Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I May Be Infected


  • This topic is locked This topic is locked
26 replies to this topic

#1 Jumpstile

Jumpstile

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 AM

Posted 01 November 2011 - 11:59 AM

I think I may have a virus or something on my computer. Can you please assist? Thank you very much!


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by esiegel at 11:55:11 on 2011-11-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3328.1050 [GMT -4:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k regsvc
C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe
C:\PROGRA~1\SAAZOD\zRealTime\SAAZapsc.exe
C:\PROGRA~1\SAAZOD\zRealTime\rtHlpDk.exe
C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exe
C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe
C:\PROGRA~1\SAAZOD\zRealTime\rtdrHlpDk.exe
C:\PROGRA~1\SAAZOD\SAAZScheduler.exe
C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
C:\PROGRA~1\SAAZOD\RMHLPDSK.exe
C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AirPrint\airprint.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\VMware\Infrastructure\VIUpdate\VMwareUpdateServiceClient.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Bomgar\Representative\help.panurgy.com\bomgar-rep.exe
C:\Program Files\Multi-Tech Systems\FaxFinder Client Software\FaxFinderClient.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\Multi-Tech Systems\FaxFinder Client Software\FaxFinderPrintCap.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Avaya\IP Office\CallStatus\callstatus.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMUI.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\SAAZOD\DMPHelpDesk.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\esiegel.panurgy\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [VMware Update Service] c:\program files\vmware\infrastructure\viupdate\VMwareUpdateServiceClient.exe -monitor
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [PocketCloud Location] c:\program files\wyse\pocketcloud windows companion\WyseBrowser.exe
mRun: [SBAMTray] "c:\program files\sunbelt software\sbeagent\SBAMTray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\esiege~1.pan\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\esiegel.panurgy\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bomgar~1.lnk - c:\program files\bomgar\representative\help.panurgy.com\bomgar-rep.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\faxfin~1.lnk - c:\program files\multi-tech systems\faxfinder client software\FaxFinderClient.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gigane~1.lnk - c:\program files\giganews accelerator\GiganewsAccelerator.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{b49673f8-7ab6-4a14-8213-c8a7be370010}\IcoUltraMon.ico
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: itsupport247.net\control
Trusted Zone: myconnectwise.net\panurgy
Trusted Zone: myconnectwise.net\panurgytraining
DPF: iLO 2 Remote Console Applet - hxxps://172.18.197.10/dvc.cab
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://vault.panurgy.com/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=ujei3e55ngeyt545hozvhvyw&ControlID=4c487bc78df6455fa1aae8b0eba93d6e&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://sslvpn.edist.com/NELX.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9713BCC8-6857-4B04-908D-D98F2D04DFAC} - hxxp://panurgyvm:8888/cabs/vxreplay.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 10.254.252.4 192.168.100.10
TCP: Interfaces\{93B4A7FD-0866-4AAF-836E-97391538F07C} : NameServer = 8.8.8.8
TCP: Interfaces\{E04CC375-A42F-455D-A621-8C7B9D9F6DD3} : DhcpNameServer = 10.254.252.4 192.168.100.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - c:\program files\microsoft\outlook web access smime client\mimectl.dll
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files\microsoft\smime client (2010)\mimectl.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-17 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-8-30 101624]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-5-17 78936]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AirPrint;AirPrint;c:\program files\airprint\airprint.exe -s --> c:\program files\airprint\airprint.exe -s [?]
R2 APCPBEAgent;APC PBE Agent;c:\progra~1\apc\powerc~1\agent\pbeagent.exe [2009-12-21 34104]
R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-15 366640]
R2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~1\saazod\zrealtime\SAAZappr.exe [2011-7-11 82760]
R2 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~1\saazod\zrealtime\SAAZapsc.exe [2011-7-11 82760]
R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\saazod\SAAZDPMACTL.exe [2011-5-11 86856]
R2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\saazod\SAAZRemoteSupport.exe [2011-5-11 78664]
R2 SAAZScheduler;SAAZScheduler;c:\progra~1\saazod\SAAZScheduler.exe [2011-5-11 77824]
R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\saazod\SAAZServerPlus.exe [2009-4-30 77824]
R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\saazod\SAAZWatchDog.exe [2011-5-11 86856]
R2 SBAMSvc;VIPRE Business;c:\program files\sunbelt software\sbeagent\SBAMSvc.exe [2011-9-23 2804312]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-8-30 74104]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\sbeagent\SBPIMSvc.exe [2011-9-23 181616]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-8-30 2358656]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 828944]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-6-1 609904]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files\wyse\pocketcloud windows companion\PocketCloudService.exe [2011-8-18 103424]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-15 22712]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-12 135664]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-12 135664]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-5-17 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-5-17 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-5-17 34248]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-1-20 15872]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-11-15 24416]
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2008-2-5 20504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-1-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-19 1343400]
S3 wxpSvc;webcamXP Service;c:\program files\webcamxp 5\wService.exe [2011-7-27 5023744]
.
=============== File Associations ===============
.
.txt=NFOpad
.
=============== Created Last 30 ================
.
2011-11-01 14:57:09 -------- d-----w- c:\windows\system32\catroot2
2011-11-01 14:15:06 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0e3365d8-0c78-41be-8d8d-9bdabe048785}\offreg.dll
2011-11-01 13:58:18 -------- d-----w- c:\windows\system32\catroot2.old
2011-11-01 13:32:37 -------- d-----w- c:\windows\system32\oldcatroot2
2011-11-01 09:06:19 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{6CDEC25B-06FE-431E-B466-BD1F24C3271A}
2011-11-01 09:05:57 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{04633D61-A90C-42D0-ABEC-6FDC8C890631}
2011-10-31 22:24:34 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\FAD4307A-A3F0-4310-90E1-819F7B31F6A5.aplzod
2011-10-31 22:18:04 -------- d-----w- c:\program files\CCleaner
2011-10-31 21:51:14 -------- d-s---w- C:\fgdfg16955f
2011-10-31 21:20:42 98816 ----a-w- c:\windows\sed.exe
2011-10-31 21:20:42 518144 ----a-w- c:\windows\SWREG.exe
2011-10-31 21:20:42 256000 ----a-w- c:\windows\PEV.exe
2011-10-31 21:20:42 208896 ----a-w- c:\windows\MBR.exe
2011-10-31 21:17:26 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\WindowsUpdate
2011-10-31 21:15:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-10-31 21:15:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-10-31 21:15:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-10-31 21:15:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-10-31 21:15:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-10-31 21:15:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-10-31 21:15:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-10-31 21:13:50 -------- d-----w- c:\windows\system32\catroot2.bak
2011-10-31 21:12:44 -------- d-----w- C:\AULOGS
2011-10-31 21:04:38 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{AD52888D-D2B0-40E1-9FC6-1D333CA52726}
2011-10-31 21:01:40 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0e3365d8-0c78-41be-8d8d-9bdabe048785}\mpengine.dll
2011-10-31 20:10:13 -------- d-s---w- C:\fgdfg
2011-10-31 18:42:26 -------- d-----w- c:\users\esiegel.panurgy\appdata\roaming\E45D3
2011-10-31 18:42:26 -------- d-----w- c:\program files\LP
2011-10-31 18:42:07 -------- d-sh--w- c:\users\esiegel.panurgy\appdata\local\d3624955
2011-10-31 14:46:38 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{C1BB6E20-0DC3-440A-A03C-0598DED3AEF1}
2011-10-31 14:46:27 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{B9F997DD-8FA4-4764-81BE-AEC4B2ECC08E}
2011-10-29 12:39:19 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{D70D4D11-76A1-448E-A612-86DF86A8D1C1}
2011-10-29 00:38:44 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{DB8C263E-A103-4383-A6AB-DBDC12319828}
2011-10-28 18:52:53 -------- d-----w- c:\program files\OfficeRecovery
2011-10-28 12:38:11 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{308E495D-335C-4795-8329-DEFECB35C77F}
2011-10-28 00:37:37 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{8FAC8F40-5D64-4479-B01C-6A78B87168F9}
2011-10-27 12:37:01 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{121048AF-A7C2-4C76-9823-7AC72050C609}
2011-10-27 12:36:37 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{B23E863D-D069-48EB-B92A-D41A7168BF41}
2011-10-27 02:08:27 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{E2AF5635-6171-4668-89FE-3E2CDD14519E}
2011-10-26 14:07:50 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{89421C2F-E77F-4AD5-98DB-D200B1BD4976}
2011-10-26 02:07:15 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{E798158A-6CA8-468F-81D4-E26AA86F023D}
2011-10-26 02:06:54 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{A355FCDF-513C-4E38-B12E-565F4AC15451}
2011-10-26 00:50:11 -------- d-----w- C:\ApplicationLog
2011-10-25 14:06:19 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{2E89C3E5-C373-4920-9CC0-48E747AC4EEE}
2011-10-25 14:05:53 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{DA09D01A-A2EC-4B74-B6F1-CC4C888C2319}
2011-10-24 20:22:01 -------- d-----w- c:\users\esiegel.panurgy\appdata\roaming\TeamViewer
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 15:01:21 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{5F2D90E1-BFB7-4338-8311-40194468AB2B}
2011-10-24 15:00:56 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{53D08C37-BDDB-4C85-A725-884A77219791}
2011-10-24 14:06:09 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\webcamXP 5
2011-10-24 13:58:26 -------- d-----w- c:\programdata\webcamXP 5
2011-10-24 13:58:06 -------- d-----w- c:\program files\webcamXP 5
2011-10-24 02:04:57 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{FA3739A8-ABA3-4189-AC01-F80BEB0CC4D4}
2011-10-23 14:04:22 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{0E9D0995-018A-4689-8839-17F4DCD14D74}
2011-10-23 02:03:44 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{811D34CC-B8EC-415B-931C-51BC40A259BC}
2011-10-22 14:03:08 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{3CF1627E-C56D-4CD7-BC0A-4B9DCE389615}
2011-10-22 02:02:33 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{979674F7-94FC-4819-81DA-A26053962346}
2011-10-21 20:07:24 4934888 ----a-w- c:\programdata\1319228173-bomgar-rep-installer.exe.exe
2011-10-21 17:01:50 -------- d-----w- c:\users\esiegel.panurgy\appdata\roaming\gnupg
2011-10-21 14:01:59 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{4F046DE6-F53A-4E16-8ED7-D8E123443CFB}
2011-10-21 02:01:23 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{8095A1D6-94DA-47C4-AF9B-F183EB7415FD}
2011-10-20 14:00:58 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{7217B5B0-4DBE-4C8E-AAFD-93CD52705755}
2011-10-20 02:00:24 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{6C432A3A-0D04-4593-8F2B-4A0B73326036}
2011-10-19 13:59:49 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{6ED07548-08D6-4EDC-8F9C-19C453A18FC8}
2011-10-19 01:59:15 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{D93DD613-7A31-430D-AF83-62C39E0938C1}
2011-10-18 16:35:31 4935928 ----a-w- c:\programdata\1318965905-bomgar-rep-installer.exe.exe
2011-10-18 13:58:33 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{90A0F455-5CC0-419E-9C26-67A0270819AA}
2011-10-18 13:58:07 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{A7F2D3B1-CD33-44B0-B841-EDD3FF4E0980}
2011-10-16 00:43:30 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{CBAE6DFD-DC0A-4709-A9D3-6F5FEFD65595}
2011-10-15 12:42:56 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{1DC6E0A1-9F77-4B54-BE9B-B368C232F8DF}
2011-10-15 00:42:34 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{2CCAD2D7-546E-4776-BC4B-E7191D35CFA1}
2011-10-14 12:41:52 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{AB86F66E-B665-4C72-A56C-D5CC9E2BE3C7}
2011-10-14 12:41:35 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{52429929-0666-434E-853C-137C3D86D006}
2011-10-13 12:44:26 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{C1A7CF7A-8C9B-4393-BD18-2CC4C1C174F1}
2011-10-13 00:43:52 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{FBDDC684-8800-423E-A96F-095B9B5E2FE8}
2011-10-12 12:43:17 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{93D712BE-80D1-4B24-BE47-E40FE7939B3D}
2011-10-12 12:42:55 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{E50B0901-3D26-4ACF-8C58-34E06D9D0C0D}
2011-10-11 22:05:41 -------- d-----w- c:\users\esiegel.panurgy\appdata\roaming\redsn0w
2011-10-11 19:52:57 -------- d-----w- c:\program files\iPod
2011-10-11 19:52:56 -------- d-----w- c:\program files\iTunes
2011-10-11 19:47:12 -------- d-----w- c:\program files\Bonjour
2011-10-11 14:45:21 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{97C349F8-E4AB-4C19-9492-163854C82827}
2011-10-11 14:44:57 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{4C9F6398-D50C-475D-A9F1-2700F2900F25}
2011-10-10 20:30:18 -------- d-----w- c:\users\esiegel.panurgy\appdata\roaming\GFI Software
2011-10-10 20:30:13 -------- d-----w- c:\programdata\GFI Software
2011-10-10 13:19:31 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{65D2FB8E-EBB4-4953-A9E7-87D37AE00B5F}
2011-10-10 13:19:09 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{524AE8AC-54DC-44AD-AEC1-0CE313832272}
2011-10-10 01:18:33 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{3DF605D8-1045-4626-B602-6653BF2C3EF7}
2011-10-09 13:18:10 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{CD442C3A-9449-475F-B8CA-6487588F4939}
2011-10-09 01:17:47 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{7D149D22-59F1-48EB-867E-DD16B802995E}
2011-10-08 13:17:24 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{147DCBD0-AD95-4472-8B55-46409FFD0FAE}
2011-10-08 01:17:12 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{2623CC58-2893-4CF0-9CCE-5C7E43E06123}
2011-10-07 13:56:25 -------- d-----w- c:\program files\AirPrint
2011-10-07 13:25:28 -------- d-----w- c:\program files\Delete As Spam
2011-10-07 13:25:28 -------- d-----w- c:\program files\common files\Outlook Security Manager
2011-10-07 13:25:21 -------- dc-h--w- c:\programdata\{BF7F2C17-A6C2-4DAB-8ACC-E8F175578809}
2011-10-07 13:16:26 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{EF71B536-CFE6-4CB8-A883-BAF3608930DB}
2011-10-07 01:16:15 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{86EFB689-92CD-4AFA-B16A-D1968463E344}
2011-10-06 13:15:42 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{BFBBFC04-EA85-45CB-B0F1-5729C4082500}
2011-10-06 01:15:08 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{986B4C36-2011-42B4-85C3-8CA6FE289D13}
2011-10-05 13:14:34 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{884D1D6A-E87B-422E-8D58-B33B402F9883}
2011-10-05 01:13:57 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{45FFA7D7-F5CC-43A0-93F6-F482900C2008}
2011-10-04 13:13:21 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{67865B77-A09C-4A59-858B-49BEA9BB40D5}
2011-10-04 01:12:46 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{527C4665-9FC4-4248-B19D-E9D2EF47CE79}
2011-10-03 13:12:12 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{702D80B8-758E-4519-A9C1-548EA84CB305}
2011-10-03 01:11:14 -------- d-----w- c:\users\esiegel.panurgy\appdata\local\{3A1CD647-4F16-4046-B753-09362F0CD8B5}
.
==================== Find3M ====================
.
2011-10-25 14:06:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-23 18:32:12 42864 ----a-w- c:\windows\system32\sbbd.exe
2011-09-19 16:40:05 4911768 ----a-w- c:\programdata\1316468970-bomgar-rep-installer.exe.exe
2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 10:56:24 74104 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-08-30 10:56:24 101624 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-10 14:37:17 1056 --sha-w- c:\programdata\KGyGaAvL.sys
.
============= FINISH: 11:58:11.09 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-01 12:59:01
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD800JD-22LSA1 rev.10.01E01
Running: 3gmerkz9x9z6o.exe; Driver: C:\Users\ESIEGE~1.PAN\AppData\Local\Temp\uxloqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 82C8B9C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82CAB4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9403A340, 0x28CEB7, 0xE8000020]
? C:\Users\ESIEGE~1.PAN\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtCreateFile + 6 77B155CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtCreateFile + B 77B155D3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 1 Byte [28]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtMapViewOfSection + B 77B15C33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtOpenFile + 6 77B15CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtOpenFile + B 77B15CE3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtOpenProcess + 6 77B15D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtOpenProcess + B 77B15D93 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtOpenProcessToken + 6 77B15D9E 4 Bytes CALL 76B174A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtOpenProcessToken + B 77B15DA3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtOpenProcessTokenEx + 6 77B15DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtOpenProcessTokenEx + B 77B15DB3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtOpenThread + 6 77B15E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtOpenThread + B 77B15E13 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtOpenThreadToken + 6 77B15E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtOpenThreadToken + B 77B15E23 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtOpenThreadTokenEx + 6 77B15E2E 4 Bytes CALL 76B17535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtOpenThreadTokenEx + B 77B15E33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtQueryAttributesFile + 6 77B15F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtQueryAttributesFile + B 77B15F43 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtQueryFullAttributesFile + 6 77B15FEE 4 Bytes CALL 76B176F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtQueryFullAttributesFile + B 77B15FF3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtSetInformationFile + 6 77B1663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtSetInformationFile + B 77B16643 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtSetInformationThread + 6 77B1669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtSetInformationThread + B 77B166A3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 1 Byte [68]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[408] ntdll.dll!NtUnmapViewOfSection + B 77B169C3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtCreateFile + 6 77B155CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtCreateFile + B 77B155D3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 1 Byte [28]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtMapViewOfSection + B 77B15C33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtOpenFile + 6 77B15CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtOpenFile + B 77B15CE3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtOpenProcess + 6 77B15D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtOpenProcess + B 77B15D93 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtOpenProcessToken + 6 77B15D9E 4 Bytes CALL 76B164A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtOpenProcessToken + B 77B15DA3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtOpenProcessTokenEx + 6 77B15DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtOpenProcessTokenEx + B 77B15DB3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtOpenThread + 6 77B15E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtOpenThread + B 77B15E13 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtOpenThreadToken + 6 77B15E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtOpenThreadToken + B 77B15E23 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtOpenThreadTokenEx + 6 77B15E2E 4 Bytes CALL 76B16535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtOpenThreadTokenEx + B 77B15E33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtQueryAttributesFile + 6 77B15F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtQueryAttributesFile + B 77B15F43 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtQueryFullAttributesFile + 6 77B15FEE 4 Bytes CALL 76B166F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtQueryFullAttributesFile + B 77B15FF3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtSetInformationFile + 6 77B1663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtSetInformationFile + B 77B16643 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtSetInformationThread + 6 77B1669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtSetInformationThread + B 77B166A3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 1 Byte [68]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!NtUnmapViewOfSection + B 77B169C3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtCreateFile + 6 77B155CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtCreateFile + B 77B155D3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 1 Byte [28]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtMapViewOfSection + B 77B15C33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenFile + 6 77B15CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenFile + B 77B15CE3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenProcess + 6 77B15D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenProcess + B 77B15D93 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenProcessToken + 6 77B15D9E 4 Bytes CALL 76B174A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenProcessToken + B 77B15DA3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenProcessTokenEx + 6 77B15DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenProcessTokenEx + B 77B15DB3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenThread + 6 77B15E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenThread + B 77B15E13 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenThreadToken + 6 77B15E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenThreadToken + B 77B15E23 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenThreadTokenEx + 6 77B15E2E 4 Bytes CALL 76B17535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenThreadTokenEx + B 77B15E33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtQueryAttributesFile + 6 77B15F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtQueryAttributesFile + B 77B15F43 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtQueryFullAttributesFile + 6 77B15FEE 4 Bytes CALL 76B176F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtQueryFullAttributesFile + B 77B15FF3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtSetInformationFile + 6 77B1663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtSetInformationFile + B 77B16643 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtSetInformationThread + 6 77B1669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtSetInformationThread + B 77B166A3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 1 Byte [68]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtUnmapViewOfSection + B 77B169C3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtCreateFile + 6 77B155CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtCreateFile + B 77B155D3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 1 Byte [28]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtMapViewOfSection + B 77B15C33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtOpenFile + 6 77B15CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtOpenFile + B 77B15CE3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtOpenProcess + 6 77B15D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtOpenProcess + B 77B15D93 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtOpenProcessToken + 6 77B15D9E 4 Bytes CALL 76B164A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtOpenProcessToken + B 77B15DA3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtOpenProcessTokenEx + 6 77B15DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtOpenProcessTokenEx + B 77B15DB3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtOpenThread + 6 77B15E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtOpenThread + B 77B15E13 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtOpenThreadToken + 6 77B15E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtOpenThreadToken + B 77B15E23 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtOpenThreadTokenEx + 6 77B15E2E 4 Bytes CALL 76B16535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtOpenThreadTokenEx + B 77B15E33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtQueryAttributesFile + 6 77B15F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtQueryAttributesFile + B 77B15F43 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtQueryFullAttributesFile + 6 77B15FEE 4 Bytes CALL 76B166F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtQueryFullAttributesFile + B 77B15FF3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtSetInformationFile + 6 77B1663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtSetInformationFile + B 77B16643 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtSetInformationThread + 6 77B1669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtSetInformationThread + B 77B166A3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 1 Byte [68]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4376] ntdll.dll!NtUnmapViewOfSection + B 77B169C3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtCreateFile + 6 77B155CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtCreateFile + B 77B155D3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 1 Byte [28]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtMapViewOfSection + B 77B15C33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenFile + 6 77B15CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenFile + B 77B15CE3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcess + 6 77B15D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcess + B 77B15D93 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcessToken + 6 77B15D9E 4 Bytes CALL 76B164A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcessToken + B 77B15DA3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcessTokenEx + 6 77B15DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcessTokenEx + B 77B15DB3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThread + 6 77B15E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThread + B 77B15E13 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThreadToken + 6 77B15E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThreadToken + B 77B15E23 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThreadTokenEx + 6 77B15E2E 4 Bytes CALL 76B16535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThreadTokenEx + B 77B15E33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtQueryAttributesFile + 6 77B15F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtQueryAttributesFile + B 77B15F43 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtQueryFullAttributesFile + 6 77B15FEE 4 Bytes CALL 76B166F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtQueryFullAttributesFile + B 77B15FF3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtSetInformationFile + 6 77B1663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtSetInformationFile + B 77B16643 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtSetInformationThread + 6 77B1669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtSetInformationThread + B 77B166A3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 1 Byte [68]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtUnmapViewOfSection + B 77B169C3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateFile + 6 77B155CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateFile + B 77B155D3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 1 Byte [28]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + B 77B15C33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenFile + 6 77B15CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenFile + B 77B15CE3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcess + 6 77B15D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcess + B 77B15D93 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessToken + 6 77B15D9E 4 Bytes CALL 76B164A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessToken + B 77B15DA3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessTokenEx + 6 77B15DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessTokenEx + B 77B15DB3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThread + 6 77B15E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThread + B 77B15E13 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadToken + 6 77B15E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadToken + B 77B15E23 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadTokenEx + 6 77B15E2E 4 Bytes CALL 76B16535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadTokenEx + B 77B15E33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryAttributesFile + 6 77B15F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryAttributesFile + B 77B15F43 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryFullAttributesFile + 6 77B15FEE 4 Bytes CALL 76B166F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryFullAttributesFile + B 77B15FF3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationFile + 6 77B1663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationFile + B 77B16643 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationThread + 6 77B1669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationThread + B 77B166A3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 1 Byte [68]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + B 77B169C3 1 Byte [E2]
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5456] kernel32.dll!SetUnhandledExceptionFilter 7617F4FB 5 Bytes JMP 5E9B84E5 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5456] USER32.dll!SetScrollRange 76068EC5 8 Bytes JMP 0B6800D9
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5456] USER32.dll!SetScrollInfo 760748DA 8 Bytes JMP 0B680000
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5456] USER32.dll!SetScrollPos 760904BE 8 Bytes JMP 0B6801CA
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5456] ole32.dll!OleLoadFromStream 77976143 5 Bytes JMP 5EEF7B8B C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtCreateFile + 6 77B155CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtCreateFile + B 77B155D3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 1 Byte [28]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtMapViewOfSection + B 77B15C33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenFile + 6 77B15CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenFile + B 77B15CE3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenProcess + 6 77B15D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenProcess + B 77B15D93 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenProcessToken + 6 77B15D9E 4 Bytes CALL 76B164A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenProcessToken + B 77B15DA3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenProcessTokenEx + 6 77B15DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenProcessTokenEx + B 77B15DB3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenThread + 6 77B15E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenThread + B 77B15E13 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenThreadToken + 6 77B15E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenThreadToken + B 77B15E23 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenThreadTokenEx + 6 77B15E2E 4 Bytes CALL 76B16535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenThreadTokenEx + B 77B15E33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtQueryAttributesFile + 6 77B15F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtQueryAttributesFile + B 77B15F43 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtQueryFullAttributesFile + 6 77B15FEE 4 Bytes CALL 76B166F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtQueryFullAttributesFile + B 77B15FF3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtSetInformationFile + 6 77B1663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtSetInformationFile + B 77B16643 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtSetInformationThread + 6 77B1669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtSetInformationThread + B 77B166A3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 1 Byte [68]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtUnmapViewOfSection + B 77B169C3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtCreateFile + 6 77B155CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtCreateFile + B 77B155D3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 1 Byte [28]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtMapViewOfSection + B 77B15C33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenFile + 6 77B15CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenFile + B 77B15CE3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenProcess + 6 77B15D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenProcess + B 77B15D93 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenProcessToken + 6 77B15D9E 4 Bytes CALL 76B164A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenProcessToken + B 77B15DA3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenProcessTokenEx + 6 77B15DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenProcessTokenEx + B 77B15DB3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenThread + 6 77B15E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenThread + B 77B15E13 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenThreadToken + 6 77B15E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenThreadToken + B 77B15E23 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenThreadTokenEx + 6 77B15E2E 4 Bytes CALL 76B16535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenThreadTokenEx + B 77B15E33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtQueryAttributesFile + 6 77B15F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtQueryAttributesFile + B 77B15F43 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtQueryFullAttributesFile + 6 77B15FEE 4 Bytes CALL 76B166F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtQueryFullAttributesFile + B 77B15FF3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtSetInformationFile + 6 77B1663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtSetInformationFile + B 77B16643 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtSetInformationThread + 6 77B1669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtSetInformationThread + B 77B166A3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 1 Byte [68]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtUnmapViewOfSection + B 77B169C3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtCreateFile + 6 77B155CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtCreateFile + B 77B155D3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 1 Byte [28]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtMapViewOfSection + B 77B15C33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtOpenFile + 6 77B15CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtOpenFile + B 77B15CE3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtOpenProcess + 6 77B15D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtOpenProcess + B 77B15D93 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtOpenProcessToken + 6 77B15D9E 4 Bytes CALL 76B164A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtOpenProcessToken + B 77B15DA3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtOpenProcessTokenEx + 6 77B15DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtOpenProcessTokenEx + B 77B15DB3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtOpenThread + 6 77B15E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtOpenThread + B 77B15E13 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtOpenThreadToken + 6 77B15E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtOpenThreadToken + B 77B15E23 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtOpenThreadTokenEx + 6 77B15E2E 4 Bytes CALL 76B16535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtOpenThreadTokenEx + B 77B15E33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtQueryAttributesFile + 6 77B15F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtQueryAttributesFile + B 77B15F43 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtQueryFullAttributesFile + 6 77B15FEE 4 Bytes CALL 76B166F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtQueryFullAttributesFile + B 77B15FF3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtSetInformationFile + 6 77B1663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtSetInformationFile + B 77B16643 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtSetInformationThread + 6 77B1669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtSetInformationThread + B 77B166A3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 1 Byte [68]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtUnmapViewOfSection + B 77B169C3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtCreateFile + 6 77B155CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtCreateFile + B 77B155D3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 1 Byte [28]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtMapViewOfSection + B 77B15C33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenFile + 6 77B15CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenFile + B 77B15CE3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenProcess + 6 77B15D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenProcess + B 77B15D93 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenProcessToken + 6 77B15D9E 4 Bytes CALL 76B174A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenProcessToken + B 77B15DA3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenProcessTokenEx + 6 77B15DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenProcessTokenEx + B 77B15DB3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenThread + 6 77B15E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenThread + B 77B15E13 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenThreadToken + 6 77B15E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenThreadToken + B 77B15E23 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenThreadTokenEx + 6 77B15E2E 4 Bytes CALL 76B17535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenThreadTokenEx + B 77B15E33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtQueryAttributesFile + 6 77B15F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtQueryAttributesFile + B 77B15F43 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtQueryFullAttributesFile + 6 77B15FEE 4 Bytes CALL 76B176F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtQueryFullAttributesFile + B 77B15FF3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtSetInformationFile + 6 77B1663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtSetInformationFile + B 77B16643 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtSetInformationThread + 6 77B1669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtSetInformationThread + B 77B166A3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 1 Byte [68]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtUnmapViewOfSection + B 77B169C3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtCreateFile + 6 77B155CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtCreateFile + B 77B155D3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 1 Byte [28]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtMapViewOfSection + 6 77B15C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtMapViewOfSection + B 77B15C33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenFile + 6 77B15CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenFile + B 77B15CE3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenProcess + 6 77B15D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenProcess + B 77B15D93 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenProcessToken + 6 77B15D9E 4 Bytes CALL 76B174A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenProcessToken + B 77B15DA3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenProcessTokenEx + 6 77B15DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenProcessTokenEx + B 77B15DB3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenThread + 6 77B15E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenThread + B 77B15E13 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenThreadToken + 6 77B15E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenThreadToken + B 77B15E23 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenThreadTokenEx + 6 77B15E2E 4 Bytes CALL 76B17535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenThreadTokenEx + B 77B15E33 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtQueryAttributesFile + 6 77B15F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtQueryAttributesFile + B 77B15F43 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtQueryFullAttributesFile + 6 77B15FEE 4 Bytes CALL 76B176F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtQueryFullAttributesFile + B 77B15FF3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtSetInformationFile + 6 77B1663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtSetInformationFile + B 77B16643 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtSetInformationThread + 6 77B1669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtSetInformationThread + B 77B166A3 1 Byte [E2]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 1 Byte [68]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtUnmapViewOfSection + 6 77B169BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtUnmapViewOfSection + B 77B169C3 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys
Device \Driver\ACPI_HAL \Device\00000060 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-4 hcmon.sys

AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)

Device \Driver\usbhub \Device\USBPDO-6 hcmon.sys

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbhub \Device\USBPDO-7 hcmon.sys

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbhub \Device\00000078 hcmon.sys
Device \Driver\usbhub \Device\00000079 hcmon.sys

AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbhub \Device\0000007a hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbhub \Device\0000007b hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbhub \Device\0000007c hcmon.sys
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2011-11-01 20:47:36
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.5.7601.17514_204b9741ec62c2eaf61f48ea71f284bac36a35_12ed8add

---- Files - GMER 1.0.15 ----

File C:\Users\esiegel.PANURGY\AppData\Roaming\Microsoft\Windows\Cookies\SNEO3LAP.txt 93 bytes
File C:\Windows\$NtUninstallKB26056$\2912522035 0 bytes
File C:\Windows\$NtUninstallKB26056$\3546433877 0 bytes
File C:\Windows\$NtUninstallKB26056$\3546433877\L 0 bytes
File C:\Windows\$NtUninstallKB26056$\3546433877\U 0 bytes

---- EOF - GMER 1.0.15 ----


Thanks again!

- Eli

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 AM

Posted 06 November 2011 - 12:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/425879 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:25 AM

Posted 06 November 2011 - 01:18 PM

Hello Jumpstile,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKIller log
Combofix.txt
How is your machine running now? Any signs or symptoms of malware?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 Jumpstile

Jumpstile
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 AM

Posted 07 November 2011 - 10:06 AM

Here is the TDSSKiller Log:

18:23:13.0178 7388 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
18:23:13.0444 7388 ============================================================
18:23:13.0444 7388 Current date / time: 2011/11/06 18:23:13.0444
18:23:13.0444 7388 SystemInfo:
18:23:13.0444 7388
18:23:13.0444 7388 OS Version: 6.1.7601 ServicePack: 1.0
18:23:13.0444 7388 Product type: Workstation
18:23:13.0444 7388 ComputerName: NOC-3801
18:23:13.0445 7388 UserName: esiegel
18:23:13.0445 7388 Windows directory: C:\Windows
18:23:13.0445 7388 System windows directory: C:\Windows
18:23:13.0445 7388 Processor architecture: Intel x86
18:23:13.0445 7388 Number of processors: 2
18:23:13.0445 7388 Page size: 0x1000
18:23:13.0445 7388 Boot type: Normal boot
18:23:13.0445 7388 ============================================================
18:23:14.0692 7388 Initialize success
18:23:23.0551 5340 ============================================================
18:23:23.0551 5340 Scan started
18:23:23.0551 5340 Mode: Manual; SigCheck; TDLFS;
18:23:23.0551 5340 ============================================================
18:23:24.0433 5340 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:23:24.0539 5340 1394ohci - ok
18:23:24.0612 5340 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:23:24.0633 5340 ACPI - ok
18:23:24.0705 5340 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:23:24.0732 5340 AcpiPmi - ok
18:23:24.0803 5340 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:23:24.0834 5340 adp94xx - ok
18:23:24.0865 5340 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:23:24.0894 5340 adpahci - ok
18:23:24.0922 5340 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:23:24.0942 5340 adpu320 - ok
18:23:24.0999 5340 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\Windows\system32\drivers\aeaudio.sys
18:23:25.0022 5340 aeaudio - ok
18:23:25.0086 5340 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:23:25.0114 5340 AFD - ok
18:23:25.0155 5340 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:23:25.0173 5340 agp440 - ok
18:23:25.0211 5340 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:23:25.0228 5340 aic78xx - ok
18:23:25.0421 5340 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:23:25.0437 5340 aliide - ok
18:23:25.0477 5340 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:23:25.0496 5340 amdagp - ok
18:23:25.0532 5340 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:23:25.0549 5340 amdide - ok
18:23:25.0597 5340 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:23:25.0622 5340 AmdK8 - ok
18:23:25.0641 5340 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:23:25.0675 5340 AmdPPM - ok
18:23:25.0729 5340 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:23:25.0748 5340 amdsata - ok
18:23:25.0792 5340 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:23:25.0816 5340 amdsbs - ok
18:23:25.0889 5340 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:23:25.0907 5340 amdxata - ok
18:23:26.0082 5340 androidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\Windows\system32\Drivers\motoandroid.sys
18:23:26.0114 5340 androidusb - ok
18:23:26.0192 5340 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:23:26.0229 5340 AppID - ok
18:23:26.0375 5340 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:23:26.0394 5340 arc - ok
18:23:26.0432 5340 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:23:26.0452 5340 arcsas - ok
18:23:26.0526 5340 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:23:26.0571 5340 AsyncMac - ok
18:23:26.0615 5340 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:23:26.0633 5340 atapi - ok
18:23:26.0696 5340 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:23:26.0726 5340 b06bdrv - ok
18:23:26.0761 5340 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:23:26.0788 5340 b57nd60x - ok
18:23:26.0819 5340 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:23:26.0864 5340 Beep - ok
18:23:26.0919 5340 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:23:26.0944 5340 blbdrive - ok
18:23:26.0999 5340 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:23:27.0028 5340 bowser - ok
18:23:27.0053 5340 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:23:27.0082 5340 BrFiltLo - ok
18:23:27.0109 5340 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:23:27.0142 5340 BrFiltUp - ok
18:23:27.0184 5340 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:23:27.0213 5340 Brserid - ok
18:23:27.0313 5340 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:23:27.0354 5340 BrSerWdm - ok
18:23:27.0390 5340 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:23:27.0419 5340 BrUsbMdm - ok
18:23:27.0436 5340 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:23:27.0473 5340 BrUsbSer - ok
18:23:27.0537 5340 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:23:27.0568 5340 BTHMODEM - ok
18:23:27.0741 5340 catchme - ok
18:23:27.0801 5340 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:23:27.0875 5340 cdfs - ok
18:23:27.0932 5340 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:23:27.0966 5340 cdrom - ok
18:23:28.0006 5340 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:23:28.0040 5340 circlass - ok
18:23:28.0186 5340 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:23:28.0210 5340 CLFS - ok
18:23:28.0275 5340 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:23:28.0314 5340 CmBatt - ok
18:23:28.0367 5340 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:23:28.0388 5340 cmdide - ok
18:23:28.0460 5340 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:23:28.0488 5340 CNG - ok
18:23:28.0515 5340 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:23:28.0534 5340 Compbatt - ok
18:23:28.0589 5340 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:23:28.0625 5340 CompositeBus - ok
18:23:28.0683 5340 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:23:28.0702 5340 crcdisk - ok
18:23:28.0752 5340 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:23:28.0779 5340 CSC - ok
18:23:28.0839 5340 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:23:28.0889 5340 DfsC - ok
18:23:28.0918 5340 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:23:28.0960 5340 discache - ok
18:23:28.0995 5340 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:23:29.0013 5340 Disk - ok
18:23:29.0136 5340 DNE (0d5b78167dce2c7d96320f161eaee4ca) C:\Windows\system32\DRIVERS\dne2000.sys
18:23:29.0158 5340 DNE - ok
18:23:29.0245 5340 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:23:29.0270 5340 drmkaud - ok
18:23:29.0354 5340 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:23:29.0390 5340 DXGKrnl - ok
18:23:29.0428 5340 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
18:23:29.0454 5340 E100B - ok
18:23:29.0584 5340 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:23:29.0667 5340 ebdrv - ok
18:23:29.0739 5340 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
18:23:29.0783 5340 ElbyCDIO - ok
18:23:29.0836 5340 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:23:29.0862 5340 elxstor - ok
18:23:29.0895 5340 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:23:29.0921 5340 ErrDev - ok
18:23:29.0962 5340 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:23:30.0005 5340 exfat - ok
18:23:30.0031 5340 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:23:30.0096 5340 fastfat - ok
18:23:30.0138 5340 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:23:30.0177 5340 fdc - ok
18:23:30.0211 5340 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:23:30.0238 5340 FileInfo - ok
18:23:30.0260 5340 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:23:30.0305 5340 Filetrace - ok
18:23:30.0402 5340 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:23:30.0437 5340 flpydisk - ok
18:23:30.0476 5340 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:23:30.0515 5340 FltMgr - ok
18:23:30.0570 5340 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:23:30.0589 5340 FsDepends - ok
18:23:30.0613 5340 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:23:30.0636 5340 Fs_Rec - ok
18:23:30.0720 5340 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:23:30.0747 5340 fvevol - ok
18:23:30.0808 5340 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:23:30.0829 5340 gagp30kx - ok
18:23:30.0926 5340 hcmon (1c51e9db4a24c4a6b7ad5be4bc4b19a6) C:\Windows\system32\drivers\hcmon.sys
18:23:30.0941 5340 hcmon - ok
18:23:30.0964 5340 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:23:30.0991 5340 hcw85cir - ok
18:23:31.0036 5340 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:23:31.0066 5340 HDAudBus - ok
18:23:31.0115 5340 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:23:31.0146 5340 HidBatt - ok
18:23:31.0173 5340 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:23:31.0208 5340 HidBth - ok
18:23:31.0319 5340 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:23:31.0352 5340 HidIr - ok
18:23:31.0429 5340 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:23:31.0454 5340 HidUsb - ok
18:23:31.0519 5340 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:23:31.0542 5340 HpSAMD - ok
18:23:31.0623 5340 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:23:31.0675 5340 HTTP - ok
18:23:31.0699 5340 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:23:31.0720 5340 hwpolicy - ok
18:23:31.0789 5340 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:23:31.0814 5340 i8042prt - ok
18:23:31.0858 5340 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:23:31.0889 5340 iaStorV - ok
18:23:32.0079 5340 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:23:32.0097 5340 iirsp - ok
18:23:32.0144 5340 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:23:32.0167 5340 intelide - ok
18:23:32.0199 5340 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:23:32.0230 5340 intelppm - ok
18:23:32.0272 5340 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:23:32.0317 5340 IpFilterDriver - ok
18:23:32.0386 5340 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:23:32.0414 5340 IPMIDRV - ok
18:23:32.0443 5340 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:23:32.0485 5340 IPNAT - ok
18:23:32.0531 5340 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:23:32.0606 5340 IRENUM - ok
18:23:32.0666 5340 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:23:32.0690 5340 isapnp - ok
18:23:32.0737 5340 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:23:32.0758 5340 iScsiPrt - ok
18:23:32.0813 5340 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:23:32.0835 5340 kbdclass - ok
18:23:32.0886 5340 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:23:32.0916 5340 kbdhid - ok
18:23:32.0985 5340 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
18:23:33.0003 5340 KSecDD - ok
18:23:33.0027 5340 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:23:33.0054 5340 KSecPkg - ok
18:23:33.0192 5340 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:23:33.0238 5340 lltdio - ok
18:23:33.0288 5340 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:23:33.0313 5340 LSI_FC - ok
18:23:33.0352 5340 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:23:33.0372 5340 LSI_SAS - ok
18:23:33.0414 5340 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:23:33.0435 5340 LSI_SAS2 - ok
18:23:33.0466 5340 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:23:33.0487 5340 LSI_SCSI - ok
18:23:33.0518 5340 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:23:33.0582 5340 luafv - ok
18:23:33.0624 5340 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
18:23:33.0661 5340 MBAMProtector - ok
18:23:33.0727 5340 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:23:33.0745 5340 megasas - ok
18:23:33.0777 5340 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:23:33.0798 5340 MegaSR - ok
18:23:33.0839 5340 MfeAVFK (32bcd2aec12cee766b2488731a78127c) C:\Windows\system32\drivers\MfeAVFK.sys
18:23:33.0855 5340 MfeAVFK - ok
18:23:33.0877 5340 MfeBOPK (963abf1a4d3a19206f7b059e5a1a190b) C:\Windows\system32\drivers\MfeBOPK.sys
18:23:33.0898 5340 MfeBOPK - ok
18:23:33.0955 5340 mfehidk (586a07b1fa933c340d990419d6894d7a) C:\Windows\system32\drivers\mfehidk.sys
18:23:33.0971 5340 mfehidk - ok
18:23:34.0090 5340 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\Windows\system32\drivers\MfeRKDK.sys
18:23:34.0105 5340 MfeRKDK - ok
18:23:34.0131 5340 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\Windows\system32\drivers\mfetdik.sys
18:23:34.0151 5340 mfetdik - ok
18:23:34.0238 5340 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:23:34.0276 5340 Modem - ok
18:23:34.0332 5340 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:23:34.0359 5340 monitor - ok
18:23:34.0403 5340 motccgp (c741717b0a18813dd7d12085937cee72) C:\Windows\system32\DRIVERS\motccgp.sys
18:23:34.0435 5340 motccgp - ok
18:23:34.0470 5340 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
18:23:34.0500 5340 motccgpfl - ok
18:23:34.0520 5340 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
18:23:34.0557 5340 MotoSwitchService - ok
18:23:34.0609 5340 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:23:34.0628 5340 mouclass - ok
18:23:34.0665 5340 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:23:34.0693 5340 mouhid - ok
18:23:34.0742 5340 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:23:34.0760 5340 mountmgr - ok
18:23:34.0802 5340 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:23:34.0821 5340 mpio - ok
18:23:34.0926 5340 MpKsl193cdd82 - ok
18:23:34.0944 5340 MpKsl28ee61da - ok
18:23:34.0962 5340 MpKsl6d4f6228 - ok
18:23:35.0069 5340 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:23:35.0110 5340 mpsdrv - ok
18:23:35.0174 5340 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:23:35.0201 5340 MRxDAV - ok
18:23:35.0267 5340 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:23:35.0292 5340 mrxsmb - ok
18:23:35.0348 5340 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:23:35.0374 5340 mrxsmb10 - ok
18:23:35.0401 5340 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:23:35.0429 5340 mrxsmb20 - ok
18:23:35.0463 5340 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:23:35.0484 5340 msahci - ok
18:23:35.0531 5340 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:23:35.0552 5340 msdsm - ok
18:23:35.0598 5340 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:23:35.0639 5340 Msfs - ok
18:23:35.0691 5340 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:23:35.0728 5340 mshidkmdf - ok
18:23:35.0777 5340 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:23:35.0793 5340 msisadrv - ok
18:23:35.0870 5340 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:23:35.0914 5340 MSKSSRV - ok
18:23:35.0934 5340 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:23:35.0978 5340 MSPCLOCK - ok
18:23:36.0094 5340 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:23:36.0137 5340 MSPQM - ok
18:23:36.0176 5340 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:23:36.0198 5340 MsRPC - ok
18:23:36.0230 5340 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:23:36.0258 5340 mssmbios - ok
18:23:36.0279 5340 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:23:36.0328 5340 MSTEE - ok
18:23:36.0364 5340 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:23:36.0398 5340 MTConfig - ok
18:23:36.0424 5340 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:23:36.0445 5340 Mup - ok
18:23:36.0486 5340 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:23:36.0516 5340 NativeWifiP - ok
18:23:36.0583 5340 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:23:36.0612 5340 NDIS - ok
18:23:36.0641 5340 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:23:36.0696 5340 NdisCap - ok
18:23:36.0722 5340 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:23:36.0762 5340 NdisTapi - ok
18:23:36.0809 5340 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:23:36.0846 5340 Ndisuio - ok
18:23:36.0876 5340 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:23:36.0917 5340 NdisWan - ok
18:23:36.0959 5340 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:23:36.0995 5340 NDProxy - ok
18:23:37.0020 5340 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:23:37.0069 5340 NetBIOS - ok
18:23:37.0112 5340 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:23:37.0150 5340 NetBT - ok
18:23:37.0362 5340 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:23:37.0379 5340 nfrd960 - ok
18:23:37.0485 5340 NPF (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\drivers\npf.sys
18:23:37.0504 5340 NPF - ok
18:23:37.0528 5340 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:23:37.0577 5340 Npfs - ok
18:23:37.0708 5340 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:23:37.0747 5340 nsiproxy - ok
18:23:37.0825 5340 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:23:37.0862 5340 Ntfs - ok
18:23:37.0889 5340 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:23:37.0963 5340 Null - ok
18:23:38.0116 5340 nvlddmkm (d37174e8014da46be1a81e7b02237ac0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:23:38.0210 5340 nvlddmkm - ok
18:23:38.0270 5340 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:23:38.0291 5340 nvraid - ok
18:23:38.0356 5340 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:23:38.0374 5340 nvstor - ok
18:23:38.0417 5340 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:23:38.0440 5340 nv_agp - ok
18:23:38.0491 5340 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:23:38.0516 5340 ohci1394 - ok
18:23:38.0727 5340 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:23:38.0752 5340 Parport - ok
18:23:38.0804 5340 Partizan - ok
18:23:38.0877 5340 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:23:38.0896 5340 partmgr - ok
18:23:38.0920 5340 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:23:38.0948 5340 Parvdm - ok
18:23:39.0003 5340 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:23:39.0024 5340 pci - ok
18:23:39.0052 5340 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:23:39.0071 5340 pciide - ok
18:23:39.0103 5340 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:23:39.0122 5340 pcmcia - ok
18:23:39.0151 5340 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:23:39.0173 5340 pcw - ok
18:23:39.0212 5340 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:23:39.0256 5340 PEAUTH - ok
18:23:39.0381 5340 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:23:39.0421 5340 PptpMiniport - ok
18:23:39.0445 5340 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:23:39.0478 5340 Processor - ok
18:23:39.0541 5340 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:23:39.0585 5340 Psched - ok
18:23:39.0647 5340 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:23:39.0699 5340 ql2300 - ok
18:23:39.0728 5340 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:23:39.0748 5340 ql40xx - ok
18:23:39.0784 5340 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:23:39.0812 5340 QWAVEdrv - ok
18:23:39.0904 5340 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:23:39.0955 5340 RasAcd - ok
18:23:40.0029 5340 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:23:40.0070 5340 RasAgileVpn - ok
18:23:40.0118 5340 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:23:40.0159 5340 Rasl2tp - ok
18:23:40.0200 5340 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:23:40.0244 5340 RasPppoe - ok
18:23:40.0267 5340 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:23:40.0324 5340 RasSstp - ok
18:23:40.0379 5340 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:23:40.0418 5340 rdbss - ok
18:23:40.0456 5340 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:23:40.0487 5340 rdpbus - ok
18:23:40.0539 5340 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:23:40.0575 5340 RDPCDD - ok
18:23:40.0627 5340 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:23:40.0655 5340 RDPDR - ok
18:23:40.0684 5340 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:23:40.0733 5340 RDPENCDD - ok
18:23:40.0758 5340 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:23:40.0804 5340 RDPREFMP - ok
18:23:40.0880 5340 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
18:23:40.0905 5340 RdpVideoMiniport - ok
18:23:40.0953 5340 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:23:40.0994 5340 RDPWD - ok
18:23:41.0037 5340 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:23:41.0058 5340 rdyboost - ok
18:23:41.0197 5340 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\Windows\system32\Drivers\regguard.sys
18:23:41.0219 5340 RegGuard - ok
18:23:41.0276 5340 RimUsb - ok
18:23:41.0354 5340 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
18:23:41.0380 5340 RimVSerPort - ok
18:23:41.0408 5340 rk_remover-boot - ok
18:23:41.0455 5340 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
18:23:41.0503 5340 ROOTMODEM - ok
18:23:41.0536 5340 rootrepeal - ok
18:23:41.0598 5340 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:23:41.0641 5340 rspndr - ok
18:23:41.0700 5340 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:23:41.0736 5340 s3cap - ok
18:23:41.0915 5340 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:23:41.0930 5340 SASDIFSV - ok
18:23:41.0969 5340 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:23:41.0987 5340 SASKUTIL - ok
18:23:42.0119 5340 sbapifs (cc5dd5bc0d6168a8bbb30d9388285ce5) C:\Windows\system32\DRIVERS\sbapifs.sys
18:23:42.0133 5340 sbapifs - ok
18:23:42.0223 5340 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:23:42.0245 5340 sbp2port - ok
18:23:42.0346 5340 SBRE (d09961c0d2b452745575c7d0511bf3da) C:\Windows\system32\drivers\SBREdrv.sys
18:23:42.0369 5340 SBRE - ok
18:23:42.0417 5340 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
18:23:42.0432 5340 SbTis - ok
18:23:42.0481 5340 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:23:42.0525 5340 scfilter - ok
18:23:42.0603 5340 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:23:42.0641 5340 secdrv - ok
18:23:42.0691 5340 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:23:42.0720 5340 Serenum - ok
18:23:42.0741 5340 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:23:42.0773 5340 Serial - ok
18:23:42.0816 5340 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:23:42.0842 5340 sermouse - ok
18:23:42.0908 5340 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:23:42.0931 5340 sffdisk - ok
18:23:43.0009 5340 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:23:43.0036 5340 sffp_mmc - ok
18:23:43.0074 5340 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:23:43.0105 5340 sffp_sd - ok
18:23:43.0131 5340 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:23:43.0165 5340 sfloppy - ok
18:23:43.0245 5340 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:23:43.0262 5340 sisagp - ok
18:23:43.0296 5340 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:23:43.0321 5340 SiSRaid2 - ok
18:23:43.0349 5340 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:23:43.0369 5340 SiSRaid4 - ok
18:23:43.0438 5340 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:23:43.0484 5340 Smb - ok
18:23:43.0548 5340 smwdm (86d17b6760dd2b09e932ff101714e0dc) C:\Windows\system32\drivers\smwdm.sys
18:23:43.0574 5340 smwdm - ok
18:23:43.0619 5340 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:23:43.0642 5340 spldr - ok
18:23:43.0732 5340 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:23:43.0771 5340 srv - ok
18:23:43.0846 5340 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:23:43.0875 5340 srv2 - ok
18:23:43.0898 5340 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:23:43.0927 5340 srvnet - ok
18:23:44.0065 5340 SSLDrv (a7a577c32309fe723fa2ef927464ec6f) C:\Windows\system32\DRIVERS\SSLDrv.sys
18:23:44.0080 5340 SSLDrv - ok
18:23:44.0139 5340 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
18:23:44.0154 5340 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:23:44.0154 5340 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:23:44.0204 5340 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:23:44.0222 5340 stexstor - ok
18:23:44.0282 5340 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:23:44.0302 5340 storflt - ok
18:23:44.0353 5340 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:23:44.0370 5340 storvsc - ok
18:23:44.0416 5340 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:23:44.0434 5340 swenum - ok
18:23:44.0473 5340 Synth3dVsc - ok
18:23:44.0606 5340 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
18:23:44.0643 5340 Tcpip - ok
18:23:44.0705 5340 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
18:23:44.0746 5340 TCPIP6 - ok
18:23:44.0886 5340 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:23:44.0938 5340 tcpipreg - ok
18:23:45.0005 5340 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:23:45.0047 5340 TDPIPE - ok
18:23:45.0076 5340 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:23:45.0127 5340 TDTCP - ok
18:23:45.0161 5340 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:23:45.0204 5340 tdx - ok
18:23:45.0253 5340 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:23:45.0279 5340 TermDD - ok
18:23:45.0337 5340 tifsfilter (2760ab34abd8d977fd4412f6cfcef1c6) C:\Windows\system32\DRIVERS\tifsfilt.sys
18:23:45.0352 5340 tifsfilter - ok
18:23:45.0389 5340 timounter (64694b2a5c772e1c61feac300ed90ca6) C:\Windows\system32\DRIVERS\timntr.sys
18:23:45.0411 5340 timounter - ok
18:23:45.0483 5340 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:23:45.0529 5340 tssecsrv - ok
18:23:45.0584 5340 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:23:45.0608 5340 TsUsbFlt - ok
18:23:45.0626 5340 tsusbhub - ok
18:23:45.0690 5340 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:23:45.0727 5340 tunnel - ok
18:23:45.0769 5340 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:23:45.0789 5340 uagp35 - ok
18:23:45.0827 5340 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:23:45.0865 5340 udfs - ok
18:23:45.0931 5340 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:23:45.0950 5340 uliagpkx - ok
18:23:46.0047 5340 UltraMonUtility (5a5bd0f66e84eb039cb227520d49908c) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
18:23:46.0063 5340 UltraMonUtility - ok
18:23:46.0201 5340 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:23:46.0225 5340 umbus - ok
18:23:46.0259 5340 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:23:46.0293 5340 UmPass - ok
18:23:46.0354 5340 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:23:46.0379 5340 USBAAPL - ok
18:23:46.0427 5340 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:23:46.0454 5340 usbccgp - ok
18:23:46.0502 5340 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:23:46.0537 5340 usbcir - ok
18:23:46.0580 5340 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:23:46.0610 5340 usbehci - ok
18:23:46.0671 5340 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:23:46.0699 5340 usbhub - ok
18:23:46.0716 5340 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
18:23:46.0747 5340 usbohci - ok
18:23:46.0776 5340 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:23:46.0806 5340 usbprint - ok
18:23:46.0845 5340 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:23:46.0871 5340 USBSTOR - ok
18:23:46.0919 5340 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:23:46.0946 5340 usbuhci - ok
18:23:46.0986 5340 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
18:23:47.0017 5340 usb_rndisx - ok
18:23:47.0070 5340 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
18:23:47.0097 5340 VClone - ok
18:23:47.0152 5340 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:23:47.0170 5340 vdrvroot - ok
18:23:47.0299 5340 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:23:47.0343 5340 vga - ok
18:23:47.0386 5340 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:23:47.0433 5340 VgaSave - ok
18:23:47.0470 5340 VGPU - ok
18:23:47.0522 5340 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:23:47.0555 5340 vhdmp - ok
18:23:47.0589 5340 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:23:47.0608 5340 viaagp - ok
18:23:47.0630 5340 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:23:47.0663 5340 ViaC7 - ok
18:23:47.0717 5340 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:23:47.0738 5340 viaide - ok
18:23:47.0809 5340 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:23:47.0830 5340 vmbus - ok
18:23:47.0863 5340 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:23:47.0893 5340 VMBusHID - ok
18:23:47.0966 5340 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:23:47.0984 5340 volmgr - ok
18:23:48.0017 5340 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:23:48.0043 5340 volmgrx - ok
18:23:48.0100 5340 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:23:48.0121 5340 volsnap - ok
18:23:48.0187 5340 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
18:23:48.0207 5340 vpcbus - ok
18:23:48.0246 5340 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
18:23:48.0271 5340 vpcnfltr - ok
18:23:48.0393 5340 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
18:23:48.0430 5340 vpcusb - ok
18:23:48.0487 5340 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
18:23:48.0509 5340 vpcvmm - ok
18:23:48.0583 5340 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:23:48.0601 5340 vsmraid - ok
18:23:48.0644 5340 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:23:48.0676 5340 vwifibus - ok
18:23:48.0758 5340 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:23:48.0783 5340 WacomPen - ok
18:23:48.0831 5340 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:23:48.0868 5340 WANARP - ok
18:23:48.0877 5340 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:23:48.0921 5340 Wanarpv6 - ok
18:23:49.0005 5340 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:23:49.0025 5340 Wd - ok
18:23:49.0064 5340 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:23:49.0089 5340 Wdf01000 - ok
18:23:49.0181 5340 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:23:49.0220 5340 WfpLwf - ok
18:23:49.0238 5340 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:23:49.0261 5340 WIMMount - ok
18:23:49.0437 5340 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:23:49.0465 5340 WinUsb - ok
18:23:49.0548 5340 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:23:49.0577 5340 WmiAcpi - ok
18:23:49.0639 5340 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:23:49.0682 5340 ws2ifsl - ok
18:23:49.0759 5340 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:23:49.0798 5340 WudfPf - ok
18:23:49.0838 5340 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:23:49.0877 5340 WUDFRd - ok
18:23:49.0936 5340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:23:49.0976 5340 \Device\Harddisk1\DR1 - ok
18:23:49.0995 5340 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:23:50.0095 5340 \Device\Harddisk0\DR0 - ok
18:23:50.0105 5340 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
18:23:50.0145 5340 \Device\Harddisk2\DR2 - ok
18:23:50.0154 5340 Boot (0x1200) (6058f322238c73bfcc7bedde204de893) \Device\Harddisk0\DR0\Partition0
18:23:50.0157 5340 \Device\Harddisk0\DR0\Partition0 - ok
18:23:50.0189 5340 Boot (0x1200) (de28421b5ecdc6ae95099da693d77dcb) \Device\Harddisk0\DR0\Partition1
18:23:50.0200 5340 \Device\Harddisk0\DR0\Partition1 - ok
18:23:50.0210 5340 Boot (0x1200) (bb8c9f03c87faef8a6ddd0fc120aeef1) \Device\Harddisk2\DR2\Partition0
18:23:50.0211 5340 \Device\Harddisk2\DR2\Partition0 - ok
18:23:50.0227 5340 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk2\DR2\Partition1
18:23:50.0227 5340 \Device\Harddisk2\DR2\Partition1 - ok
18:23:50.0241 5340 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk2\DR2\Partition2
18:23:50.0242 5340 \Device\Harddisk2\DR2\Partition2 - ok
18:23:50.0247 5340 ============================================================
18:23:50.0247 5340 Scan finished
18:23:50.0247 5340 ============================================================
18:23:50.0278 6580 Detected object count: 1
18:23:50.0278 6580 Actual detected object count: 1
18:23:58.0992 6580 C:\Windows\system32\drivers\StarOpen.sys - copied to quarantine
18:23:58.0994 6580 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
18:24:17.0626 4932 Deinitialize success


Ok, here is the ComboFix log:


ComboFix 11-11-06.02 - esiegel 11/07/2011 8:51.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3328.2399 [GMT -5:00]
Running from: d:\users\esiegel.panurgy\Desktop\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\3D7E\8724.tmp
c:\program files\LP\3D7E\9241.tmp
c:\program files\LP\3D7E\F551.tmp
c:\program files\LP\AACE\FEAD.tmp
c:\programdata\1316468970-bomgar-rep-installer.exe.exe
c:\programdata\1318965905-bomgar-rep-installer.exe.exe
c:\programdata\1319228173-bomgar-rep-installer.exe.exe
c:\users\esiegel.PANURGY\AppData\Local\d3624955
c:\users\esiegel.PANURGY\AppData\Local\d3624955\@
c:\users\esiegel.PANURGY\AppData\Local\d3624955\U\80000000.@
c:\users\esiegel.PANURGY\AppData\Local\d3624955\U\800000cb.@
c:\users\esiegel.PANURGY\AppData\Local\d3624955\X
c:\windows\$NtUninstallKB26056$
c:\windows\$NtUninstallKB26056$\2912522035
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 14:07 . 2011-11-07 14:17 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Local\temp
2011-11-07 14:07 . 2011-11-07 14:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-07 14:07 . 2011-11-07 14:07 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2011-11-07 14:07 . 2011-11-07 14:07 -------- d-----w- c:\users\administrator\AppData\Local\temp
2011-11-07 14:07 . 2011-11-07 14:07 -------- d-----w- c:\users\Administrator.NOC-3801\AppData\Local\temp
2011-11-07 02:01 . 2011-11-07 14:09 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E3365D8-0C78-41BE-8D8D-9BDABE048785}\offreg.dll
2011-11-07 01:54 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-06 23:22 . 2011-11-06 23:23 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-04 01:25 . 2011-11-04 01:25 -------- d-----w- c:\windows\Standalone System Sweeper
2011-11-03 21:00 . 2011-11-03 21:04 -------- d-----w- c:\windows\system32\catroot2
2011-11-03 20:27 . 2011-11-03 20:27 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\ScanSpyware
2011-11-03 20:27 . 2008-09-07 21:22 8704 ----a-w- c:\windows\system32\ssbtsr.exe
2011-11-03 20:27 . 2011-11-03 20:27 -------- d-----w- c:\program files\ScanSpyware
2011-11-03 19:43 . 2011-11-03 20:26 -------- d-----w- c:\program files\ScanSpyware v3.8.0.2
2011-11-03 14:06 . 2011-11-03 14:06 -------- d-----w- c:\windows\22FC7536BE5C4E888069C24689D34EC5.TMP
2011-11-03 02:40 . 2011-11-03 02:40 -------- d-----w- c:\users\Default\AppData\Local\TechSmith
2011-11-03 02:40 . 2011-11-03 02:40 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-01 13:32 . 2011-11-01 13:58 -------- d-----w- c:\windows\system32\oldcatroot2
2011-10-31 22:24 . 2011-11-06 21:47 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Local\FAD4307A-A3F0-4310-90E1-819F7B31F6A5.aplzod
2011-10-31 22:18 . 2011-10-31 22:18 -------- d-----w- c:\program files\CCleaner
2011-10-31 21:17 . 2011-10-31 21:17 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Local\WindowsUpdate
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-10-31 21:14 . 2011-10-31 21:15 -------- d-----w- c:\program files\QuickTime
2011-10-31 21:12 . 2011-11-01 13:59 -------- d-----w- C:\AULOGS
2011-10-31 21:01 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E3365D8-0C78-41BE-8D8D-9BDABE048785}\mpengine.dll
2011-10-31 20:10 . 2011-11-01 00:23 -------- d-----w- C:\fgdfg
2011-10-31 18:42 . 2011-11-01 00:23 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\E45D3
2011-10-28 18:52 . 2011-11-01 00:23 -------- d-----w- c:\program files\OfficeRecovery
2011-10-26 00:50 . 2011-10-26 00:50 -------- d-----w- C:\ApplicationLog
2011-10-24 20:22 . 2011-11-01 00:58 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\TeamViewer
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 14:06 . 2011-10-24 14:06 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Local\webcamXP 5
2011-10-24 13:58 . 2011-10-24 14:08 -------- d-----w- c:\programdata\webcamXP 5
2011-10-24 13:58 . 2011-11-03 20:44 -------- d-----w- c:\program files\webcamXP 5
2011-10-21 17:01 . 2011-10-21 17:01 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\gnupg
2011-10-21 12:47 . 2011-10-21 12:47 -------- d-----w- c:\program files\Common Files\Java
2011-10-11 22:05 . 2011-10-11 22:09 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\redsn0w
2011-10-11 19:52 . 2011-10-31 22:48 -------- d-----w- c:\program files\iPod
2011-10-11 19:52 . 2011-10-31 22:50 -------- d-----w- c:\program files\iTunes
2011-10-11 19:47 . 2011-11-01 00:58 -------- d-----w- c:\program files\Bonjour
2011-10-10 20:30 . 2011-10-10 20:30 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\GFI Software
2011-10-10 20:30 . 2011-10-10 20:30 -------- d-----w- c:\programdata\GFI Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 14:06 . 2011-06-07 23:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 09:06 . 2010-05-14 13:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-23 18:32 . 2011-09-23 18:32 42864 ----a-w- c:\windows\system32\sbbd.exe
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 10:56 . 2011-08-30 10:56 74104 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-08-30 10:56 . 2011-08-30 10:56 101624 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-17 16:40 . 2011-08-17 16:40 388096 ----a-r- c:\users\esiegel.PANURGY\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-10 14:37 . 2010-05-17 17:45 1056 --sha-w- c:\programdata\KGyGaAvL.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"VMware Update Service"="c:\program files\VMware\Infrastructure\VIUpdate\VMwareUpdateServiceClient.exe" [2008-09-26 204800]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-09-29 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-10-10 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-10 7741440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-10 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"PocketCloud Location"="c:\program files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2011-08-18 807936]
"SBAMTray"="c:\program files\Sunbelt Software\SBEAgent\SBAMTray.exe" [2011-09-23 1627504]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\esiegel.PANURGY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-10-31 24241928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bomgar Representative Console [help.panurgy.com].lnk - c:\program files\Bomgar\Representative\help.panurgy.com\bomgar-rep.exe [2011-10-21 11319296]
FaxFinder Client.lnk - c:\program files\Multi-Tech Systems\FaxFinder Client Software\FaxFinderClient.exe [2010-6-21 3616864]
Giganews Accelerator.lnk - c:\program files\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464]
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2011-9-1 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *SBBD.exe /d \Device\HarddiskVolume2\Program Files\Sunbelt Software\SBEAgent\Definitions\0ssbtsr
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 135664]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2010-11-15 24416]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [2008-02-05 20504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-19 1343400]
R4 MpKsl193cdd82;MpKsl193cdd82;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB1C9594-F0AD-41A8-9394-2251B9B1BF23}\MpKsl193cdd82.sys [x]
R4 MpKsl28ee61da;MpKsl28ee61da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5BD410B-56E2-429D-9248-C47921D84B3A}\MpKsl28ee61da.sys [x]
R4 MpKsl6d4f6228;MpKsl6d4f6228;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{767359BE-FA05-49FC-BF35-17363367A9FF}\MpKsl6d4f6228.sys [x]
R4 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [x]
R4 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 101624]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AirPrint;AirPrint;c:\program files\AirPrint\airprint.exe [2010-10-07 234784]
S2 APCPBEAgent;APC PBE Agent;c:\progra~1\APC\POWERC~1\agent\pbeagent.exe [2008-12-01 34104]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~1\SAAZOD\zRealTime\SAAZappr.exe SAAZappr [x]
S2 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~1\SAAZOD\zRealTime\SAAZapsc.exe SAAZapsc [x]
S2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\SAAZOD\SAAZDPMACTL.exe [2011-05-11 86856]
S2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\SAAZOD\SAAZRemoteSupport.exe [2011-05-11 78664]
S2 SAAZScheduler;SAAZScheduler;c:\progra~1\SAAZOD\SAAZScheduler.exe [2011-05-11 77824]
S2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\SAAZOD\SAAZServerPlus.exe [2009-04-30 77824]
S2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\SAAZOD\SAAZWatchDog.exe [2011-05-11 86856]
S2 SBAMSvc;VIPRE Business;c:\program files\Sunbelt Software\SBEAgent\SBAMSvc.exe [2011-09-23 2804312]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-08-30 74104]
S2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\SBEAgent\SBPIMSvc.exe [2011-09-23 181616]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-06-01 609904]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2011-08-18 103424]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - eamon
*Deregistered* - ehdrv
*Deregistered* - epfwwfpr
*Deregistered* - LMIRfsDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ftpsvc REG_MULTI_SZ ftpsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 17:57]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 17:57]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1282137492-523041740-1301533625-1204Core.job
- c:\users\esiegel.PANURGY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-09 20:24]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1282137492-523041740-1301533625-1204UA.job
- c:\users\esiegel.PANURGY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-09 20:24]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: itsupport247.net\control
Trusted Zone: myconnectwise.net\panurgy
Trusted Zone: myconnectwise.net\panurgytraining
TCP: DhcpNameServer = 10.254.252.4 192.168.100.10
TCP: Interfaces\{93B4A7FD-0866-4AAF-836E-97391538F07C}: NameServer = 8.8.8.8
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files\Microsoft\SMIME Client (2010)\mimectl.dll
DPF: iLO 2 Remote Console Applet - hxxps://192.168.1.54/dvc.cab
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://vault.panurgy.com/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=ujei3e55ngeyt545hozvhvyw&ControlID=4c487bc78df6455fa1aae8b0eba93d6e&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {9713BCC8-6857-4B04-908D-D98F2D04DFAC} - hxxp://panurgyvm:8888/cabs/vxreplay.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
.
.
------- File Associations -------
.
.txt=NFOpad
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-tvncontrol - c:\program files\TightVNC\tvnserver.exe
Notify-WgaLogon - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\esiegel.PANURGY\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4496)
c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\FileZilla FTP Client\fzshellext.dll
c:\program files\Wyse\PocketCloud Windows Companion\PocketCloudHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LogonUI.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CISVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\progra~1\SAAZOD\zRealTime\SAAZappr.exe
c:\progra~1\SAAZOD\zRealTime\SAAZapsc.exe
c:\progra~1\SAAZOD\zRealTime\rtHlpDk.exe
c:\progra~1\SAAZOD\zRealTime\rtdrHlpDk.exe
c:\progra~1\SAAZOD\RMHLPDSK.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\rdpclip.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\UltraMon\UltraMon.exe
c:\program files\Multi-Tech Systems\FaxFinder Client Software\FaxFinderPrintCap.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\program files\TechSmith\Snagit 10\TSCHelp.exe
c:\program files\TechSmith\Snagit 10\SnagPriv.exe
c:\program files\TechSmith\Snagit 10\snagiteditor.exe
c:\progra~1\SAAZOD\DMPHelpDesk.exe
c:\progra~1\SAAZOD\DMPHelpDesk.exe
c:\progra~1\SAAZOD\ZWbPe.exe
c:\progra~1\SAAZOD\ZWbPe.exe
.
**************************************************************************
.
Completion time: 2011-11-07 09:26:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-07 14:26
.
Pre-Run: 32,692,695,040 bytes free
Post-Run: 32,540,442,624 bytes free
.
- - End Of File - - FF8EDBFB7948548492D0E24E80B53746


The computer seems to be the same... No noticeable issues, but I still cannot use Windows Update.

#5 Jumpstile

Jumpstile
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 AM

Posted 07 November 2011 - 10:17 AM

I actually ran ComboFix one more time. Here are the results:


ComboFix 11-11-07.02 - esiegel 11/07/2011 9:41.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3328.2142 [GMT -5:00]
Running from: d:\users\esiegel.panurgy\Desktop\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe4FF.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe51F.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe56E.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exeDF2B.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exeE1AC.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exeE49B.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exeE4DB.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exeE559.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exeE635.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exeE674.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exeE6D3.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exeEA7D.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exeEA9E.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exeFD7B.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exeFE47.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exe4FF.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exe51F.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exe56E.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exeDF2B.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exeE1AC.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exeE49B.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exeE4DB.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exeE559.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exeE635.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exeE674.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exeE6D3.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exeEA7D.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exeEA9E.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exeFD7B.tmp
c:\users\esiegel.PANURGY\AppData\Local\Temp\exerb\exeFE47.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 14:51 . 2011-11-07 14:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-07 14:51 . 2011-11-07 14:51 -------- d-----w- c:\users\esiegel\AppData\Local\temp
2011-11-07 14:51 . 2011-11-07 14:51 -------- d-----w- c:\users\Eli\AppData\Local\temp
2011-11-07 14:51 . 2011-11-07 14:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-07 14:51 . 2011-11-07 14:51 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2011-11-07 14:51 . 2011-11-07 14:51 -------- d-----w- c:\users\administrator\AppData\Local\temp
2011-11-07 14:51 . 2011-11-07 14:51 -------- d-----w- c:\users\Administrator.NOC-3801\AppData\Local\temp
2011-11-07 14:31 . 2011-11-07 14:52 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E3365D8-0C78-41BE-8D8D-9BDABE048785}\offreg.dll
2011-11-07 14:07 . 2011-11-07 14:56 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Local\temp
2011-11-07 01:54 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-06 23:22 . 2011-11-06 23:23 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-04 01:25 . 2011-11-04 01:25 -------- d-----w- c:\windows\Standalone System Sweeper
2011-11-03 21:00 . 2011-11-03 21:04 -------- d-----w- c:\windows\system32\catroot2
2011-11-03 20:27 . 2011-11-03 20:27 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\ScanSpyware
2011-11-03 20:27 . 2011-11-03 20:27 -------- d-----w- c:\program files\ScanSpyware
2011-11-03 19:43 . 2011-11-03 20:26 -------- d-----w- c:\program files\ScanSpyware v3.8.0.2
2011-11-03 14:06 . 2011-11-03 14:06 -------- d-----w- c:\windows\22FC7536BE5C4E888069C24689D34EC5.TMP
2011-11-03 02:40 . 2011-11-03 02:40 -------- d-----w- c:\users\Default\AppData\Local\TechSmith
2011-11-03 02:40 . 2011-11-03 02:40 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-01 13:32 . 2011-11-01 13:58 -------- d-----w- c:\windows\system32\oldcatroot2
2011-10-31 22:24 . 2011-11-06 21:47 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Local\FAD4307A-A3F0-4310-90E1-819F7B31F6A5.aplzod
2011-10-31 22:18 . 2011-10-31 22:18 -------- d-----w- c:\program files\CCleaner
2011-10-31 21:17 . 2011-10-31 21:17 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Local\WindowsUpdate
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-10-31 21:14 . 2011-10-31 21:15 -------- d-----w- c:\program files\QuickTime
2011-10-31 21:12 . 2011-11-01 13:59 -------- d-----w- C:\AULOGS
2011-10-31 21:01 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E3365D8-0C78-41BE-8D8D-9BDABE048785}\mpengine.dll
2011-10-31 20:10 . 2011-11-01 00:23 -------- d-----w- C:\fgdfg
2011-10-31 18:42 . 2011-11-01 00:23 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\E45D3
2011-10-28 18:52 . 2011-11-01 00:23 -------- d-----w- c:\program files\OfficeRecovery
2011-10-26 00:50 . 2011-10-26 00:50 -------- d-----w- C:\ApplicationLog
2011-10-24 20:22 . 2011-11-01 00:58 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\TeamViewer
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 14:06 . 2011-10-24 14:06 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Local\webcamXP 5
2011-10-24 13:58 . 2011-10-24 14:08 -------- d-----w- c:\programdata\webcamXP 5
2011-10-24 13:58 . 2011-11-03 20:44 -------- d-----w- c:\program files\webcamXP 5
2011-10-21 17:01 . 2011-10-21 17:01 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\gnupg
2011-10-21 12:47 . 2011-10-21 12:47 -------- d-----w- c:\program files\Common Files\Java
2011-10-11 22:05 . 2011-10-11 22:09 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\redsn0w
2011-10-11 19:52 . 2011-10-31 22:48 -------- d-----w- c:\program files\iPod
2011-10-11 19:52 . 2011-10-31 22:50 -------- d-----w- c:\program files\iTunes
2011-10-11 19:47 . 2011-11-01 00:58 -------- d-----w- c:\program files\Bonjour
2011-10-10 20:30 . 2011-10-10 20:30 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\GFI Software
2011-10-10 20:30 . 2011-10-10 20:30 -------- d-----w- c:\programdata\GFI Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 14:06 . 2011-06-07 23:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 09:06 . 2010-05-14 13:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-23 18:32 . 2011-09-23 18:32 42864 ----a-w- c:\windows\system32\sbbd.exe
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 10:56 . 2011-08-30 10:56 74104 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-08-30 10:56 . 2011-08-30 10:56 101624 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-17 16:40 . 2011-08-17 16:40 388096 ----a-r- c:\users\esiegel.PANURGY\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-10 14:37 . 2010-05-17 17:45 1056 --sha-w- c:\programdata\KGyGaAvL.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"VMware Update Service"="c:\program files\VMware\Infrastructure\VIUpdate\VMwareUpdateServiceClient.exe" [2008-09-26 204800]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-09-29 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-10-10 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-10 7741440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-10 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"PocketCloud Location"="c:\program files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2011-08-18 807936]
"SBAMTray"="c:\program files\Sunbelt Software\SBEAgent\SBAMTray.exe" [2011-09-23 1627504]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\esiegel.PANURGY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-10-31 24241928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bomgar Representative Console [help.panurgy.com].lnk - c:\program files\Bomgar\Representative\help.panurgy.com\bomgar-rep.exe [2011-10-21 11319296]
FaxFinder Client.lnk - c:\program files\Multi-Tech Systems\FaxFinder Client Software\FaxFinderClient.exe [2010-6-21 3616864]
Giganews Accelerator.lnk - c:\program files\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464]
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2011-9-1 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *SBBD.exe /d \Device\HarddiskVolume2\Program Files\Sunbelt Software\SBEAgent\Definitions\0ssbtsr
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 135664]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2010-11-15 24416]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [2008-02-05 20504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-19 1343400]
R4 MpKsl193cdd82;MpKsl193cdd82;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB1C9594-F0AD-41A8-9394-2251B9B1BF23}\MpKsl193cdd82.sys [x]
R4 MpKsl28ee61da;MpKsl28ee61da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5BD410B-56E2-429D-9248-C47921D84B3A}\MpKsl28ee61da.sys [x]
R4 MpKsl6d4f6228;MpKsl6d4f6228;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{767359BE-FA05-49FC-BF35-17363367A9FF}\MpKsl6d4f6228.sys [x]
R4 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [x]
R4 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 101624]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AirPrint;AirPrint;c:\program files\AirPrint\airprint.exe [2010-10-07 234784]
S2 APCPBEAgent;APC PBE Agent;c:\progra~1\APC\POWERC~1\agent\pbeagent.exe [2008-12-01 34104]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~1\SAAZOD\zRealTime\SAAZappr.exe SAAZappr [x]
S2 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~1\SAAZOD\zRealTime\SAAZapsc.exe SAAZapsc [x]
S2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\SAAZOD\SAAZDPMACTL.exe [2011-05-11 86856]
S2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\SAAZOD\SAAZRemoteSupport.exe [2011-05-11 78664]
S2 SAAZScheduler;SAAZScheduler;c:\progra~1\SAAZOD\SAAZScheduler.exe [2011-05-11 77824]
S2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\SAAZOD\SAAZServerPlus.exe [2009-04-30 77824]
S2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\SAAZOD\SAAZWatchDog.exe [2011-05-11 86856]
S2 SBAMSvc;VIPRE Business;c:\program files\Sunbelt Software\SBEAgent\SBAMSvc.exe [2011-09-23 2804312]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-08-30 74104]
S2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\SBEAgent\SBPIMSvc.exe [2011-09-23 181616]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-06-01 609904]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2011-08-18 103424]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - eamon
*Deregistered* - ehdrv
*Deregistered* - epfwwfpr
*Deregistered* - LMIRfsDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ftpsvc REG_MULTI_SZ ftpsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 17:57]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 17:57]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1282137492-523041740-1301533625-1204Core.job
- c:\users\esiegel.PANURGY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-09 20:24]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1282137492-523041740-1301533625-1204UA.job
- c:\users\esiegel.PANURGY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-09 20:24]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: itsupport247.net\control
Trusted Zone: myconnectwise.net\panurgy
Trusted Zone: myconnectwise.net\panurgytraining
TCP: DhcpNameServer = 10.254.252.4 192.168.100.10
TCP: Interfaces\{93B4A7FD-0866-4AAF-836E-97391538F07C}: NameServer = 8.8.8.8
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files\Microsoft\SMIME Client (2010)\mimectl.dll
DPF: iLO 2 Remote Console Applet - hxxps://192.168.1.54/dvc.cab
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://vault.panurgy.com/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=ujei3e55ngeyt545hozvhvyw&ControlID=4c487bc78df6455fa1aae8b0eba93d6e&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {9713BCC8-6857-4B04-908D-D98F2D04DFAC} - hxxp://panurgyvm:8888/cabs/vxreplay.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
.
.
------- File Associations -------
.
.txt=NFOpad
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4376)
c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Wyse\PocketCloud Windows Companion\PocketCloudHelper.dll
c:\program files\FileZilla FTP Client\fzshellext.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LogonUI.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CISVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\progra~1\SAAZOD\zRealTime\SAAZappr.exe
c:\progra~1\SAAZOD\zRealTime\SAAZapsc.exe
c:\progra~1\SAAZOD\RMHLPDSK.exe
c:\progra~1\SAAZOD\zRealTime\rtdrHlpDk.exe
c:\progra~1\SAAZOD\zRealTime\rtHlpDk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\rdpclip.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\UltraMon\UltraMon.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\program files\Multi-Tech Systems\FaxFinder Client Software\FaxFinderPrintCap.exe
c:\program files\TechSmith\Snagit 10\TSCHelp.exe
c:\program files\TechSmith\Snagit 10\SnagPriv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TechSmith\Snagit 10\snagiteditor.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2011-11-07 10:05:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-07 15:05
ComboFix2.txt 2011-11-07 14:26
.
Pre-Run: 32,636,026,880 bytes free
Post-Run: 32,559,022,080 bytes free
.
- - End Of File - - 234F08D16B1CE005B19A35E8FBF1A458

PC still acting the same.

#6 Jumpstile

Jumpstile
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 AM

Posted 07 November 2011 - 10:26 AM

BTW - ComboFix did tell me that I had the Rootkit ZeroAccess the first time I ran it. The second time it did not give me that message.

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:25 AM

Posted 07 November 2011 - 01:16 PM

Hello,


Try these one at a time and see if they help.

You cannot install some updates or programs
http://support.microsoft.com/kb/822798


How do I reset Windows Update components?
http://support.microsoft.com/kb/971058



1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Things to include in your next reply::
MBAm log
Eset log
How is your machine running now?
Are you able to update now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:25 AM

Posted 09 November 2011 - 08:49 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Jumpstile

Jumpstile
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 AM

Posted 11 November 2011 - 05:29 PM

Sorry, I was sick and out of the office for a few days. My apologies!

I will be uploading the requested logs shortly. Thank you!

#10 Jumpstile

Jumpstile
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 AM

Posted 12 November 2011 - 02:52 AM

I read and ran the fixes for both of those Windows KB articles. The computer seems OK, but I still cannot install Windows Updates. I get "An error occurred while checking for new updates for your computer. Error found: Code 80096001 Windows Update encountered an unknown error". If I try to get updates for other Microsoft Products, I get:

Microsoft Update could not be installed on your computer

Make sure that you log on as an administrator or as a member of the Administrators group, and then try again.

More troubleshooting options

If your computer is connected to a network and the problem persists, contact your system administrator to see if your Microsoft Update settings are managed using group policy.
If your computer is not connected to a network, or if your system administrator has not disabled Microsoft Update, check if the Windows Update service is disabled or stopped. To see how to start a service, search Help and Support on your computer.

Note: If you experience problems with installing Microsoft Update, you can continue to get updates for your computer by going to Windows Update in Control Panel.



[Error number: 0x80096001]



Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8142

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/11/2011 5:59:22 PM
mbam-log-2011-11-11 (17-59-22).txt

Scan type: Quick scan
Objects scanned: 246577
Time elapsed: 10 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET Online Scanner Log:

No Threats Found.

Just in case, I ran a Hijack This log as well:

Hijack This Log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:20:17 PM, on 11/11/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Bomgar\Representative\help.panurgy.com\bomgar-rep.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Multi-Tech Systems\FaxFinder Client Software\FaxFinderClient.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\Multi-Tech Systems\FaxFinder Client Software\FaxFinderPrintCap.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Avaya\IP Office\CallStatus\callstatus.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conhost.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Users\esiegel.panurgy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PocketCloud Location] C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AF4784652633C546505FBBC88E02C04878999F19._service_run] "C:\Users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - Startup: Dropbox.lnk = C:\Users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bomgar Representative Console [help.panurgy.com].lnk = C:\Program Files\Bomgar\Representative\help.panurgy.com\bomgar-rep.exe
O4 - Global Startup: FaxFinder Client.lnk = C:\Program Files\Multi-Tech Systems\FaxFinder Client Software\FaxFinderClient.exe
O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
O4 - Global Startup: Snagit 10.lnk = C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
O4 - Global Startup: UltraMon.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: iLO 2 Remote Console Applet - https://192.168.1.54/dvc.cab
O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} (RSClientPrint 2005 Class) - http://vault.panurgy.com/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=ujei3e55ngeyt545hozvhvyw&ControlID=4c487bc78df6455fa1aae8b0eba93d6e&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://sslvpn.edist.com/NELX.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {9713BCC8-6857-4B04-908D-D98F2D04DFAC} (Replayx1 Control) - http://panurgyvm:8888/cabs/vxreplay.cab
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = panurgy.com
O17 - HKLM\Software\..\Telephony: DomainName = panurgy.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{93B4A7FD-0866-4AAF-836E-97391538F07C}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = panurgy.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = panurgy.com
O18 - Protocol: x-owacid - {0215258F-F0A8-49DE-BF1B-0FF02EDA8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
O18 - Protocol: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)
O23 - Service: AirPrint - Apple Inc. - C:\Program Files\AirPrint\airprint.exe
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAAZ RMM Agent Presence-PR (SAAZappr) - Zenith Infotech Ltd - C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe
O23 - Service: SAAZ RMM Agent Presence-SC (SAAZapsc) - Zenith Infotech Ltd - C:\PROGRA~1\SAAZOD\zRealTime\SAAZapsc.exe
O23 - Service: SAAZDPMACTL - Zenith Infotech Ltd - C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exe
O23 - Service: SAAZRemoteSupport - Zenith Infotech Ltd - C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe
O23 - Service: SAAZScheduler - Zenith Infotech Ltd - C:\PROGRA~1\SAAZOD\SAAZScheduler.exe
O23 - Service: SAAZServerPlus - Zenith Infotech Ltd - C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
O23 - Service: SAAZWatchDog - Zenith Infotech Ltd - C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
O23 - Service: VIPRE Business (SBAMSvc) - GFI Software - C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - GFI Software - C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: Wyse PocketCloud (WysePocketCloud) - Unknown owner - C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe

--
End of file - 13492 bytes

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:25 AM

Posted 14 November 2011 - 11:41 AM

Hello,

I want to run one more tool just to rule out a very rare virus.


Click here to download Kaspersky Virus Removal Tool.
  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose skip if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Jumpstile

Jumpstile
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 AM

Posted 15 November 2011 - 02:16 PM

The Kaspersky logs were 66Mb and even zipped they were over 3Mb, so I didn't attach them. No threats were found. I still cannot install Windows updates...

#13 Jumpstile

Jumpstile
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 AM

Posted 15 November 2011 - 03:22 PM

New ComboFix Log:


ComboFix 11-11-15.01 - esiegel 11/15/2011 14:22:16.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3328.2137 [GMT -5:00]
Running from: d:\users\esiegel.panurgy\Desktop\abcabc.exe
AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe5566.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe5901.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe598E.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe59BE.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe59FE.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe5AAA.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe5ADA.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe5B87.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe5DF9.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe5E68.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe602E.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe60BB.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe6512.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe6551.tmp
c:\users\ESIEGE~1.PAN\AppData\Local\Temp\exerb\exe6591.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe5566.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe5901.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe598E.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe59BE.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe59FE.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe5AAA.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe5ADA.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe5B87.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe5DF9.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe5E68.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe602E.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe60BB.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe6512.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe6551.tmp
c:\users\esiegel.PANURGY\AppData\Local\temp\exerb\exe6591.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-15 19:32 . 2011-11-15 19:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-15 19:32 . 2011-11-15 19:32 -------- d-----w- c:\users\esiegel\AppData\Local\temp
2011-11-15 19:32 . 2011-11-15 19:32 -------- d-----w- c:\users\Eli\AppData\Local\temp
2011-11-15 19:32 . 2011-11-15 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-15 19:32 . 2011-11-15 19:32 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2011-11-15 19:32 . 2011-11-15 19:32 -------- d-----w- c:\users\administrator\AppData\Local\temp
2011-11-15 19:32 . 2011-11-15 19:32 -------- d-----w- c:\users\Administrator.NOC-3801\AppData\Local\temp
2011-11-15 17:33 . 2011-11-15 17:46 -------- d-----w- c:\windows\system32\catroot2
2011-11-15 14:26 . 2011-11-15 19:34 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D57CE6B-4ADD-4AA7-B950-CFFC511891D0}\offreg.dll
2011-11-15 02:35 . 2011-11-15 02:35 -------- d-----w- C:\ApplicationLog
2011-11-14 21:56 . 2003-07-14 13:00 106547 ----a-w- c:\windows\system32\temp.02F
2011-11-14 21:56 . 2001-06-26 21:39 151601 ----a-w- c:\windows\system32\temp.02E
2011-11-14 21:56 . 2003-07-14 13:00 286773 ----a-w- c:\windows\system32\temp.02C
2011-11-14 21:56 . 2003-07-14 13:00 1015859 ----a-w- c:\windows\system32\temp.02D
2011-11-14 21:56 . 2003-07-14 13:00 3856 ----a-w- c:\windows\system32\temp.02B
2011-11-14 21:56 . 2003-07-14 13:00 16896 ----a-w- c:\windows\system32\temp.029
2011-11-14 21:56 . 2003-07-14 13:00 164112 ----a-w- c:\windows\system32\temp.027
2011-11-14 21:56 . 2003-07-14 13:00 143632 ----a-w- c:\windows\system32\temp.028
2011-11-14 21:56 . 2003-07-14 13:00 1385744 ----a-w- c:\windows\system32\temp.02A
2011-11-14 21:56 . 2003-07-14 13:00 626960 ----a-w- c:\windows\system32\temp.026
2011-11-14 17:26 . 2011-11-14 17:26 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-14 16:32 . 2011-11-14 16:32 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\SUPERAntiSpyware.com
2011-11-14 16:31 . 2011-11-14 16:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-11 22:30 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-09 09:39 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D57CE6B-4ADD-4AA7-B950-CFFC511891D0}\mpengine.dll
2011-11-07 22:24 . 2011-11-15 17:32 -------- d-----w- c:\windows\system32\oldcatroot2
2011-11-07 18:47 . 2011-11-07 18:47 -------- d-----w- c:\program files\ESET
2011-11-07 16:37 . 2011-11-07 16:37 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2011-11-07 15:51 . 2011-11-07 22:36 -------- d-----w- c:\programdata\STOPzilla!
2011-11-07 15:33 . 2011-11-07 15:35 -------- d-----w- c:\windows\system32\CatRoot2_2011117171029
2011-11-07 14:38 . 2011-11-15 19:19 -------- d-----w- C:\ComboFix
2011-11-07 14:07 . 2011-11-15 19:43 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Local\temp
2011-11-07 01:54 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-06 23:22 . 2011-11-15 17:52 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-04 01:25 . 2011-11-04 01:25 -------- d-----w- c:\windows\Standalone System Sweeper
2011-11-03 20:27 . 2011-11-07 17:40 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\ScanSpyware
2011-11-03 19:43 . 2011-11-07 17:40 -------- d-----w- c:\program files\ScanSpyware v3.8.0.2
2011-11-03 14:06 . 2011-11-03 14:06 -------- d-----w- c:\windows\22FC7536BE5C4E888069C24689D34EC5.TMP
2011-11-03 02:40 . 2011-11-03 02:40 -------- d-----w- c:\users\Default\AppData\Local\TechSmith
2011-11-03 02:40 . 2011-11-03 02:40 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-31 22:24 . 2011-11-15 18:13 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Local\FAD4307A-A3F0-4310-90E1-819F7B31F6A5.aplzod
2011-10-31 22:18 . 2011-10-31 22:18 -------- d-----w- c:\program files\CCleaner
2011-10-31 21:17 . 2011-10-31 21:17 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Local\WindowsUpdate
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-10-31 21:15 . 2011-10-31 21:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-10-31 21:14 . 2011-10-31 21:15 -------- d-----w- c:\program files\QuickTime
2011-10-31 21:12 . 2011-11-15 17:46 -------- d-----w- C:\AULOGS
2011-10-31 20:10 . 2011-11-07 17:16 -------- d-----w- C:\fgdfg
2011-10-31 18:42 . 2011-11-01 00:23 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\E45D3
2011-10-28 18:52 . 2011-11-01 00:23 -------- d-----w- c:\program files\OfficeRecovery
2011-10-24 20:22 . 2011-11-01 00:58 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\TeamViewer
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 14:06 . 2011-10-24 14:06 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Local\webcamXP 5
2011-10-24 13:58 . 2011-10-24 14:08 -------- d-----w- c:\programdata\webcamXP 5
2011-10-24 13:58 . 2011-11-03 20:44 -------- d-----w- c:\program files\webcamXP 5
2011-10-21 17:01 . 2011-10-21 17:01 -------- d-----w- c:\users\esiegel.PANURGY\AppData\Roaming\gnupg
2011-10-21 12:47 . 2011-10-21 12:47 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 14:06 . 2011-06-07 23:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 09:06 . 2010-05-14 13:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-23 18:32 . 2011-09-23 18:32 42864 ----a-w- c:\windows\system32\sbbd.exe
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 10:56 . 2011-08-30 10:56 74104 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-08-30 10:56 . 2011-08-30 10:56 101624 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-09-29 59240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-06 39408]
"AF4784652633C546505FBBC88E02C04878999F19._service_run"="c:\users\esiegel.PANURGY\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-11-08 1036344]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"PocketCloud Location"="c:\program files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2011-08-18 807936]
"SBAMTray"="c:\program files\Sunbelt Software\SBEAgent\SBAMTray.exe" [2011-09-23 1627504]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\esiegel.PANURGY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-10-31 24241928]
_uninst_06631299.lnk - c:\users\esiegel.PANURGY\AppData\Local\temp\_uninst_06631299.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bomgar Representative Console [help.panurgy.com].lnk - c:\program files\Bomgar\Representative\help.panurgy.com\bomgar-rep.exe [2011-10-21 11319296]
FaxFinder Client.lnk - c:\program files\Multi-Tech Systems\FaxFinder Client Software\FaxFinderClient.exe [2010-6-21 3616864]
Giganews Accelerator.lnk - c:\program files\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464]
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2011-9-1 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *SBBD.exe /d \Device\HarddiskVolume2\Program Files\Sunbelt Software\SBEAgent\Definitions\0ssbtsr
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 135664]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2010-11-15 24416]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [2008-02-05 20504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys [2011-11-07 309320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-19 1343400]
R4 MpKsl193cdd82;MpKsl193cdd82;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB1C9594-F0AD-41A8-9394-2251B9B1BF23}\MpKsl193cdd82.sys [x]
R4 MpKsl28ee61da;MpKsl28ee61da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5BD410B-56E2-429D-9248-C47921D84B3A}\MpKsl28ee61da.sys [x]
R4 MpKsl6d4f6228;MpKsl6d4f6228;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{767359BE-FA05-49FC-BF35-17363367A9FF}\MpKsl6d4f6228.sys [x]
R4 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 101624]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AirPrint;AirPrint;c:\program files\AirPrint\airprint.exe [2010-10-07 234784]
S2 APCPBEAgent;APC PBE Agent;c:\progra~1\APC\POWERC~1\agent\pbeagent.exe [2008-12-01 34104]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~1\SAAZOD\zRealTime\SAAZappr.exe SAAZappr [x]
S2 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~1\SAAZOD\zRealTime\SAAZapsc.exe SAAZapsc [x]
S2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\SAAZOD\SAAZDPMACTL.exe [2011-05-11 86856]
S2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\SAAZOD\SAAZRemoteSupport.exe [2011-05-11 78664]
S2 SAAZScheduler;SAAZScheduler;c:\progra~1\SAAZOD\SAAZScheduler.exe [2011-05-11 77824]
S2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\SAAZOD\SAAZServerPlus.exe [2009-04-30 77824]
S2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\SAAZOD\SAAZWatchDog.exe [2011-05-11 86856]
S2 SBAMSvc;VIPRE Business;c:\program files\Sunbelt Software\SBEAgent\SBAMSvc.exe [2011-09-23 2804312]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-08-30 74104]
S2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\SBEAgent\SBPIMSvc.exe [2011-09-23 181616]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-06-01 609904]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2011-08-18 103424]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - eamon
*Deregistered* - ehdrv
*Deregistered* - epfwwfpr
*Deregistered* - LMIRfsDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ftpsvc REG_MULTI_SZ ftpsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 17:57]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 17:57]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1282137492-523041740-1301533625-1204Core.job
- c:\users\esiegel.PANURGY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-09 20:24]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1282137492-523041740-1301533625-1204UA.job
- c:\users\esiegel.PANURGY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-09 20:24]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: itsupport247.net\control
Trusted Zone: myconnectwise.net\panurgy
Trusted Zone: myconnectwise.net\panurgytraining
TCP: DhcpNameServer = 10.254.252.4 192.168.100.10
TCP: Interfaces\{93B4A7FD-0866-4AAF-836E-97391538F07C}: NameServer = 8.8.8.8
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files\Microsoft\SMIME Client (2010)\mimectl.dll
DPF: iLO 2 Remote Console Applet - hxxps://192.168.1.54/dvc.cab
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://vault.panurgy.com/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=ujei3e55ngeyt545hozvhvyw&ControlID=4c487bc78df6455fa1aae8b0eba93d6e&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {9713BCC8-6857-4B04-908D-D98F2D04DFAC} - hxxp://panurgyvm:8888/cabs/vxreplay.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
.
.
------- File Associations -------
.
.txt=NFOpad
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-95807769.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4528)
c:\users\esiegel.PANURGY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Wyse\PocketCloud Windows Companion\PocketCloudHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LogonUI.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CISVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\progra~1\SAAZOD\zRealTime\SAAZappr.exe
c:\progra~1\SAAZOD\zRealTime\SAAZapsc.exe
c:\progra~1\SAAZOD\zRealTime\rtHlpDk.exe
c:\progra~1\SAAZOD\zRealTime\rtdrHlpDk.exe
c:\progra~1\SAAZOD\RMHLPDSK.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\rdpclip.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\UltraMon\UltraMon.exe
c:\program files\TechSmith\Snagit 10\TSCHelp.exe
c:\program files\Multi-Tech Systems\FaxFinder Client Software\FaxFinderPrintCap.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\program files\TechSmith\Snagit 10\SnagPriv.exe
c:\program files\TechSmith\Snagit 10\snagiteditor.exe
c:\progra~1\SAAZOD\DMPHelpDesk.exe
c:\progra~1\SAAZOD\DMPHelpDesk.exe
c:\progra~1\SAAZOD\ZWbPe.exe
c:\progra~1\SAAZOD\ZWbPe.exe
c:\progra~1\SAAZOD\zWbPeATPostLogs.exe
.
**************************************************************************
.
Completion time: 2011-11-15 14:51:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-15 19:51
ComboFix2.txt 2011-11-07 15:05
ComboFix3.txt 2011-11-07 14:26
.
Pre-Run: 33,072,984,064 bytes free
Post-Run: 32,828,932,096 bytes free
.
- - End Of File - - 5FCF6FA67F912496D9BAA868AEBC9112

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:25 AM

Posted 15 November 2011 - 07:37 PM

Have you tried disabling your Antivirus and then trying to download the updates directly from the website?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Jumpstile

Jumpstile
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 AM

Posted 17 November 2011 - 09:23 AM

I have not. I really dont know what updates I need as I am unable to even check to see if I need any... Here's a screenshot of what I am getting (see attached).

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users