\AppData\Roaming\Malwarebytes
2011-09-21 13:51 . 2011-09-21 13:51 -------- d-----w- c:\programdata\Malwarebytes
2011-09-21 13:51 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-21 13:51 . 2011-09-21 13:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-20 16:01 . 2011-09-21 13:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-09-20 16:01 . 2011-09-20 18:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-20 15:21 . 2011-09-20 18:52 -------- d-----w- c:\programdata\PC Tools
2011-09-19 14:47 . 2011-09-19 14:48 -------- d-----w- c:\windows\SysWow64\Adobe
2011-09-16 16:40 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-09-16 16:40 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-16 16:37 . 2009-08-20 03:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-22 20:20 . 2010-05-07 17:44 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-22 20:01 . 2010-05-07 17:40 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-06 13:38 . 2011-05-18 14:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-23 11:31 . 2011-08-30 14:31 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:24 . 2011-08-30 14:31 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 11:23 . 2011-08-30 14:31 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 11:23 . 2011-08-30 14:31 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 11:23 . 2011-08-30 14:31 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 11:04 . 2011-08-30 14:32 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-23 11:00 . 2011-08-30 14:31 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-07-23 10:59 . 2011-08-30 14:31 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-07-23 10:59 . 2011-08-30 14:31 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-07-23 10:59 . 2011-08-30 14:31 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-07-23 10:31 . 2011-08-30 14:31 479232 ----a-w- c:\windows\system32\html.iec
2011-07-23 10:03 . 2011-08-30 14:31 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-07-23 09:50 . 2011-08-30 14:31 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:48 . 2011-08-30 14:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-23 09:27 . 2011-08-30 14:31 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-07-23 09:25 . 2011-08-30 14:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-11 13:45 . 2011-08-30 14:34 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-11 13:25 . 2011-08-30 14:34 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-02-11 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickArticleSubmitter"="c:\progra~2\QUICKA~2\AutoSubmission.exe" [2010-04-06 380928]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"avp"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-19 340520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2009-6-27 50688]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-14 136176]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2008-11-07 25824]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000va.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-08-06 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-14 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-01-13 88576]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-07-24 118272]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-14 18:57]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-14 18:57]
.
2011-10-06 c:\windows\Tasks\User_Feed_Synchronization-{B0820F8C-2219-47FC-8001-71F616DCADB1}.job
- c:\windows\system32\msfeedssync.exe [2011-08-30 09:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-13 6848544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-13 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-13 208920]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-13 176152]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2008-11-07 197856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
"combofix"="c:\comfix\CF14994.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.cnn.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
TCP: DhcpNameServer = 167.206.112.138 167.206.7.4 192.168.1.1
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\1rg42svr.default\
FF - prefs.js: browser.startup.homepage - cnn.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-IBP - (no file)
Notify-igfxcui - (no file)
Notify-klogon - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AutocompletePro2_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\java.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\QuickArticleSubmitter\AutoSubmission.exe
.
**************************************************************************
.
Completion time: 2011-10-06 10:08:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-06 14:08
.
Pre-Run: 498,455,404,544 bytes free
Post-Run: 497,649,782,784 bytes free
.
- - End Of File - - C443D9FB79D771C228B8647D536BF48D

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:29 PM

Posted 09 October 2011 - 08:50 AM

Hi Anasazi25,

I haven't forgotten about you but I do need to contact a colleague who is involved in Combofix to check this result out. It looks like the deletion is a false positive and, due to the power of the tool, I need to alert these types of things to the developer.

Please bear with me while I do this.

I will keep you informed.

m0le
Posted Image
m0le is a proud member of UNITE

#15 Anasazi25

Anasazi25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 10 October 2011 - 08:58 AM

Thanks for the update.

Sorry my computer is turning into such a challenge. Can't wait to hear what comes next.

D.J.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users