Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help remove Sirefef


  • This topic is locked This topic is locked
13 replies to this topic

#1 shayl

shayl

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 22 December 2011 - 07:36 PM

Hi there, I've been trying to get Sirefef off of my computer for a couple of days, but it won't go away completely. MS Security Essentials keeps detecting and cleaning things like "Sirefef.B" and Sirefef.k" but they keep coming back. When I use google search and click on a results link, it redirects me to sites such as "oloan" and "liquorpuma" and' Get-answers-now" and "videonash"

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Stacey at 16:21:01 on 2011-12-22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.982 [GMT -8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\D-Link\DWA-130 revC\ANIWConnService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Stacey\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\D-Link\DWA-130 revC\AirNCFG.exe
C:\Program Files (x86)\D-Link\DWA-130 revC\WZCSLDR2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDRSS.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDClock.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDPop3.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=C:\Users\Stacey\AppData\Local\131e03c6\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
uRun: [F.lux] "C:\Users\Stacey\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [AdobeBridge]
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [D-Link D-Link Wireless N DWA-130] C:\Program Files (x86)\D-Link\DWA-130 revC\AirNCFG.exe
mRun: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-130 revC\WZCSLDR2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1437C010-B379-4669-9B0C-32E051766285} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{189CE2C6-29BE-4E14-9924-365B4730C1CB} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{189CE2C6-29BE-4E14-9924-365B4730C1CB}\347303431353 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{189CE2C6-29BE-4E14-9924-365B4730C1CB}\662757964736F636B6471696C6 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IE5BarLauncherBHO Class: {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB-X64: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
mRun-x64: [D-Link D-Link Wireless N DWA-130] C:\Program Files (x86)\D-Link\DWA-130 revC\AirNCFG.exe
mRun-x64: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-130 revC\WZCSLDR2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stacey\AppData\Roaming\Mozilla\Firefox\Profiles\cb7a7sfp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
FF - component: C:\Users\Stacey\AppData\Roaming\Mozilla\Firefox\Profiles\cb7a7sfp.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Stacey\AppData\Roaming\Mozilla\Firefox\Profiles\cb7a7sfp.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Stacey\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 D-Link Wireless N DWA-130_WPS;D-Link Wireless N DWA-130_WPS Service;C:\Program Files (x86)\D-Link\DWA-130 revC\ANIWConnService.exe [2011-2-11 53248]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-11-8 8704]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-12 2152152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-10 2253120]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-12-22 6438264]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-12-21 17152]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192U;D-Link DWA-130 Wireless N USB Adapter(rev.C);C:\Windows\system32\DRIVERS\dw130c.sys --> C:\Windows\system32\DRIVERS\dw130c.sys [?]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 D-Link Wireless N DWA-130;D-Link Wireless N DWA-130 Service;C:\Program Files (x86)\D-Link\DWA-130 revC\ANIWZCSdS.exe [2011-2-11 126976]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-12-22 20:32:19 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{588D1BBE-379A-4C17-A05C-D34EEB487BB0}\offreg.dll
2011-12-22 20:23:54 13312 ----a-w- C:\Windows\System32\drivers\wacmoumonitor.sys
2011-12-22 20:23:08 -------- d-----w- C:\Program Files\Tablet
2011-12-22 20:13:45 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{588D1BBE-379A-4C17-A05C-D34EEB487BB0}\mpengine.dll
2011-12-22 19:21:18 -------- d-sh--w- C:\Users\Stacey\AppData\Local\131e03c6
2011-12-22 03:45:17 7680 ----a-w- C:\Windows\SysWow64\drivers\RKLAFD3.tmp.sys
2011-12-22 03:12:42 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-12-21 21:18:36 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-12-21 21:15:12 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-12-21 21:14:51 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-12-21 09:01:56 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFF449AF-3495-4602-8827-66CE65219DD1}\gapaengine.dll
2011-12-21 06:06:19 -------- d-----w- C:\Program Files (x86)\Dungeons of Dredmor
2011-12-15 18:22:03 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 18:22:00 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 18:21:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 18:21:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 18:21:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-02 05:55:08 1186283 ----a-w- C:\Windows\Tiger In Space WIDESCREEN.scr
2011-12-02 05:55:08 -------- d-----w- C:\Windows\Tiger In Space WIDESCREEN Uninstaller
2011-11-29 03:16:08 -------- d-----w- C:\Windows\pss
.
==================== Find3M ====================
.
2011-12-12 03:45:21 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-15 08:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 16:28:51.60 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 25 December 2011 - 02:21 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 shayl

shayl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 26 December 2011 - 12:45 AM

thanks for the quick response!

It is still doing it after I ran combofix, I'll put the log below


No matter what I seemed to do, I couldn't get it to stop running my anti-virus software. I used the guide you linked and even went into the processes and services menu, and they still showed up in the scan, even though they didn't show up in the menu any longer. I also was in safe mode. Not sure what was going on there.


ComboFix 11-12-25.01 - Stacey 12/25/2011 17:53:39.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2856 [GMT -8:00]
Running from: c:\users\Stacey\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\~IYD1EEw1q8zbQl
c:\programdata\~IYD1EEw1q8zbQlr
c:\programdata\IYD1EEw1q8zbQl
c:\users\Stacey\AppData\Local\131e03c6\U
c:\users\Stacey\AppData\Local\131e03c6\U\80000000.@
c:\users\Stacey\AppData\Local\131e03c6\U\800000cb.@
c:\users\Stacey\AppData\Local\131e03c6\U\800000cf.@
c:\users\Stacey\AppData\Local\131e03c6\X
c:\users\Stacey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Stacey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Stacey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\Stacey\AppData\Roaming\Staceylog.dat
c:\users\Stacey\AppData\Roaming\Windows Update
c:\windows\assembly\tmp\U
c:\windows\system32\java.exe
c:\windows\SysWow64\Windows Update
.
.
((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))
.
.
2011-12-26 02:33 . 2011-12-26 02:33 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{17A43642-7369-42EF-838F-3E70A347BAE8}\offreg.dll
2011-12-26 02:31 . 2011-12-26 02:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-26 02:31 . 2011-12-26 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-26 00:05 . 2011-12-26 00:09 -------- d-----w- c:\windows\system32\MpEngineStore
2011-12-25 04:08 . 2011-11-30 10:21 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{17A43642-7369-42EF-838F-3E70A347BAE8}\mpengine.dll
2011-12-24 03:03 . 2009-07-14 01:40 18944 ----a-w- c:\windows\system32\OLD_cngaudit.dll
2011-12-22 20:23 . 2011-03-17 20:10 13312 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-12-22 20:23 . 2011-12-22 20:23 -------- d-----w- c:\program files\Tablet
2011-12-22 19:21 . 2011-12-26 02:29 -------- d-sh--w- c:\users\Stacey\AppData\Local\131e03c6
2011-12-22 03:45 . 2011-12-22 03:45 7680 ----a-w- c:\windows\SysWow64\drivers\RKLAFD3.tmp.sys
2011-12-22 03:12 . 2011-12-21 21:18 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-21 21:18 . 2011-12-21 21:18 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-21 21:15 . 2011-12-12 18:07 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-21 21:14 . 2011-12-21 21:15 -------- d-----w- c:\programdata\Lavasoft
2011-12-21 21:14 . 2011-12-21 21:14 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-21 09:01 . 2011-10-05 01:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFF449AF-3495-4602-8827-66CE65219DD1}\gapaengine.dll
2011-12-21 08:30 . 2011-12-21 08:32 -------- d-----w- c:\users\share
2011-12-21 06:06 . 2011-12-23 06:41 -------- d-----w- c:\program files (x86)\Dungeons of Dredmor
2011-12-15 18:22 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 18:22 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 18:21 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 18:21 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 18:21 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-11 23:37 . 2011-12-11 23:37 -------- d-----w- c:\users\Public\Roaming
2011-12-02 05:55 . 2011-12-02 05:55 -------- d-----w- c:\windows\Tiger In Space WIDESCREEN Uninstaller
2011-12-02 05:55 . 2011-11-30 20:20 1186283 ----a-w- c:\windows\Tiger In Space WIDESCREEN.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 03:45 . 2011-05-20 01:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-30 10:21 . 2011-07-03 10:36 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-15 08:54 . 2011-10-15 08:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-15 08:53 . 2011-10-10 22:29 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-10-10 22:29 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-02-13 05:01 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-02-13 05:01 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-02-13 05:01 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-02-13 05:01 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-01-08 04:49 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-10-15 08:53 . 2011-01-08 04:49 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-01-08 04:49 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-01-08 04:48 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-01-08 04:48 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-01-08 04:48 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2009-07-13 21:59 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2009-06-10 20:37 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-11 22:20 . 2011-08-11 10:36 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-29 16:24 . 2011-11-08 23:02 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Stacey\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-04-07 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"D-Link D-Link Wireless N DWA-130"="c:\program files (x86)\D-Link\DWA-130 revC\AirNCFG.exe" [2010-04-28 1019904]
"WZCSLDR2"="c:\program files (x86)\D-Link\DWA-130 revC\WZCSLDR2.exe" [2010-04-21 122880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 chgxclbg;chgxclbg;c:\windows\system32\drivers\chgxclbg.sys [x]
R1 MpKslfd755a86;MpKslfd755a86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51EDC202-CE32-4CA9-B2AB-FFAFF80718C1}\MpKslfd755a86.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 D-Link Wireless N DWA-130;D-Link Wireless N DWA-130 Service;c:\program files (x86)\D-Link\DWA-130 revC\ANIWZCSdS.exe [2010-04-21 126976]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 D-Link Wireless N DWA-130_WPS;D-Link Wireless N DWA-130_WPS Service;c:\program files (x86)\D-Link\DWA-130 revC\ANIWConnService.exe [2010-03-03 53248]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-12-02 8704]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-21 2152152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2011-06-06 6438264]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-21 17152]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192U;D-Link DWA-130 Wireless N USB Adapter(rev.C);c:\windows\system32\DRIVERS\dw130c.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4017698058-967565046-341720758-1000Core.job
- c:\users\Stacey\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 00:53]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4017698058-967565046-341720758-1000UA.job
- c:\users\Stacey\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 00:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Stacey\AppData\Roaming\Mozilla\Firefox\Profiles\cb7a7sfp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-Network Addon Mod - c:\users\Stacey\Documents\SimCity 4\Plugins\Network Addon Mod\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4017698058-967565046-341720758-1000\Software\SecuROM\License information*]
"datasecu"=hex:17,bb,26,8a,6d,b9,b5,94,33,8c,d0,7a,e8,7b,69,bd,cd,99,9a,7c,4c,
b8,d2,e3,ef,64,de,d9,f6,61,c8,26,14,c1,87,c4,f2,74,15,d4,64,2b,7a,60,98,bb,\
"rkeysecu"=hex:86,13,ac,13,7d,ce,db,a6,9b,2f,cb,dc,2e,19,67,3c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-12-25 21:30:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-26 05:30
.
Pre-Run: 61,003,681,792 bytes free
Post-Run: 59,936,272,384 bytes free
.
- - End Of File - - D501A4268D1DFC5620279AB848A86A7C

Edited by shayl, 26 December 2011 - 12:47 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 26 December 2011 - 12:57 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 shayl

shayl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 26 December 2011 - 12:48 PM

TDSS killer didn't work, won't run. I tried renaming it to a random name, a random name .com and iexplore.com and none of them would run

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 26 December 2011 - 01:09 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 shayl

shayl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 26 December 2011 - 02:49 PM

I think that might have done it, I'm not getting any intrusive sites anymore with google searches!

The tdssfix said it repaired successfully, and then TDSSkiller ran just fine. here is the log:

11:45:56.0441 4500 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
11:45:56.0451 4500 ============================================================
11:45:56.0452 4500 Current date / time: 2011/12/26 11:45:56.0451
11:45:56.0452 4500 SystemInfo:
11:45:56.0452 4500
11:45:56.0452 4500 OS Version: 6.1.7600 ServicePack: 0.0
11:45:56.0452 4500 Product type: Workstation
11:45:56.0452 4500 ComputerName: STACEY-PC
11:45:56.0452 4500 UserName: Stacey
11:45:56.0452 4500 Windows directory: C:\Windows
11:45:56.0452 4500 System windows directory: C:\Windows
11:45:56.0452 4500 Running under WOW64
11:45:56.0452 4500 Processor architecture: Intel x64
11:45:56.0452 4500 Number of processors: 4
11:45:56.0452 4500 Page size: 0x1000
11:45:56.0452 4500 Boot type: Normal boot
11:45:56.0452 4500 ============================================================
11:45:58.0506 4500 Initialize success
11:46:01.0969 4804 ============================================================
11:46:01.0969 4804 Scan started
11:46:01.0969 4804 Mode: Manual;
11:46:01.0969 4804 ============================================================
11:46:04.0861 4804 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:46:04.0876 4804 1394ohci - ok
11:46:04.0908 4804 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:46:04.0908 4804 ACPI - ok
11:46:04.0939 4804 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:46:04.0939 4804 AcpiPmi - ok
11:46:05.0173 4804 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:46:05.0189 4804 adp94xx - ok
11:46:05.0236 4804 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:46:05.0251 4804 adpahci - ok
11:46:05.0267 4804 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:46:05.0267 4804 adpu320 - ok
11:46:05.0345 4804 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
11:46:05.0345 4804 AFD - ok
11:46:05.0376 4804 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:46:05.0376 4804 agp440 - ok
11:46:05.0408 4804 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:46:05.0408 4804 aliide - ok
11:46:05.0423 4804 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:46:05.0423 4804 amdide - ok
11:46:05.0455 4804 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:46:05.0455 4804 AmdK8 - ok
11:46:05.0470 4804 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:46:05.0470 4804 AmdPPM - ok
11:46:05.0486 4804 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
11:46:05.0486 4804 amdsata - ok
11:46:05.0517 4804 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:46:05.0517 4804 amdsbs - ok
11:46:05.0533 4804 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
11:46:05.0533 4804 amdxata - ok
11:46:05.0580 4804 anodlwf (4ccf421e6c4b2a4cbce000715911f7cc) C:\Windows\system32\DRIVERS\anodlwfx.sys
11:46:05.0580 4804 anodlwf - ok
11:46:05.0611 4804 AntiAries - ok
11:46:05.0658 4804 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:46:05.0658 4804 AppID - ok
11:46:05.0705 4804 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:46:05.0705 4804 arc - ok
11:46:05.0720 4804 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:46:05.0720 4804 arcsas - ok
11:46:05.0751 4804 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:46:05.0751 4804 AsyncMac - ok
11:46:05.0767 4804 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:46:05.0767 4804 atapi - ok
11:46:05.0830 4804 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:46:05.0845 4804 b06bdrv - ok
11:46:05.0876 4804 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:46:05.0892 4804 b57nd60a - ok
11:46:05.0939 4804 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:46:05.0939 4804 Beep - ok
11:46:05.0970 4804 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:46:05.0970 4804 blbdrive - ok
11:46:06.0048 4804 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:46:06.0048 4804 bowser - ok
11:46:06.0064 4804 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:46:06.0064 4804 BrFiltLo - ok
11:46:06.0080 4804 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:46:06.0080 4804 BrFiltUp - ok
11:46:06.0142 4804 BrPar (91eb9c1fc4a4221ca3ccbd864f815c30) C:\Windows\System32\drivers\BrPar64a.sys
11:46:06.0142 4804 BrPar - ok
11:46:06.0158 4804 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:46:06.0173 4804 Brserid - ok
11:46:06.0189 4804 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:46:06.0189 4804 BrSerWdm - ok
11:46:06.0220 4804 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:46:06.0220 4804 BrUsbMdm - ok
11:46:06.0236 4804 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:46:06.0236 4804 BrUsbSer - ok
11:46:06.0251 4804 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:46:06.0251 4804 BTHMODEM - ok
11:46:06.0330 4804 catchme - ok
11:46:06.0423 4804 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:46:06.0423 4804 cdfs - ok
11:46:06.0470 4804 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:46:06.0470 4804 cdrom - ok
11:46:06.0517 4804 chgxclbg - ok
11:46:06.0548 4804 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:46:06.0548 4804 circlass - ok
11:46:06.0580 4804 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:46:06.0580 4804 CLFS - ok
11:46:06.0658 4804 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:46:06.0658 4804 CmBatt - ok
11:46:06.0673 4804 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:46:06.0673 4804 cmdide - ok
11:46:06.0705 4804 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
11:46:06.0705 4804 CNG - ok
11:46:06.0720 4804 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:46:06.0720 4804 Compbatt - ok
11:46:06.0751 4804 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:46:06.0751 4804 CompositeBus - ok
11:46:06.0783 4804 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:46:06.0783 4804 crcdisk - ok
11:46:06.0876 4804 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:46:06.0876 4804 DfsC - ok
11:46:06.0908 4804 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:46:06.0908 4804 discache - ok
11:46:06.0939 4804 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:46:06.0939 4804 Disk - ok
11:46:07.0064 4804 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:46:07.0064 4804 drmkaud - ok
11:46:07.0126 4804 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:46:07.0126 4804 dtsoftbus01 - ok
11:46:07.0205 4804 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
11:46:07.0205 4804 DXGKrnl - ok
11:46:07.0236 4804 EagleX64 - ok
11:46:07.0345 4804 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:46:07.0408 4804 ebdrv - ok
11:46:07.0470 4804 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:46:07.0470 4804 elxstor - ok
11:46:07.0486 4804 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:46:07.0486 4804 ErrDev - ok
11:46:07.0517 4804 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:46:07.0517 4804 exfat - ok
11:46:07.0548 4804 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:46:07.0548 4804 fastfat - ok
11:46:07.0580 4804 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:46:07.0595 4804 fdc - ok
11:46:07.0611 4804 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:46:07.0611 4804 FileInfo - ok
11:46:07.0626 4804 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:46:07.0626 4804 Filetrace - ok
11:46:07.0658 4804 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:46:07.0658 4804 flpydisk - ok
11:46:07.0673 4804 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:46:07.0673 4804 FltMgr - ok
11:46:07.0705 4804 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:46:07.0705 4804 FsDepends - ok
11:46:07.0720 4804 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:46:07.0736 4804 Fs_Rec - ok
11:46:07.0767 4804 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
11:46:07.0767 4804 fvevol - ok
11:46:07.0798 4804 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:46:07.0798 4804 gagp30kx - ok
11:46:07.0861 4804 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:46:07.0861 4804 GEARAspiWDM - ok
11:46:07.0923 4804 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:46:07.0923 4804 hamachi - ok
11:46:07.0955 4804 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:46:07.0955 4804 hcw85cir - ok
11:46:08.0001 4804 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:46:08.0017 4804 HdAudAddService - ok
11:46:08.0048 4804 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:46:08.0048 4804 HDAudBus - ok
11:46:08.0064 4804 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:46:08.0064 4804 HidBatt - ok
11:46:08.0095 4804 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:46:08.0095 4804 HidBth - ok
11:46:08.0111 4804 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:46:08.0111 4804 HidIr - ok
11:46:08.0173 4804 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:46:08.0189 4804 HidUsb - ok
11:46:08.0251 4804 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:46:08.0251 4804 HpSAMD - ok
11:46:08.0298 4804 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:46:08.0314 4804 HTTP - ok
11:46:08.0330 4804 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:46:08.0330 4804 hwpolicy - ok
11:46:08.0376 4804 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:46:08.0376 4804 i8042prt - ok
11:46:08.0408 4804 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
11:46:08.0408 4804 iaStorV - ok
11:46:08.0423 4804 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:46:08.0439 4804 iirsp - ok
11:46:08.0470 4804 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:46:08.0470 4804 intelide - ok
11:46:08.0501 4804 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:46:08.0501 4804 intelppm - ok
11:46:08.0517 4804 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:46:08.0517 4804 IpFilterDriver - ok
11:46:08.0548 4804 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:46:08.0548 4804 IPMIDRV - ok
11:46:08.0580 4804 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:46:08.0580 4804 IPNAT - ok
11:46:08.0611 4804 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:46:08.0611 4804 IRENUM - ok
11:46:08.0642 4804 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:46:08.0642 4804 isapnp - ok
11:46:08.0658 4804 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:46:08.0658 4804 iScsiPrt - ok
11:46:08.0689 4804 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:46:08.0689 4804 kbdclass - ok
11:46:08.0720 4804 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:46:08.0720 4804 kbdhid - ok
11:46:08.0736 4804 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
11:46:08.0751 4804 KSecDD - ok
11:46:08.0798 4804 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
11:46:08.0798 4804 KSecPkg - ok
11:46:08.0830 4804 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:46:08.0845 4804 ksthunk - ok
11:46:08.0923 4804 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
11:46:08.0923 4804 Lbd - ok
11:46:08.0986 4804 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
11:46:08.0986 4804 LGBusEnum - ok
11:46:09.0033 4804 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
11:46:09.0048 4804 LGVirHid - ok
11:46:09.0080 4804 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:46:09.0080 4804 lltdio - ok
11:46:09.0126 4804 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:46:09.0126 4804 LSI_FC - ok
11:46:09.0142 4804 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:46:09.0142 4804 LSI_SAS - ok
11:46:09.0173 4804 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:46:09.0173 4804 LSI_SAS2 - ok
11:46:09.0189 4804 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:46:09.0205 4804 LSI_SCSI - ok
11:46:09.0251 4804 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:46:09.0251 4804 luafv - ok
11:46:09.0267 4804 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:46:09.0267 4804 megasas - ok
11:46:09.0283 4804 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:46:09.0298 4804 MegaSR - ok
11:46:09.0314 4804 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:46:09.0314 4804 Modem - ok
11:46:09.0345 4804 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:46:09.0345 4804 monitor - ok
11:46:09.0376 4804 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:46:09.0376 4804 mouclass - ok
11:46:09.0408 4804 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:46:09.0408 4804 mouhid - ok
11:46:09.0439 4804 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:46:09.0439 4804 mountmgr - ok
11:46:09.0501 4804 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
11:46:09.0501 4804 MpFilter - ok
11:46:09.0517 4804 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:46:09.0533 4804 mpio - ok
11:46:09.0611 4804 MpKslfd755a86 - ok
11:46:09.0626 4804 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:46:09.0626 4804 MpNWMon - ok
11:46:09.0658 4804 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:46:09.0658 4804 mpsdrv - ok
11:46:09.0673 4804 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:46:09.0689 4804 MRxDAV - ok
11:46:09.0689 4804 mrxsmb - ok
11:46:09.0751 4804 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:46:09.0751 4804 mrxsmb10 - ok
11:46:09.0798 4804 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:46:09.0798 4804 mrxsmb20 - ok
11:46:09.0830 4804 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:46:09.0830 4804 msahci - ok
11:46:09.0861 4804 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:46:09.0861 4804 msdsm - ok
11:46:09.0876 4804 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:46:09.0876 4804 Msfs - ok
11:46:09.0908 4804 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:46:09.0908 4804 mshidkmdf - ok
11:46:09.0923 4804 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:46:09.0923 4804 msisadrv - ok
11:46:09.0955 4804 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:46:09.0955 4804 MSKSSRV - ok
11:46:09.0986 4804 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:46:09.0986 4804 MSPCLOCK - ok
11:46:10.0017 4804 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:46:10.0017 4804 MSPQM - ok
11:46:10.0048 4804 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:46:10.0048 4804 MsRPC - ok
11:46:10.0080 4804 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:46:10.0080 4804 mssmbios - ok
11:46:10.0095 4804 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:46:10.0095 4804 MSTEE - ok
11:46:10.0111 4804 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:46:10.0111 4804 MTConfig - ok
11:46:10.0142 4804 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:46:10.0142 4804 Mup - ok
11:46:10.0173 4804 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:46:10.0173 4804 NativeWifiP - ok
11:46:10.0236 4804 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:46:10.0251 4804 NDIS - ok
11:46:10.0283 4804 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:46:10.0283 4804 NdisCap - ok
11:46:10.0314 4804 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:46:10.0314 4804 NdisTapi - ok
11:46:10.0330 4804 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:46:10.0330 4804 Ndisuio - ok
11:46:10.0361 4804 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:46:10.0361 4804 NdisWan - ok
11:46:10.0376 4804 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:46:10.0376 4804 NDProxy - ok
11:46:10.0408 4804 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:46:10.0423 4804 NetBIOS - ok
11:46:10.0455 4804 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:46:10.0455 4804 NetBT - ok
11:46:10.0595 4804 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:46:10.0595 4804 nfrd960 - ok
11:46:10.0658 4804 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:46:10.0658 4804 NisDrv - ok
11:46:10.0751 4804 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:46:10.0751 4804 Npfs - ok
11:46:10.0814 4804 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:46:10.0814 4804 nsiproxy - ok
11:46:11.0048 4804 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
11:46:11.0095 4804 Ntfs - ok
11:46:11.0330 4804 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:46:11.0330 4804 Null - ok
11:46:12.0017 4804 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:46:12.0095 4804 nvlddmkm - ok
11:46:12.0361 4804 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
11:46:12.0376 4804 nvraid - ok
11:46:12.0470 4804 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
11:46:12.0486 4804 nvstor - ok
11:46:12.0548 4804 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:46:12.0548 4804 nv_agp - ok
11:46:12.0580 4804 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:46:12.0580 4804 ohci1394 - ok
11:46:12.0611 4804 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:46:12.0611 4804 Parport - ok
11:46:12.0626 4804 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:46:12.0626 4804 partmgr - ok
11:46:12.0658 4804 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:46:12.0658 4804 pci - ok
11:46:12.0673 4804 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:46:12.0673 4804 pciide - ok
11:46:12.0720 4804 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:46:12.0720 4804 pcmcia - ok
11:46:12.0736 4804 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:46:12.0736 4804 pcw - ok
11:46:12.0876 4804 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:46:12.0908 4804 PEAUTH - ok
11:46:13.0033 4804 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:46:13.0033 4804 PptpMiniport - ok
11:46:13.0080 4804 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:46:13.0095 4804 Processor - ok
11:46:13.0142 4804 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:46:13.0142 4804 Psched - ok
11:46:13.0220 4804 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:46:13.0267 4804 ql2300 - ok
11:46:13.0298 4804 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:46:13.0314 4804 ql40xx - ok
11:46:13.0345 4804 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:46:13.0345 4804 QWAVEdrv - ok
11:46:13.0376 4804 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:46:13.0376 4804 RasAcd - ok
11:46:13.0408 4804 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:46:13.0408 4804 RasAgileVpn - ok
11:46:13.0439 4804 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:46:13.0439 4804 Rasl2tp - ok
11:46:13.0455 4804 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:46:13.0455 4804 RasPppoe - ok
11:46:13.0486 4804 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:46:13.0486 4804 RasSstp - ok
11:46:13.0501 4804 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:46:13.0533 4804 rdbss - ok
11:46:13.0564 4804 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:46:13.0564 4804 rdpbus - ok
11:46:13.0595 4804 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:46:13.0595 4804 RDPCDD - ok
11:46:13.0626 4804 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:46:13.0626 4804 RDPENCDD - ok
11:46:13.0642 4804 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:46:13.0642 4804 RDPREFMP - ok
11:46:13.0673 4804 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
11:46:13.0673 4804 RDPWD - ok
11:46:13.0705 4804 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:46:13.0720 4804 rdyboost - ok
11:46:13.0767 4804 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:46:13.0767 4804 rspndr - ok
11:46:13.0814 4804 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:46:13.0814 4804 RTL8167 - ok
11:46:13.0923 4804 RTL8192U (7c9cc15879866c1b6516afd785593e3f) C:\Windows\system32\DRIVERS\dw130c.sys
11:46:13.0939 4804 RTL8192U - ok
11:46:13.0986 4804 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:46:14.0001 4804 sbp2port - ok
11:46:14.0017 4804 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:46:14.0017 4804 scfilter - ok
11:46:14.0064 4804 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:46:14.0064 4804 secdrv - ok
11:46:14.0080 4804 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:46:14.0095 4804 Serenum - ok
11:46:14.0111 4804 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:46:14.0126 4804 Serial - ok
11:46:14.0142 4804 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:46:14.0142 4804 sermouse - ok
11:46:14.0173 4804 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:46:14.0173 4804 sffdisk - ok
11:46:14.0205 4804 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:46:14.0220 4804 sffp_mmc - ok
11:46:14.0236 4804 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:46:14.0236 4804 sffp_sd - ok
11:46:14.0267 4804 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:46:14.0267 4804 sfloppy - ok
11:46:14.0314 4804 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:46:14.0314 4804 SiSRaid2 - ok
11:46:14.0361 4804 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:46:14.0376 4804 SiSRaid4 - ok
11:46:14.0423 4804 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:46:14.0423 4804 Smb - ok
11:46:14.0455 4804 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:46:14.0455 4804 spldr - ok
11:46:14.0595 4804 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:46:14.0642 4804 srv - ok
11:46:14.0673 4804 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:46:14.0673 4804 srv2 - ok
11:46:14.0767 4804 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:46:14.0783 4804 srvnet - ok
11:46:14.0861 4804 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:46:14.0876 4804 stexstor - ok
11:46:14.0908 4804 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:46:14.0908 4804 swenum - ok
11:46:15.0017 4804 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
11:46:15.0080 4804 Tcpip - ok
11:46:15.0158 4804 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
11:46:15.0173 4804 TCPIP6 - ok
11:46:15.0345 4804 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:46:15.0345 4804 tcpipreg - ok
11:46:15.0408 4804 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:46:15.0408 4804 TDPIPE - ok
11:46:15.0439 4804 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:46:15.0439 4804 TDTCP - ok
11:46:15.0470 4804 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:46:15.0470 4804 tdx - ok
11:46:15.0501 4804 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:46:15.0501 4804 TermDD - ok
11:46:15.0533 4804 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:46:15.0533 4804 tssecsrv - ok
11:46:15.0564 4804 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:46:15.0564 4804 tunnel - ok
11:46:15.0595 4804 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:46:15.0611 4804 uagp35 - ok
11:46:15.0642 4804 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:46:15.0658 4804 udfs - ok
11:46:15.0689 4804 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:46:15.0705 4804 uliagpkx - ok
11:46:15.0751 4804 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:46:15.0751 4804 umbus - ok
11:46:15.0783 4804 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:46:15.0783 4804 UmPass - ok
11:46:15.0845 4804 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:46:15.0845 4804 USBAAPL64 - ok
11:46:15.0876 4804 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
11:46:15.0876 4804 usbccgp - ok
11:46:15.0908 4804 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:46:15.0908 4804 usbcir - ok
11:46:15.0923 4804 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
11:46:15.0923 4804 usbehci - ok
11:46:15.0970 4804 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
11:46:15.0986 4804 usbhub - ok
11:46:16.0017 4804 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:46:16.0017 4804 usbohci - ok
11:46:16.0033 4804 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:46:16.0033 4804 usbprint - ok
11:46:16.0048 4804 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:46:16.0064 4804 USBSTOR - ok
11:46:16.0080 4804 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:46:16.0080 4804 usbuhci - ok
11:46:16.0111 4804 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:46:16.0111 4804 vdrvroot - ok
11:46:16.0142 4804 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:46:16.0158 4804 vga - ok
11:46:16.0189 4804 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:46:16.0189 4804 VgaSave - ok
11:46:16.0220 4804 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:46:16.0236 4804 vhdmp - ok
11:46:16.0251 4804 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:46:16.0251 4804 viaide - ok
11:46:16.0283 4804 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:46:16.0283 4804 volmgr - ok
11:46:16.0314 4804 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:46:16.0314 4804 volmgrx - ok
11:46:16.0345 4804 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:46:16.0345 4804 volsnap - ok
11:46:16.0392 4804 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:46:16.0392 4804 vsmraid - ok
11:46:16.0408 4804 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:46:16.0423 4804 vwifibus - ok
11:46:16.0455 4804 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:46:16.0455 4804 vwififlt - ok
11:46:16.0517 4804 wacmoumonitor (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
11:46:16.0533 4804 wacmoumonitor - ok
11:46:16.0580 4804 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
11:46:16.0580 4804 wacommousefilter - ok
11:46:16.0626 4804 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:46:16.0642 4804 WacomPen - ok
11:46:16.0705 4804 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
11:46:16.0705 4804 wacomvhid - ok
11:46:16.0751 4804 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:46:16.0767 4804 WANARP - ok
11:46:16.0767 4804 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:46:16.0767 4804 Wanarpv6 - ok
11:46:16.0814 4804 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:46:16.0814 4804 Wd - ok
11:46:16.0845 4804 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:46:16.0861 4804 Wdf01000 - ok
11:46:17.0423 4804 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:46:17.0439 4804 WfpLwf - ok
11:46:17.0455 4804 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:46:17.0455 4804 WIMMount - ok
11:46:17.0595 4804 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
11:46:17.0595 4804 WinUsb - ok
11:46:17.0673 4804 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
11:46:17.0673 4804 WmBEnum - ok
11:46:17.0986 4804 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
11:46:17.0986 4804 WmFilter - ok
11:46:18.0330 4804 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:46:18.0345 4804 WmiAcpi - ok
11:46:18.0486 4804 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
11:46:18.0501 4804 WmVirHid - ok
11:46:18.0564 4804 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
11:46:18.0564 4804 WmXlCore - ok
11:46:18.0595 4804 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:46:18.0595 4804 ws2ifsl - ok
11:46:18.0626 4804 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:46:18.0626 4804 WudfPf - ok
11:46:18.0673 4804 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:46:18.0673 4804 WUDFRd - ok
11:46:18.0705 4804 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:46:18.0705 4804 \Device\Harddisk0\DR0 - ok
11:46:18.0705 4804 Boot (0x1200) (d229dd4051ac02f0d933dde82636ba86) \Device\Harddisk0\DR0\Partition0
11:46:18.0705 4804 \Device\Harddisk0\DR0\Partition0 - ok
11:46:18.0705 4804 ============================================================
11:46:18.0705 4804 Scan finished
11:46:18.0705 4804 ============================================================
11:46:18.0720 4796 Detected object count: 0
11:46:18.0720 4796 Actual detected object count: 0
11:46:50.0596 1776 ============================================================
11:46:50.0596 1776 Scan started
11:46:50.0596 1776 Mode: Manual;
11:46:50.0596 1776 ============================================================
11:46:52.0049 1776 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:46:52.0065 1776 1394ohci - ok
11:46:52.0143 1776 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:46:52.0143 1776 ACPI - ok
11:46:52.0252 1776 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:46:52.0252 1776 AcpiPmi - ok
11:46:52.0315 1776 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:46:52.0315 1776 adp94xx - ok
11:46:52.0346 1776 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:46:52.0346 1776 adpahci - ok
11:46:52.0377 1776 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:46:52.0377 1776 adpu320 - ok
11:46:52.0502 1776 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
11:46:52.0502 1776 AFD - ok
11:46:52.0612 1776 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:46:52.0612 1776 agp440 - ok
11:46:52.0674 1776 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:46:52.0674 1776 aliide - ok
11:46:52.0690 1776 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:46:52.0690 1776 amdide - ok
11:46:52.0690 1776 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:46:52.0690 1776 AmdK8 - ok
11:46:52.0721 1776 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:46:52.0721 1776 AmdPPM - ok
11:46:52.0737 1776 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
11:46:52.0737 1776 amdsata - ok
11:46:52.0752 1776 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:46:52.0752 1776 amdsbs - ok
11:46:52.0768 1776 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
11:46:52.0768 1776 amdxata - ok
11:46:52.0815 1776 anodlwf (4ccf421e6c4b2a4cbce000715911f7cc) C:\Windows\system32\DRIVERS\anodlwfx.sys
11:46:52.0815 1776 anodlwf - ok
11:46:52.0815 1776 AntiAries - ok
11:46:52.0846 1776 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:46:52.0846 1776 AppID - ok
11:46:52.0893 1776 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:46:52.0893 1776 arc - ok
11:46:52.0909 1776 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:46:52.0909 1776 arcsas - ok
11:46:52.0940 1776 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:46:52.0940 1776 AsyncMac - ok
11:46:52.0956 1776 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:46:52.0956 1776 atapi - ok
11:46:53.0081 1776 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:46:53.0081 1776 b06bdrv - ok
11:46:53.0284 1776 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:46:53.0284 1776 b57nd60a - ok
11:46:53.0409 1776 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:46:53.0409 1776 Beep - ok
11:46:53.0518 1776 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:46:53.0518 1776 blbdrive - ok
11:46:53.0674 1776 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:46:53.0674 1776 bowser - ok
11:46:53.0784 1776 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:46:53.0784 1776 BrFiltLo - ok
11:46:53.0831 1776 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:46:53.0831 1776 BrFiltUp - ok
11:46:53.0877 1776 BrPar (91eb9c1fc4a4221ca3ccbd864f815c30) C:\Windows\System32\drivers\BrPar64a.sys
11:46:53.0877 1776 BrPar - ok
11:46:53.0909 1776 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:46:53.0909 1776 Brserid - ok
11:46:53.0924 1776 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:46:53.0940 1776 BrSerWdm - ok
11:46:53.0956 1776 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:46:53.0956 1776 BrUsbMdm - ok
11:46:53.0971 1776 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:46:53.0971 1776 BrUsbSer - ok
11:46:53.0987 1776 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:46:53.0987 1776 BTHMODEM - ok
11:46:54.0034 1776 catchme - ok
11:46:54.0065 1776 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:46:54.0065 1776 cdfs - ok
11:46:54.0081 1776 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:46:54.0081 1776 cdrom - ok
11:46:54.0096 1776 chgxclbg - ok
11:46:54.0112 1776 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:46:54.0112 1776 circlass - ok
11:46:54.0159 1776 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:46:54.0159 1776 CLFS - ok
11:46:54.0174 1776 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:46:54.0174 1776 CmBatt - ok
11:46:54.0206 1776 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:46:54.0206 1776 cmdide - ok
11:46:54.0237 1776 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
11:46:54.0237 1776 CNG - ok
11:46:54.0252 1776 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:46:54.0252 1776 Compbatt - ok
11:46:54.0268 1776 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:46:54.0268 1776 CompositeBus - ok
11:46:54.0284 1776 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:46:54.0284 1776 crcdisk - ok
11:46:54.0346 1776 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:46:54.0346 1776 DfsC - ok
11:46:54.0362 1776 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:46:54.0362 1776 discache - ok
11:46:54.0393 1776 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:46:54.0393 1776 Disk - ok
11:46:54.0424 1776 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:46:54.0424 1776 drmkaud - ok
11:46:54.0487 1776 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:46:54.0487 1776 dtsoftbus01 - ok
11:46:54.0565 1776 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
11:46:54.0565 1776 DXGKrnl - ok
11:46:54.0581 1776 EagleX64 - ok
11:46:54.0674 1776 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:46:54.0706 1776 ebdrv - ok
11:46:54.0737 1776 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:46:54.0752 1776 elxstor - ok
11:46:54.0768 1776 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:46:54.0768 1776 ErrDev - ok
11:46:54.0784 1776 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:46:54.0784 1776 exfat - ok
11:46:54.0799 1776 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:46:54.0799 1776 fastfat - ok
11:46:54.0831 1776 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:46:54.0831 1776 fdc - ok
11:46:54.0846 1776 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:46:54.0846 1776 FileInfo - ok
11:46:54.0862 1776 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:46:54.0862 1776 Filetrace - ok
11:46:54.0893 1776 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:46:54.0893 1776 flpydisk - ok
11:46:54.0909 1776 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:46:54.0909 1776 FltMgr - ok
11:46:54.0971 1776 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:46:54.0987 1776 FsDepends - ok
11:46:55.0018 1776 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:46:55.0018 1776 Fs_Rec - ok
11:46:55.0049 1776 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
11:46:55.0049 1776 fvevol - ok
11:46:55.0065 1776 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:46:55.0065 1776 gagp30kx - ok
11:46:55.0112 1776 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:46:55.0112 1776 GEARAspiWDM - ok
11:46:55.0206 1776 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:46:55.0206 1776 hamachi - ok
11:46:55.0237 1776 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:46:55.0237 1776 hcw85cir - ok
11:46:55.0268 1776 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:46:55.0268 1776 HdAudAddService - ok
11:46:55.0284 1776 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:46:55.0284 1776 HDAudBus - ok
11:46:55.0299 1776 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:46:55.0299 1776 HidBatt - ok
11:46:55.0315 1776 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:46:55.0315 1776 HidBth - ok
11:46:55.0346 1776 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:46:55.0346 1776 HidIr - ok
11:46:55.0362 1776 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:46:55.0362 1776 HidUsb - ok
11:46:55.0377 1776 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:46:55.0377 1776 HpSAMD - ok
11:46:55.0424 1776 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:46:55.0424 1776 HTTP - ok
11:46:55.0440 1776 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:46:55.0440 1776 hwpolicy - ok
11:46:55.0456 1776 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:46:55.0456 1776 i8042prt - ok
11:46:55.0487 1776 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
11:46:55.0487 1776 iaStorV - ok
11:46:55.0502 1776 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:46:55.0502 1776 iirsp - ok
11:46:55.0534 1776 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:46:55.0534 1776 intelide - ok
11:46:55.0549 1776 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:46:55.0549 1776 intelppm - ok
11:46:55.0565 1776 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:46:55.0565 1776 IpFilterDriver - ok
11:46:55.0581 1776 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:46:55.0581 1776 IPMIDRV - ok
11:46:55.0596 1776 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:46:55.0596 1776 IPNAT - ok
11:46:55.0612 1776 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:46:55.0627 1776 IRENUM - ok
11:46:55.0627 1776 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:46:55.0627 1776 isapnp - ok
11:46:55.0674 1776 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:46:55.0674 1776 iScsiPrt - ok
11:46:55.0690 1776 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:46:55.0690 1776 kbdclass - ok
11:46:55.0706 1776 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:46:55.0706 1776 kbdhid - ok
11:46:55.0737 1776 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
11:46:55.0737 1776 KSecDD - ok
11:46:55.0784 1776 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
11:46:55.0784 1776 KSecPkg - ok
11:46:55.0799 1776 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:46:55.0799 1776 ksthunk - ok
11:46:55.0846 1776 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
11:46:55.0862 1776 Lbd - ok
11:46:55.0909 1776 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
11:46:55.0909 1776 LGBusEnum - ok
11:46:55.0956 1776 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
11:46:55.0956 1776 LGVirHid - ok
11:46:55.0987 1776 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:46:55.0987 1776 lltdio - ok
11:46:56.0002 1776 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:46:56.0018 1776 LSI_FC - ok
11:46:56.0034 1776 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:46:56.0034 1776 LSI_SAS - ok
11:46:56.0049 1776 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:46:56.0049 1776 LSI_SAS2 - ok
11:46:56.0065 1776 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:46:56.0065 1776 LSI_SCSI - ok
11:46:56.0081 1776 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:46:56.0081 1776 luafv - ok
11:46:56.0112 1776 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:46:56.0112 1776 megasas - ok
11:46:56.0127 1776 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:46:56.0127 1776 MegaSR - ok
11:46:56.0143 1776 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:46:56.0143 1776 Modem - ok
11:46:56.0174 1776 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:46:56.0174 1776 monitor - ok
11:46:56.0190 1776 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:46:56.0190 1776 mouclass - ok
11:46:56.0206 1776 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:46:56.0206 1776 mouhid - ok
11:46:56.0221 1776 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:46:56.0221 1776 mountmgr - ok
11:46:56.0268 1776 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
11:46:56.0268 1776 MpFilter - ok
11:46:56.0299 1776 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:46:56.0299 1776 mpio - ok
11:46:56.0362 1776 MpKslfd755a86 - ok
11:46:56.0377 1776 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:46:56.0377 1776 MpNWMon - ok
11:46:56.0393 1776 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:46:56.0393 1776 mpsdrv - ok
11:46:56.0409 1776 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:46:56.0424 1776 MRxDAV - ok
11:46:56.0424 1776 mrxsmb - ok
11:46:56.0487 1776 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:46:56.0487 1776 mrxsmb10 - ok
11:46:56.0534 1776 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:46:56.0534 1776 mrxsmb20 - ok
11:46:56.0549 1776 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:46:56.0549 1776 msahci - ok
11:46:56.0581 1776 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:46:56.0581 1776 msdsm - ok
11:46:56.0596 1776 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:46:56.0596 1776 Msfs - ok
11:46:56.0612 1776 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:46:56.0612 1776 mshidkmdf - ok
11:46:56.0627 1776 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:46:56.0627 1776 msisadrv - ok
11:46:56.0659 1776 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:46:56.0659 1776 MSKSSRV - ok
11:46:56.0674 1776 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:46:56.0674 1776 MSPCLOCK - ok
11:46:56.0690 1776 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:46:56.0690 1776 MSPQM - ok
11:46:56.0721 1776 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:46:56.0721 1776 MsRPC - ok
11:46:56.0737 1776 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:46:56.0737 1776 mssmbios - ok
11:46:56.0768 1776 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:46:56.0768 1776 MSTEE - ok
11:46:56.0768 1776 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:46:56.0784 1776 MTConfig - ok
11:46:56.0799 1776 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:46:56.0799 1776 Mup - ok
11:46:56.0831 1776 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:46:56.0831 1776 NativeWifiP - ok
11:46:56.0862 1776 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:46:56.0877 1776 NDIS - ok
11:46:56.0893 1776 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:46:56.0893 1776 NdisCap - ok
11:46:56.0909 1776 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:46:56.0909 1776 NdisTapi - ok
11:46:56.0924 1776 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:46:56.0924 1776 Ndisuio - ok
11:46:56.0956 1776 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:46:56.0956 1776 NdisWan - ok
11:46:56.0987 1776 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:46:56.0987 1776 NDProxy - ok
11:46:57.0018 1776 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:46:57.0018 1776 NetBIOS - ok
11:46:57.0034 1776 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:46:57.0034 1776 NetBT - ok
11:46:57.0065 1776 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:46:57.0065 1776 nfrd960 - ok
11:46:57.0112 1776 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:46:57.0112 1776 NisDrv - ok
11:46:57.0143 1776 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:46:57.0143 1776 Npfs - ok
11:46:57.0159 1776 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:46:57.0159 1776 nsiproxy - ok
11:46:57.0206 1776 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
11:46:57.0221 1776 Ntfs - ok
11:46:57.0237 1776 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:46:57.0237 1776 Null - ok
11:46:57.0565 1776 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:46:57.0643 1776 nvlddmkm - ok
11:46:57.0690 1776 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
11:46:57.0690 1776 nvraid - ok
11:46:57.0706 1776 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
11:46:57.0721 1776 nvstor - ok
11:46:57.0737 1776 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:46:57.0737 1776 nv_agp - ok
11:46:57.0768 1776 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:46:57.0768 1776 ohci1394 - ok
11:46:57.0784 1776 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:46:57.0784 1776 Parport - ok
11:46:57.0799 1776 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:46:57.0799 1776 partmgr - ok
11:46:57.0831 1776 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:46:57.0831 1776 pci - ok
11:46:57.0846 1776 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:46:57.0846 1776 pciide - ok
11:46:57.0877 1776 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:46:57.0877 1776 pcmcia - ok
11:46:57.0893 1776 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:46:57.0893 1776 pcw - ok
11:46:57.0940 1776 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:46:57.0940 1776 PEAUTH - ok
11:46:57.0987 1776 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:46:57.0987 1776 PptpMiniport - ok
11:46:58.0002 1776 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:46:58.0002 1776 Processor - ok
11:46:58.0034 1776 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:46:58.0049 1776 Psched - ok
11:46:58.0096 1776 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:46:58.0112 1776 ql2300 - ok
11:46:58.0143 1776 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:46:58.0143 1776 ql40xx - ok
11:46:58.0159 1776 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:46:58.0159 1776 QWAVEdrv - ok
11:46:58.0190 1776 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:46:58.0190 1776 RasAcd - ok
11:46:58.0206 1776 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:46:58.0206 1776 RasAgileVpn - ok
11:46:58.0237 1776 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:46:58.0237 1776 Rasl2tp - ok
11:46:58.0252 1776 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:46:58.0252 1776 RasPppoe - ok
11:46:58.0268 1776 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:46:58.0268 1776 RasSstp - ok
11:46:58.0299 1776 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:46:58.0299 1776 rdbss - ok
11:46:58.0315 1776 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:46:58.0315 1776 rdpbus - ok
11:46:58.0346 1776 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:46:58.0362 1776 RDPCDD - ok
11:46:58.0377 1776 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:46:58.0377 1776 RDPENCDD - ok
11:46:58.0393 1776 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:46:58.0393 1776 RDPREFMP - ok
11:46:58.0424 1776 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
11:46:58.0424 1776 RDPWD - ok
11:46:58.0456 1776 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:46:58.0456 1776 rdyboost - ok
11:46:58.0471 1776 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:46:58.0471 1776 rspndr - ok
11:46:58.0518 1776 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:46:58.0518 1776 RTL8167 - ok
11:46:58.0581 1776 RTL8192U (7c9cc15879866c1b6516afd785593e3f) C:\Windows\system32\DRIVERS\dw130c.sys
11:46:58.0581 1776 RTL8192U - ok
11:46:58.0612 1776 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:46:58.0612 1776 sbp2port - ok
11:46:58.0659 1776 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:46:58.0659 1776 scfilter - ok
11:46:58.0674 1776 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:46:58.0674 1776 secdrv - ok
11:46:58.0706 1776 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:46:58.0706 1776 Serenum - ok
11:46:58.0721 1776 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:46:58.0721 1776 Serial - ok
11:46:58.0737 1776 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:46:58.0737 1776 sermouse - ok
11:46:58.0768 1776 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:46:58.0768 1776 sffdisk - ok
11:46:58.0799 1776 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:46:58.0799 1776 sffp_mmc - ok
11:46:58.0815 1776 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:46:58.0815 1776 sffp_sd - ok
11:46:58.0831 1776 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:46:58.0831 1776 sfloppy - ok
11:46:58.0877 1776 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:46:58.0877 1776 SiSRaid2 - ok
11:46:58.0893 1776 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:46:58.0893 1776 SiSRaid4 - ok
11:46:58.0909 1776 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:46:58.0909 1776 Smb - ok
11:46:58.0940 1776 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:46:58.0940 1776 spldr - ok
11:46:59.0018 1776 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:46:59.0034 1776 srv - ok
11:46:59.0049 1776 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:46:59.0049 1776 srv2 - ok
11:46:59.0143 1776 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:46:59.0159 1776 srvnet - ok
11:46:59.0284 1776 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:46:59.0284 1776 stexstor - ok
11:46:59.0471 1776 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:46:59.0471 1776 swenum - ok
11:47:00.0252 1776 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
11:47:00.0268 1776 Tcpip - ok
11:47:00.0956 1776 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
11:47:00.0971 1776 TCPIP6 - ok
11:47:01.0409 1776 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:47:01.0409 1776 tcpipreg - ok
11:47:01.0721 1776 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:47:01.0721 1776 TDPIPE - ok
11:47:02.0002 1776 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:47:02.0002 1776 TDTCP - ok
11:47:02.0049 1776 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:47:02.0049 1776 tdx - ok
11:47:02.0065 1776 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:47:02.0065 1776 TermDD - ok
11:47:02.0096 1776 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:47:02.0096 1776 tssecsrv - ok
11:47:02.0127 1776 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:47:02.0127 1776 tunnel - ok
11:47:02.0143 1776 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:47:02.0159 1776 uagp35 - ok
11:47:02.0174 1776 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:47:02.0190 1776 udfs - ok
11:47:02.0221 1776 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:47:02.0221 1776 uliagpkx - ok
11:47:02.0237 1776 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:47:02.0237 1776 umbus - ok
11:47:02.0268 1776 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:47:02.0268 1776 UmPass - ok
11:47:02.0315 1776 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:47:02.0315 1776 USBAAPL64 - ok
11:47:02.0346 1776 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
11:47:02.0346 1776 usbccgp - ok
11:47:02.0377 1776 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:47:02.0377 1776 usbcir - ok
11:47:02.0393 1776 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
11:47:02.0393 1776 usbehci - ok
11:47:02.0424 1776 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
11:47:02.0424 1776 usbhub - ok
11:47:02.0456 1776 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:47:02.0456 1776 usbohci - ok
11:47:02.0487 1776 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:47:02.0487 1776 usbprint - ok
11:47:02.0502 1776 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:47:02.0502 1776 USBSTOR - ok
11:47:02.0518 1776 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:47:02.0518 1776 usbuhci - ok
11:47:02.0549 1776 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:47:02.0549 1776 vdrvroot - ok
11:47:02.0581 1776 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:47:02.0581 1776 vga - ok
11:47:02.0612 1776 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:47:02.0612 1776 VgaSave - ok
11:47:02.0643 1776 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:47:02.0643 1776 vhdmp - ok
11:47:02.0659 1776 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:47:02.0659 1776 viaide - ok
11:47:02.0690 1776 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:47:02.0690 1776 volmgr - ok
11:47:02.0721 1776 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:47:02.0721 1776 volmgrx - ok
11:47:02.0737 1776 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:47:02.0737 1776 volsnap - ok
11:47:02.0768 1776 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:47:02.0768 1776 vsmraid - ok
11:47:02.0799 1776 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:47:02.0799 1776 vwifibus - ok
11:47:02.0815 1776 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:47:02.0815 1776 vwififlt - ok
11:47:02.0877 1776 wacmoumonitor (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
11:47:02.0877 1776 wacmoumonitor - ok
11:47:02.0909 1776 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
11:47:02.0909 1776 wacommousefilter - ok
11:47:02.0940 1776 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:47:02.0940 1776 WacomPen - ok
11:47:02.0987 1776 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
11:47:02.0987 1776 wacomvhid - ok
11:47:03.0065 1776 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:47:03.0065 1776 WANARP - ok
11:47:03.0081 1776 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:47:03.0081 1776 Wanarpv6 - ok
11:47:03.0112 1776 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:47:03.0112 1776 Wd - ok
11:47:03.0143 1776 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:47:03.0159 1776 Wdf01000 - ok
11:47:03.0190 1776 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:47:03.0190 1776 WfpLwf - ok
11:47:03.0206 1776 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:47:03.0206 1776 WIMMount - ok
11:47:03.0284 1776 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
11:47:03.0284 1776 WinUsb - ok
11:47:03.0659 1776 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
11:47:03.0659 1776 WmBEnum - ok
11:47:03.0690 1776 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
11:47:03.0690 1776 WmFilter - ok
11:47:03.0737 1776 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:47:03.0737 1776 WmiAcpi - ok
11:47:03.0768 1776 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
11:47:03.0768 1776 WmVirHid - ok
11:47:03.0784 1776 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
11:47:03.0784 1776 WmXlCore - ok
11:47:03.0815 1776 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:47:03.0815 1776 ws2ifsl - ok
11:47:03.0831 1776 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:47:03.0831 1776 WudfPf - ok
11:47:03.0846 1776 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:47:03.0862 1776 WUDFRd - ok
11:47:03.0877 1776 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:47:03.0877 1776 \Device\Harddisk0\DR0 - ok
11:47:03.0877 1776 Boot (0x1200) (d229dd4051ac02f0d933dde82636ba86) \Device\Harddisk0\DR0\Partition0
11:47:03.0893 1776 \Device\Harddisk0\DR0\Partition0 - ok
11:47:03.0893 1776 ============================================================
11:47:03.0893 1776 Scan finished
11:47:03.0893 1776 ============================================================
11:47:03.0893 4660 Detected object count: 0
11:47:03.0893 4660 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 26 December 2011 - 03:57 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 shayl

shayl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 27 December 2011 - 02:15 PM

Computer seems to be running well, not encountering anything untoward

ComboFix 11-12-26.03 - Stacey 12/27/2011 1:46.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2291 [GMT -8:00]
Running from: c:\users\Stacey\Desktop\ComboFix.exe
Command switches used :: c:\users\Stacey\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))
.
.
2011-12-27 10:00 . 2011-12-27 10:00 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E455FF72-C518-4303-B641-A3C26F0F7C6A}\offreg.dll
2011-12-27 09:58 . 2011-12-27 09:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-27 09:58 . 2011-12-27 09:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-26 21:09 . 2011-12-26 21:09 -------- d-----w- c:\program files\iPod
2011-12-26 21:09 . 2011-12-26 21:10 -------- d-----w- c:\program files\iTunes
2011-12-26 21:09 . 2011-12-26 21:10 -------- d-----w- c:\program files (x86)\iTunes
2011-12-26 21:07 . 2011-12-26 21:07 -------- d-----w- c:\program files\Bonjour
2011-12-26 21:07 . 2011-12-26 21:07 -------- d-----w- c:\program files (x86)\Bonjour
2011-12-26 20:01 . 2011-11-30 10:21 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E455FF72-C518-4303-B641-A3C26F0F7C6A}\mpengine.dll
2011-12-26 17:49 . 2011-12-26 17:49 -------- d-----w- c:\programdata\Malwarebytes
2011-12-26 17:49 . 2011-12-26 17:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-26 00:05 . 2011-12-26 00:09 -------- d-----w- c:\windows\system32\MpEngineStore
2011-12-24 03:03 . 2009-07-14 01:40 18944 ----a-w- c:\windows\system32\OLD_cngaudit.dll
2011-12-22 20:23 . 2011-03-17 20:10 13312 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-12-22 20:23 . 2011-12-22 20:23 -------- d-----w- c:\program files\Tablet
2011-12-22 19:21 . 2011-12-26 02:29 -------- d-sh--w- c:\users\Stacey\AppData\Local\131e03c6
2011-12-22 03:45 . 2011-12-22 03:45 7680 ----a-w- c:\windows\SysWow64\drivers\RKLAFD3.tmp.sys
2011-12-22 03:12 . 2011-12-21 21:18 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-21 21:18 . 2011-12-21 21:18 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-21 21:15 . 2011-12-12 18:07 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-21 21:14 . 2011-12-21 21:15 -------- d-----w- c:\programdata\Lavasoft
2011-12-21 21:14 . 2011-12-21 21:14 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-21 09:01 . 2011-10-05 01:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFF449AF-3495-4602-8827-66CE65219DD1}\gapaengine.dll
2011-12-21 08:30 . 2011-12-21 08:32 -------- d-----w- c:\users\share
2011-12-21 06:06 . 2011-12-23 06:41 -------- d-----w- c:\program files (x86)\Dungeons of Dredmor
2011-12-15 18:22 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 18:22 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 18:21 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 18:21 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 18:21 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-11 23:37 . 2011-12-11 23:37 -------- d-----w- c:\users\Public\Roaming
2011-12-02 05:55 . 2011-12-02 05:55 -------- d-----w- c:\windows\Tiger In Space WIDESCREEN Uninstaller
2011-12-02 05:55 . 2011-11-30 20:20 1186283 ----a-w- c:\windows\Tiger In Space WIDESCREEN.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 03:45 . 2011-05-20 01:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-30 10:21 . 2011-07-03 10:36 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-15 08:54 . 2011-10-15 08:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-15 08:53 . 2011-10-10 22:29 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-10-10 22:29 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-02-13 05:01 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-02-13 05:01 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-02-13 05:01 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-02-13 05:01 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-01-08 04:49 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-10-15 08:53 . 2011-01-08 04:49 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-01-08 04:49 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-01-08 04:48 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-01-08 04:48 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-01-08 04:48 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2009-07-13 21:59 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2009-06-10 20:37 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-11 22:20 . 2011-08-11 10:36 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-29 16:24 . 2011-11-08 23:02 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-26_05.10.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-31 07:05 . 2011-08-31 07:05 50536 c:\windows\SysWOW64\jdns_sd.dll
+ 2011-08-31 07:05 . 2011-08-31 07:05 73064 c:\windows\SysWOW64\dnssd.dll
+ 2011-08-31 07:05 . 2011-08-31 07:05 83816 c:\windows\SysWOW64\dns-sd.exe
- 2009-07-14 04:54 . 2011-12-26 02:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-26 19:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-26 19:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-26 02:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-26 02:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-26 19:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-15 02:59 . 2011-12-26 20:01 41542 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-26 20:01 28166 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-31 07:05 . 2011-08-31 07:05 61288 c:\windows\system32\jdns_sd.dll
+ 2009-07-14 05:30 . 2011-12-26 21:08 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-12-22 20:24 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-05-10 15:06 . 2011-05-10 15:06 51712 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_f9d62789100b9e9b\usbaapl64.sys
+ 2011-05-10 15:06 . 2011-05-10 15:06 22528 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_dc2cbd989eec1514\netaapl64.sys
+ 2011-08-31 07:05 . 2011-08-31 07:05 85864 c:\windows\system32\dnssd.dll
+ 2011-08-31 07:05 . 2011-08-31 07:05 96104 c:\windows\system32\dns-sd.exe
+ 2011-07-02 02:52 . 2011-12-27 10:00 67942 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
- 2011-02-12 04:12 . 2011-12-26 02:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-12 04:12 . 2011-12-27 14:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-12 04:12 . 2011-12-26 02:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-12 04:12 . 2011-12-27 14:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-27 14:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-26 02:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-12 04:45 . 2011-12-27 10:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-12 04:45 . 2011-12-26 02:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-12-26 19:58 85360 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-12-21 08:29 . 2011-12-26 19:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-21 08:29 . 2011-12-26 02:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-21 08:29 . 2011-12-26 02:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-12-21 08:29 . 2011-12-26 19:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-12-21 08:29 . 2011-12-26 19:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-12-21 08:29 . 2011-12-26 02:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-02-12 04:45 . 2011-12-27 10:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-12 04:45 . 2011-12-26 02:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-12 04:45 . 2011-12-27 10:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-12 04:45 . 2011-12-26 02:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-12 04:45 . 2011-12-27 10:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-12 04:45 . 2011-12-26 02:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-12 04:45 . 2011-12-27 10:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-12 04:45 . 2011-12-26 02:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-13 06:02 . 2011-12-26 20:01 9898 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4017698058-967565046-341720758-1000_UserData.bin
- 2011-12-26 02:33 . 2011-12-26 02:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-27 10:00 . 2011-12-27 10:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-27 10:00 . 2011-12-27 10:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-26 02:33 . 2011-12-26 02:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-31 07:05 . 2011-08-31 07:05 178536 c:\windows\SysWOW64\dnssdX.dll
+ 2009-07-14 05:30 . 2011-12-26 21:08 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-12-22 20:24 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-12-26 21:08 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-12-22 20:23 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-08-31 07:05 . 2011-08-31 07:05 212840 c:\windows\system32\dnssdX.dll
- 2009-07-14 05:01 . 2011-12-26 01:39 379172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-27 09:59 379172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-26 21:10 . 2011-12-26 21:10 380928 c:\windows\Installer\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}\iTunesIco.exe
+ 2011-09-14 12:54 . 2011-09-14 12:54 236904 c:\windows\Installer\$PatchCache$\Managed\638401577CACE4443AE9F3455191245F\4.0.0\OutlookChangeNotifierAddIn_x64.dll
+ 2011-09-14 12:54 . 2011-09-14 12:54 227176 c:\windows\Installer\$PatchCache$\Managed\638401577CACE4443AE9F3455191245F\4.0.0\OutlookChangeNotifierAddIn.dll
+ 2011-05-10 15:06 . 2011-05-10 15:06 4517664 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_f9d62789100b9e9b\usbaaplrc.dll
+ 2011-04-08 21:59 . 2011-04-08 21:59 1721576 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_dc2cbd989eec1514\wdfcoinstaller01009.dll
- 2009-07-14 04:45 . 2011-12-22 03:36 3837340 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-12-26 19:56 3837340 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-12-26 21:06 . 2011-12-26 21:06 2682368 c:\windows\Installer\3bf250.msi
- 2009-07-14 02:34 . 2011-12-26 03:09 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-12-27 15:59 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-02-14 20:36 . 2011-12-27 09:59 23919628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4017698058-967565046-341720758-1000-12288.dat
+ 2011-12-26 21:07 . 2011-12-26 21:07 44934656 c:\windows\Installer\3bfcdf.msi
+ 2011-12-26 21:07 . 2011-12-26 21:07 11081728 c:\windows\Installer\3bf2ab.msi
+ 2011-12-26 21:06 . 2011-12-26 21:06 26820096 c:\windows\Installer\3bf226.msi
+ 2011-12-26 21:05 . 2011-12-26 21:05 20304896 c:\windows\Installer\3bef31.msi
+ 2011-12-27 06:37 . 2011-12-27 06:37 44946808 c:\windows\Installer\271e6fb.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Stacey\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"D-Link D-Link Wireless N DWA-130"="c:\program files (x86)\D-Link\DWA-130 revC\AirNCFG.exe" [2010-04-28 1019904]
"WZCSLDR2"="c:\program files (x86)\D-Link\DWA-130 revC\WZCSLDR2.exe" [2010-04-21 122880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 chgxclbg;chgxclbg;c:\windows\system32\drivers\chgxclbg.sys [x]
R1 MpKslfd755a86;MpKslfd755a86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51EDC202-CE32-4CA9-B2AB-FFAFF80718C1}\MpKslfd755a86.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 D-Link Wireless N DWA-130;D-Link Wireless N DWA-130 Service;c:\program files (x86)\D-Link\DWA-130 revC\ANIWZCSdS.exe [2010-04-21 126976]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-21 2152152]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 D-Link Wireless N DWA-130_WPS;D-Link Wireless N DWA-130_WPS Service;c:\program files (x86)\D-Link\DWA-130 revC\ANIWConnService.exe [2010-03-03 53248]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-12-02 8704]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2011-06-06 6438264]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192U;D-Link DWA-130 Wireless N USB Adapter(rev.C);c:\windows\system32\DRIVERS\dw130c.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-12 21:18]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4017698058-967565046-341720758-1000Core.job
- c:\users\Stacey\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 00:53]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4017698058-967565046-341720758-1000UA.job
- c:\users\Stacey\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 00:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Stacey\AppData\Roaming\Mozilla\Firefox\Profiles\cb7a7sfp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4017698058-967565046-341720758-1000\Software\SecuROM\License information*]
"datasecu"=hex:17,bb,26,8a,6d,b9,b5,94,33,8c,d0,7a,e8,7b,69,bd,cd,99,9a,7c,4c,
b8,d2,e3,ef,64,de,d9,f6,61,c8,26,14,c1,87,c4,f2,74,15,d4,64,2b,7a,60,98,bb,\
"rkeysecu"=hex:86,13,ac,13,7d,ce,db,a6,9b,2f,cb,dc,2e,19,67,3c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2011-12-27 11:06:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-27 19:05
ComboFix2.txt 2011-12-26 05:30
.
Pre-Run: 63,224,725,504 bytes free
Post-Run: 62,615,363,584 bytes free
.
- - End Of File - - 7FDF6D5E6D66399B52940F33CC2E7D11

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 28 December 2011 - 01:10 AM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 shayl

shayl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 28 December 2011 - 02:08 AM

Sure, no problem. You probably won't know what "tiger in space WIDESCREEN" is.....that's just a silly screensaver my husband made for me


µTorrent
Ad-Aware
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Professional CS5
Adobe Illustrator CS5
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
Audacity 1.2.6
Auslogics Disk Defrag
Bandisoft MPEG-1 Decoder
Battlefield: Bad Company 2
Blood Bowl Legendary Edition version 2.0.1.1
Blood Bowl: Legendary Edition
Brother HL-4040CDN
calibre
Celestia 1.6.0
D-Link Wireless N DWA-130
DAEMON Tools Lite
F.lux
FileZilla Client 3.3.5.1
Foxit Reader
FXAA Post-Process Injector
Global Agenda
Google Chrome
GraphicsGale FreeEdition version 1.93.17
Hi-Command
ImgBurn
Java Auto Updater
Java™ 6 Update 26
K-Lite Codec Pack 6.9.0 (Full)
League of Legends
Left 4 Dead
Left 4 Dead 2
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Monday Night Combat
Mozilla Firefox 8.0 (x86 en-US)
Nexon Game Manager
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.3
Opera 11.01
Pando Media Booster
PDF Settings CS5
Pidgin
Planescape - Torment
PunkBuster Services
PuTTY version 0.60
Python 2.7.1
QuickTime
Race for the Galaxy version 0.8.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Sid Meier's Alpha Centauri
SimCity 4 Deluxe
Skype Click to Call
Skype™ 5.5
Steam
StreamTorrent 1.0
Team Fortress 2
TeamSpeak 3 Client
Tiger In Space WIDESCREEN
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
uTorrentBar Toolbar
Veetle TV 0.9.18
Ventrilo Client
Vindictus
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.8
vShare.tv plugin 1.3
Warhammer Online - Wrath of Heroes
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Detector Plug-in

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 28 December 2011 - 03:02 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Java™ 6 Update 26

and click on remove


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 01 January 2012 - 09:48 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 04 January 2012 - 11:16 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users