Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect (after 'Windows Defender' type virus)


  • This topic is locked This topic is locked
9 replies to this topic

#1 guinea_pig

guinea_pig

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 07 January 2012 - 03:30 PM

Hello All,

Well I seem to have the same problem as many people here. I had one of those malwares, I think "windows defender" or something, telling me I had no HDD space, no RAM space, a billion error and warning pop ups, and my pc crashing with the blue screen.

I finally managed to sort out my pc via safe mode with Malware Bytes Antimalware. ALL my files and documents and programmes had dissapeared, but I got them back via unhide.exe.

Now my computer is more or less normal, but I have the browser redirect problem on google and bing, on my IE, Mozilla and Google Chrome browsers.

I've followed the instructions in the Preparation guide, and Google Redirect guide, so here are my logs(I've also attachd the Attach and Ark logs:

Any help would be hugely appreciated, thank you!

DDS log
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27
Run by Rosy at 20:43:02 on 2012-01-03
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2038.1085 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\ctfmon.exe
C:\Users\Rosy\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ucl.ac.uk/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {6C914A0B-B677-4A73-8A01-DB8B914CC7BF} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WebDictate] "c:\program files\nch software\webdictate\webdictate.exe" -logon
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\verbac~1.lnk - c:\program files\verbace research\verbace-pro\VerbAce-Pro.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A70FAA95-41BA-422E-8072-326FE3B7197D} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A70FAA95-41BA-422E-8072-326FE3B7197D}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{A70FAA95-41BA-422E-8072-326FE3B7197D}\245626F687738323335303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A70FAA95-41BA-422E-8072-326FE3B7197D}\35869667562702D456024596D626562737 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A70FAA95-41BA-422E-8072-326FE3B7197D}\C496675626F687D263532603 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F5ACDFD3-729A-453C-9987-C5C2FBDE5211} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rosy\appdata\roaming\mozilla\firefox\profiles\8aa0u0id.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\rosy\appdata\roaming\mozilla\firefox\profiles\8aa0u0id.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\rosy\appdata\roaming\mozilla\firefox\profiles\8aa0u0id.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\rosy\appdata\roaming\mozilla\firefox\profiles\8aa0u0id.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: c:\users\rosy\appdata\roaming\mozilla\firefox\profiles\8aa0u0id.default\extensions\{6c914a0b-b677-4a73-8a01-db8b914cc7bf}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\rosy\appdata\roaming\mozilla\firefox\profiles\8aa0u0id.default\extensions\{6c914a0b-b677-4a73-8a01-db8b914cc7bf}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\rosy\appdata\roaming\mozilla\firefox\profiles\8aa0u0id.default\extensions\{6c914a0b-b677-4a73-8a01-db8b914cc7bf}\components\RadioWMPCoreGecko6.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Softonic-EngUK_ Community Toolbar: {6c914a0b-b677-4a73-8a01-db8b914cc7bf} - %profile%\extensions\{6c914a0b-b677-4a73-8a01-db8b914cc7bf}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\users\rosy\appdata\roaming\NetAssistant
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-12-29 217032]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
S1 MpKsl04e9c3ec;MpKsl04e9c3ec;c:\programdata\microsoft\microsoft antimalware\definition updates\{1bd3bee9-3e54-4510-a7d1-7d73142f54aa}\MpKsl04e9c3ec.sys [2012-1-3 29904]
S1 MpKsl2f6bf4ae;MpKsl2f6bf4ae;c:\programdata\microsoft\microsoft antimalware\definition updates\{1bd3bee9-3e54-4510-a7d1-7d73142f54aa}\MpKsl2f6bf4ae.sys [2012-1-3 29904]
S1 MpKsl61b8d430;MpKsl61b8d430;c:\programdata\microsoft\microsoft antimalware\definition updates\{1bd3bee9-3e54-4510-a7d1-7d73142f54aa}\MpKsl61b8d430.sys [2012-1-3 29904]
S1 MpKsl8f6ba03a;MpKsl8f6ba03a;c:\programdata\microsoft\microsoft antimalware\definition updates\{1bd3bee9-3e54-4510-a7d1-7d73142f54aa}\MpKsl8f6ba03a.sys [2012-1-3 29904]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-19 228208]
S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-8 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-8 269480]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-8 66616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-1-12 222568]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-1 136176]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-12-30 1153368]
S2 WebDictateService;Web Dictate;c:\program files\nch software\webdictate\webdictate.exe [2011-8-26 724484]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-1-12 42112]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-1 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2011-1-12 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2011-1-12 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2011-1-12 123648]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-9 1343400]
.
=============== Created Last 30 ================
.
2012-01-03 20:23:24 -------- d-----w- c:\users\rosy\appdata\local\{4A98A4F7-B898-4464-BCD7-64E09867DDD5}
2012-01-03 20:22:47 -------- d-----w- c:\users\rosy\appdata\local\{44CB04F1-E7CA-4868-8AFD-1DD2A9EE9EE0}
2012-01-03 20:21:24 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1bd3bee9-3e54-4510-a7d1-7d73142f54aa}\MpKsl8f6ba03a.sys
2012-01-03 20:02:58 -------- d-----w- c:\users\rosy\appdata\local\{5B787357-8259-4047-8A23-7A8E0C5429B9}
2012-01-03 20:02:35 -------- d-----w- c:\users\rosy\appdata\local\{F534FBBB-63D2-444B-955E-46D81161694F}
2012-01-03 20:00:29 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1bd3bee9-3e54-4510-a7d1-7d73142f54aa}\MpKsl04e9c3ec.sys
2012-01-03 17:57:17 -------- d-----w- c:\users\rosy\appdata\local\{EF9E8FD5-2381-474A-8131-51D5B3FCA921}
2012-01-03 17:54:06 -------- d-----w- c:\users\rosy\appdata\local\{66C77A30-B013-40CA-8D2B-2CAA5E6BBF37}
2012-01-03 17:52:30 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1bd3bee9-3e54-4510-a7d1-7d73142f54aa}\MpKsl61b8d430.sys
2012-01-03 10:11:54 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1bd3bee9-3e54-4510-a7d1-7d73142f54aa}\MpKsl2f6bf4ae.sys
2012-01-03 10:11:52 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1bd3bee9-3e54-4510-a7d1-7d73142f54aa}\offreg.dll
2012-01-03 09:07:14 -------- d-----w- c:\users\rosy\appdata\local\{FDBC9091-5909-46C9-A77F-0CF027C0CC88}
2012-01-03 09:07:01 -------- d-----w- c:\users\rosy\appdata\local\{867FF455-54A7-433C-AC94-597697443C4F}
2012-01-03 04:25:30 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1bd3bee9-3e54-4510-a7d1-7d73142f54aa}\mpengine.dll
2012-01-02 10:39:25 -------- d-----w- c:\users\rosy\appdata\local\{D220777D-DD83-4CB1-86A4-BC2871CBBBE6}
2012-01-02 10:39:08 -------- d-----w- c:\users\rosy\appdata\local\{4CAB2700-451F-4EA0-A765-94508FD94A8B}
2012-01-01 22:31:11 -------- d-----w- c:\users\rosy\appdata\local\{EDF953DD-7485-4B8B-A1AE-07574C9C7DED}
2012-01-01 22:30:08 -------- d-----w- c:\users\rosy\appdata\local\{D8C2EF8C-AEEB-4B33-BDF6-AA6F2B25FFCB}
2011-12-31 13:47:05 -------- d-----w- c:\users\rosy\appdata\local\{BB4A3B82-AF39-4A7D-8560-673E1344E6C5}
2011-12-31 13:46:49 -------- d-----w- c:\users\rosy\appdata\local\{5B0687A6-7F8C-41F2-8284-385A2DD11470}
2011-12-31 10:42:43 -------- d-----w- c:\users\rosy\appdata\local\{972E7D37-55F0-4ECC-996E-2258575B2A76}
2011-12-31 10:42:20 -------- d-----w- c:\users\rosy\appdata\local\{45E7CA2C-F7E7-4DAD-B62D-C69C6653A328}
2011-12-30 17:49:18 -------- d-----w- c:\users\rosy\appdata\roaming\Malwarebytes
2011-12-30 17:49:08 -------- d-----w- c:\programdata\Malwarebytes
2011-12-30 17:49:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-30 01:27:41 -------- d-----w- c:\users\rosy\appdata\local\{E464A2A8-E18E-4B08-8CA8-C642D047884B}
2011-12-30 01:17:15 -------- d-----w- c:\users\rosy\appdata\local\{321C94FF-3CE8-425A-8888-9D48FBB43323}
2011-12-30 01:16:45 -------- d-----w- c:\users\rosy\appdata\local\{95A1A4CF-B58E-4115-B6B1-2D5E07080A8D}
2011-12-30 00:21:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-30 00:21:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-29 23:56:53 -------- d-----w- c:\users\rosy\appdata\local\{79819DC8-44BC-4422-B7C9-E75B6A53772B}
2011-12-29 23:48:01 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-12-29 23:48:01 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-12-29 23:47:49 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-12-29 23:47:48 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-12-29 23:47:24 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-12-29 23:46:16 -------- d-----w- c:\users\rosy\appdata\roaming\PC Tools
2011-12-29 23:46:16 -------- d-----w- c:\programdata\PC Tools
2011-12-29 23:46:16 -------- d-----w- c:\program files\Spyware Doctor
2011-12-29 23:46:16 -------- d-----w- c:\program files\common files\PC Tools
2011-12-29 21:02:44 -------- d-----w- c:\users\rosy\appdata\local\{9205EAD1-8036-4382-AB85-CD458ACBA6D1}
2011-12-29 21:02:28 -------- d-----w- c:\users\rosy\appdata\local\{33FB0989-1E8E-4921-92B8-6CB6D92B149F}
2011-12-29 17:43:54 -------- d-----w- c:\users\rosy\appdata\local\{02A29A26-41E8-4058-BB97-EAC114487E14}
2011-12-29 07:38:30 -------- d-----w- c:\users\rosy\appdata\local\{C7885277-E2E7-43F1-A174-935FB325A5C9}
2011-12-29 07:38:03 -------- d-----w- c:\users\rosy\appdata\local\{010B8A8A-EED0-4797-8FAF-239E307FAA92}
2011-12-29 00:38:38 -------- d-----w- c:\users\rosy\appdata\local\{B517574E-3D82-4DB8-BA62-265FEDCDA3AA}
2011-12-22 02:28:21 -------- d-----w- c:\users\rosy\appdata\local\{6DA018D3-57CC-4C72-A0AE-2E5E4A83FC23}
2011-12-21 11:05:47 -------- d-----w- c:\users\rosy\appdata\local\{DE49BF61-7D2C-4DA9-83A5-7B484F680E83}
2011-12-21 11:05:30 -------- d-----w- c:\users\rosy\appdata\local\{1C1E85BB-316D-4FB8-A846-746FA2075C8A}
2011-12-20 22:27:41 -------- d-----w- c:\users\rosy\appdata\local\{57AD3101-43BB-45E8-931F-061A631D8949}
2011-12-20 09:33:53 -------- d-----w- c:\users\rosy\appdata\local\{347EA788-1982-4F37-990E-DEFF74C54265}
2011-12-20 09:33:40 -------- d-----w- c:\users\rosy\appdata\local\{F026A81A-3CAE-4A1E-817B-D86C63FFB0F8}
2011-12-19 21:35:01 -------- d-----w- c:\users\rosy\appdata\local\{9BD771EB-884C-41A6-AF4B-70539F50A6A4}
2011-12-19 21:34:46 -------- d-----w- c:\users\rosy\appdata\local\{D33DC172-D08F-46EF-B74E-3760D7DB8BF1}
2011-12-15 09:05:02 -------- d-----w- c:\users\rosy\appdata\local\{AC38952D-95C7-433E-9831-4B9F9B40A986}
2011-12-15 09:04:44 -------- d-----w- c:\users\rosy\appdata\local\{33F0337E-63ED-460E-A7BE-E3C5BEE12755}
2011-12-14 20:04:49 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 20:04:27 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 20:01:54 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 20:01:51 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 20:01:44 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 20:01:44 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 19:52:20 -------- d-----w- c:\users\rosy\appdata\local\{3D68386B-B52A-4ABC-B598-D010ED6FCC13}
2011-12-14 19:52:03 -------- d-----w- c:\users\rosy\appdata\local\{145443EC-8931-4998-BA7E-AD96415D10C9}
2011-12-13 09:35:14 -------- d-----w- c:\users\rosy\appdata\local\{A68CB094-8EEB-4BF8-8D45-D83D18D75DC1}
2011-12-13 09:34:53 -------- d-----w- c:\users\rosy\appdata\local\{ECD523D2-EB2C-4341-85D1-E0552461BFAD}
2011-12-12 20:22:06 -------- d-----w- c:\users\rosy\appdata\local\{E14AC9B7-C7EF-41D5-A838-2258BB4B37E8}
2011-12-12 20:21:09 -------- d-----w- c:\users\rosy\appdata\local\{AC44624B-72B4-4BEB-9829-9FF868230908}
2011-12-12 09:21:17 -------- d-----w- c:\users\rosy\appdata\local\{BE2941F5-8422-4176-8153-8CA15E6A0BB9}
2011-12-12 09:21:01 -------- d-----w- c:\users\rosy\appdata\local\{6C686B25-DE9C-43AF-A4F3-C0671B3038D5}
2011-12-11 20:12:08 -------- d-----w- c:\users\rosy\appdata\local\{0FECC207-5BA6-457B-A532-833CE5BCEAC8}
2011-12-11 20:10:54 -------- d-----w- c:\users\rosy\appdata\local\{9571D343-C47B-410A-8B3C-EDEA3C084D27}
2011-12-09 10:10:04 -------- d-----w- c:\users\rosy\appdata\local\{BF3EC2C8-C6CA-4D10-B4AF-2727B8F85960}
2011-12-09 10:09:46 -------- d-----w- c:\users\rosy\appdata\local\{EB87F908-C575-4C49-BD65-6BDD8E2C511B}
2011-12-08 23:44:27 -------- d-----w- c:\users\rosy\appdata\local\{63C85A1E-365B-455A-A0C3-61F9B12FD08B}
2011-12-08 23:44:10 -------- d-----w- c:\users\rosy\appdata\local\{B7D8B9CC-E3FB-4E6A-A5DE-40E39521E93D}
2011-12-08 11:23:40 -------- d-----w- c:\users\rosy\appdata\local\{C4E5933D-7EA0-40DF-84DE-04932B02B286}
2011-12-08 11:23:23 -------- d-----w- c:\users\rosy\appdata\local\{BB496905-A4C7-4DB5-A583-01CDB5B75738}
2011-12-07 20:09:41 -------- d-----w- c:\users\rosy\appdata\local\{70DAD8C2-7D58-4EFD-95F6-BABF5959413C}
2011-12-07 20:09:25 -------- d-----w- c:\users\rosy\appdata\local\{BA0D8D01-0F9A-4139-84C8-120140489A0F}
2011-12-06 22:19:57 -------- d-----w- c:\users\rosy\appdata\local\{76824DF8-D8F4-4176-A28C-0B75C508C044}
2011-12-06 08:50:23 -------- d-----w- c:\users\rosy\appdata\local\{85F86A09-A52B-4147-8D26-0229A6338BB2}
2011-12-06 08:50:08 -------- d-----w- c:\users\rosy\appdata\local\{DE2A67F4-5572-41A3-B7E0-BC563250A03A}
2011-12-05 23:53:46 -------- d-----w- c:\users\rosy\appdata\local\{4746733E-3025-4978-8D4A-46D042FC4DC2}
2011-12-05 23:53:28 -------- d-----w- c:\users\rosy\appdata\local\{E80F7336-7772-473B-97EF-77589150C4FA}
2011-12-05 21:18:58 -------- d-----w- c:\users\rosy\appdata\local\{B5833F57-098C-4918-8F55-9DF991235346}
2011-12-05 09:10:50 -------- d-----w- c:\users\rosy\appdata\local\{B532F278-F250-49B3-AF2D-9B3016B6A24B}
2011-12-05 09:10:32 -------- d-----w- c:\users\rosy\appdata\local\{40CE5622-46F9-4CDB-A778-9ADCA95DACB0}
2011-12-04 22:00:32 -------- d-----w- c:\users\rosy\appdata\local\{F99D1CF8-7DF2-4651-BAAE-1D48DF14700B}
2011-12-04 22:00:15 -------- d-----w- c:\users\rosy\appdata\local\{F6B486E6-82F7-4B0D-981D-41886AF52438}
.
==================== Find3M ====================
.
2011-11-07 21:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_HTS541616J9SA00 rev.SB4OC7KP -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84A9AFA9]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; PUSH ESI; XOR EDX, EDX; CMP [0x84aa2d34], EDX; PUSH EDI; MOV EDI, [EBX+0x60]; JZ 0x187; MOV EAX, [EBP+0x8]; }
1 ntkrnlpa!IofCallDriver[0x81E52458] -> \Device\Harddisk0\DR0[0x84A7F030]
3 CLASSPNP[0x87FD359E] -> ntkrnlpa!IofCallDriver[0x81E52458] -> [0x84A7FDA0]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!
error: Read The semaphore timeout period has expired.
sectors 312581791 (+0): user != kernel
.
============= FINISH: 20:52:32.86 ===============


MINITOOLBOX result

MiniToolBox by Farbar
Ran by Rosy (administrator) on 05-01-2012 at 01:18:44
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Rosy-laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-1B-24-B8-E4-F5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-1B-77-E6-00-DA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::435:e195:27fb:f15d%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.95(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 04 January 2012 19:39:02
Lease Expires . . . . . . . . . . : 05 January 2012 22:52:45
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 184556407
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-69-D0-11-00-1B-24-B8-E4-F5
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.lan:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3cd7:40f:3f57:fea0(Preferred)
Link-local IPv6 Address . . . . . : fe80::3cd7:40f:3f57:fea0%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: O2WirelessBox.lan
Address: 192.168.1.254

Name: google.com
Addresses: 209.85.229.103
209.85.229.99
209.85.229.147
209.85.229.105
209.85.229.104


Pinging google.com [209.85.147.106] with 32 bytes of data:
Reply from 209.85.147.106: bytes=32 time=22ms TTL=55
Reply from 209.85.147.106: bytes=32 time=23ms TTL=55

Ping statistics for 209.85.147.106:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 23ms, Average = 22ms
Server: O2WirelessBox.lan
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
72.30.2.43


Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
Reply from 98.139.180.149: bytes=32 time=167ms TTL=50
Reply from 98.139.180.149: bytes=32 time=250ms TTL=50

Ping statistics for 98.139.180.149:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 167ms, Maximum = 250ms, Average = 208ms
Server: O2WirelessBox.lan
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...00 1b 24 b8 e4 f5 ......Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
11...00 1b 77 e6 00 da ......Intel® PRO/Wireless 3945ABG Network Connection
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.95 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.95 281
192.168.1.95 255.255.255.255 On-link 192.168.1.95 281
192.168.1.255 255.255.255.255 On-link 192.168.1.95 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.95 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.95 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fd:3cd7:40f:3f57:fea0/128
On-link
11 281 fe80::/64 On-link
13 306 fe80::/64 On-link
11 281 fe80::435:e195:27fb:f15d/128
On-link
13 306 fe80::3cd7:40f:3f57:fea0/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/03/2012 07:00:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16912, time stamp: 0x4eb4a5ea
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x006d8c67
Faulting process id: 0xfe4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/02/2012 09:09:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 16.0.912.63, time stamp: 0x4edf13ac
Faulting module name: agcore.dll, version: 4.0.60831.0, time stamp: 0x4e5d716c
Exception code: 0xc0000005
Fault offset: 0x005114a5
Faulting process id: 0x1b6c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (01/02/2012 00:23:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (01/02/2012 01:38:01 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16912, time stamp: 0x4eb4a5ea
Faulting module name: coreclr.dll, version: 4.0.60831.0, time stamp: 0x4e5d6c64
Exception code: 0xc0000005
Fault offset: 0x0001e26a
Faulting process id: 0x178c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/02/2012 01:38:00 AM) (Source: .NET Runtime) (User: )
Description: Application: iexplore.exe
CoreCLR Version: 4.0.60831.0
Description: The process was terminated due to an internal error in the .NET Runtime at IP 534BE26A (534A0000) with exit code 80131506.

Error: (01/01/2012 04:10:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.5.0.124, time stamp: 0x4e96a02b
Faulting module name: Skype.exe, version: 5.5.0.124, time stamp: 0x4e96a02b
Exception code: 0xc0000005
Fault offset: 0x001dae87
Faulting process id: 0x49c
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (01/01/2012 04:09:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.5.0.124, time stamp: 0x4e96a02b
Faulting module name: Skype.exe, version: 5.5.0.124, time stamp: 0x4e96a02b
Exception code: 0xc0000005
Fault offset: 0x001dae87
Faulting process id: 0x1ae8
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (12/30/2011 01:02:50 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 1.9.2.4280, time stamp: 0x4e78bec7
Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7ab44
Exception code: 0xc0000005
Fault offset: 0x000469e0
Faulting process id: 0x1ec
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/19/2011 09:41:04 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7600.16912 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4f0

Start Time: 01ccbe963eb15a38

Termination Time: 78

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 24a2a999-2a8a-11e1-811b-001b24b8e4f5

Error: (12/19/2011 09:40:55 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7600.16912 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 718

Start Time: 01ccbe964024e7e1

Termination Time: 16

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 1cd58713-2a8a-11e1-811b-001b24b8e4f5


System errors:
=============
Error: (01/04/2012 08:01:44 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/04/2012 07:39:47 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (01/04/2012 09:26:12 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (01/03/2012 08:59:29 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (01/03/2012 08:51:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/03/2012 08:51:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/03/2012 08:51:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/03/2012 08:51:09 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (01/03/2012 08:49:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/03/2012 08:49:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Reader X (10.0.1) (Version: 10.0.1)
Apple Application Support (Version: 1.4.1)
µTorrent (Version: 2.0.4)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.704)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MOV Decoder (Version: 1.3.2.15)
Canon MOV Encoder (Version: 1.1.0.18)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.2.0.34)
Canon Utilities CameraWindow (Version: 7.3.0.4)
Canon Utilities CameraWindow DC (Version: 7.4.1.10)
Canon Utilities CameraWindow DC 8 (Version: 8.0.0.19)
Canon Utilities MyCamera (Version: 7.3.0.5)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.4.0.7)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11)
Citrix Presentation Server Client (Version: 10.200.2650)
D3DX10 (Version: 15.4.2368.0902)
Express Dictate
Express Scribe
Foxit Reader 5.0 (Version: 5.0.1.0527)
Free File Opener v2011.7.0.1 (Version: 2011.7.0.1)
Google Chrome (Version: 16.0.912.63)
Google Update Helper (Version: 1.3.21.79)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (Version: 6.0.270)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox (3.6.23) (Version: 3.6.23 (en-GB))
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Ultra Edition (Version: 7.02.9753)
neroxml (Version: 1.0.0)
NetAssistant (Version: 3.6.5)
NetWorkingWizard_ICM (Version: 1.02.006)
PowerISO
QuickTime (Version: 7.69.80.9)
Rapport (Version: 3.5.1108.55)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Samsung Kies (Version: 2.0.0.11011_16)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.1800.0)
Skype™ 5.5 (Version: 5.5.124)
Spotify (Version: 0.5.2)
Spybot - Search & Destroy (Version: 1.6.2)
Spyware Doctor 7.0 (Version: 7.0)
VLC media player 1.1.4 (Version: 1.1.4)
Web Dictate
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 2038.41 MB
Available physical RAM: 1005.79 MB
Total Pagefile: 4076.82 MB
Available Pagefile: 2284.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941 MB

========================= Partitions: =====================================

1 Drive c: (WINDOWS) (Fixed) (Total:38.96 GB) (Free:2.67 GB) NTFS
3 Drive e: (DATA) (Fixed) (Total:109.98 GB) (Free:61.25 GB) NTFS

========================= Users: ========================================

User accounts for \\ROSY-LAPTOP

Administrator Guest Rosy


**** End of log ****




MBAM Log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.06.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Rosy :: ROSY-LAPTOP [administrator]

06/01/2012 16:14:36
mbam-log-2012-01-06 (16-14-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183725
Time elapsed: 31 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:58 AM

Posted 08 January 2012 - 03:35 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 guinea_pig

guinea_pig
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 08 January 2012 - 12:27 PM

Hello Gringo!! Thank you for your help :)

Well the combofix scan took almost 2 hours to complete. But now it's finished some of the things that had dissapeared after the Windows Defender virus, and which still didn't reappear after I ran unhide.exe, have now reappeared! (basically everything on my start panel: 'control panel, 'help and support', 'documents').

But I just tried using google to search something and it's still redirecting me to random websites when I click on the search results.

Here's the combofix log:

ComboFix 12-01-07.03 - Rosy 08/01/2012 15:34:53.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2038.718 [GMT 0:00]
Running from: c:\users\Rosy\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~yMIuyJO3Wl6INX
c:\programdata\~yMIuyJO3Wl6INXr
c:\programdata\yMIuyJO3Wl6INX
C:\sooi832.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 )))))))))))))))))))))))))))))))
.
.
2012-01-08 16:41 . 2012-01-08 16:44 -------- d-----w- c:\users\Rosy\AppData\Local\temp
2012-01-08 16:41 . 2012-01-08 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-08 15:21 . 2012-01-08 15:21 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B46F5BB5-D3DD-48D2-9A7F-14519BEFC2CF}\MpKsle32015e5.sys
2012-01-08 15:20 . 2012-01-08 15:20 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B46F5BB5-D3DD-48D2-9A7F-14519BEFC2CF}\offreg.dll
2012-01-08 15:20 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B46F5BB5-D3DD-48D2-9A7F-14519BEFC2CF}\mpengine.dll
2012-01-03 21:13 . 2012-01-03 21:13 100864 ----a-w- C:\kwliypob.sys
2011-12-30 17:49 . 2011-12-30 17:49 -------- d-----w- c:\users\Rosy\AppData\Roaming\Malwarebytes
2011-12-30 17:49 . 2011-12-30 17:49 -------- d-----w- c:\programdata\Malwarebytes
2011-12-30 17:49 . 2011-12-30 17:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-30 00:21 . 2011-12-30 00:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-30 00:21 . 2011-12-30 00:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-29 23:48 . 2010-02-05 09:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-12-29 23:48 . 2010-02-05 09:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-12-29 23:47 . 2010-03-10 11:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-12-29 23:47 . 2009-11-23 13:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-12-29 23:47 . 2010-02-05 09:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-12-29 23:46 . 2011-12-29 23:48 -------- d-----w- c:\program files\Spyware Doctor
2011-12-29 23:46 . 2011-12-29 23:48 -------- d-----w- c:\program files\Common Files\PC Tools
2011-12-29 23:46 . 2011-12-29 23:46 -------- d-----w- c:\users\Rosy\AppData\Roaming\PC Tools
2011-12-29 23:46 . 2011-12-29 23:46 -------- d-----w- c:\programdata\PC Tools
2011-12-14 20:04 . 2011-11-24 04:23 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 20:04 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 20:01 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 20:01 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 20:01 . 2011-10-26 04:42 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 20:01 . 2011-10-26 04:42 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2010-12-17 11:49 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-10-11 21:10 . 2011-10-11 21:11 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62B4F325-904D-4509-8F30-0391EA7C338C}\gapaengine.dll
2008-02-07 21:46 . 2008-02-07 21:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 21:46 . 2008-02-07 21:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 21:46 . 2008-02-07 21:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-07 21:46 . 2008-02-07 21:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 21:46 . 2008-02-07 21:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 21:46 . 2008-02-07 21:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-07 21:46 . 2008-02-07 21:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 17:27 . 2007-03-16 17:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 17:27 . 2007-03-16 17:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 17:27 . 2007-03-16 17:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 12:47 . 2007-07-20 12:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 21:46 . 2008-02-07 21:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-01-05 860472]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-05 3370296]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-03-02 273544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"WebDictate"="c:\program files\NCH Software\WebDictate\webdictate.exe" [2011-08-26 724484]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VerbAce-Pro Startup Agent.lnk - c:\program files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe [2011-1-2 1228800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 19:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-06-29 19:16 1373480 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
R1 MpKsl0260cd0c;MpKsl0260cd0c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0C81ECC-3F3B-414E-997E-B38B142E4769}\MpKsl0260cd0c.sys [x]
R1 MpKsl02d57eaf;MpKsl02d57eaf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB2D8F37-58C2-4156-9980-E7065D69E782}\MpKsl02d57eaf.sys [x]
R1 MpKsl03e6629e;MpKsl03e6629e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DFBF4A5-2915-46A0-BA76-BA2541F51EF2}\MpKsl03e6629e.sys [x]
R1 MpKsl0400180d;MpKsl0400180d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACFE1B61-9830-4ABF-9A60-CC892D98CB77}\MpKsl0400180d.sys [x]
R1 MpKsl040dedfa;MpKsl040dedfa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B292B04-3BB3-487F-AECC-0887D853C8C4}\MpKsl040dedfa.sys [x]
R1 MpKsl08c2faf8;MpKsl08c2faf8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07796597-E0A7-4099-B7ED-1DC77032612D}\MpKsl08c2faf8.sys [x]
R1 MpKsl0aed7ed5;MpKsl0aed7ed5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0292A4C5-45A9-4189-934E-1926842504B4}\MpKsl0aed7ed5.sys [x]
R1 MpKsl0b9b92d9;MpKsl0b9b92d9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29BFEFA4-F9B9-4079-B0C2-34051E15BB42}\MpKsl0b9b92d9.sys [x]
R1 MpKsl0f8a70bb;MpKsl0f8a70bb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3CEFC97-233E-4134-AEC3-FA8BBDF2B16F}\MpKsl0f8a70bb.sys [x]
R1 MpKsl108cb941;MpKsl108cb941;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29C72D85-3101-4861-954C-F31B4408C841}\MpKsl108cb941.sys [x]
R1 MpKsl124e65f4;MpKsl124e65f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95B2F714-A0AA-45F1-A03E-868CA3C6222E}\MpKsl124e65f4.sys [x]
R1 MpKsl182d5c77;MpKsl182d5c77;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{375C0166-253E-40BB-B317-9E0037EAD6AC}\MpKsl182d5c77.sys [x]
R1 MpKsl1cf5d8d3;MpKsl1cf5d8d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53C2DCC0-94C0-4145-A622-8D96C9A25F94}\MpKsl1cf5d8d3.sys [x]
R1 MpKsl20c834eb;MpKsl20c834eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA379F1A-4338-4EB3-9E16-EC329CAD801D}\MpKsl20c834eb.sys [x]
R1 MpKsl288077ae;MpKsl288077ae;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0F6762E-27A8-4E72-A86A-C8ECD9B118B2}\MpKsl288077ae.sys [x]
R1 MpKsl290a3d22;MpKsl290a3d22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8823E89-002C-4117-8CFE-22B8D383391D}\MpKsl290a3d22.sys [x]
R1 MpKsl2989eabb;MpKsl2989eabb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC0E9043-36BD-424E-B8B0-BA3E8E8F3053}\MpKsl2989eabb.sys [x]
R1 MpKsl2af78086;MpKsl2af78086;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{970FC483-5406-434E-B7B5-0DC94398BF76}\MpKsl2af78086.sys [x]
R1 MpKsl2f7141f2;MpKsl2f7141f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29BFEFA4-F9B9-4079-B0C2-34051E15BB42}\MpKsl2f7141f2.sys [x]
R1 MpKsl35e4e40f;MpKsl35e4e40f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{571A8066-4E32-45A7-A71A-812CF6E901B9}\MpKsl35e4e40f.sys [x]
R1 MpKsl360a7546;MpKsl360a7546;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96E7C6A6-B0BC-4772-A34E-4D34960AB31B}\MpKsl360a7546.sys [x]
R1 MpKsl36860387;MpKsl36860387;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51D7B9AA-A371-4FE9-93E2-334CE424C979}\MpKsl36860387.sys [x]
R1 MpKsl389560c8;MpKsl389560c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEFACE22-6EF0-4DF6-9F79-B3D4A7AB5242}\MpKsl389560c8.sys [x]
R1 MpKsl38d8d116;MpKsl38d8d116;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEE964B0-197D-47DA-B83A-8F805C17E1BD}\MpKsl38d8d116.sys [x]
R1 MpKsl42b9e636;MpKsl42b9e636;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D6D3E05-1EC7-45FE-A46C-FEBABA88CBFC}\MpKsl42b9e636.sys [x]
R1 MpKsl4766e10c;MpKsl4766e10c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DA9B16F-1DCD-49D2-8B86-B16D9A38B128}\MpKsl4766e10c.sys [x]
R1 MpKsl47c0e0f8;MpKsl47c0e0f8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DFBF4A5-2915-46A0-BA76-BA2541F51EF2}\MpKsl47c0e0f8.sys [x]
R1 MpKsl49e615a1;MpKsl49e615a1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A27AAAC-0CCA-4494-9913-349731F912A1}\MpKsl49e615a1.sys [x]
R1 MpKsl4deaa9f2;MpKsl4deaa9f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E9B79AB-4360-42C4-9147-CC3E0EEB584E}\MpKsl4deaa9f2.sys [x]
R1 MpKsl5b0ed007;MpKsl5b0ed007;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C30388A-59C0-4E51-B601-6A194FBE167C}\MpKsl5b0ed007.sys [x]
R1 MpKsl5b10e2b0;MpKsl5b10e2b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CD32F31-810A-4792-82F8-9C4FAF75A9AB}\MpKsl5b10e2b0.sys [x]
R1 MpKsl5b44f990;MpKsl5b44f990;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69596BDD-27C8-4037-A42D-86626E07B128}\MpKsl5b44f990.sys [x]
R1 MpKsl5c48b59f;MpKsl5c48b59f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E2645EF-5AF3-458C-B837-40364CB2EFDF}\MpKsl5c48b59f.sys [x]
R1 MpKsl5df95e12;MpKsl5df95e12;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6471D01E-3BBE-4302-96B3-5ABB87E7C332}\MpKsl5df95e12.sys [x]
R1 MpKsl5e24503b;MpKsl5e24503b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A86370D-FAA3-4230-8ECE-FAD6B65F94B8}\MpKsl5e24503b.sys [x]
R1 MpKsl640a55f1;MpKsl640a55f1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64E65D68-F216-46E4-B8A1-1E7956311A4B}\MpKsl640a55f1.sys [x]
R1 MpKsl64701a25;MpKsl64701a25;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93CBB55D-8EED-492D-A323-A428DF7ED923}\MpKsl64701a25.sys [x]
R1 MpKsl6cd9ee77;MpKsl6cd9ee77;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D78D9AA-2064-4EA6-9732-93CD15B4C7B9}\MpKsl6cd9ee77.sys [x]
R1 MpKsl6eba5378;MpKsl6eba5378;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D933F4EB-3A16-4ED8-A755-67F5BB6E58DE}\MpKsl6eba5378.sys [x]
R1 MpKsl710ced4b;MpKsl710ced4b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E71E8213-39F2-477D-B0E8-C1F4D3391F22}\MpKsl710ced4b.sys [x]
R1 MpKsl721f61f9;MpKsl721f61f9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3BAA9373-6B50-4454-AD63-371A69EC4A2F}\MpKsl721f61f9.sys [x]
R1 MpKsl7300ad61;MpKsl7300ad61;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40980CA6-C754-4AD5-B920-918480142BE7}\MpKsl7300ad61.sys [x]
R1 MpKsl73d0b782;MpKsl73d0b782;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41B917AB-A8B1-4237-8DAA-45EA078A03B5}\MpKsl73d0b782.sys [x]
R1 MpKsl744b3544;MpKsl744b3544;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F087E0FC-EA31-48C8-AD6F-2968C23EB803}\MpKsl744b3544.sys [x]
R1 MpKsl75235767;MpKsl75235767;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9E2DFC7-8372-4FB8-AF49-8E961A424E33}\MpKsl75235767.sys [x]
R1 MpKsl7595afed;MpKsl7595afed;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9EDC741F-53E2-47A8-B99E-FA974D532982}\MpKsl7595afed.sys [x]
R1 MpKsl76c57e8d;MpKsl76c57e8d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{268FC988-0E76-4536-BA7B-89BDBE9EB7A9}\MpKsl76c57e8d.sys [x]
R1 MpKsl7f0c3f86;MpKsl7f0c3f86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{970FC483-5406-434E-B7B5-0DC94398BF76}\MpKsl7f0c3f86.sys [x]
R1 MpKsl809fd47e;MpKsl809fd47e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA2F8F3F-731B-41E6-8193-BDB2461AA978}\MpKsl809fd47e.sys [x]
R1 MpKsl83087407;MpKsl83087407;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E729087-6CDA-4B41-8378-1F5F35327278}\MpKsl83087407.sys [x]
R1 MpKsl86e08c96;MpKsl86e08c96;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8FC298F-5B23-405F-8EF5-787630D01B2D}\MpKsl86e08c96.sys [x]
R1 MpKsl888fd9ac;MpKsl888fd9ac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38C7FFBA-07C6-4E9F-91F6-7569C546E9A7}\MpKsl888fd9ac.sys [x]
R1 MpKsl8df400fa;MpKsl8df400fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32826CF8-3326-47A8-8F11-81E71962230C}\MpKsl8df400fa.sys [x]
R1 MpKsl9605d3e4;MpKsl9605d3e4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4682DD83-E7FC-4B48-90D4-0527E3B52F2B}\MpKsl9605d3e4.sys [x]
R1 MpKsl9b4d47ce;MpKsl9b4d47ce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E729087-6CDA-4B41-8378-1F5F35327278}\MpKsl9b4d47ce.sys [x]
R1 MpKsla18c8a1e;MpKsla18c8a1e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC2C0E82-5C4C-451E-89AA-7CEF7C18358A}\MpKsla18c8a1e.sys [x]
R1 MpKsla43e5bcf;MpKsla43e5bcf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E91966A-A664-47D1-9D2D-DBCABB04D7B4}\MpKsla43e5bcf.sys [x]
R1 MpKsla6178296;MpKsla6178296;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DFBF4A5-2915-46A0-BA76-BA2541F51EF2}\MpKsla6178296.sys [x]
R1 MpKsla8156d45;MpKsla8156d45;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEE1543F-4DA2-4E71-910E-307F36C0E3B6}\MpKsla8156d45.sys [x]
R1 MpKsla910d880;MpKsla910d880;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C57A4764-3CC9-40F7-9193-614B26DD3138}\MpKsla910d880.sys [x]
R1 MpKsla987ce78;MpKsla987ce78;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{091BA9A0-3367-48ED-B13F-3E7DFF6D6A12}\MpKsla987ce78.sys [x]
R1 MpKslab640576;MpKslab640576;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FAB6DAC7-1985-43DF-8FE5-9876BF822A89}\MpKslab640576.sys [x]
R1 MpKslb09fd475;MpKslb09fd475;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{308B81A7-89EC-446F-AB1C-FA4BF40C6BBC}\MpKslb09fd475.sys [x]
R1 MpKslb0cb6cbe;MpKslb0cb6cbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3DC2A392-7652-4648-8E7A-8917D593C46E}\MpKslb0cb6cbe.sys [x]
R1 MpKslb818bc39;MpKslb818bc39;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80F7CBAC-1EB6-41B2-B7D7-51057C9345A4}\MpKslb818bc39.sys [x]
R1 MpKslbb92d119;MpKslbb92d119;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABF2C129-8C2F-4BCA-BF81-8AD697CF4E94}\MpKslbb92d119.sys [x]
R1 MpKslbbbb8492;MpKslbbbb8492;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FD3A475-BE75-43CC-95E5-7540DFB67125}\MpKslbbbb8492.sys [x]
R1 MpKslc1f07e0e;MpKslc1f07e0e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F116E1C-B81C-46DB-8FCB-D85965F08EF3}\MpKslc1f07e0e.sys [x]
R1 MpKslc2e3cdb0;MpKslc2e3cdb0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07989A6E-04F1-452E-85AE-403CD0271DB9}\MpKslc2e3cdb0.sys [x]
R1 MpKslc4d45f35;MpKslc4d45f35;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE186054-1A73-49B5-97AD-A78552563A22}\MpKslc4d45f35.sys [x]
R1 MpKslc962d9e9;MpKslc962d9e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32826CF8-3326-47A8-8F11-81E71962230C}\MpKslc962d9e9.sys [x]
R1 MpKslcf99dd07;MpKslcf99dd07;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A6E0932-E5A0-446F-BB3A-F633FE358409}\MpKslcf99dd07.sys [x]
R1 MpKsld4c41f86;MpKsld4c41f86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FDEE27B-4AFF-4E83-B8F0-89C0D9FE6976}\MpKsld4c41f86.sys [x]
R1 MpKsld5f35f05;MpKsld5f35f05;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34AF4323-835C-40E0-8A35-3D860EB652E4}\MpKsld5f35f05.sys [x]
R1 MpKsld8af0cbc;MpKsld8af0cbc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFB08FAF-BCAF-4D34-8714-B69B1A41215B}\MpKsld8af0cbc.sys [x]
R1 MpKsld8ec0228;MpKsld8ec0228;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FDEE27B-4AFF-4E83-B8F0-89C0D9FE6976}\MpKsld8ec0228.sys [x]
R1 MpKsld935d781;MpKsld935d781;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18DF1429-7E60-4D09-AFE9-2DE232EC5414}\MpKsld935d781.sys [x]
R1 MpKsld947f2fe;MpKsld947f2fe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53130ACB-18B7-4E27-86CD-8D5917027E5B}\MpKsld947f2fe.sys [x]
R1 MpKsldb0439be;MpKsldb0439be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5921087B-35DA-463E-8CFA-E3FE7B9B3DB7}\MpKsldb0439be.sys [x]
R1 MpKsldeba1c14;MpKsldeba1c14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5174B1BB-C486-4F94-AF9F-3176871CE624}\MpKsldeba1c14.sys [x]
R1 MpKsle13f4e5f;MpKsle13f4e5f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E830650-CEB6-4808-9153-A24241A5557C}\MpKsle13f4e5f.sys [x]
R1 MpKsle1ac1078;MpKsle1ac1078;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A610D72E-7CFD-42B9-87F3-8F8DC6F4BE68}\MpKsle1ac1078.sys [x]
R1 MpKsle229f1bf;MpKsle229f1bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{063ABC63-8136-4794-B480-6BB98C4B40AD}\MpKsle229f1bf.sys [x]
R1 MpKsleb454b19;MpKsleb454b19;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{260F8E60-B67C-4EC7-A41B-C01EAEDD249E}\MpKsleb454b19.sys [x]
R1 MpKslec7a6b86;MpKslec7a6b86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E71E8213-39F2-477D-B0E8-C1F4D3391F22}\MpKslec7a6b86.sys [x]
R1 MpKslf1219b42;MpKslf1219b42;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{634CD9CF-252C-40BB-93F1-48D895D85782}\MpKslf1219b42.sys [x]
R1 MpKslf6e37a1e;MpKslf6e37a1e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BD8C7A5-1E1E-4A6B-BDA8-73057BEE5CC9}\MpKslf6e37a1e.sys [x]
R1 MpKslf7f88a21;MpKslf7f88a21;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E76E33B-D6C9-4E42-BD32-562DFDC81B53}\MpKslf7f88a21.sys [x]
R1 MpKslf92b75fc;MpKslf92b75fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38C7FFBA-07C6-4E9F-91F6-7569C546E9A7}\MpKslf92b75fc.sys [x]
R1 MpKslf94036c9;MpKslf94036c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F116E1C-B81C-46DB-8FCB-D85965F08EF3}\MpKslf94036c9.sys [x]
R1 MpKslf9e61ae5;MpKslf9e61ae5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E76E33B-D6C9-4E42-BD32-562DFDC81B53}\MpKslf9e61ae5.sys [x]
R1 MpKslfa1e9b59;MpKslfa1e9b59;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B082976B-6825-4DB5-A93E-5D8F00C39D8E}\MpKslfa1e9b59.sys [x]
R1 MpKslfc8641df;MpKslfc8641df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0BA9B1A-14FB-4882-80D8-785E6264A760}\MpKslfc8641df.sys [x]
R1 MpKslfcee6d58;MpKslfcee6d58;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B2E8B20-7292-4F9B-8224-2A0AF186E4CB}\MpKslfcee6d58.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 WebDictateService;Web Dictate;c:\program files\NCH Software\WebDictate\webdictate.exe [2011-08-26 724484]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-07 21520]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-12-21 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-12-21 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-12-21 123648]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-09 1343400]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-10 217032]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-11-07 56208]
S1 MpKsl8c670f27;MpKsl8c670f27;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E9B79AB-4360-42C4-9147-CC3E0EEB584E}\MpKsl8c670f27.sys [x]
S1 MpKsle32015e5;MpKsle32015e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B46F5BB5-D3DD-48D2-9A7F-14519BEFC2CF}\MpKsle32015e5.sys [2012-01-08 29904]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [2011-12-19 228208]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-11-07 71440]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-11-07 164112]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-01-05 222568]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2011-01-05 42112]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE32015E5
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 16:23]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 16:23]
.
2011-12-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3744593548-2961999220-3959548570-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ucl.ac.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Rosy\AppData\Roaming\Mozilla\Firefox\Profiles\8aa0u0id.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Softonic-EngUK_ Community Toolbar: {6c914a0b-b677-4a73-8a01-db8b914cc7bf} - %profile%\extensions\{6c914a0b-b677-4a73-8a01-db8b914cc7bf}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\users\Rosy\AppData\Roaming\NetAssistant
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{6c914a0b-b677-4a73-8a01-db8b914cc7bf} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{6C914A0B-B677-4A73-8A01-DB8B914CC7BF} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_HTS541616J9SA00 rev.SB4OC7KP -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 312581791 (+0): user != kernel
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-08 17:19:20
ComboFix-quarantined-files.txt 2012-01-08 17:19
.
Pre-Run: 4,648,222,720 bytes free
Post-Run: 6,062,317,568 bytes free
.
- - End Of File - - 77E5845E48A09F82BD9C273F00E8DF82

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:58 AM

Posted 08 January 2012 - 12:58 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 guinea_pig

guinea_pig
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 08 January 2012 - 02:20 PM

Hi Gringo,

Thanks!

I downloaded it, but when I double click or click on "run as administrator", nothing happens. The same thing happened when I tried to use it during the Windows Defender virus.
I also renamed it as 1231bc.com, and double click on it - but nothing happens...

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:58 AM

Posted 08 January 2012 - 05:00 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 guinea_pig

guinea_pig
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 09 January 2012 - 07:26 PM

Hi Gringo,

I downloaded and ran the fixTDSS programme which found an MBR infected file, and repaired it.
I restarted and actually managed to run TDSSkiller. 0 infections were detected... So does this mean the problem is fixed??

Here's the log anyway:

00:18:39.0206 4676 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
00:18:39.0877 4676 ============================================================
00:18:39.0877 4676 Current date / time: 2012/01/10 00:18:39.0877
00:18:39.0877 4676 SystemInfo:
00:18:39.0877 4676
00:18:39.0877 4676 OS Version: 6.1.7600 ServicePack: 0.0
00:18:39.0877 4676 Product type: Workstation
00:18:39.0877 4676 ComputerName: ROSY-LAPTOP
00:18:39.0877 4676 UserName: Rosy
00:18:39.0877 4676 Windows directory: C:\Windows
00:18:39.0877 4676 System windows directory: C:\Windows
00:18:39.0877 4676 Processor architecture: Intel x86
00:18:39.0877 4676 Number of processors: 2
00:18:39.0877 4676 Page size: 0x1000
00:18:39.0877 4676 Boot type: Normal boot
00:18:39.0877 4676 ============================================================
00:18:43.0652 4676 Initialize success
00:22:12.0061 4124 ============================================================
00:22:12.0061 4124 Scan started
00:22:12.0061 4124 Mode: Manual;
00:22:12.0061 4124 ============================================================
00:22:13.0840 4124 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
00:22:13.0840 4124 1394ohci - ok
00:22:13.0886 4124 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
00:22:13.0886 4124 ACPI - ok
00:22:13.0964 4124 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
00:22:13.0964 4124 AcpiPmi - ok
00:22:14.0120 4124 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
00:22:14.0136 4124 adp94xx - ok
00:22:14.0167 4124 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
00:22:14.0198 4124 adpahci - ok
00:22:14.0230 4124 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
00:22:14.0245 4124 adpu320 - ok
00:22:14.0448 4124 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
00:22:14.0495 4124 AFD - ok
00:22:14.0526 4124 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
00:22:14.0542 4124 agp440 - ok
00:22:14.0588 4124 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
00:22:14.0620 4124 aic78xx - ok
00:22:14.0760 4124 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
00:22:14.0776 4124 aliide - ok
00:22:14.0807 4124 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
00:22:14.0807 4124 amdagp - ok
00:22:14.0838 4124 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
00:22:14.0838 4124 amdide - ok
00:22:14.0885 4124 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
00:22:14.0885 4124 AmdK8 - ok
00:22:14.0916 4124 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
00:22:14.0932 4124 AmdPPM - ok
00:22:15.0166 4124 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
00:22:15.0166 4124 amdsata - ok
00:22:15.0197 4124 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
00:22:15.0228 4124 amdsbs - ok
00:22:15.0259 4124 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
00:22:15.0275 4124 amdxata - ok
00:22:15.0415 4124 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
00:22:15.0415 4124 AppID - ok
00:22:15.0478 4124 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
00:22:15.0493 4124 arc - ok
00:22:15.0509 4124 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
00:22:15.0524 4124 arcsas - ok
00:22:15.0618 4124 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:22:15.0634 4124 AsyncMac - ok
00:22:15.0649 4124 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
00:22:15.0649 4124 atapi - ok
00:22:15.0712 4124 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
00:22:15.0727 4124 avgntflt - ok
00:22:15.0743 4124 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
00:22:15.0758 4124 avipbb - ok
00:22:15.0883 4124 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
00:22:15.0899 4124 b06bdrv - ok
00:22:15.0946 4124 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:22:15.0961 4124 b57nd60x - ok
00:22:15.0992 4124 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:22:16.0008 4124 Beep - ok
00:22:16.0117 4124 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
00:22:16.0117 4124 blbdrive - ok
00:22:16.0180 4124 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
00:22:16.0195 4124 bowser - ok
00:22:16.0211 4124 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:22:16.0211 4124 BrFiltLo - ok
00:22:16.0226 4124 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:22:16.0242 4124 BrFiltUp - ok
00:22:16.0273 4124 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
00:22:16.0273 4124 BridgeMP - ok
00:22:16.0320 4124 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:22:16.0336 4124 Brserid - ok
00:22:16.0351 4124 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:22:16.0351 4124 BrSerWdm - ok
00:22:16.0429 4124 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:22:16.0445 4124 BrUsbMdm - ok
00:22:16.0445 4124 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:22:16.0460 4124 BrUsbSer - ok
00:22:16.0476 4124 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
00:22:16.0492 4124 BTHMODEM - ok
00:22:16.0632 4124 catchme - ok
00:22:16.0679 4124 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:22:16.0679 4124 cdfs - ok
00:22:16.0819 4124 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
00:22:16.0819 4124 cdrom - ok
00:22:16.0882 4124 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
00:22:16.0882 4124 circlass - ok
00:22:16.0928 4124 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:22:16.0944 4124 CLFS - ok
00:22:17.0084 4124 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
00:22:17.0100 4124 CmBatt - ok
00:22:17.0131 4124 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
00:22:17.0131 4124 cmdide - ok
00:22:17.0162 4124 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
00:22:17.0194 4124 CNG - ok
00:22:17.0225 4124 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
00:22:17.0225 4124 Compbatt - ok
00:22:17.0334 4124 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:22:17.0334 4124 CompositeBus - ok
00:22:17.0396 4124 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
00:22:17.0396 4124 crcdisk - ok
00:22:17.0474 4124 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
00:22:17.0506 4124 CSC - ok
00:22:17.0630 4124 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
00:22:17.0646 4124 DfsC - ok
00:22:17.0693 4124 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:22:17.0708 4124 discache - ok
00:22:17.0755 4124 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
00:22:17.0755 4124 Disk - ok
00:22:17.0880 4124 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:22:17.0880 4124 drmkaud - ok
00:22:17.0958 4124 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
00:22:17.0989 4124 DXGKrnl - ok
00:22:18.0192 4124 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
00:22:18.0348 4124 ebdrv - ok
00:22:18.0473 4124 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
00:22:18.0504 4124 elxstor - ok
00:22:18.0520 4124 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
00:22:18.0535 4124 ErrDev - ok
00:22:18.0582 4124 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:22:18.0598 4124 exfat - ok
00:22:18.0613 4124 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:22:18.0629 4124 fastfat - ok
00:22:18.0738 4124 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
00:22:18.0738 4124 fdc - ok
00:22:18.0769 4124 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:22:18.0785 4124 FileInfo - ok
00:22:18.0800 4124 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:22:18.0816 4124 Filetrace - ok
00:22:18.0832 4124 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
00:22:18.0832 4124 flpydisk - ok
00:22:18.0878 4124 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:22:18.0894 4124 FltMgr - ok
00:22:19.0003 4124 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:22:19.0019 4124 FsDepends - ok
00:22:19.0066 4124 FsUsbExDisk (10398b515653442a5b89fdf6a1d06180) C:\Windows\system32\FsUsbExDisk.SYS
00:22:19.0066 4124 FsUsbExDisk - ok
00:22:19.0190 4124 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
00:22:19.0206 4124 Fs_Rec - ok
00:22:19.0268 4124 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
00:22:19.0284 4124 fvevol - ok
00:22:19.0300 4124 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:22:19.0315 4124 gagp30kx - ok
00:22:19.0440 4124 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:22:19.0456 4124 hcw85cir - ok
00:22:19.0518 4124 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
00:22:19.0534 4124 HdAudAddService - ok
00:22:19.0565 4124 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:22:19.0565 4124 HDAudBus - ok
00:22:19.0580 4124 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
00:22:19.0596 4124 HidBatt - ok
00:22:19.0612 4124 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
00:22:19.0612 4124 HidBth - ok
00:22:19.0705 4124 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
00:22:19.0721 4124 HidIr - ok
00:22:19.0830 4124 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
00:22:19.0830 4124 HidUsb - ok
00:22:19.0877 4124 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:22:19.0892 4124 HpSAMD - ok
00:22:20.0048 4124 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
00:22:20.0064 4124 HTTP - ok
00:22:20.0095 4124 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
00:22:20.0095 4124 hwpolicy - ok
00:22:20.0173 4124 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
00:22:20.0173 4124 i8042prt - ok
00:22:20.0454 4124 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
00:22:20.0470 4124 iaStorV - ok
00:22:20.0719 4124 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:22:20.0953 4124 igfx - ok
00:22:21.0109 4124 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
00:22:21.0109 4124 iirsp - ok
00:22:21.0156 4124 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
00:22:21.0156 4124 intelide - ok
00:22:21.0203 4124 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
00:22:21.0203 4124 intelppm - ok
00:22:21.0218 4124 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:22:21.0234 4124 IpFilterDriver - ok
00:22:21.0250 4124 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:22:21.0265 4124 IPMIDRV - ok
00:22:21.0281 4124 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:22:21.0296 4124 IPNAT - ok
00:22:21.0390 4124 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:22:21.0390 4124 IRENUM - ok
00:22:21.0437 4124 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
00:22:21.0437 4124 isapnp - ok
00:22:21.0468 4124 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
00:22:21.0499 4124 iScsiPrt - ok
00:22:21.0546 4124 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:22:21.0546 4124 kbdclass - ok
00:22:21.0655 4124 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
00:22:21.0671 4124 kbdhid - ok
00:22:21.0686 4124 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
00:22:21.0702 4124 KSecDD - ok
00:22:21.0749 4124 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
00:22:21.0764 4124 KSecPkg - ok
00:22:21.0827 4124 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:22:21.0842 4124 lltdio - ok
00:22:21.0952 4124 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:22:21.0967 4124 LSI_FC - ok
00:22:21.0998 4124 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:22:22.0014 4124 LSI_SAS - ok
00:22:22.0045 4124 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:22:22.0045 4124 LSI_SAS2 - ok
00:22:22.0092 4124 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:22:22.0092 4124 LSI_SCSI - ok
00:22:22.0201 4124 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:22:22.0217 4124 luafv - ok
00:22:22.0264 4124 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\Windows\system32\DRIVERS\lvrs.sys
00:22:22.0279 4124 LVRS - ok
00:22:22.0451 4124 LVUVC (3703406af0726badd24c5e552493e5b1) C:\Windows\system32\DRIVERS\lvuvc.sys
00:22:22.0747 4124 LVUVC - ok
00:22:22.0856 4124 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
00:22:22.0872 4124 megasas - ok
00:22:22.0934 4124 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
00:22:22.0950 4124 MegaSR - ok
00:22:22.0981 4124 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:22:22.0981 4124 Modem - ok
00:22:23.0012 4124 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:22:23.0012 4124 monitor - ok
00:22:23.0122 4124 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
00:22:23.0137 4124 mouclass - ok
00:22:23.0168 4124 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:22:23.0184 4124 mouhid - ok
00:22:23.0215 4124 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
00:22:23.0231 4124 mountmgr - ok
00:22:23.0293 4124 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
00:22:23.0309 4124 MpFilter - ok
00:22:23.0418 4124 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
00:22:23.0434 4124 mpio - ok
00:22:23.0527 4124 MpKsl0260cd0c - ok
00:22:23.0574 4124 MpKsl02d57eaf - ok
00:22:23.0590 4124 MpKsl03e6629e - ok
00:22:23.0621 4124 MpKsl0400180d - ok
00:22:23.0652 4124 MpKsl040dedfa - ok
00:22:23.0668 4124 MpKsl08c2faf8 - ok
00:22:23.0668 4124 MpKsl0aed7ed5 - ok
00:22:23.0761 4124 MpKsl0b9b92d9 - ok
00:22:23.0761 4124 MpKsl0f8a70bb - ok
00:22:23.0792 4124 MpKsl108cb941 - ok
00:22:23.0808 4124 MpKsl124e65f4 - ok
00:22:23.0808 4124 MpKsl182d5c77 - ok
00:22:23.0855 4124 MpKsl1cf5d8d3 - ok
00:22:23.0870 4124 MpKsl20c834eb - ok
00:22:23.0870 4124 MpKsl288077ae - ok
00:22:23.0902 4124 MpKsl290a3d22 - ok
00:22:23.0964 4124 MpKsl2989eabb - ok
00:22:24.0073 4124 MpKsl2af78086 - ok
00:22:24.0089 4124 MpKsl2f7141f2 - ok
00:22:24.0151 4124 MpKsl317fc473 - ok
00:22:24.0198 4124 MpKsl35e4e40f - ok
00:22:24.0198 4124 MpKsl360a7546 - ok
00:22:24.0229 4124 MpKsl36860387 - ok
00:22:24.0245 4124 MpKsl389560c8 - ok
00:22:24.0307 4124 MpKsl38d8d116 - ok
00:22:24.0385 4124 MpKsl42b9e636 - ok
00:22:24.0416 4124 MpKsl4766e10c - ok
00:22:24.0432 4124 MpKsl47c0e0f8 - ok
00:22:24.0448 4124 MpKsl49e615a1 - ok
00:22:24.0463 4124 MpKsl4deaa9f2 - ok
00:22:24.0463 4124 MpKsl5b0ed007 - ok
00:22:24.0479 4124 MpKsl5b10e2b0 - ok
00:22:24.0494 4124 MpKsl5b44f990 - ok
00:22:24.0494 4124 MpKsl5c48b59f - ok
00:22:24.0526 4124 MpKsl5df95e12 - ok
00:22:24.0541 4124 MpKsl5e24503b - ok
00:22:24.0650 4124 MpKsl640a55f1 - ok
00:22:24.0666 4124 MpKsl64701a25 - ok
00:22:24.0682 4124 MpKsl6cd9ee77 - ok
00:22:24.0806 4124 MpKsl6eba5378 - ok
00:22:24.0822 4124 MpKsl710ced4b - ok
00:22:24.0838 4124 MpKsl721f61f9 - ok
00:22:24.0853 4124 MpKsl7300ad61 - ok
00:22:24.0931 4124 MpKsl73d0b782 - ok
00:22:24.0962 4124 MpKsl744b3544 - ok
00:22:24.0978 4124 MpKsl75235767 - ok
00:22:24.0994 4124 MpKsl7595afed - ok
00:22:25.0009 4124 MpKsl76c57e8d - ok
00:22:25.0025 4124 MpKsl7f0c3f86 - ok
00:22:25.0040 4124 MpKsl809fd47e - ok
00:22:25.0056 4124 MpKsl83087407 - ok
00:22:25.0056 4124 MpKsl86e08c96 - ok
00:22:25.0072 4124 MpKsl888fd9ac - ok
00:22:25.0321 4124 MpKsl8b8e3a49 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87C4CAAD-0815-4C58-8059-B1496B6C9D51}\MpKsl8b8e3a49.sys
00:22:25.0337 4124 MpKsl8b8e3a49 - ok
00:22:25.0384 4124 MpKsl8df400fa - ok
00:22:25.0399 4124 MpKsl9605d3e4 - ok
00:22:25.0430 4124 MpKsl9b4d47ce - ok
00:22:25.0462 4124 MpKsla18c8a1e - ok
00:22:25.0540 4124 MpKsla43e5bcf - ok
00:22:25.0555 4124 MpKsla6178296 - ok
00:22:25.0571 4124 MpKsla8156d45 - ok
00:22:25.0571 4124 MpKsla910d880 - ok
00:22:25.0602 4124 MpKsla987ce78 - ok
00:22:25.0602 4124 MpKslab640576 - ok
00:22:25.0633 4124 MpKslb09fd475 - ok
00:22:25.0633 4124 MpKslb0cb6cbe - ok
00:22:25.0649 4124 MpKslb818bc39 - ok
00:22:25.0664 4124 MpKslbb92d119 - ok
00:22:25.0696 4124 MpKslbbbb8492 - ok
00:22:25.0696 4124 MpKslc1f07e0e - ok
00:22:25.0774 4124 MpKslc2e3cdb0 - ok
00:22:25.0805 4124 MpKslc4d45f35 - ok
00:22:25.0805 4124 MpKslc962d9e9 - ok
00:22:25.0820 4124 MpKslcf99dd07 - ok
00:22:25.0836 4124 MpKsld4c41f86 - ok
00:22:25.0836 4124 MpKsld5f35f05 - ok
00:22:25.0852 4124 MpKsld8af0cbc - ok
00:22:25.0852 4124 MpKsld8ec0228 - ok
00:22:25.0867 4124 MpKsld935d781 - ok
00:22:25.0883 4124 MpKsld947f2fe - ok
00:22:25.0898 4124 MpKsldb0439be - ok
00:22:25.0930 4124 MpKsldeba1c14 - ok
00:22:25.0945 4124 MpKsle13f4e5f - ok
00:22:25.0945 4124 MpKsle1ac1078 - ok
00:22:25.0992 4124 MpKsle229f1bf - ok
00:22:26.0008 4124 MpKsleb454b19 - ok
00:22:26.0086 4124 MpKslec7a6b86 - ok
00:22:26.0101 4124 MpKslf1219b42 - ok
00:22:26.0117 4124 MpKslf6e37a1e - ok
00:22:26.0148 4124 MpKslf7f88a21 - ok
00:22:26.0164 4124 MpKslf92b75fc - ok
00:22:26.0179 4124 MpKslf94036c9 - ok
00:22:26.0179 4124 MpKslf9e61ae5 - ok
00:22:26.0210 4124 MpKslfa1e9b59 - ok
00:22:26.0273 4124 MpKslfc8641df - ok
00:22:26.0351 4124 MpKslfcee6d58 - ok
00:22:26.0491 4124 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
00:22:26.0491 4124 MpNWMon - ok
00:22:26.0554 4124 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:22:26.0569 4124 mpsdrv - ok
00:22:26.0600 4124 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
00:22:26.0616 4124 MRxDAV - ok
00:22:26.0663 4124 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:22:26.0663 4124 mrxsmb - ok
00:22:26.0710 4124 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:22:26.0725 4124 mrxsmb10 - ok
00:22:26.0819 4124 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:22:26.0834 4124 mrxsmb20 - ok
00:22:26.0881 4124 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
00:22:26.0881 4124 msahci - ok
00:22:26.0912 4124 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
00:22:26.0928 4124 msdsm - ok
00:22:26.0975 4124 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:22:26.0990 4124 Msfs - ok
00:22:27.0006 4124 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:22:27.0006 4124 mshidkmdf - ok
00:22:27.0037 4124 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
00:22:27.0037 4124 msisadrv - ok
00:22:27.0146 4124 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:22:27.0162 4124 MSKSSRV - ok
00:22:27.0256 4124 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:22:27.0271 4124 MSPCLOCK - ok
00:22:27.0302 4124 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:22:27.0302 4124 MSPQM - ok
00:22:27.0349 4124 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:22:27.0349 4124 MsRPC - ok
00:22:27.0443 4124 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
00:22:27.0458 4124 mssmbios - ok
00:22:27.0490 4124 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:22:27.0490 4124 MSTEE - ok
00:22:27.0505 4124 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
00:22:27.0505 4124 MTConfig - ok
00:22:27.0552 4124 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:22:27.0552 4124 Mup - ok
00:22:27.0614 4124 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:22:27.0630 4124 NativeWifiP - ok
00:22:27.0880 4124 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
00:22:27.0880 4124 NDIS - ok
00:22:27.0958 4124 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:22:27.0958 4124 NdisCap - ok
00:22:28.0067 4124 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:22:28.0067 4124 NdisTapi - ok
00:22:28.0098 4124 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
00:22:28.0114 4124 Ndisuio - ok
00:22:28.0145 4124 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
00:22:28.0145 4124 NdisWan - ok
00:22:28.0192 4124 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
00:22:28.0192 4124 NDProxy - ok
00:22:28.0238 4124 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:22:28.0254 4124 NetBIOS - ok
00:22:28.0332 4124 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
00:22:28.0363 4124 NetBT - ok
00:22:28.0613 4124 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
00:22:28.0738 4124 netw5v32 - ok
00:22:28.0862 4124 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
00:22:28.0925 4124 nfrd960 - ok
00:22:29.0003 4124 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:22:29.0018 4124 NisDrv - ok
00:22:29.0096 4124 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:22:29.0096 4124 Npfs - ok
00:22:29.0206 4124 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:22:29.0221 4124 nsiproxy - ok
00:22:29.0299 4124 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
00:22:29.0346 4124 Ntfs - ok
00:22:29.0455 4124 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:22:29.0455 4124 Null - ok
00:22:29.0518 4124 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
00:22:29.0533 4124 nvraid - ok
00:22:29.0580 4124 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
00:22:29.0596 4124 nvstor - ok
00:22:29.0627 4124 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
00:22:29.0642 4124 nv_agp - ok
00:22:29.0720 4124 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
00:22:29.0736 4124 ohci1394 - ok
00:22:29.0798 4124 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
00:22:29.0814 4124 Parport - ok
00:22:29.0830 4124 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
00:22:29.0845 4124 partmgr - ok
00:22:29.0861 4124 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
00:22:29.0876 4124 Parvdm - ok
00:22:29.0908 4124 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
00:22:29.0923 4124 pci - ok
00:22:30.0079 4124 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
00:22:30.0079 4124 pciide - ok
00:22:30.0142 4124 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
00:22:30.0157 4124 pcmcia - ok
00:22:30.0235 4124 PCTCore (d9f8e37834eff27442e384d495ee5232) C:\Windows\system32\drivers\PCTCore.sys
00:22:30.0282 4124 PCTCore - ok
00:22:30.0407 4124 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:22:30.0422 4124 pcw - ok
00:22:30.0485 4124 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:22:30.0516 4124 PEAUTH - ok
00:22:30.0688 4124 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:22:30.0688 4124 PptpMiniport - ok
00:22:30.0750 4124 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
00:22:30.0812 4124 Processor - ok
00:22:30.0890 4124 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:22:30.0890 4124 Psched - ok
00:22:31.0031 4124 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
00:22:31.0062 4124 ql2300 - ok
00:22:31.0187 4124 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
00:22:31.0202 4124 ql40xx - ok
00:22:31.0234 4124 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:22:31.0249 4124 QWAVEdrv - ok
00:22:31.0390 4124 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
00:22:31.0405 4124 RapportCerberus_34302 - ok
00:22:31.0483 4124 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
00:22:31.0499 4124 RapportEI - ok
00:22:31.0592 4124 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
00:22:31.0608 4124 RapportIaso - ok
00:22:31.0717 4124 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\Windows\system32\Drivers\RapportKELL.sys
00:22:31.0717 4124 RapportKELL - ok
00:22:31.0842 4124 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
00:22:31.0858 4124 RapportPG - ok
00:22:31.0904 4124 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:22:31.0904 4124 RasAcd - ok
00:22:32.0107 4124 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:22:32.0107 4124 RasAgileVpn - ok
00:22:32.0154 4124 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:22:32.0154 4124 Rasl2tp - ok
00:22:32.0216 4124 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:22:32.0216 4124 RasPppoe - ok
00:22:32.0279 4124 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:22:32.0294 4124 RasSstp - ok
00:22:32.0372 4124 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
00:22:32.0388 4124 rdbss - ok
00:22:32.0435 4124 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
00:22:32.0435 4124 rdpbus - ok
00:22:32.0466 4124 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:22:32.0466 4124 RDPCDD - ok
00:22:32.0528 4124 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
00:22:32.0528 4124 RDPDR - ok
00:22:32.0622 4124 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:22:32.0622 4124 RDPENCDD - ok
00:22:32.0669 4124 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:22:32.0669 4124 RDPREFMP - ok
00:22:32.0731 4124 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
00:22:32.0747 4124 RDPWD - ok
00:22:32.0794 4124 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
00:22:32.0809 4124 rdyboost - ok
00:22:32.0918 4124 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:22:32.0918 4124 rspndr - ok
00:22:32.0981 4124 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
00:22:32.0996 4124 s3cap - ok
00:22:33.0043 4124 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
00:22:33.0043 4124 sbp2port - ok
00:22:33.0152 4124 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\Windows\system32\drivers\SCDEmu.sys
00:22:33.0152 4124 SCDEmu - ok
00:22:33.0230 4124 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
00:22:33.0246 4124 scfilter - ok
00:22:33.0308 4124 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
00:22:33.0324 4124 sdbus - ok
00:22:33.0418 4124 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:22:33.0418 4124 secdrv - ok
00:22:33.0496 4124 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
00:22:33.0496 4124 Serenum - ok
00:22:33.0527 4124 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
00:22:33.0542 4124 Serial - ok
00:22:33.0558 4124 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
00:22:33.0574 4124 sermouse - ok
00:22:33.0605 4124 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
00:22:33.0605 4124 sffdisk - ok
00:22:33.0620 4124 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:22:33.0636 4124 sffp_mmc - ok
00:22:33.0652 4124 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:22:33.0652 4124 sffp_sd - ok
00:22:33.0667 4124 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
00:22:33.0667 4124 sfloppy - ok
00:22:33.0714 4124 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
00:22:33.0714 4124 sisagp - ok
00:22:33.0808 4124 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:22:33.0823 4124 SiSRaid2 - ok
00:22:33.0870 4124 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
00:22:33.0886 4124 SiSRaid4 - ok
00:22:33.0917 4124 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:22:33.0948 4124 Smb - ok
00:22:34.0073 4124 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys
00:22:34.0104 4124 smserial - ok
00:22:34.0229 4124 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:22:34.0229 4124 spldr - ok
00:22:34.0291 4124 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
00:22:34.0307 4124 srv - ok
00:22:34.0338 4124 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
00:22:34.0369 4124 srv2 - ok
00:22:34.0385 4124 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
00:22:34.0400 4124 srvnet - ok
00:22:34.0525 4124 sscebus (b2063ce662af3ab20045121a5b716df6) C:\Windows\system32\DRIVERS\sscebus.sys
00:22:34.0541 4124 sscebus - ok
00:22:34.0572 4124 sscemdfl (66799dc0afe3dcaf8368cae17394a762) C:\Windows\system32\DRIVERS\sscemdfl.sys
00:22:34.0588 4124 sscemdfl - ok
00:22:34.0619 4124 sscemdm (cbf03ffc08f8db547bab2f79aa663d16) C:\Windows\system32\DRIVERS\sscemdm.sys
00:22:34.0634 4124 sscemdm - ok
00:22:34.0697 4124 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
00:22:34.0697 4124 ssmdrv - ok
00:22:34.0806 4124 ssm_bus (9ece19a1a4f4896597c3bb840fbfa721) C:\Windows\system32\DRIVERS\ssm_bus.sys
00:22:34.0822 4124 ssm_bus - ok
00:22:34.0837 4124 ssm_mdfl (8e93a17a5253999a0e7c332f475699dc) C:\Windows\system32\DRIVERS\ssm_mdfl.sys
00:22:34.0853 4124 ssm_mdfl - ok
00:22:34.0900 4124 ssm_mdm (c0ba1357c63deacf3b3ccf4b989fef06) C:\Windows\system32\DRIVERS\ssm_mdm.sys
00:22:34.0915 4124 ssm_mdm - ok
00:22:34.0962 4124 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
00:22:34.0978 4124 stexstor - ok
00:22:35.0056 4124 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
00:22:35.0071 4124 storflt - ok
00:22:35.0102 4124 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
00:22:35.0118 4124 storvsc - ok
00:22:35.0134 4124 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
00:22:35.0149 4124 swenum - ok
00:22:35.0243 4124 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
00:22:35.0290 4124 Tcpip - ok
00:22:35.0461 4124 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
00:22:35.0477 4124 TCPIP6 - ok
00:22:35.0586 4124 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
00:22:35.0602 4124 tcpipreg - ok
00:22:35.0617 4124 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
00:22:35.0633 4124 TDPIPE - ok
00:22:35.0648 4124 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
00:22:35.0664 4124 TDTCP - ok
00:22:35.0680 4124 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
00:22:35.0695 4124 tdx - ok
00:22:35.0726 4124 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
00:22:35.0726 4124 TermDD - ok
00:22:35.0851 4124 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:22:35.0851 4124 tssecsrv - ok
00:22:35.0882 4124 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
00:22:35.0898 4124 tunnel - ok
00:22:35.0945 4124 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
00:22:35.0945 4124 uagp35 - ok
00:22:35.0992 4124 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
00:22:36.0023 4124 udfs - ok
00:22:36.0070 4124 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:22:36.0070 4124 uliagpkx - ok
00:22:36.0163 4124 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
00:22:36.0179 4124 umbus - ok
00:22:36.0210 4124 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
00:22:36.0210 4124 UmPass - ok
00:22:36.0288 4124 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
00:22:36.0288 4124 usbaudio - ok
00:22:36.0335 4124 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\drivers\usbccgp.sys
00:22:36.0350 4124 usbccgp - ok
00:22:36.0460 4124 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
00:22:36.0475 4124 usbcir - ok
00:22:36.0522 4124 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
00:22:36.0522 4124 usbehci - ok
00:22:36.0569 4124 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
00:22:36.0584 4124 usbhub - ok
00:22:36.0616 4124 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
00:22:36.0631 4124 usbohci - ok
00:22:36.0647 4124 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
00:22:36.0647 4124 usbprint - ok
00:22:36.0865 4124 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:22:36.0881 4124 USBSTOR - ok
00:22:36.0928 4124 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
00:22:36.0943 4124 usbuhci - ok
00:22:36.0990 4124 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:22:37.0006 4124 vdrvroot - ok
00:22:37.0099 4124 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:22:37.0115 4124 vga - ok
00:22:37.0146 4124 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:22:37.0146 4124 VgaSave - ok
00:22:37.0177 4124 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
00:22:37.0177 4124 vhdmp - ok
00:22:37.0224 4124 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
00:22:37.0224 4124 viaagp - ok
00:22:37.0240 4124 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
00:22:37.0255 4124 ViaC7 - ok
00:22:37.0286 4124 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
00:22:37.0286 4124 viaide - ok
00:22:37.0318 4124 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
00:22:37.0333 4124 vmbus - ok
00:22:37.0427 4124 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
00:22:37.0442 4124 VMBusHID - ok
00:22:37.0474 4124 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
00:22:37.0474 4124 volmgr - ok
00:22:37.0520 4124 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:22:37.0536 4124 volmgrx - ok
00:22:37.0567 4124 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
00:22:37.0583 4124 volsnap - ok
00:22:37.0614 4124 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
00:22:37.0630 4124 vsmraid - ok
00:22:37.0770 4124 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
00:22:37.0770 4124 vwifibus - ok
00:22:37.0801 4124 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
00:22:37.0817 4124 WacomPen - ok
00:22:37.0848 4124 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
00:22:37.0848 4124 WANARP - ok
00:22:37.0864 4124 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
00:22:37.0864 4124 Wanarpv6 - ok
00:22:38.0051 4124 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
00:22:38.0051 4124 Wd - ok
00:22:38.0176 4124 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:22:38.0207 4124 Wdf01000 - ok
00:22:38.0347 4124 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:22:38.0347 4124 WfpLwf - ok
00:22:38.0378 4124 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:22:38.0378 4124 WIMMount - ok
00:22:38.0581 4124 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
00:22:38.0597 4124 WinUsb - ok
00:22:38.0644 4124 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:22:38.0659 4124 WmiAcpi - ok
00:22:38.0722 4124 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:22:38.0722 4124 ws2ifsl - ok
00:22:38.0846 4124 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
00:22:38.0862 4124 WudfPf - ok
00:22:38.0940 4124 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:22:38.0956 4124 WUDFRd - ok
00:22:39.0065 4124 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
00:22:39.0080 4124 yukonw7 - ok
00:22:39.0096 4124 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:22:39.0143 4124 \Device\Harddisk0\DR0 - ok
00:22:39.0158 4124 Boot (0x1200) (c9e918df51ccd0168e03551899a16946) \Device\Harddisk0\DR0\Partition0
00:22:39.0158 4124 \Device\Harddisk0\DR0\Partition0 - ok
00:22:39.0174 4124 Boot (0x1200) (d9c4da7cc799df0a75a64ad581b097d6) \Device\Harddisk0\DR0\Partition1
00:22:39.0190 4124 \Device\Harddisk0\DR0\Partition1 - ok
00:22:39.0205 4124 Boot (0x1200) (1101a65791a58d7c6c7dcbdfacaa8f23) \Device\Harddisk0\DR0\Partition2
00:22:39.0236 4124 \Device\Harddisk0\DR0\Partition2 - ok
00:22:39.0236 4124 ============================================================
00:22:39.0236 4124 Scan finished
00:22:39.0236 4124 ============================================================
00:22:39.0268 0684 Detected object count: 0
00:22:39.0268 0684 Actual detected object count: 0
00:22:58.0580 4664 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:58 AM

Posted 09 January 2012 - 07:50 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:58 AM

Posted 12 January 2012 - 01:03 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:58 AM

Posted 15 January 2012 - 02:49 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users