Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojware.Win32.Agent.Gen@ / 000000c0.$ etc.


  • This topic is locked This topic is locked
15 replies to this topic

#1 realix

realix

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 06 November 2011 - 02:09 PM

So this has been going on for a bit now and just will no go away. Any help would be appreciated. Thanks.

Here is a log below if need be.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by Danny at 11:53:51 on 2011-11-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2224 [GMT -6:00]
.
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugin-container.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [WindowsLivePhone] "C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
mRun: [WindowsLivePhone] "C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
mRun: [iXL_MiddleWare] C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe
dRun: [Webroot Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleup.DLL",DllRegisterServer
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0E6F9BBA-76B5-47F8-B498-BA441228DC2D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4A4B5C1D-B661-465B-BD46-5482A291FC07} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [WindowsLivePhone] "C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
mRun-x64: [iXL_MiddleWare] C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\g5dbsi62.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52586
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Danny\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-6-19 14136]
R1 BS_I2cIo;BS_I2cIo;C:\Windows\System32\drivers\BS_I2cIo.sys [2010-8-30 16768]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-4 2329480]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-3-9 92592]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-29 136176]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-29 136176]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-06 13:40:07 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-11-06 07:56:03 -------- d-sh--w- C:\Users\Danny\AppData\Local\a4d6e54d
2011-11-06 03:23:47 -------- d-----w- C:\Program Files\AutoHotkey
2011-10-25 01:44:12 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-25 01:08:45 -------- d-----we C:\Windows\system64
2011-10-25 00:51:48 98816 ----a-w- C:\Windows\sed.exe
2011-10-25 00:51:48 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-25 00:51:48 256000 ----a-w- C:\Windows\PEV.exe
2011-10-25 00:51:48 208896 ----a-w- C:\Windows\MBR.exe
2011-10-23 22:36:35 -------- d-----w- C:\Program Files (x86)\Fisher-Price
2011-10-23 22:35:22 -------- d-----w- C:\Users\Danny\AppData\Roaming\Fisher-Price
2011-10-23 21:56:51 -------- d-----w- C:\ProgramData\Fisher-Price
2011-10-22 03:02:04 0 ----a-w- C:\Windows\SysWow64\OLD32A7.tmp
2011-10-08 03:40:52 -------- d-----w- C:\Program Files\ATI Technologies
.
==================== Find3M ====================
.
2011-10-07 22:36:12 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-07 22:36:12 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-07 22:30:03 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-05 00:14:46 100864 ----a-w- C:\Windows\SysWow64\srrstr.dll
2011-10-01 17:12:01 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-24 03:15:12 66048 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-09-24 03:15:08 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-09-24 03:14:58 16787456 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-24 03:14:18 13753856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-24 03:13:30 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-09-24 03:13:24 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 11:57:22.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:29 PM

Posted 11 November 2011 - 02:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426613 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 realix

realix
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 11 November 2011 - 08:04 PM

another log per helpbot request

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by Danny at 18:59:29 on 2011-11-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2860 [GMT -6:00]
.
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [WindowsLivePhone] "C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
mRun: [WindowsLivePhone] "C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
mRun: [iXL_MiddleWare] C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe
dRun: [Webroot Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleup.DLL",DllRegisterServer
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0E6F9BBA-76B5-47F8-B498-BA441228DC2D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4A4B5C1D-B661-465B-BD46-5482A291FC07} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [WindowsLivePhone] "C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
mRun-x64: [iXL_MiddleWare] C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\g5dbsi62.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52586
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Danny\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-6-19 14136]
R1 BS_I2cIo;BS_I2cIo;C:\Windows\System32\drivers\BS_I2cIo.sys [2010-8-30 16768]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-4 2329480]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-3-9 92592]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-29 136176]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-29 136176]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-06 07:56:03 -------- d-sh--w- C:\Users\Danny\AppData\Local\a4d6e54d
2011-11-06 03:23:47 -------- d-----w- C:\Program Files\AutoHotkey
2011-10-25 01:44:12 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-25 01:08:45 -------- d-----we C:\Windows\system64
2011-10-25 00:51:48 98816 ----a-w- C:\Windows\sed.exe
2011-10-25 00:51:48 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-25 00:51:48 256000 ----a-w- C:\Windows\PEV.exe
2011-10-25 00:51:48 208896 ----a-w- C:\Windows\MBR.exe
2011-10-23 22:36:35 -------- d-----w- C:\Program Files (x86)\Fisher-Price
2011-10-23 22:35:22 -------- d-----w- C:\Users\Danny\AppData\Roaming\Fisher-Price
2011-10-23 21:56:51 -------- d-----w- C:\ProgramData\Fisher-Price
2011-10-22 03:02:04 0 ----a-w- C:\Windows\SysWow64\OLD32A7.tmp
.
==================== Find3M ====================
.
2011-10-07 22:36:12 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-07 22:36:12 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-07 22:30:03 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-05 00:14:46 100864 ----a-w- C:\Windows\SysWow64\srrstr.dll
2011-10-01 17:12:01 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-24 03:15:12 66048 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-09-24 03:15:08 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-09-24 03:14:58 16787456 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-24 03:14:18 13753856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-24 03:13:30 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-09-24 03:13:24 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 19:01:11.62 ===============

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:29 PM

Posted 13 November 2011 - 11:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Before I can suggest any remedial tool I need to see the result of these scans.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#5 realix

realix
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 13 November 2011 - 01:43 PM

Thanks in advance for all help given.

aswMBR


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-13 12:09:12
-----------------------------
12:09:12.054 OS Version: Windows x64 6.1.7601 Service Pack 1
12:09:12.054 Number of processors: 2 586 0x1706
12:09:12.055 ComputerName: CM-690 UserName: Danny
12:09:12.843 Initialize success
12:10:59.192 AVAST engine defs: 11111301
12:11:07.633 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5
12:11:07.636 Disk 0 Vendor: ST3250410AS 3.AAF Size: 238475MB BusType: 3
12:11:09.667 Disk 0 MBR read successfully
12:11:09.670 Disk 0 MBR scan
12:11:09.684 Disk 0 Windows 7 default MBR code
12:11:09.688 Service scanning
12:11:14.347 Modules scanning
12:11:14.351 Disk 0 trace - called modules:
12:11:14.366 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:11:14.370 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c256b0]
12:11:14.375 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8004aee520]
12:11:14.379 5 ACPI.sys[fffff88000fa57a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-5[0xfffffa8004aea680]
12:11:17.240 AVAST engine scan C:\Windows
12:11:21.296 AVAST engine scan C:\Windows\system32
12:11:33.317 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
12:13:08.676 AVAST engine scan C:\Windows\system32\drivers
12:13:17.581 AVAST engine scan C:\Users\Danny
12:13:17.768 File: C:\Users\Danny\AppData\Local\a4d6e54d\U\800000cb.@ **INFECTED** Win32:Malware-gen
12:20:30.122 AVAST engine scan C:\ProgramData
12:22:25.899 Scan finished successfully
12:37:49.866 Disk 0 MBR has been saved successfully to "C:\Users\Danny\Desktop\MBR.dat"
12:37:49.871 The log file has been saved successfully to "C:\Users\Danny\Desktop\aswMBR.txt"








TDSSKiller

12:38:55.0758 2188 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
12:38:56.0047 2188 ============================================================
12:38:56.0047 2188 Current date / time: 2011/11/13 12:38:56.0047
12:38:56.0047 2188 SystemInfo:
12:38:56.0047 2188
12:38:56.0047 2188 OS Version: 6.1.7601 ServicePack: 1.0
12:38:56.0047 2188 Product type: Workstation
12:38:56.0047 2188 ComputerName: CM-690
12:38:56.0047 2188 UserName: Danny
12:38:56.0047 2188 Windows directory: C:\Windows
12:38:56.0047 2188 System windows directory: C:\Windows
12:38:56.0047 2188 Running under WOW64
12:38:56.0047 2188 Processor architecture: Intel x64
12:38:56.0047 2188 Number of processors: 2
12:38:56.0047 2188 Page size: 0x1000
12:38:56.0047 2188 Boot type: Normal boot
12:38:56.0047 2188 ============================================================
12:38:57.0217 2188 Initialize success
12:39:00.0068 3664 ============================================================
12:39:00.0068 3664 Scan started
12:39:00.0068 3664 Mode: Manual;
12:39:00.0068 3664 ============================================================
12:39:01.0159 3664 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:39:01.0162 3664 1394ohci - ok
12:39:01.0204 3664 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:39:01.0208 3664 ACPI - ok
12:39:01.0232 3664 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:39:01.0233 3664 AcpiPmi - ok
12:39:01.0279 3664 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:39:01.0284 3664 adp94xx - ok
12:39:01.0304 3664 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:39:01.0310 3664 adpahci - ok
12:39:01.0331 3664 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:39:01.0334 3664 adpu320 - ok
12:39:01.0395 3664 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
12:39:01.0402 3664 AFD - ok
12:39:01.0425 3664 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:39:01.0426 3664 agp440 - ok
12:39:01.0453 3664 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:39:01.0454 3664 aliide - ok
12:39:01.0470 3664 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:39:01.0471 3664 amdide - ok
12:39:01.0509 3664 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:39:01.0511 3664 AmdK8 - ok
12:39:01.0750 3664 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
12:39:01.0929 3664 amdkmdag - ok
12:39:01.0972 3664 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
12:39:01.0975 3664 amdkmdap - ok
12:39:02.0022 3664 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:39:02.0024 3664 AmdPPM - ok
12:39:02.0050 3664 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
12:39:02.0052 3664 amdsata - ok
12:39:02.0075 3664 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:39:02.0077 3664 amdsbs - ok
12:39:02.0092 3664 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
12:39:02.0092 3664 amdxata - ok
12:39:02.0143 3664 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:39:02.0144 3664 AppID - ok
12:39:02.0189 3664 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:39:02.0191 3664 arc - ok
12:39:02.0208 3664 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:39:02.0209 3664 arcsas - ok
12:39:02.0265 3664 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:39:02.0266 3664 AsyncMac - ok
12:39:02.0289 3664 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:39:02.0289 3664 atapi - ok
12:39:02.0341 3664 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
12:39:02.0342 3664 AtiHDAudioService - ok
12:39:02.0399 3664 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys
12:39:02.0402 3664 AtiHdmiService - ok
12:39:02.0632 3664 atikmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
12:39:02.0682 3664 atikmdag - ok
12:39:02.0740 3664 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:39:02.0745 3664 b06bdrv - ok
12:39:02.0794 3664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:39:02.0798 3664 b57nd60a - ok
12:39:02.0832 3664 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:39:02.0833 3664 Beep - ok
12:39:02.0878 3664 BIOS (00cadb1bc2d0030f0b2a1063618b6bd7) C:\Windows\system32\drivers\BIOS64.sys
12:39:02.0879 3664 BIOS - ok
12:39:02.0910 3664 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:39:02.0912 3664 blbdrive - ok
12:39:02.0960 3664 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:39:02.0961 3664 bowser - ok
12:39:02.0981 3664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:39:02.0982 3664 BrFiltLo - ok
12:39:02.0995 3664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:39:02.0996 3664 BrFiltUp - ok
12:39:03.0026 3664 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:39:03.0029 3664 Brserid - ok
12:39:03.0049 3664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:39:03.0050 3664 BrSerWdm - ok
12:39:03.0070 3664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:39:03.0071 3664 BrUsbMdm - ok
12:39:03.0083 3664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:39:03.0083 3664 BrUsbSer - ok
12:39:03.0119 3664 BS_I2cIo (83601bbe5563d92c1fdb4e960d84dc77) C:\Windows\system32\drivers\BS_I2cIo.sys
12:39:03.0119 3664 BS_I2cIo - ok
12:39:03.0143 3664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:39:03.0145 3664 BTHMODEM - ok
12:39:03.0191 3664 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
12:39:03.0193 3664 BVRPMPR5a64 - ok
12:39:03.0206 3664 catchme - ok
12:39:03.0235 3664 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:39:03.0237 3664 cdfs - ok
12:39:03.0267 3664 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:39:03.0270 3664 cdrom - ok
12:39:03.0290 3664 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:39:03.0291 3664 circlass - ok
12:39:03.0354 3664 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:39:03.0359 3664 CLFS - ok
12:39:03.0396 3664 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:39:03.0397 3664 CmBatt - ok
12:39:03.0423 3664 cmderd (6bbcc68d37d9b0c09100cdc2d16c8f8f) C:\Windows\system32\DRIVERS\cmderd.sys
12:39:03.0423 3664 cmderd - ok
12:39:03.0458 3664 cmdGuard (0020e6598d80b92e4d8618554c4843ab) C:\Windows\system32\DRIVERS\cmdguard.sys
12:39:03.0461 3664 cmdGuard - ok
12:39:03.0498 3664 cmdHlp (7a2af19b01bf433c23ac1111610acf84) C:\Windows\system32\DRIVERS\cmdhlp.sys
12:39:03.0499 3664 cmdHlp - ok
12:39:03.0527 3664 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:39:03.0528 3664 cmdide - ok
12:39:03.0563 3664 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
12:39:03.0569 3664 CNG - ok
12:39:03.0613 3664 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:39:03.0614 3664 Compbatt - ok
12:39:03.0653 3664 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:39:03.0655 3664 CompositeBus - ok
12:39:03.0676 3664 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:39:03.0677 3664 crcdisk - ok
12:39:03.0758 3664 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:39:03.0775 3664 CSC - ok
12:39:03.0876 3664 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:39:03.0878 3664 DfsC - ok
12:39:03.0997 3664 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:39:03.0999 3664 discache - ok
12:39:04.0016 3664 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:39:04.0018 3664 Disk - ok
12:39:04.0066 3664 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:39:04.0067 3664 drmkaud - ok
12:39:04.0152 3664 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:39:04.0171 3664 DXGKrnl - ok
12:39:04.0276 3664 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:39:04.0354 3664 ebdrv - ok
12:39:04.0396 3664 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:39:04.0397 3664 ElbyCDIO - ok
12:39:04.0425 3664 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:39:04.0434 3664 elxstor - ok
12:39:04.0466 3664 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:39:04.0467 3664 ErrDev - ok
12:39:04.0524 3664 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:39:04.0528 3664 exfat - ok
12:39:04.0558 3664 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:39:04.0561 3664 fastfat - ok
12:39:04.0603 3664 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:39:04.0604 3664 fdc - ok
12:39:04.0652 3664 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:39:04.0653 3664 FileInfo - ok
12:39:04.0678 3664 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:39:04.0679 3664 Filetrace - ok
12:39:04.0706 3664 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:39:04.0707 3664 flpydisk - ok
12:39:04.0750 3664 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:39:04.0755 3664 FltMgr - ok
12:39:04.0784 3664 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:39:04.0785 3664 FsDepends - ok
12:39:04.0808 3664 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:39:04.0809 3664 Fs_Rec - ok
12:39:04.0862 3664 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:39:04.0865 3664 fvevol - ok
12:39:04.0889 3664 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:39:04.0891 3664 gagp30kx - ok
12:39:04.0937 3664 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
12:39:04.0939 3664 hamachi - ok
12:39:04.0965 3664 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:39:04.0966 3664 hcw85cir - ok
12:39:05.0017 3664 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:39:05.0019 3664 HDAudBus - ok
12:39:05.0041 3664 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:39:05.0041 3664 HidBatt - ok
12:39:05.0058 3664 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:39:05.0061 3664 HidBth - ok
12:39:05.0073 3664 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:39:05.0074 3664 HidIr - ok
12:39:05.0134 3664 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
12:39:05.0135 3664 HidUsb - ok
12:39:05.0168 3664 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:39:05.0170 3664 HpSAMD - ok
12:39:05.0230 3664 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:39:05.0238 3664 HTTP - ok
12:39:05.0280 3664 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:39:05.0281 3664 hwpolicy - ok
12:39:05.0321 3664 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:39:05.0323 3664 i8042prt - ok
12:39:05.0370 3664 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
12:39:05.0375 3664 iaStorV - ok
12:39:05.0426 3664 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:39:05.0427 3664 iirsp - ok
12:39:05.0474 3664 inspect (fc863d6ec8fc977ac4be6ca7ddc10dae) C:\Windows\system32\DRIVERS\inspect.sys
12:39:05.0476 3664 inspect - ok
12:39:05.0571 3664 IntcAzAudAddService (56c5a3afac93cd364dec7fbca616e1c2) C:\Windows\system32\drivers\RTKVHD64.sys
12:39:05.0588 3664 IntcAzAudAddService - ok
12:39:05.0619 3664 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:39:05.0620 3664 intelide - ok
12:39:05.0666 3664 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:39:05.0668 3664 intelppm - ok
12:39:05.0702 3664 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:39:05.0704 3664 IpFilterDriver - ok
12:39:05.0737 3664 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:39:05.0738 3664 IPMIDRV - ok
12:39:05.0759 3664 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:39:05.0761 3664 IPNAT - ok
12:39:05.0787 3664 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:39:05.0788 3664 IRENUM - ok
12:39:05.0816 3664 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:39:05.0817 3664 isapnp - ok
12:39:05.0837 3664 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:39:05.0842 3664 iScsiPrt - ok
12:39:05.0871 3664 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:39:05.0872 3664 kbdclass - ok
12:39:05.0898 3664 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:39:05.0899 3664 kbdhid - ok
12:39:05.0926 3664 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
12:39:05.0927 3664 KSecDD - ok
12:39:05.0965 3664 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
12:39:05.0968 3664 KSecPkg - ok
12:39:06.0004 3664 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:39:06.0005 3664 ksthunk - ok
12:39:06.0066 3664 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
12:39:06.0067 3664 LGBusEnum - ok
12:39:06.0136 3664 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
12:39:06.0137 3664 LGVirHid - ok
12:39:06.0170 3664 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:39:06.0171 3664 lltdio - ok
12:39:06.0200 3664 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:39:06.0203 3664 LSI_FC - ok
12:39:06.0227 3664 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:39:06.0229 3664 LSI_SAS - ok
12:39:06.0245 3664 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:39:06.0247 3664 LSI_SAS2 - ok
12:39:06.0260 3664 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:39:06.0262 3664 LSI_SCSI - ok
12:39:06.0291 3664 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:39:06.0293 3664 luafv - ok
12:39:06.0303 3664 LVPr2M64 - ok
12:39:06.0483 3664 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
12:39:06.0627 3664 LVUVC64 - ok
12:39:06.0651 3664 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:39:06.0652 3664 megasas - ok
12:39:06.0680 3664 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:39:06.0686 3664 MegaSR - ok
12:39:06.0715 3664 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:39:06.0717 3664 Modem - ok
12:39:06.0749 3664 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:39:06.0750 3664 monitor - ok
12:39:06.0789 3664 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:39:06.0790 3664 mouclass - ok
12:39:06.0829 3664 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:39:06.0830 3664 mouhid - ok
12:39:06.0860 3664 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:39:06.0861 3664 mountmgr - ok
12:39:06.0905 3664 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:39:06.0908 3664 mpio - ok
12:39:06.0934 3664 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:39:06.0936 3664 mpsdrv - ok
12:39:06.0979 3664 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:39:06.0981 3664 MRxDAV - ok
12:39:07.0016 3664 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:39:07.0018 3664 mrxsmb - ok
12:39:07.0042 3664 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:39:07.0046 3664 mrxsmb10 - ok
12:39:07.0082 3664 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:39:07.0083 3664 mrxsmb20 - ok
12:39:07.0115 3664 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:39:07.0117 3664 msahci - ok
12:39:07.0152 3664 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:39:07.0155 3664 msdsm - ok
12:39:07.0200 3664 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:39:07.0201 3664 Msfs - ok
12:39:07.0217 3664 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:39:07.0218 3664 mshidkmdf - ok
12:39:07.0250 3664 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:39:07.0251 3664 msisadrv - ok
12:39:07.0285 3664 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:39:07.0286 3664 MSKSSRV - ok
12:39:07.0303 3664 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:39:07.0304 3664 MSPCLOCK - ok
12:39:07.0321 3664 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:39:07.0322 3664 MSPQM - ok
12:39:07.0351 3664 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:39:07.0356 3664 MsRPC - ok
12:39:07.0378 3664 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:39:07.0379 3664 mssmbios - ok
12:39:07.0391 3664 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:39:07.0392 3664 MSTEE - ok
12:39:07.0409 3664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:39:07.0410 3664 MTConfig - ok
12:39:07.0429 3664 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:39:07.0430 3664 Mup - ok
12:39:07.0475 3664 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:39:07.0480 3664 NativeWifiP - ok
12:39:07.0515 3664 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:39:07.0533 3664 NDIS - ok
12:39:07.0558 3664 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:39:07.0560 3664 NdisCap - ok
12:39:07.0593 3664 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:39:07.0594 3664 NdisTapi - ok
12:39:07.0612 3664 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:39:07.0613 3664 Ndisuio - ok
12:39:07.0643 3664 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:39:07.0646 3664 NdisWan - ok
12:39:07.0708 3664 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:39:07.0709 3664 NDProxy - ok
12:39:07.0765 3664 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:39:07.0766 3664 NetBIOS - ok
12:39:07.0803 3664 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:39:07.0808 3664 NetBT - ok
12:39:07.0919 3664 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:39:07.0921 3664 nfrd960 - ok
12:39:07.0953 3664 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:39:07.0953 3664 Npfs - ok
12:39:07.0980 3664 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:39:07.0981 3664 nsiproxy - ok
12:39:08.0061 3664 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
12:39:08.0089 3664 Ntfs - ok
12:39:08.0111 3664 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:39:08.0112 3664 Null - ok
12:39:08.0144 3664 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
12:39:08.0147 3664 nvraid - ok
12:39:08.0175 3664 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
12:39:08.0178 3664 nvstor - ok
12:39:08.0211 3664 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:39:08.0214 3664 nv_agp - ok
12:39:08.0238 3664 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:39:08.0240 3664 ohci1394 - ok
12:39:08.0315 3664 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:39:08.0317 3664 Parport - ok
12:39:08.0361 3664 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:39:08.0362 3664 partmgr - ok
12:39:08.0399 3664 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:39:08.0402 3664 pci - ok
12:39:08.0415 3664 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:39:08.0416 3664 pciide - ok
12:39:08.0461 3664 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:39:08.0464 3664 pcmcia - ok
12:39:08.0483 3664 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:39:08.0484 3664 pcw - ok
12:39:08.0522 3664 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:39:08.0529 3664 PEAUTH - ok
12:39:08.0661 3664 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:39:08.0664 3664 PptpMiniport - ok
12:39:08.0713 3664 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:39:08.0715 3664 Processor - ok
12:39:08.0750 3664 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:39:08.0752 3664 Psched - ok
12:39:08.0806 3664 PxHlpa64 (5d6c8e778f0218fcd2cca0efbc9766ca) C:\Windows\system32\Drivers\PxHlpa64.sys
12:39:08.0807 3664 PxHlpa64 - ok
12:39:08.0863 3664 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:39:08.0897 3664 ql2300 - ok
12:39:08.0925 3664 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:39:08.0928 3664 ql40xx - ok
12:39:08.0961 3664 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:39:08.0963 3664 QWAVEdrv - ok
12:39:08.0982 3664 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:39:08.0983 3664 RasAcd - ok
12:39:09.0095 3664 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:39:09.0122 3664 RasAgileVpn - ok
12:39:09.0301 3664 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:39:09.0303 3664 Rasl2tp - ok
12:39:09.0361 3664 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:39:09.0362 3664 RasPppoe - ok
12:39:09.0382 3664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:39:09.0384 3664 RasSstp - ok
12:39:09.0406 3664 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:39:09.0411 3664 rdbss - ok
12:39:09.0432 3664 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:39:09.0433 3664 rdpbus - ok
12:39:09.0452 3664 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:39:09.0453 3664 RDPCDD - ok
12:39:09.0486 3664 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:39:09.0489 3664 RDPDR - ok
12:39:09.0517 3664 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:39:09.0518 3664 RDPENCDD - ok
12:39:09.0541 3664 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:39:09.0541 3664 RDPREFMP - ok
12:39:09.0591 3664 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
12:39:09.0592 3664 RdpVideoMiniport - ok
12:39:09.0621 3664 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:39:09.0625 3664 RDPWD - ok
12:39:09.0654 3664 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:39:09.0656 3664 rdyboost - ok
12:39:09.0722 3664 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:39:09.0724 3664 rspndr - ok
12:39:09.0787 3664 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:39:09.0790 3664 RTL8167 - ok
12:39:09.0819 3664 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:39:09.0820 3664 s3cap - ok
12:39:09.0861 3664 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:39:09.0863 3664 sbp2port - ok
12:39:09.0898 3664 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:39:09.0899 3664 scfilter - ok
12:39:09.0951 3664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:39:09.0952 3664 secdrv - ok
12:39:10.0000 3664 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:39:10.0000 3664 Serenum - ok
12:39:10.0021 3664 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:39:10.0023 3664 Serial - ok
12:39:10.0054 3664 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:39:10.0055 3664 sermouse - ok
12:39:10.0093 3664 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:39:10.0094 3664 sffdisk - ok
12:39:10.0109 3664 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:39:10.0110 3664 sffp_mmc - ok
12:39:10.0122 3664 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:39:10.0123 3664 sffp_sd - ok
12:39:10.0137 3664 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:39:10.0138 3664 sfloppy - ok
12:39:10.0184 3664 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:39:10.0186 3664 SiSRaid2 - ok
12:39:10.0208 3664 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:39:10.0208 3664 SiSRaid4 - ok
12:39:10.0235 3664 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:39:10.0236 3664 Smb - ok
12:39:10.0266 3664 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:39:10.0267 3664 spldr - ok
12:39:10.0378 3664 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
12:39:10.0398 3664 sptd - ok
12:39:10.0462 3664 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:39:10.0467 3664 srv - ok
12:39:10.0511 3664 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:39:10.0516 3664 srv2 - ok
12:39:10.0547 3664 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:39:10.0549 3664 srvnet - ok
12:39:10.0603 3664 ssfs0bbc - ok
12:39:10.0632 3664 ssidrv - ok
12:39:10.0696 3664 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:39:10.0697 3664 stexstor - ok
12:39:10.0747 3664 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:39:10.0748 3664 storflt - ok
12:39:10.0791 3664 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:39:10.0793 3664 storvsc - ok
12:39:10.0830 3664 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:39:10.0831 3664 swenum - ok
12:39:10.0879 3664 Synth3dVsc - ok
12:39:11.0001 3664 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
12:39:11.0052 3664 Tcpip - ok
12:39:11.0134 3664 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
12:39:11.0144 3664 TCPIP6 - ok
12:39:11.0188 3664 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:39:11.0189 3664 tcpipreg - ok
12:39:11.0260 3664 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:39:11.0261 3664 TDPIPE - ok
12:39:11.0280 3664 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:39:11.0281 3664 TDTCP - ok
12:39:11.0316 3664 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:39:11.0319 3664 tdx - ok
12:39:11.0347 3664 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:39:11.0349 3664 TermDD - ok
12:39:11.0490 3664 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:39:11.0492 3664 tssecsrv - ok
12:39:11.0533 3664 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:39:11.0535 3664 TsUsbFlt - ok
12:39:11.0550 3664 tsusbhub - ok
12:39:11.0580 3664 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:39:11.0583 3664 tunnel - ok
12:39:11.0656 3664 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:39:11.0658 3664 uagp35 - ok
12:39:11.0707 3664 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:39:11.0711 3664 udfs - ok
12:39:11.0791 3664 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:39:11.0792 3664 uliagpkx - ok
12:39:11.0849 3664 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:39:11.0851 3664 umbus - ok
12:39:11.0911 3664 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:39:11.0912 3664 UmPass - ok
12:39:11.0982 3664 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:39:11.0985 3664 usbaudio - ok
12:39:12.0051 3664 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
12:39:12.0053 3664 usbccgp - ok
12:39:12.0091 3664 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:39:12.0092 3664 usbcir - ok
12:39:12.0129 3664 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
12:39:12.0131 3664 usbehci - ok
12:39:12.0178 3664 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
12:39:12.0185 3664 usbhub - ok
12:39:12.0203 3664 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
12:39:12.0204 3664 usbohci - ok
12:39:12.0247 3664 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:39:12.0248 3664 usbprint - ok
12:39:12.0277 3664 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:39:12.0280 3664 USBSTOR - ok
12:39:12.0319 3664 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
12:39:12.0320 3664 usbuhci - ok
12:39:12.0343 3664 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:39:12.0348 3664 usbvideo - ok
12:39:12.0454 3664 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
12:39:12.0456 3664 VClone - ok
12:39:12.0475 3664 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:39:12.0476 3664 vdrvroot - ok
12:39:12.0557 3664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:39:12.0558 3664 vga - ok
12:39:12.0580 3664 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:39:12.0581 3664 VgaSave - ok
12:39:12.0612 3664 VGPU - ok
12:39:12.0655 3664 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:39:12.0659 3664 vhdmp - ok
12:39:12.0686 3664 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:39:12.0688 3664 viaide - ok
12:39:12.0712 3664 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:39:12.0716 3664 vmbus - ok
12:39:12.0745 3664 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:39:12.0746 3664 VMBusHID - ok
12:39:12.0778 3664 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:39:12.0779 3664 volmgr - ok
12:39:12.0830 3664 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:39:12.0834 3664 volmgrx - ok
12:39:12.0877 3664 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:39:12.0882 3664 volsnap - ok
12:39:12.0950 3664 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:39:12.0954 3664 vsmraid - ok
12:39:12.0983 3664 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:39:12.0984 3664 vwifibus - ok
12:39:13.0022 3664 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:39:13.0023 3664 WacomPen - ok
12:39:13.0057 3664 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:39:13.0059 3664 WANARP - ok
12:39:13.0075 3664 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:39:13.0077 3664 Wanarpv6 - ok
12:39:13.0135 3664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:39:13.0136 3664 Wd - ok
12:39:13.0168 3664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:39:13.0185 3664 Wdf01000 - ok
12:39:13.0249 3664 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:39:13.0250 3664 WfpLwf - ok
12:39:13.0271 3664 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:39:13.0272 3664 WIMMount - ok
12:39:13.0366 3664 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:39:13.0367 3664 WinUsb - ok
12:39:13.0395 3664 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:39:13.0396 3664 WmiAcpi - ok
12:39:13.0459 3664 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:39:13.0460 3664 ws2ifsl - ok
12:39:13.0534 3664 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:39:13.0536 3664 WudfPf - ok
12:39:13.0577 3664 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:39:13.0582 3664 WUDFRd - ok
12:39:13.0651 3664 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
12:39:13.0653 3664 xusb21 - ok
12:39:13.0708 3664 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:39:13.0718 3664 \Device\Harddisk0\DR0 - ok
12:39:13.0721 3664 Boot (0x1200) (b1215692e667a5f53e1239afe642f1c5) \Device\Harddisk0\DR0\Partition0
12:39:13.0722 3664 \Device\Harddisk0\DR0\Partition0 - ok
12:39:13.0743 3664 Boot (0x1200) (2c2ce41ee02fd622d0dd890522899075) \Device\Harddisk0\DR0\Partition1
12:39:13.0744 3664 \Device\Harddisk0\DR0\Partition1 - ok
12:39:13.0774 3664 Boot (0x1200) (c425bea75bed0bd5989b78fa70b213b5) \Device\Harddisk0\DR0\Partition2
12:39:13.0775 3664 \Device\Harddisk0\DR0\Partition2 - ok
12:39:13.0775 3664 ============================================================
12:39:13.0775 3664 Scan finished
12:39:13.0775 3664 ============================================================
12:39:13.0786 2624 Detected object count: 0
12:39:13.0786 2624 Actual detected object count: 0
12:39:38.0696 1216 ============================================================
12:39:38.0696 1216 Scan started
12:39:38.0696 1216 Mode: Manual;
12:39:38.0696 1216 ============================================================
12:39:39.0276 1216 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:39:39.0278 1216 1394ohci - ok
12:39:39.0322 1216 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:39:39.0325 1216 ACPI - ok
12:39:39.0349 1216 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:39:39.0350 1216 AcpiPmi - ok
12:39:39.0396 1216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:39:39.0400 1216 adp94xx - ok
12:39:39.0422 1216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:39:39.0424 1216 adpahci - ok
12:39:39.0440 1216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:39:39.0442 1216 adpu320 - ok
12:39:39.0480 1216 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
12:39:39.0484 1216 AFD - ok
12:39:39.0509 1216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:39:39.0510 1216 agp440 - ok
12:39:39.0537 1216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:39:39.0538 1216 aliide - ok
12:39:39.0564 1216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:39:39.0565 1216 amdide - ok
12:39:39.0601 1216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:39:39.0603 1216 AmdK8 - ok
12:39:39.0848 1216 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
12:39:39.0897 1216 amdkmdag - ok
12:39:39.0922 1216 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
12:39:39.0924 1216 amdkmdap - ok
12:39:39.0948 1216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:39:39.0949 1216 AmdPPM - ok
12:39:39.0975 1216 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
12:39:39.0976 1216 amdsata - ok
12:39:40.0000 1216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:39:40.0001 1216 amdsbs - ok
12:39:40.0026 1216 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
12:39:40.0027 1216 amdxata - ok
12:39:40.0068 1216 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:39:40.0069 1216 AppID - ok
12:39:40.0114 1216 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:39:40.0115 1216 arc - ok
12:39:40.0133 1216 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:39:40.0134 1216 arcsas - ok
12:39:40.0158 1216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:39:40.0158 1216 AsyncMac - ok
12:39:40.0189 1216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:39:40.0189 1216 atapi - ok
12:39:40.0225 1216 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
12:39:40.0226 1216 AtiHDAudioService - ok
12:39:40.0275 1216 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys
12:39:40.0276 1216 AtiHdmiService - ok
12:39:40.0511 1216 atikmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
12:39:40.0561 1216 atikmdag - ok
12:39:40.0625 1216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:39:40.0628 1216 b06bdrv - ok
12:39:40.0663 1216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:39:40.0665 1216 b57nd60a - ok
12:39:40.0690 1216 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:39:40.0691 1216 Beep - ok
12:39:40.0738 1216 BIOS (00cadb1bc2d0030f0b2a1063618b6bd7) C:\Windows\system32\drivers\BIOS64.sys
12:39:40.0738 1216 BIOS - ok
12:39:40.0760 1216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:39:40.0761 1216 blbdrive - ok
12:39:40.0786 1216 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:39:40.0787 1216 bowser - ok
12:39:40.0807 1216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:39:40.0807 1216 BrFiltLo - ok
12:39:40.0829 1216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:39:40.0830 1216 BrFiltUp - ok
12:39:40.0860 1216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:39:40.0863 1216 Brserid - ok
12:39:40.0883 1216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:39:40.0884 1216 BrSerWdm - ok
12:39:40.0904 1216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:39:40.0905 1216 BrUsbMdm - ok
12:39:40.0916 1216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:39:40.0917 1216 BrUsbSer - ok
12:39:40.0944 1216 BS_I2cIo (83601bbe5563d92c1fdb4e960d84dc77) C:\Windows\system32\drivers\BS_I2cIo.sys
12:39:40.0945 1216 BS_I2cIo - ok
12:39:40.0969 1216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:39:40.0970 1216 BTHMODEM - ok
12:39:41.0025 1216 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
12:39:41.0026 1216 BVRPMPR5a64 - ok
12:39:41.0030 1216 catchme - ok
12:39:41.0052 1216 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:39:41.0053 1216 cdfs - ok
12:39:41.0084 1216 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:39:41.0085 1216 cdrom - ok
12:39:41.0107 1216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:39:41.0108 1216 circlass - ok
12:39:41.0155 1216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:39:41.0159 1216 CLFS - ok
12:39:41.0188 1216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:39:41.0188 1216 CmBatt - ok
12:39:41.0223 1216 cmderd (6bbcc68d37d9b0c09100cdc2d16c8f8f) C:\Windows\system32\DRIVERS\cmderd.sys
12:39:41.0224 1216 cmderd - ok
12:39:41.0242 1216 cmdGuard (0020e6598d80b92e4d8618554c4843ab) C:\Windows\system32\DRIVERS\cmdguard.sys
12:39:41.0244 1216 cmdGuard - ok
12:39:41.0256 1216 cmdHlp (7a2af19b01bf433c23ac1111610acf84) C:\Windows\system32\DRIVERS\cmdhlp.sys
12:39:41.0257 1216 cmdHlp - ok
12:39:41.0286 1216 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:39:41.0286 1216 cmdide - ok
12:39:41.0322 1216 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
12:39:41.0324 1216 CNG - ok
12:39:41.0363 1216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:39:41.0364 1216 Compbatt - ok
12:39:41.0395 1216 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:39:41.0396 1216 CompositeBus - ok
12:39:41.0435 1216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:39:41.0436 1216 crcdisk - ok
12:39:41.0500 1216 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:39:41.0504 1216 CSC - ok
12:39:41.0536 1216 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:39:41.0537 1216 DfsC - ok
12:39:41.0556 1216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:39:41.0556 1216 discache - ok
12:39:41.0576 1216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:39:41.0577 1216 Disk - ok
12:39:41.0633 1216 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:39:41.0634 1216 drmkaud - ok
12:39:41.0697 1216 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:39:41.0705 1216 DXGKrnl - ok
12:39:41.0816 1216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:39:41.0838 1216 ebdrv - ok
12:39:41.0872 1216 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:39:41.0873 1216 ElbyCDIO - ok
12:39:41.0918 1216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:39:41.0920 1216 elxstor - ok
12:39:41.0942 1216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:39:41.0943 1216 ErrDev - ok
12:39:41.0975 1216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:39:41.0976 1216 exfat - ok
12:39:42.0000 1216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:39:42.0001 1216 fastfat - ok
12:39:42.0020 1216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:39:42.0021 1216 fdc - ok
12:39:42.0044 1216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:39:42.0045 1216 FileInfo - ok
12:39:42.0062 1216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:39:42.0063 1216 Filetrace - ok
12:39:42.0082 1216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:39:42.0083 1216 flpydisk - ok
12:39:42.0119 1216 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:39:42.0120 1216 FltMgr - ok
12:39:42.0142 1216 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:39:42.0143 1216 FsDepends - ok
12:39:42.0167 1216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:39:42.0167 1216 Fs_Rec - ok
12:39:42.0212 1216 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:39:42.0215 1216 fvevol - ok
12:39:42.0240 1216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:39:42.0241 1216 gagp30kx - ok
12:39:42.0280 1216 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
12:39:42.0281 1216 hamachi - ok
12:39:42.0308 1216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:39:42.0309 1216 hcw85cir - ok
12:39:42.0343 1216 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:39:42.0344 1216 HDAudBus - ok
12:39:42.0366 1216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:39:42.0367 1216 HidBatt - ok
12:39:42.0384 1216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:39:42.0385 1216 HidBth - ok
12:39:42.0407 1216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:39:42.0408 1216 HidIr - ok
12:39:42.0444 1216 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
12:39:42.0445 1216 HidUsb - ok
12:39:42.0477 1216 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:39:42.0479 1216 HpSAMD - ok
12:39:42.0549 1216 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:39:42.0554 1216 HTTP - ok
12:39:42.0606 1216 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:39:42.0607 1216 hwpolicy - ok
12:39:42.0646 1216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:39:42.0648 1216 i8042prt - ok
12:39:42.0670 1216 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
12:39:42.0672 1216 iaStorV - ok
12:39:42.0719 1216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:39:42.0720 1216 iirsp - ok
12:39:42.0767 1216 inspect (fc863d6ec8fc977ac4be6ca7ddc10dae) C:\Windows\system32\DRIVERS\inspect.sys
12:39:42.0768 1216 inspect - ok
12:39:42.0839 1216 IntcAzAudAddService (56c5a3afac93cd364dec7fbca616e1c2) C:\Windows\system32\drivers\RTKVHD64.sys
12:39:42.0851 1216 IntcAzAudAddService - ok
12:39:42.0877 1216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:39:42.0878 1216 intelide - ok
12:39:42.0901 1216 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:39:42.0902 1216 intelppm - ok
12:39:42.0935 1216 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:39:42.0936 1216 IpFilterDriver - ok
12:39:42.0970 1216 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:39:42.0971 1216 IPMIDRV - ok
12:39:42.0985 1216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:39:42.0986 1216 IPNAT - ok
12:39:43.0012 1216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:39:43.0013 1216 IRENUM - ok
12:39:43.0041 1216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:39:43.0042 1216 isapnp - ok
12:39:43.0072 1216 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:39:43.0073 1216 iScsiPrt - ok
12:39:43.0096 1216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:39:43.0097 1216 kbdclass - ok
12:39:43.0115 1216 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:39:43.0116 1216 kbdhid - ok
12:39:43.0143 1216 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
12:39:43.0144 1216 KSecDD - ok
12:39:43.0166 1216 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
12:39:43.0167 1216 KSecPkg - ok
12:39:43.0214 1216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:39:43.0215 1216 ksthunk - ok
12:39:43.0266 1216 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
12:39:43.0267 1216 LGBusEnum - ok
12:39:43.0312 1216 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
12:39:43.0313 1216 LGVirHid - ok
12:39:43.0337 1216 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:39:43.0339 1216 lltdio - ok
12:39:43.0375 1216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:39:43.0377 1216 LSI_FC - ok
12:39:43.0403 1216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:39:43.0405 1216 LSI_SAS - ok
12:39:43.0428 1216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:39:43.0430 1216 LSI_SAS2 - ok
12:39:43.0453 1216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:39:43.0455 1216 LSI_SCSI - ok
12:39:43.0485 1216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:39:43.0486 1216 luafv - ok
12:39:43.0497 1216 LVPr2M64 - ok
12:39:43.0677 1216 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
12:39:43.0708 1216 LVUVC64 - ok
12:39:43.0751 1216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:39:43.0752 1216 megasas - ok
12:39:43.0773 1216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:39:43.0775 1216 MegaSR - ok
12:39:43.0799 1216 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:39:43.0800 1216 Modem - ok
12:39:43.0825 1216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:39:43.0826 1216 monitor - ok
12:39:43.0856 1216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:39:43.0857 1216 mouclass - ok
12:39:43.0871 1216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:39:43.0872 1216 mouhid - ok
12:39:43.0903 1216 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:39:43.0904 1216 mountmgr - ok
12:39:43.0939 1216 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:39:43.0940 1216 mpio - ok
12:39:43.0960 1216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:39:43.0961 1216 mpsdrv - ok
12:39:43.0997 1216 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:39:43.0998 1216 MRxDAV - ok
12:39:44.0034 1216 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:39:44.0036 1216 mrxsmb - ok
12:39:44.0061 1216 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:39:44.0063 1216 mrxsmb10 - ok
12:39:44.0091 1216 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:39:44.0092 1216 mrxsmb20 - ok
12:39:44.0124 1216 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:39:44.0125 1216 msahci - ok
12:39:44.0170 1216 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:39:44.0171 1216 msdsm - ok
12:39:44.0234 1216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:39:44.0235 1216 Msfs - ok
12:39:44.0251 1216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:39:44.0252 1216 mshidkmdf - ok
12:39:44.0277 1216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:39:44.0278 1216 msisadrv - ok
12:39:44.0310 1216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:39:44.0311 1216 MSKSSRV - ok
12:39:44.0330 1216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:39:44.0331 1216 MSPCLOCK - ok
12:39:44.0347 1216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:39:44.0348 1216 MSPQM - ok
12:39:44.0377 1216 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:39:44.0380 1216 MsRPC - ok
12:39:44.0405 1216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:39:44.0406 1216 mssmbios - ok
12:39:44.0419 1216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:39:44.0420 1216 MSTEE - ok
12:39:44.0443 1216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:39:44.0444 1216 MTConfig - ok
12:39:44.0464 1216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:39:44.0465 1216 Mup - ok
12:39:44.0518 1216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:39:44.0521 1216 NativeWifiP - ok
12:39:44.0576 1216 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:39:44.0583 1216 NDIS - ok
12:39:44.0601 1216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:39:44.0602 1216 NdisCap - ok
12:39:44.0627 1216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:39:44.0627 1216 NdisTapi - ok
12:39:44.0646 1216 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:39:44.0647 1216 Ndisuio - ok
12:39:44.0669 1216 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:39:44.0670 1216 NdisWan - ok
12:39:44.0725 1216 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:39:44.0727 1216 NDProxy - ok
12:39:44.0755 1216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:39:44.0756 1216 NetBIOS - ok
12:39:44.0804 1216 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:39:44.0807 1216 NetBT - ok
12:39:44.0854 1216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:39:44.0855 1216 nfrd960 - ok
12:39:44.0878 1216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:39:44.0879 1216 Npfs - ok
12:39:44.0897 1216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:39:44.0898 1216 nsiproxy - ok
12:39:44.0947 1216 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
12:39:44.0956 1216 Ntfs - ok
12:39:44.0979 1216 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:39:44.0979 1216 Null - ok
12:39:45.0011 1216 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
12:39:45.0012 1216 nvraid - ok
12:39:45.0042 1216 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
12:39:45.0044 1216 nvstor - ok
12:39:45.0080 1216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:39:45.0081 1216 nv_agp - ok
12:39:45.0106 1216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:39:45.0107 1216 ohci1394 - ok
12:39:45.0174 1216 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:39:45.0175 1216 Parport - ok
12:39:45.0211 1216 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:39:45.0213 1216 partmgr - ok
12:39:45.0250 1216 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:39:45.0252 1216 pci - ok
12:39:45.0274 1216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:39:45.0275 1216 pciide - ok
12:39:45.0330 1216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:39:45.0332 1216 pcmcia - ok
12:39:45.0359 1216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:39:45.0361 1216 pcw - ok
12:39:45.0391 1216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:39:45.0396 1216 PEAUTH - ok
12:39:45.0470 1216 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:39:45.0471 1216 PptpMiniport - ok
12:39:45.0490 1216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:39:45.0491 1216 Processor - ok
12:39:45.0535 1216 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:39:45.0536 1216 Psched - ok
12:39:45.0583 1216 PxHlpa64 (5d6c8e778f0218fcd2cca0efbc9766ca) C:\Windows\system32\Drivers\PxHlpa64.sys
12:39:45.0583 1216 PxHlpa64 - ok
12:39:45.0658 1216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:39:45.0669 1216 ql2300 - ok
12:39:45.0693 1216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:39:45.0695 1216 ql40xx - ok
12:39:45.0721 1216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:39:45.0722 1216 QWAVEdrv - ok
12:39:45.0741 1216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:39:45.0742 1216 RasAcd - ok
12:39:45.0788 1216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:39:45.0789 1216 RasAgileVpn - ok
12:39:45.0828 1216 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:39:45.0830 1216 Rasl2tp - ok
12:39:45.0853 1216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:39:45.0855 1216 RasPppoe - ok
12:39:45.0875 1216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:39:45.0875 1216 RasSstp - ok
12:39:45.0898 1216 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:39:45.0901 1216 rdbss - ok
12:39:45.0924 1216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:39:45.0925 1216 rdpbus - ok
12:39:45.0944 1216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:39:45.0945 1216 RDPCDD - ok
12:39:45.0978 1216 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:39:45.0980 1216 RDPDR - ok
12:39:46.0002 1216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:39:46.0002 1216 RDPENCDD - ok
12:39:46.0018 1216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:39:46.0019 1216 RDPREFMP - ok
12:39:46.0051 1216 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
12:39:46.0051 1216 RdpVideoMiniport - ok
12:39:46.0081 1216 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:39:46.0082 1216 RDPWD - ok
12:39:46.0105 1216 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:39:46.0107 1216 rdyboost - ok
12:39:46.0140 1216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:39:46.0141 1216 rspndr - ok
12:39:46.0188 1216 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:39:46.0189 1216 RTL8167 - ok
12:39:46.0220 1216 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:39:46.0221 1216 s3cap - ok
12:39:46.0253 1216 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:39:46.0255 1216 sbp2port - ok
12:39:46.0291 1216 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:39:46.0291 1216 scfilter - ok
12:39:46.0343 1216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:39:46.0344 1216 secdrv - ok
12:39:46.0384 1216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:39:46.0385 1216 Serenum - ok
12:39:46.0405 1216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:39:46.0407 1216 Serial - ok
12:39:46.0438 1216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:39:46.0439 1216 sermouse - ok
12:39:46.0478 1216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:39:46.0479 1216 sffdisk - ok
12:39:46.0494 1216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:39:46.0495 1216 sffp_mmc - ok
12:39:46.0504 1216 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:39:46.0505 1216 sffp_sd - ok
12:39:46.0546 1216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:39:46.0547 1216 sfloppy - ok
12:39:46.0577 1216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:39:46.0578 1216 SiSRaid2 - ok
12:39:46.0600 1216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:39:46.0601 1216 SiSRaid4 - ok
12:39:46.0619 1216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:39:46.0620 1216 Smb - ok
12:39:46.0660 1216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:39:46.0660 1216 spldr - ok
12:39:46.0742 1216 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
12:39:46.0749 1216 sptd - ok
12:39:46.0797 1216 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:39:46.0801 1216 srv - ok
12:39:46.0831 1216 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:39:46.0833 1216 srv2 - ok
12:39:46.0874 1216 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:39:46.0875 1216 srvnet - ok
12:39:46.0897 1216 ssfs0bbc - ok
12:39:46.0917 1216 ssidrv - ok
12:39:46.0989 1216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:39:46.0990 1216 stexstor - ok
12:39:47.0031 1216 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:39:47.0033 1216 storflt - ok
12:39:47.0059 1216 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:39:47.0061 1216 storvsc - ok
12:39:47.0089 1216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:39:47.0090 1216 swenum - ok
12:39:47.0119 1216 Synth3dVsc - ok
12:39:47.0230 1216 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
12:39:47.0244 1216 Tcpip - ok
12:39:47.0314 1216 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
12:39:47.0328 1216 TCPIP6 - ok
12:39:47.0356 1216 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:39:47.0357 1216 tcpipreg - ok
12:39:47.0404 1216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:39:47.0404 1216 TDPIPE - ok
12:39:47.0422 1216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:39:47.0423 1216 TDTCP - ok
12:39:47.0451 1216 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:39:47.0452 1216 tdx - ok
12:39:47.0482 1216 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:39:47.0483 1216 TermDD - ok
12:39:47.0533 1216 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:39:47.0534 1216 tssecsrv - ok
12:39:47.0567 1216 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:39:47.0581 1216 TsUsbFlt - ok
12:39:47.0607 1216 tsusbhub - ok
12:39:47.0648 1216 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:39:47.0649 1216 tunnel - ok
12:39:47.0700 1216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:39:47.0701 1216 uagp35 - ok
12:39:47.0734 1216 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:39:47.0737 1216 udfs - ok
12:39:47.0784 1216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:39:47.0785 1216 uliagpkx - ok
12:39:47.0817 1216 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:39:47.0818 1216 umbus - ok
12:39:47.0837 1216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:39:47.0838 1216 UmPass - ok
12:39:47.0875 1216 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:39:47.0876 1216 usbaudio - ok
12:39:47.0894 1216 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
12:39:47.0895 1216 usbccgp - ok
12:39:47.0917 1216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:39:47.0918 1216 usbcir - ok
12:39:47.0939 1216 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
12:39:47.0940 1216 usbehci - ok
12:39:47.0962 1216 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
12:39:47.0964 1216 usbhub - ok
12:39:47.0987 1216 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
12:39:47.0988 1216 usbohci - ok
12:39:48.0031 1216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:39:48.0032 1216 usbprint - ok
12:39:48.0062 1216 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:39:48.0063 1216 USBSTOR - ok
12:39:48.0087 1216 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
12:39:48.0088 1216 usbuhci - ok
12:39:48.0120 1216 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:39:48.0122 1216 usbvideo - ok
12:39:48.0164 1216 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
12:39:48.0164 1216 VClone - ok
12:39:48.0184 1216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:39:48.0185 1216 vdrvroot - ok
12:39:48.0233 1216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:39:48.0235 1216 vga - ok
12:39:48.0264 1216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:39:48.0265 1216 VgaSave - ok
12:39:48.0290 1216 VGPU - ok
12:39:48.0331 1216 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:39:48.0333 1216 vhdmp - ok
12:39:48.0354 1216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:39:48.0355 1216 viaide - ok
12:39:48.0380 1216 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:39:48.0382 1216 vmbus - ok
12:39:48.0404 1216 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:39:48.0405 1216 VMBusHID - ok
12:39:48.0429 1216 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:39:48.0430 1216 volmgr - ok
12:39:48.0472 1216 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:39:48.0474 1216 volmgrx - ok
12:39:48.0512 1216 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:39:48.0514 1216 volsnap - ok
12:39:48.0559 1216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:39:48.0561 1216 vsmraid - ok
12:39:48.0583 1216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:39:48.0584 1216 vwifibus - ok
12:39:48.0615 1216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:39:48.0616 1216 WacomPen - ok
12:39:48.0650 1216 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:39:48.0651 1216 WANARP - ok
12:39:48.0659 1216 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:39:48.0660 1216 Wanarpv6 - ok
12:39:48.0704 1216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:39:48.0705 1216 Wd - ok
12:39:48.0737 1216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:39:48.0740 1216 Wdf01000 - ok
12:39:48.0784 1216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:39:48.0784 1216 WfpLwf - ok
12:39:48.0805 1216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:39:48.0806 1216 WIMMount - ok
12:39:48.0875 1216 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:39:48.0876 1216 WinUsb - ok
12:39:48.0921 1216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:39:48.0922 1216 WmiAcpi - ok
12:39:48.0995 1216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:39:48.0996 1216 ws2ifsl - ok
12:39:49.0051 1216 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:39:49.0052 1216 WudfPf - ok
12:39:49.0076 1216 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:39:49.0077 1216 WUDFRd - ok
12:39:49.0127 1216 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
12:39:49.0128 1216 xusb21 - ok
12:39:49.0152 1216 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:39:49.0161 1216 \Device\Harddisk0\DR0 - ok
12:39:49.0164 1216 Boot (0x1200) (b1215692e667a5f53e1239afe642f1c5) \Device\Harddisk0\DR0\Partition0
12:39:49.0165 1216 \Device\Harddisk0\DR0\Partition0 - ok
12:39:49.0177 1216 Boot (0x1200) (2c2ce41ee02fd622d0dd890522899075) \Device\Harddisk0\DR0\Partition1
12:39:49.0178 1216 \Device\Harddisk0\DR0\Partition1 - ok
12:39:49.0201 1216 Boot (0x1200) (c425bea75bed0bd5989b78fa70b213b5) \Device\Harddisk0\DR0\Partition2
12:39:49.0202 1216 \Device\Harddisk0\DR0\Partition2 - ok
12:39:49.0202 1216 ============================================================
12:39:49.0202 1216 Scan finished
12:39:49.0202 1216 ============================================================
12:39:49.0208 3416 Detected object count: 0
12:39:49.0208 3416 Actual detected object count: 0

Attached Files

  • Attached File  MBR.zip   571bytes   1 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:29 PM

Posted 13 November 2011 - 02:31 PM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#7 realix

realix
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 13 November 2011 - 03:10 PM

ComboFix 11-11-13.02 - Danny 11/13/2011 13:41:22.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2516 [GMT -6:00]
Running from: c:\users\Danny\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Danny\AppData\Local\a4d6e54d\U
c:\users\Danny\AppData\Local\a4d6e54d\U\80000000.@
c:\users\Danny\AppData\Local\a4d6e54d\U\800000cb.@
c:\users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\00000004.@
c:\windows\assembly\tmp\U\000000c0.$
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000004.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleup.DLL
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\assembly\tmp\U . . . . Failed to delete
c:\windows\assembly\tmp\U\000000c0.@ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
.
.
2011-11-13 19:48 . 2011-11-13 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-06 07:56 . 2011-11-13 19:47 -------- d-sh--w- c:\users\Danny\AppData\Local\a4d6e54d
2011-11-06 03:23 . 2011-11-06 16:17 -------- d-----w- c:\program files\AutoHotkey
2011-10-23 22:36 . 2011-10-23 22:36 -------- d-----w- c:\program files (x86)\Fisher-Price
2011-10-23 22:35 . 2011-10-23 22:35 -------- d-----w- c:\users\Danny\AppData\Roaming\Fisher-Price
2011-10-23 21:56 . 2011-10-23 21:56 -------- d-----w- c:\programdata\Fisher-Price
2011-10-22 03:02 . 2011-10-22 03:02 0 ----a-w- c:\windows\SysWow64\OLD32A7.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 22:36 . 2009-07-03 20:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-07 22:36 . 2009-07-03 20:55 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-07 22:30 . 2009-07-03 20:55 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-05 00:14 . 2011-10-05 00:14 100864 ----a-w- c:\windows\SysWow64\srrstr.dll
2011-10-01 17:12 . 2009-07-03 20:55 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-24 03:15 . 2011-09-24 03:15 66048 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-09-24 03:15 . 2011-09-24 03:15 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-09-24 03:14 . 2011-09-24 03:14 16787456 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-24 03:14 . 2011-09-24 03:14 13753856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-24 03:13 . 2011-09-24 03:13 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-24 03:13 . 2011-09-24 03:13 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-09-08 17:34 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2010-08-04 01:54 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-09-08 17:28 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-09-08 17:24 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-09-08 17:18 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2009-11-25 03:04 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-09-08 17:00 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2010-08-04 01:23 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-09-08 16:53 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2011-09-08 16:52 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-09-08 16:51 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-09-08 16:51 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-09-08 16:51 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-08-31 22:00 . 2011-07-13 00:08 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-25_01.09.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-25 00:31 . 2011-10-25 02:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-10-25 00:31 . 2011-10-25 00:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-25 00:45 . 2011-10-25 01:43 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011102420111025\index.dat
+ 2011-10-25 00:31 . 2011-10-25 02:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-10-25 00:31 . 2011-10-25 00:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-01-30 16:34 . 2011-11-13 12:49 51242 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-13 20:00 47570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-28 18:02 . 2011-11-13 20:00 18054 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3117621518-3561144907-2986930160-1001_UserData.bin
+ 2010-05-22 21:37 . 2011-11-06 13:59 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2010-05-22 21:37 . 2010-09-07 23:53 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2010-01-28 17:28 . 2011-11-13 12:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 17:28 . 2011-10-25 00:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 17:28 . 2011-10-25 00:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-28 17:28 . 2011-11-13 12:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-13 12:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-25 00:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-28 18:02 . 2011-11-13 12:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 18:02 . 2011-10-25 01:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 18:02 . 2011-10-25 01:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-28 18:02 . 2011-11-13 12:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-28 18:02 . 2011-11-13 12:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-28 18:02 . 2011-10-25 01:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-28 17:54 . 2011-10-25 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-28 17:54 . 2011-11-13 12:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-28 17:54 . 2011-11-13 12:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-28 17:54 . 2011-10-25 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-13 12:47 . 2011-11-13 19:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-25 01:08 . 2011-10-25 01:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-13 12:47 . 2011-11-13 19:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-25 01:08 . 2011-10-25 01:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2011-10-25 02:40 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-10-25 02:40 491520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2011-09-21 03:37 668702 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-07 01:33 668702 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-07 01:33 124888 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-09-21 03:37 124888 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:38 . 2011-11-06 16:17 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2010-09-08 06:29 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:01 . 2011-10-25 01:07 505160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-13 07:01 505160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-05 12:28 . 2011-11-13 16:34 223744 c:\windows\assembly\tmp\kwrd.dll
+ 2009-07-14 04:54 . 2011-10-25 02:40 2850816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-10 05:01 . 2011-10-25 00:50 1474832 c:\windows\system32\drivers\sfi.dat
+ 2011-02-10 05:01 . 2011-11-13 19:37 1474832 c:\windows\system32\drivers\sfi.dat
+ 2010-04-28 04:14 . 2011-11-13 07:01 24288900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3117621518-3561144907-2986930160-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"iXL_MiddleWare"="c:\program files (x86)\Fisher-Price\iXL\iXL.Middleware.exe" [2011-08-04 56376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Webroot Update"="c:\windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleup.DLL" [2011-10-25 158208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2006-10-31 14136]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2008-06-16 15408]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - avgntflt
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 14:04]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 14:04]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3117621518-3561144907-2986930160-1001Core.job
- c:\users\Danny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 20:37]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3117621518-3561144907-2986930160-1001UA.job
- c:\users\Danny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 20:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF29315.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\g5dbsi62.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52586
FF - prefs.js: network.proxy.type - 4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3117621518-3561144907-2986930160-1001\Software\SecuROM\License information*]
"datasecu"=hex:52,a2,5b,53,18,75,96,e9,62,fc,43,d7,98,a9,7d,24,ba,65,ee,2b,fc,
cc,40,3e,1a,09,53,26,2a,80,c7,87,d0,36,80,7a,1d,15,ef,28,65,33,29,56,01,51,\
"rkeysecu"=hex:23,19,3a,01,9a,af,c2,c5,79,d2,56,53,33,bb,98,d1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2011-11-13 14:04:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-13 20:04
ComboFix2.txt 2011-10-25 01:15
.
Pre-Run: 24,195,809,280 bytes free
Post-Run: 24,771,100,672 bytes free
.
- - End Of File - - B3AF26BFF564C987F90273A3A2E582EA

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:29 PM

Posted 14 November 2011 - 08:42 AM

Open notepad and copy/paste the text in the quote box below into it:

File::
c:\windows\SysWow64\OLD32A7.tmp

Folder::
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@

Firefox::
FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\g5dbsi62.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52586
FF - prefs.js: network.proxy.type - 4

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-

DirLook::
c:\users\Danny\AppData\Local\a4d6e54d


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#9 realix

realix
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 14 November 2011 - 10:59 AM

Combofix stalled my machine and then it rebooted on itself. When it booted back up no log file was under c:\combofix.txt but i did find this one in the combofix directory. it seems to be only some if the log and not the full thing.

ComboFix 11-11-13.02 - Danny 11/14/2011 9:18:12.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2678 [GMT -6:00]
Running from: C:\Users\Danny\Desktop\ComboFix.exe
Command switches used :: C:\Users\Danny\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\SysWow64\OLD32A7.tmp"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleup.DLL
c:\windows\SysWow64\OLD32A7.tmp


((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))


2011-11-14 15:25:39 . 2011-11-14 15:25:39 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-11-06 07:56:03 . 2011-11-13 19:47:29 -------- d-sh--w- C:\Users\Danny\AppData\Local\a4d6e54d
2011-11-06 03:23:47 . 2011-11-06 16:17:16 -------- d-----w- C:\Program Files\AutoHotkey
2011-10-23 22:36:35 . 2011-10-23 22:36:35 -------- d-----w- C:\Program Files (x86)\Fisher-Price
2011-10-23 22:35:22 . 2011-10-23 22:35:22 -------- d-----w- C:\Users\Danny\AppData\Roaming\Fisher-Price
2011-10-23 21:56:51 . 2011-10-23 21:56:51 -------- d-----w- C:\ProgramData\Fisher-Price
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-10-07 22:36:12 . 2009-07-03 20:56:37 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-07 22:36:12 . 2009-07-03 20:55:22 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-07 22:30:03 . 2009-07-03 20:55:22 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-05 00:14:46 . 2011-10-05 00:14:48 100864 ----a-w- C:\Windows\SysWow64\srrstr.dll
2011-10-01 17:12:01 . 2009-07-03 20:55:21 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-24 03:15:12 . 2011-09-24 03:15:12 66048 ----a-w- C:\Windows\system32\OpenVideo64.dll
2011-09-24 03:15:08 . 2011-09-24 03:15:08 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-09-24 03:14:58 . 2011-09-24 03:14:58 16787456 ----a-w- C:\Windows\system32\amdocl64.dll
2011-09-24 03:14:18 . 2011-09-24 03:14:18 13753856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-24 03:13:30 . 2011-09-24 03:13:30 51200 ----a-w- C:\Windows\system32\OpenCL.dll
2011-09-24 03:13:24 . 2011-09-24 03:13:24 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-09-08 18:27:22 . 2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\system32\drivers\atikmdag.sys
2011-09-08 17:59:44 . 2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\system32\atio6axx.dll
2011-09-08 17:39:44 . 2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 . 2011-09-08 17:34:20 151552 ----a-w- C:\Windows\system32\atiapfxx.exe
2011-09-08 17:34:10 . 2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 . 2010-08-04 01:54:00 862720 ----a-w- C:\Windows\system32\aticfx64.dll
2011-09-08 17:30:38 . 2011-09-08 17:30:38 466944 ----a-w- C:\Windows\system32\ATIDEMGX.dll
2011-09-08 17:30:26 . 2011-09-08 17:30:26 486912 ----a-w- C:\Windows\system32\atieclxx.exe
2011-09-08 17:29:56 . 2011-09-08 17:29:56 204288 ----a-w- C:\Windows\system32\atiesrxx.exe
2011-09-08 17:28:54 . 2011-09-08 17:28:54 120320 ----a-w- C:\Windows\system32\atitmm64.dll
2011-09-08 17:28:38 . 2011-09-08 17:28:38 423424 ----a-w- C:\Windows\system32\atipdl64.dll
2011-09-08 17:28:32 . 2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 . 2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 . 2011-09-08 17:28:18 21504 ----a-w- C:\Windows\system32\atimuixx.dll
2011-09-08 17:28:14 . 2011-09-08 17:28:14 59392 ----a-w- C:\Windows\system32\atiedu64.dll
2011-09-08 17:28:10 . 2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 . 2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 . 2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\system32\atiumd6v.dll
2011-09-08 17:18:22 . 2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 . 2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\system32\atiumd6a.dll
2011-09-08 17:16:00 . 2009-11-25 03:04:30 4944896 ----a-w- C:\Windows\system32\atidxx64.dll
2011-09-08 17:09:42 . 2011-09-08 17:09:42 51200 ----a-w- C:\Windows\system32\aticalrt64.dll
2011-09-08 17:09:40 . 2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 . 2011-09-08 17:09:30 44544 ----a-w- C:\Windows\system32\aticalcl64.dll
2011-09-08 17:09:28 . 2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 . 2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\system32\aticaldd64.dll
2011-09-08 17:08:24 . 2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 . 2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 . 2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 . 2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\system32\atiumd64.dll
2011-09-08 16:59:48 . 2010-08-04 01:23:46 58880 ----a-w- C:\Windows\system32\coinst.dll
2011-09-08 16:53:20 . 2011-09-08 16:53:20 381952 ----a-w- C:\Windows\system32\atiadlxx.dll
2011-09-08 16:53:12 . 2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 . 2011-09-08 16:52:58 15360 ----a-w- C:\Windows\system32\atig6pxx.dll
2011-09-08 16:52:56 . 2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 . 2011-09-08 16:52:56 13312 ----a-w- C:\Windows\system32\atiglpxx.dll
2011-09-08 16:52:54 . 2011-09-08 16:52:54 39936 ----a-w- C:\Windows\system32\atig6txx.dll
2011-09-08 16:52:46 . 2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 . 2011-09-08 16:52:40 310784 ----a-w- C:\Windows\system32\drivers\atikmpag.sys
2011-09-08 16:52:00 . 2011-09-08 16:52:00 40960 ----a-w- C:\Windows\system32\atiuxp64.dll
2011-09-08 16:51:54 . 2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 . 2011-09-08 16:51:50 38912 ----a-w- C:\Windows\system32\atiu9p64.dll
2011-09-08 16:51:44 . 2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 . 2011-09-08 16:51:12 53248 ----a-w- C:\Windows\system32\drivers\ati2erec.dll
2011-09-08 16:51:02 . 2011-09-08 16:51:02 54784 ----a-w- C:\Windows\system32\atimpc64.dll
2011-09-08 16:51:02 . 2011-09-08 16:51:02 54784 ----a-w- C:\Windows\system32\amdpcom64.dll
2011-09-08 16:50:54 . 2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 . 2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-08-31 22:00:50 . 2011-07-13 00:08:05 25416 ----a-w- C:\Windows\system32\drivers\mbam.sys


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

---- Directory of c:\users\Danny\AppData\Local\a4d6e54d ----

2011-11-06 07:56:03 . 2011-11-06 07:56:03 2048 --sha-w- c:\users\Danny\AppData\Local\a4d6e54d\@


((((((((((((((((((((((((((((( SnapShot@2011-10-25_01.09.19 )))))))))))))))))))))))))))))))))))))))))

+ 2011-10-25 00:31:03 . 2011-10-25 02:24:30 16384 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-10-25 00:31:03 . 2011-10-25 00:34:52 16384 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-25 00:45:29 . 2011-10-25 01:43:52 49152 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011102420111025\index.dat
+ 2011-10-25 00:31:06 . 2011-10-25 02:24:30 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-10-25 00:31:06 . 2011-10-25 00:30:33 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-01-30 16:34:55 . 2011-11-14 15:13:30 51242 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10:35 . 2011-11-14 15:13:30 47570 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-28 18:02:56 . 2011-11-14 15:13:30 18070 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3117621518-3561144907-2986930160-1001_UserData.bin
+ 2010-05-22 21:37:27 . 2011-11-06 13:59:29 67584 C:\Windows\system32\LogFiles\Srt\bootstat.dat
- 2010-05-22 21:37:27 . 2010-09-07 23:53:34 67584 C:\Windows\system32\LogFiles\Srt\bootstat.dat
+ 2010-01-28 17:28:01 . 2011-11-14 15:11:34 16384 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 17:28:01 . 2011-10-25 00:20:26 16384 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 17:28:01 . 2011-10-25 00:20:26 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-28 17:28:01 . 2011-11-14 15:11:34 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54:19 . 2011-11-14 15:11:34 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54:19 . 2011-10-25 00:20:26 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-28 18:02:39 . 2011-11-14 15:12:12 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 18:02:39 . 2011-10-25 01:09:57 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 18:02:39 . 2011-10-25 01:09:57 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-28 18:02:39 . 2011-11-14 15:12:12 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-28 18:02:39 . 2011-11-14 15:12:12 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-28 18:02:39 . 2011-10-25 01:09:57 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-28 17:54:57 . 2011-10-25 01:10:06 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-28 17:54:57 . 2011-11-14 15:12:13 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-28 17:54:57 . 2011-11-14 15:12:13 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-28 17:54:57 . 2011-10-25 01:10:06 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-14 15:11:34 . 2011-11-14 15:11:34 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-25 01:08:47 . 2011-10-25 01:08:47 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-14 15:11:34 . 2011-11-14 15:11:34 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-25 01:08:47 . 2011-10-25 01:08:47 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54:17 . 2011-10-25 02:40:04 196608 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54:17 . 2011-10-25 02:40:04 491520 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36:59 . 2011-09-21 03:37:53 668702 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2011-11-07 01:33:39 668702 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2011-11-07 01:33:39 124888 C:\Windows\system32\perfc009.dat
- 2009-07-14 02:36:59 . 2011-09-21 03:37:53 124888 C:\Windows\system32\perfc009.dat
+ 2009-07-14 05:38:14 . 2011-11-06 16:17:24 262144 C:\Windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38:14 . 2010-09-08 06:29:22 262144 C:\Windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:01:48 . 2011-10-25 01:07:42 505160 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01:48 . 2011-11-14 03:05:37 505160 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-05 12:28:26 . 2011-11-13 16:34:56 223744 C:\Windows\assembly\tmp\kwrd.dll
+ 2009-07-14 04:54:17 . 2011-10-25 02:40:04 2850816 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-10 05:01:49 . 2011-10-25 00:50:10 1474832 C:\Windows\system32\drivers\sfi.dat
+ 2011-02-10 05:01:49 . 2011-11-13 19:37:32 1474832 C:\Windows\system32\drivers\sfi.dat
+ 2010-04-28 04:14:54 . 2011-11-14 03:05:38 24457684 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3117621518-3561144907-2986930160-1001-8192.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\Steam.exe" [2011-08-02 00:01:04 1242448]
"WindowsLivePhone"="C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 19:59:20 787816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WindowsLivePhone"="C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 19:59:20 787816]
"iXL_MiddleWare"="C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe" [2011-08-04 14:57:18 56376]




Securitycheck log


Results of screen317's Security Check version 0.99.26
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 23
Out of date Java installed!
Adobe Flash Player ( 10.2.159.1) Flash Player Out of Date!
Mozilla Firefox (7.0.) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Comodo Firewall cmdagent.exe
``````````End of Log````````````

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:29 PM

Posted 15 November 2011 - 09:02 AM

Folder::
c:\users\Danny\AppData\Local\a4d6e54d\@


Open notepad and copy/paste the text in the quote box below into it:

Folder::
c:\users\Danny\AppData\Local\a4d6e54d\@


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the correct version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 23

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
===

Please post the ComboFix log and let me know what problem persists.

#11 realix

realix
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 15 November 2011 - 10:06 PM

ran combofix it made it to stage 48 stalled there for an hour and then it rebooted. when it came back on combo fix seems to have a few directories locked up. no log file created. updated those items listed in post above.

c:\users\Danny\AppData\Local\a4d6e54d\@

is still located in said folder

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:29 PM

Posted 16 November 2011 - 08:28 AM

Delete the folder in bold manually.

c:\users\Danny\AppData\Local\a4d6e54d\@

If unable please Boot to Safe Mode and to it in that mode.

How to boot to Safe Mode, Vista - Windows 7
http://www.computerhope.com/issues/chsafe.htm#03

#13 realix

realix
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 16 November 2011 - 08:32 PM

ComboFix 11-11-16.02 - Danny 11/16/2011 19:18:46.7.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.3180 [GMT -6:00]
Running from: c:\users\Danny\Desktop\ComboFix.exe
Command switches used :: c:\users\Danny\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
c:\windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleup.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 01:24 . 2011-11-17 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-16 03:02 . 2011-11-16 03:02 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-16 03:02 . 2011-11-16 03:02 -------- d-----w- c:\program files\Java
2011-11-14 20:32 . 2011-11-14 20:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-06 03:23 . 2011-11-06 16:17 -------- d-----w- c:\program files\AutoHotkey
2011-10-23 22:36 . 2011-10-23 22:36 -------- d-----w- c:\program files (x86)\Fisher-Price
2011-10-23 22:35 . 2011-10-23 22:35 -------- d-----w- c:\users\Danny\AppData\Roaming\Fisher-Price
2011-10-23 21:56 . 2011-10-23 21:56 -------- d-----w- c:\programdata\Fisher-Price
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 22:36 . 2009-07-03 20:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-07 22:36 . 2009-07-03 20:55 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-07 22:30 . 2009-07-03 20:55 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-05 00:14 . 2011-10-05 00:14 100864 ----a-w- c:\windows\SysWow64\srrstr.dll
2011-10-01 17:12 . 2009-07-03 20:55 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-24 03:15 . 2011-09-24 03:15 66048 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-09-24 03:15 . 2011-09-24 03:15 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-09-24 03:14 . 2011-09-24 03:14 16787456 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-24 03:14 . 2011-09-24 03:14 13753856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-24 03:13 . 2011-09-24 03:13 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-24 03:13 . 2011-09-24 03:13 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-09-08 17:34 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2010-08-04 01:54 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-09-08 17:28 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-09-08 17:24 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-09-08 17:18 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2009-11-25 03:04 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-09-08 17:00 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2010-08-04 01:23 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-09-08 16:53 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2011-09-08 16:52 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-09-08 16:51 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-09-08 16:51 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-09-08 16:51 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-08-31 22:00 . 2011-07-13 00:08 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Danny\AppData\Local\a4d6e54d ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-25_01.09.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-14 17:55 . 2011-11-14 17:55 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 11776 c:\windows\SysWOW64\mshta.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 78848 c:\windows\SysWOW64\inseng.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 35840 c:\windows\SysWOW64\imgutil.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 74752 c:\windows\SysWOW64\iesetup.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 31744 c:\windows\SysWOW64\iernonce.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 66048 c:\windows\SysWOW64\icardie.dll
- 2011-10-25 00:31 . 2011-10-25 00:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-25 00:31 . 2011-10-25 02:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-25 00:45 . 2011-10-25 01:43 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011102420111025\index.dat
- 2011-10-25 00:31 . 2011-10-25 00:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-10-25 00:31 . 2011-10-25 02:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-01-30 16:34 . 2011-11-17 01:10 51378 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-17 01:10 47570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-28 18:02 . 2011-11-17 01:10 18358 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3117621518-3561144907-2986930160-1001_UserData.bin
+ 2011-11-14 17:55 . 2011-11-14 17:55 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 65024 c:\windows\system32\pngfilt.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 48640 c:\windows\system32\mshtmler.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 96256 c:\windows\system32\mshtmled.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 12288 c:\windows\system32\mshta.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 10752 c:\windows\system32\msfeedssync.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2010-05-22 21:37 . 2011-11-06 13:59 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2010-05-22 21:37 . 2010-09-07 23:53 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-11-14 17:55 . 2011-11-14 17:55 30720 c:\windows\system32\licmgr10.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 85504 c:\windows\system32\jsproxy.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 49664 c:\windows\system32\imgutil.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 85504 c:\windows\system32\iesetup.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 39936 c:\windows\system32\iernonce.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 89088 c:\windows\system32\ie4uinit.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 82432 c:\windows\system32\icardie.dll
+ 2010-01-28 17:28 . 2011-11-16 03:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 17:28 . 2011-10-25 00:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-28 17:28 . 2011-11-16 03:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-28 17:28 . 2011-10-25 00:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-16 03:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-25 00:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-28 18:02 . 2011-11-14 15:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 18:02 . 2011-10-25 01:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-11-16 02:01 88128 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-10-25 00:27 88128 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-01-28 18:02 . 2011-11-14 15:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-28 18:02 . 2011-10-25 01:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-28 18:02 . 2011-10-25 01:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-28 18:02 . 2011-11-14 15:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-28 17:54 . 2011-10-25 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-28 17:54 . 2011-11-15 04:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 17:54 . 2011-10-25 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-28 17:54 . 2011-11-15 04:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-17 01:12 . 2011-11-17 01:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-25 01:08 . 2011-10-25 01:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-25 01:08 . 2011-10-25 01:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-17 01:12 . 2011-11-17 01:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-14 17:55 . 2011-11-14 17:55 152064 c:\windows\SysWOW64\wextract.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 203776 c:\windows\SysWOW64\webcheck.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 420864 c:\windows\SysWOW64\vbscript.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 231936 c:\windows\SysWOW64\url.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 123392 c:\windows\SysWOW64\occache.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 162304 c:\windows\SysWOW64\msrating.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 161792 c:\windows\SysWOW64\msls31.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 580608 c:\windows\SysWOW64\msfeeds.dll
+ 2011-11-14 20:32 . 2011-11-14 20:32 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe
- 2011-07-20 00:13 . 2011-02-18 05:41 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 150528 c:\windows\SysWOW64\iexpress.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 176640 c:\windows\SysWOW64\ieui.dll
- 2011-07-20 00:15 . 2011-04-22 19:09 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 118784 c:\windows\SysWOW64\iepeers.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 434176 c:\windows\SysWOW64\ieapfltr.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 163840 c:\windows\SysWOW64\ieakui.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2009-07-14 04:54 . 2011-10-25 02:40 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-10-25 02:40 491520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-14 17:55 . 2011-11-14 17:55 101888 c:\windows\SysWOW64\admparse.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 160256 c:\windows\system32\wextract.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 249344 c:\windows\system32\webcheck.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 603648 c:\windows\system32\vbscript.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 237056 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2011-09-21 03:37 668702 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-07 01:33 668702 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-09-21 03:37 124888 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-07 01:33 124888 c:\windows\system32\perfc009.dat
+ 2011-11-14 17:55 . 2011-11-14 17:55 149504 c:\windows\system32\occache.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 197120 c:\windows\system32\msrating.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 222208 c:\windows\system32\msls31.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 697344 c:\windows\system32\msfeeds.dll
+ 2011-11-14 20:32 . 2011-11-14 20:32 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 818176 c:\windows\system32\jscript.dll
+ 2011-11-16 03:02 . 2011-11-16 03:02 190752 c:\windows\system32\javaws.exe
+ 2011-11-16 03:02 . 2011-11-16 03:02 171808 c:\windows\system32\javaw.exe
+ 2011-11-16 03:02 . 2011-11-16 03:02 171808 c:\windows\system32\java.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 103936 c:\windows\system32\inseng.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 165888 c:\windows\system32\iexpress.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 173056 c:\windows\system32\ieUnatt.exe
+ 2011-11-14 17:55 . 2011-11-14 17:55 248320 c:\windows\system32\ieui.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 111616 c:\windows\system32\iesysprep.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 145920 c:\windows\system32\iepeers.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 403248 c:\windows\system32\iedkcs32.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 267776 c:\windows\system32\ieaksie.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 160256 c:\windows\system32\ieakeng.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 135168 c:\windows\system32\IEAdvpack.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 282112 c:\windows\system32\dxtrans.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 452608 c:\windows\system32\dxtmsft.dll
- 2009-07-14 05:38 . 2010-09-08 06:29 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2011-11-06 16:17 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2011-11-14 17:55 . 2011-11-14 17:55 114176 c:\windows\system32\admparse.dll
+ 2009-07-14 05:01 . 2011-11-17 01:10 505160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-25 01:07 505160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-16 03:01 . 2011-11-16 03:01 908800 c:\windows\Installer\f7b44.msi
+ 2011-10-05 12:28 . 2011-11-13 16:34 223744 c:\windows\assembly\tmp\kwrd.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 1126912 c:\windows\SysWOW64\wininet.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 1102848 c:\windows\SysWOW64\urlmon.dll
+ 2010-11-05 00:46 . 2011-11-14 20:32 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 1798144 c:\windows\SysWOW64\jscript9.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 1791488 c:\windows\SysWOW64\iertutil.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 9704960 c:\windows\SysWOW64\ieframe.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2009-07-14 04:54 . 2011-10-25 02:40 2850816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-14 17:55 . 2011-11-14 17:55 1389056 c:\windows\system32\wininet.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 1344512 c:\windows\system32\urlmon.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 2309120 c:\windows\system32\jscript9.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 2143744 c:\windows\system32\iertutil.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 3695416 c:\windows\system32\ieapfltr.dat
+ 2011-02-10 05:01 . 2011-11-17 01:11 1474832 c:\windows\system32\drivers\sfi.dat
- 2011-02-10 05:01 . 2011-10-25 00:50 1474832 c:\windows\system32\drivers\sfi.dat
+ 2009-07-14 04:45 . 2011-11-16 01:06 6014918 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-10-25 00:18 6014918 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-05-25 06:41 . 2011-11-16 03:25 1007320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3117621518-3561144907-2986930160-1001-12288.dat
+ 2011-11-14 17:55 . 2011-11-14 17:55 12275200 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2011-11-15 04:08 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-07-20 02:55 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-11-14 17:55 . 2011-11-14 17:55 17781760 c:\windows\system32\mshtml.dll
+ 2011-11-14 20:32 . 2011-11-14 20:32 11336864 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
+ 2011-11-14 17:55 . 2011-11-14 17:55 10886144 c:\windows\system32\ieframe.dll
+ 2010-04-28 04:14 . 2011-11-17 01:10 24534532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3117621518-3561144907-2986930160-1001-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"iXL_MiddleWare"="c:\program files (x86)\Fisher-Price\iXL\iXL.Middleware.exe" [2011-08-04 56376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Webroot Update"="c:\windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleup.DLL" [2011-10-25 158208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [x]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2006-10-31 14136]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2008-06-16 15408]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXHLPA64
*Deregistered* - avgntflt
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 14:04]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 14:04]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3117621518-3561144907-2986930160-1001Core.job
- c:\users\Danny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 20:37]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3117621518-3561144907-2986930160-1001UA.job
- c:\users\Danny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 20:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\g5dbsi62.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3117621518-3561144907-2986930160-1001\Software\SecuROM\License information*]
"datasecu"=hex:52,a2,5b,53,18,75,96,e9,62,fc,43,d7,98,a9,7d,24,ba,65,ee,2b,fc,
cc,40,3e,1a,09,53,26,2a,80,c7,87,d0,36,80,7a,1d,15,ef,28,65,33,29,56,01,51,\
"rkeysecu"=hex:23,19,3a,01,9a,af,c2,c5,79,d2,56,53,33,bb,98,d1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-16 19:26:41
ComboFix-quarantined-files.txt 2011-11-17 01:26
ComboFix2.txt 2011-11-13 20:04
ComboFix3.txt 2011-10-25 01:15
.
Pre-Run: 23,770,431,488 bytes free
Post-Run: 23,295,762,432 bytes free
.
- - End Of File - - C698A1E8D1B4F2A509074127EF61F7A7

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:29 PM

Posted 17 November 2011 - 09:10 AM

Looking good.

Any remaining issues with this computer?

#15 realix

realix
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 17 November 2011 - 09:17 PM

scanned with antivirus nothing found , everything seems to be working normal now. thanks so much for all the help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users