Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Completed all self-help tutorials, still have rootkit


  • This topic is locked This topic is locked
22 replies to this topic

#1 Montana Mad Dog

Montana Mad Dog

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:03 AM

Posted 23 January 2012 - 09:10 AM

Hello,

Had the "Security Center" come up on this computer...got rid of it using the tutorials on this site, along with trying all the other suggestions for removing rootkits that may be causing the redirects. Some solutions seem to run their course, others don't. Still having issues: browser redirects, browsers stop working, MBAM errors, Start menu blank, "waiting for background programs to end" on shutdown.

So, not sure where to go from here. Help please.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Chance at 6:41:48 on 2012-01-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2379 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\DllHost.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\REGSVR32.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 216.129.224.49 216.220.0.1
TCP: Interfaces\{E360D83C-3003-4198-B16B-E51AA81B2B73} : DhcpNameServer = 216.129.224.49 216.220.0.1
TCP: Interfaces\{E360D83C-3003-4198-B16B-E51AA81B2B73}\D484F6D656 : DhcpNameServer = 216.129.224.49 216.220.0.1
TCP: Interfaces\{E360D83C-3003-4198-B16B-E51AA81B2B73}\D657E6F6A7 : DhcpNameServer = 216.129.224.49 216.220.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-8 89600]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-8 13336]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-8 1692480]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-8 2533400]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-20 652872]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\windows\system32\drivers\hitmanpro36.sys --> C:\windows\system32\drivers\hitmanpro36.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\windows\system32\5B2D.tmp --> C:\windows\system32\5B2D.tmp [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-23 13:11:56 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-23 13:11:46 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0D2B06D0-E9D1-4565-9CC4-4C0491F67046}\mpengine.dll
2012-01-23 13:00:16 18816 ------w- C:\windows\SysWow64\SAVRKBootTasks.sys
2012-01-20 23:13:57 6144 ------w- C:\windows\System32\5B2D.tmp
2012-01-20 23:13:28 6144 ------w- C:\windows\System32\EADD.tmp
2012-01-20 23:13:06 -------- d-----w- C:\Program Files (x86)\Sophos
2012-01-20 20:44:41 -------- d-----w- C:\Users\Chance\AppData\Roaming\Malwarebytes
2012-01-20 20:44:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-20 20:44:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-18 23:21:54 -------- d-----w- C:\windows\SysWow64\Adobe
2012-01-18 23:18:44 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0376F99-5B05-4C79-89CC-741AC8AD8C27}\gapaengine.dll
2012-01-18 23:16:56 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-01-18 23:16:47 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-01-18 21:51:47 -------- d-s---w- C:\ComboFix
2012-01-18 15:18:43 25160 ----a-w- C:\windows\System32\drivers\hitmanpro36.sys
2012-01-18 15:18:12 -------- d-----w- C:\ProgramData\HitmanPro
2012-01-18 14:11:03 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-18 14:04:26 -------- d-----w- C:\Users\Chance\AppData\Local\Mozilla
2012-01-17 19:41:20 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-17 19:06:55 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-17 19:06:53 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{72CAC59F-5564-4BBA-9D6C-D6A75409CB72}\mpengine.dll
2012-01-17 12:34:25 -------- d-----w- C:\Program Files\CCleaner
2012-01-17 01:43:21 -------- d-----w- C:\Users\Chance\AppData\Local\Google
2012-01-17 01:41:47 -------- d-----w- C:\Users\Chance\AppData\Local\Apps
2012-01-17 01:41:46 -------- d-----w- C:\Users\Chance\AppData\Local\Deployment
2012-01-17 01:38:39 -------- d-----w- C:\TrustedID IDMonitor Identity Protection
2012-01-11 04:01:23 1572864 ----a-w- C:\windows\System32\quartz.dll
2012-01-11 04:01:22 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-01-11 04:01:22 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-01-11 04:01:22 1328128 ----a-w- C:\windows\SysWow64\quartz.dll
2012-01-11 04:01:20 1731920 ----a-w- C:\windows\System32\ntdll.dll
2012-01-11 04:01:20 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-01-11 04:01:19 77312 ----a-w- C:\windows\System32\packager.dll
2012-01-11 04:01:18 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-01-09 03:32:14 -------- d-----w- C:\Users\Chance\AppData\Local\V-Safe 100
2012-01-08 23:13:40 -------- d-----w- C:\Users\Chance\AppData\Roaming\Roxio Burn
2012-01-01 19:44:18 -------- d-----w- C:\Program Files (x86)\Dell Touch Software Suite
2012-01-01 19:44:18 -------- d-----w- C:\FIND_EULA_PATH
2011-12-31 00:27:35 -------- d-----w- C:\Users\Chance\AppData\Local\Adobe
2011-12-29 01:22:08 -------- d-----w- C:\Users\Chance\My Backup Files
2011-12-28 03:14:32 -------- d-----w- C:\Users\Chance\AppData\Roaming\Reallusion
2011-12-28 03:14:07 7062 ----a-w- C:\windows\SysWow64\audiopid.vxd
2011-12-28 03:12:29 -------- d-----w- C:\Users\Chance\AppData\Local\Windows Live
2011-12-28 03:12:29 -------- d-----w- C:\Users\Chance\AppData\Local\{BB3245A6-FA3B-4887-92F4-40922F8222FE}
2011-12-28 03:12:11 -------- d-----w- C:\Users\Chance\AppData\Local\{03FD1BD0-D003-447A-9452-A3864DEDED9D}
2011-12-27 17:00:08 -------- d-----w- C:\windows\SysWow64\Wat
2011-12-27 17:00:08 -------- d-----w- C:\windows\System32\Wat
2011-12-27 16:55:57 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-12-27 03:14:49 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-12-27 03:13:43 2048 ----a-w- C:\windows\System32\tzres.dll
2011-12-27 03:13:42 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-12-26 04:19:19 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2011-12-26 01:26:18 -------- d-----w- C:\Users\Chance\AppData\Local\Powercinema
2011-12-25 23:59:57 -------- d-----w- C:\Users\Chance\jagexcache
2011-12-25 18:40:10 -------- d-----w- C:\Users\Chance\AppData\Local\Apple Computer
2011-12-25 18:40:05 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2011-12-25 18:40:04 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2011-12-25 18:40:04 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2011-12-25 18:39:25 -------- d-----w- C:\Program Files\iPod
2011-12-25 18:39:24 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-25 18:39:24 -------- d-----w- C:\Program Files\iTunes
2011-12-25 18:39:24 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-25 18:38:46 -------- d-----w- C:\Users\Chance\AppData\Local\Apple
2011-12-25 18:38:15 -------- d-----w- C:\Program Files\Bonjour
2011-12-25 18:38:15 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-12-25 17:21:42 -------- d-----w- C:\Users\Chance\AppData\Local\Microsoft Games
2011-12-25 17:04:47 -------- d-----w- C:\Program Files\Dell Support Center
2011-12-25 17:01:08 -------- d-----w- C:\Users\Chance\AppData\Roaming\PCDr
2011-12-25 17:00:08 -------- d-----w- C:\ProgramData\PCDr
2011-12-25 16:57:17 -------- d-----w- C:\ProgramData\ArcSoft
2011-12-25 16:56:24 -------- d-----w- C:\Users\Chance\AppData\Local\Downloaded Installations
2011-12-25 16:52:12 -------- d-----w- C:\Users\Chance\AppData\Local\ArcSoft
2011-12-25 16:33:46 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-12-25 16:33:19 -------- d-----w- C:\Users\Chance\AppData\Local\Microsoft Help
2011-12-25 16:20:03 -------- dc----w- C:\Users\Chance\AppData\Local\MigWiz
2011-12-25 16:18:16 -------- d-----w- C:\Users\Chance\AppData\Local\Dell
2011-12-25 16:17:40 -------- d-----w- C:\Users\Chance\AppData\Roaming\Fingertapps
2011-12-25 16:17:40 -------- d-----w- C:\Users\Chance\AppData\Roaming\Dell
2011-12-25 16:17:37 -------- d-----w- C:\Users\Chance\AppData\Roaming\Dell Touch Zone
2011-12-25 16:17:26 -------- d-----w- C:\Users\Chance\AppData\Roaming\Intel Corporation
.
==================== Find3M ====================
.
2012-01-19 02:45:10 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-01-19 02:39:34 525544 ----a-w- C:\windows\System32\deployJava1.dll
2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\windows\System32\csrsrv.dll
.
============= FINISH: 6:49:12.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:03 PM

Posted 26 January 2012 - 07:37 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:03 AM

Posted 26 January 2012 - 12:16 PM

Hi Gringo...here is ComboFix log. Browser (IE) still redirects, no items pinning to Start Menu, desktop background not restored, etc. In other words, it doesn't appear that anything has changed after running ComboFix.

More detail on browser redirects:
I can type an address into the browser and it will go to that site without redirecting.
I can search from the address bar and Google presents the results without redirecting.
When I select one of the Google search results, the link gets redirected to a number of goofy sites, with no apparent pattern.

Thanks for your help.

Paul

======================

ComboFix 12-01-26.01 - Chance 01/26/2012 8:17.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2161 [GMT -7:00]
Running from: c:\users\Chance\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-26 15:46 . 2012-01-26 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-26 15:13 . 2012-01-06 04:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{373791BD-2A7A-4FFC-9560-7C93226A7BE6}\mpengine.dll
2012-01-23 16:22 . 2012-01-23 16:22 -------- d-----w- c:\program files\iTunes
2012-01-23 16:22 . 2012-01-23 16:22 -------- d-----w- c:\program files\iPod
2012-01-23 16:22 . 2012-01-23 16:22 -------- d-----w- c:\program files (x86)\iTunes
2012-01-23 16:16 . 2012-01-23 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-23 16:16 . 2012-01-23 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-23 16:16 . 2012-01-23 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-23 16:16 . 2012-01-23 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-23 16:16 . 2012-01-23 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-23 16:16 . 2012-01-23 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-23 16:16 . 2012-01-23 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-01-23 16:16 . 2012-01-23 16:16 -------- d-----w- c:\program files (x86)\QuickTime
2012-01-23 16:15 . 2012-01-23 16:15 -------- d-----w- c:\program files (x86)\Safari
2012-01-23 13:11 . 2012-01-06 04:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-23 13:00 . 2011-05-12 21:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-01-20 23:13 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\5B2D.tmp
2012-01-20 23:13 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\EADD.tmp
2012-01-20 23:13 . 2012-01-20 23:13 -------- d-----w- c:\program files (x86)\Sophos
2012-01-20 20:44 . 2012-01-20 20:44 -------- d-----w- c:\users\Chance\AppData\Roaming\Malwarebytes
2012-01-20 20:44 . 2012-01-20 20:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-20 20:44 . 2012-01-20 20:44 -------- d-----w- c:\programdata\Malwarebytes
2012-01-19 03:04 . 2012-01-19 03:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-19 02:45 . 2012-01-19 02:45 -------- d-----w- c:\program files (x86)\Java
2012-01-18 23:21 . 2012-01-18 23:21 -------- d-----w- c:\windows\SysWow64\Adobe
2012-01-18 23:21 . 2012-01-18 23:21 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-01-18 23:18 . 2012-01-18 23:18 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0376F99-5B05-4C79-89CC-741AC8AD8C27}\gapaengine.dll
2012-01-18 23:16 . 2012-01-18 23:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-01-18 23:16 . 2012-01-18 23:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-18 21:38 . 2012-01-18 21:38 -------- d-----w- c:\windows\system32\Macromed
2012-01-18 15:18 . 2012-01-18 15:18 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-18 15:18 . 2012-01-18 15:18 -------- d-----w- c:\programdata\HitmanPro
2012-01-18 14:11 . 2012-01-18 21:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-18 14:04 . 2012-01-18 14:04 -------- d-----w- c:\users\Chance\AppData\Local\Mozilla
2012-01-17 19:06 . 2011-11-30 09:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72CAC59F-5564-4BBA-9D6C-D6A75409CB72}\mpengine.dll
2012-01-17 12:34 . 2012-01-17 12:34 -------- d-----w- c:\program files\CCleaner
2012-01-17 01:43 . 2012-01-20 21:48 -------- d-----w- c:\users\Chance\AppData\Local\Google
2012-01-17 01:41 . 2012-01-17 01:41 -------- d-----w- c:\users\Chance\AppData\Local\Apps
2012-01-17 01:41 . 2012-01-17 01:43 -------- d-----w- c:\users\Chance\AppData\Local\Deployment
2012-01-17 01:38 . 2012-01-17 01:38 -------- d-----w- C:\TrustedID IDMonitor Identity Protection
2012-01-11 04:01 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 04:01 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 04:01 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 04:01 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 04:01 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 04:01 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 04:01 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 04:01 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-09 03:32 . 2012-01-09 03:32 -------- d-----w- c:\users\Chance\AppData\Local\V-Safe 100
2012-01-08 23:13 . 2012-01-08 23:13 -------- d-----w- c:\users\Chance\AppData\Roaming\Roxio Burn
2012-01-01 19:44 . 2012-01-01 19:44 -------- d-----w- C:\FIND_EULA_PATH
2012-01-01 19:44 . 2012-01-01 19:44 -------- d-----w- c:\program files (x86)\Dell Touch Software Suite
2011-12-31 00:27 . 2012-01-18 23:21 -------- d-----w- c:\users\Chance\AppData\Local\Adobe
2011-12-29 01:24 . 2011-12-29 01:24 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-12-29 01:22 . 2011-12-29 01:22 -------- d-----w- c:\users\Chance\My Backup Files
2011-12-28 03:14 . 2011-12-28 03:14 -------- d-----w- c:\users\Chance\AppData\Roaming\Reallusion
2011-12-28 03:14 . 2003-06-13 06:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd
2011-12-28 03:13 . 2011-12-28 03:14 -------- d-----w- c:\programdata\Creative
2011-12-28 03:12 . 2011-12-28 03:12 -------- d-----w- c:\users\Chance\AppData\Local\Windows Live
2011-12-27 17:00 . 2011-12-27 17:00 -------- d-----w- c:\windows\SysWow64\Wat
2011-12-27 17:00 . 2011-12-27 17:00 -------- d-----w- c:\windows\system32\Wat
2011-12-27 16:55 . 2011-12-27 16:55 -------- d-----w- c:\program files (x86)\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 02:45 . 2011-11-08 12:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-19 02:39 . 2011-11-08 12:37 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-04 09:26 . 2010-11-21 03:27 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-25 16:08 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-24 04:52 . 2011-12-27 03:14 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 12:38 . 2011-11-08 12:38 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-08 12:38 . 2011-11-08 12:38 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-08 12:38 . 2011-11-08 12:38 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-11-08 12:38 . 2011-11-08 12:38 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-11-08 12:38 . 2011-11-08 12:38 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-08 12:38 . 2011-11-08 12:38 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-11-08 12:38 . 2011-11-08 12:38 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-08 12:38 . 2011-11-08 12:38 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-11-08 12:38 . 2011-11-08 12:38 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-11-08 12:38 . 2011-11-08 12:38 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-11-08 12:38 . 2011-11-08 12:38 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-11-08 12:38 . 2011-11-08 12:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-11-08 12:38 . 2011-11-08 12:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-08 12:38 . 2011-11-08 12:38 448512 ----a-w- c:\windows\system32\html.iec
2011-11-08 12:38 . 2011-11-08 12:38 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-11-08 12:38 . 2011-11-08 12:38 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-11-08 12:38 . 2011-11-08 12:38 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-11-08 12:38 . 2011-11-08 12:38 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-08 12:38 . 2011-11-08 12:38 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-08 12:38 . 2011-11-08 12:38 222208 ----a-w- c:\windows\system32\msls31.dll
2011-11-08 12:38 . 2011-11-08 12:38 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-08 12:38 . 2011-11-08 12:38 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-11-08 12:38 . 2011-11-08 12:38 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-08 12:38 . 2011-11-08 12:38 160256 ----a-w- c:\windows\system32\wextract.exe
2011-11-08 12:38 . 2011-11-08 12:38 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-11-08 12:38 . 2011-11-08 12:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-11-08 12:38 . 2011-11-08 12:38 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-11-08 12:38 . 2011-11-08 12:38 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-08 12:38 . 2011-11-08 12:38 12288 ----a-w- c:\windows\system32\mshta.exe
2011-11-08 12:38 . 2011-11-08 12:38 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-11-08 12:38 . 2011-11-08 12:38 114176 ----a-w- c:\windows\system32\admparse.dll
2011-11-08 12:38 . 2011-11-08 12:38 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-08 12:38 . 2011-11-08 12:38 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-11-08 12:38 . 2011-11-08 12:38 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-05 05:32 . 2011-12-27 03:13 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-27 03:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\5B2D.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-02 2533400]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 216.129.224.49 216.220.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5B2D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-26 09:04:03
ComboFix-quarantined-files.txt 2012-01-26 16:03
ComboFix2.txt 2012-01-17 16:48
.
Pre-Run: 585,374,236,672 bytes free
Post-Run: 584,488,357,888 bytes free
.
- - End Of File - - 48DB4292A1DB146D6DB6A56E73F513FE

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:03 PM

Posted 26 January 2012 - 12:38 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:03 AM

Posted 26 January 2012 - 06:29 PM

Gringo,

Downloaded and executed TDSSkiller. Nothing happened.

I downloaded it from the link you provided and nothing happened...I get the "open file - security warning" from Windows when I execute the program, but nothing beyond that...no graphical interface.

I tried several times, even downloaded the zip file instead of the exe that you linked to.

I tried it in safe mode.

No joy.

Ideas?

Paul

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:03 PM

Posted 26 January 2012 - 08:43 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:03 AM

Posted 26 January 2012 - 11:01 PM

Infection cleared by fixTDSS.

TDSS report:

20:58:46.0671 4816 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
20:58:47.0747 4816 ============================================================
20:58:47.0747 4816 Current date / time: 2012/01/26 20:58:47.0747
20:58:47.0747 4816 SystemInfo:
20:58:47.0747 4816
20:58:47.0747 4816 OS Version: 6.1.7601 ServicePack: 1.0
20:58:47.0747 4816 Product type: Workstation
20:58:47.0747 4816 ComputerName: CHANCE-PC
20:58:47.0747 4816 UserName: Chance
20:58:47.0747 4816 Windows directory: C:\windows
20:58:47.0747 4816 System windows directory: C:\windows
20:58:47.0747 4816 Running under WOW64
20:58:47.0747 4816 Processor architecture: Intel x64
20:58:47.0747 4816 Number of processors: 4
20:58:47.0747 4816 Page size: 0x1000
20:58:47.0747 4816 Boot type: Normal boot
20:58:47.0747 4816 ============================================================
20:58:48.0434 4816 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:58:48.0481 4816 Initialize success
20:58:58.0745 5216 ============================================================
20:58:58.0745 5216 Scan started
20:58:58.0745 5216 Mode: Manual;
20:58:58.0745 5216 ============================================================
20:58:58.0995 5216 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
20:58:58.0995 5216 1394ohci - ok
20:58:59.0104 5216 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
20:58:59.0104 5216 ACPI - ok
20:58:59.0213 5216 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
20:58:59.0213 5216 AcpiPmi - ok
20:58:59.0354 5216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
20:58:59.0354 5216 adp94xx - ok
20:58:59.0479 5216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
20:58:59.0479 5216 adpahci - ok
20:58:59.0588 5216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
20:58:59.0588 5216 adpu320 - ok
20:58:59.0713 5216 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
20:58:59.0713 5216 AFD - ok
20:58:59.0806 5216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
20:58:59.0806 5216 agp440 - ok
20:58:59.0900 5216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:58:59.0915 5216 aliide - ok
20:59:00.0009 5216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:59:00.0009 5216 amdide - ok
20:59:00.0118 5216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
20:59:00.0118 5216 AmdK8 - ok
20:59:00.0149 5216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
20:59:00.0149 5216 AmdPPM - ok
20:59:00.0181 5216 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
20:59:00.0181 5216 amdsata - ok
20:59:00.0196 5216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
20:59:00.0212 5216 amdsbs - ok
20:59:00.0227 5216 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
20:59:00.0227 5216 amdxata - ok
20:59:00.0259 5216 ApfiltrService (6690e42ced5d067233abad42da141213) C:\windows\system32\DRIVERS\Apfiltr.sys
20:59:00.0274 5216 ApfiltrService - ok
20:59:00.0430 5216 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
20:59:00.0430 5216 AppID - ok
20:59:00.0571 5216 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
20:59:00.0571 5216 arc - ok
20:59:00.0586 5216 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
20:59:00.0586 5216 arcsas - ok
20:59:00.0649 5216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:59:00.0649 5216 AsyncMac - ok
20:59:00.0695 5216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:59:00.0695 5216 atapi - ok
20:59:00.0773 5216 athr (5493ed5d300afc7a9a0a87fca08e5381) C:\windows\system32\DRIVERS\athrx.sys
20:59:00.0851 5216 athr - ok
20:59:00.0976 5216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
20:59:00.0976 5216 b06bdrv - ok
20:59:01.0132 5216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:59:01.0132 5216 b57nd60a - ok
20:59:01.0241 5216 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:59:01.0241 5216 Beep - ok
20:59:01.0304 5216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:59:01.0304 5216 blbdrive - ok
20:59:01.0366 5216 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
20:59:01.0366 5216 bowser - ok
20:59:01.0382 5216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
20:59:01.0382 5216 BrFiltLo - ok
20:59:01.0397 5216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
20:59:01.0397 5216 BrFiltUp - ok
20:59:01.0585 5216 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
20:59:01.0585 5216 BridgeMP - ok
20:59:01.0616 5216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:59:01.0631 5216 Brserid - ok
20:59:01.0647 5216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:59:01.0647 5216 BrSerWdm - ok
20:59:01.0678 5216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:59:01.0678 5216 BrUsbMdm - ok
20:59:01.0694 5216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:59:01.0694 5216 BrUsbSer - ok
20:59:01.0741 5216 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
20:59:01.0741 5216 BthEnum - ok
20:59:01.0787 5216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
20:59:01.0787 5216 BTHMODEM - ok
20:59:01.0819 5216 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
20:59:01.0819 5216 BthPan - ok
20:59:01.0865 5216 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
20:59:01.0881 5216 BTHPORT - ok
20:59:01.0928 5216 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
20:59:01.0928 5216 BTHUSB - ok
20:59:01.0975 5216 catchme - ok
20:59:02.0006 5216 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:59:02.0006 5216 cdfs - ok
20:59:02.0053 5216 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
20:59:02.0053 5216 cdrom - ok
20:59:02.0115 5216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
20:59:02.0115 5216 circlass - ok
20:59:02.0146 5216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:59:02.0162 5216 CLFS - ok
20:59:02.0193 5216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:59:02.0193 5216 CmBatt - ok
20:59:02.0224 5216 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:59:02.0224 5216 cmdide - ok
20:59:02.0255 5216 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
20:59:02.0271 5216 CNG - ok
20:59:02.0302 5216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
20:59:02.0302 5216 Compbatt - ok
20:59:02.0333 5216 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
20:59:02.0333 5216 CompositeBus - ok
20:59:02.0380 5216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
20:59:02.0380 5216 crcdisk - ok
20:59:02.0458 5216 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys
20:59:02.0458 5216 CtClsFlt - ok
20:59:02.0521 5216 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
20:59:02.0521 5216 DfsC - ok
20:59:02.0552 5216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:59:02.0552 5216 discache - ok
20:59:02.0583 5216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
20:59:02.0583 5216 Disk - ok
20:59:02.0630 5216 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:59:02.0630 5216 drmkaud - ok
20:59:02.0677 5216 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
20:59:02.0677 5216 DXGKrnl - ok
20:59:02.0739 5216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
20:59:02.0786 5216 ebdrv - ok
20:59:02.0895 5216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
20:59:02.0911 5216 elxstor - ok
20:59:02.0942 5216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
20:59:02.0942 5216 ErrDev - ok
20:59:02.0989 5216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:59:02.0989 5216 exfat - ok
20:59:03.0020 5216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:59:03.0020 5216 fastfat - ok
20:59:03.0051 5216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
20:59:03.0051 5216 fdc - ok
20:59:03.0098 5216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:59:03.0098 5216 FileInfo - ok
20:59:03.0113 5216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:59:03.0113 5216 Filetrace - ok
20:59:03.0129 5216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
20:59:03.0145 5216 flpydisk - ok
20:59:03.0160 5216 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
20:59:03.0160 5216 FltMgr - ok
20:59:03.0176 5216 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:59:03.0176 5216 FsDepends - ok
20:59:03.0191 5216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
20:59:03.0191 5216 Fs_Rec - ok
20:59:03.0191 5216 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
20:59:03.0207 5216 fvevol - ok
20:59:03.0238 5216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
20:59:03.0238 5216 gagp30kx - ok
20:59:03.0301 5216 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:59:03.0301 5216 GEARAspiWDM - ok
20:59:03.0332 5216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:59:03.0332 5216 hcw85cir - ok
20:59:03.0363 5216 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
20:59:03.0379 5216 HdAudAddService - ok
20:59:03.0394 5216 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:59:03.0394 5216 HDAudBus - ok
20:59:03.0425 5216 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
20:59:03.0425 5216 HECIx64 - ok
20:59:03.0441 5216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
20:59:03.0441 5216 HidBatt - ok
20:59:03.0472 5216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
20:59:03.0472 5216 HidBth - ok
20:59:03.0503 5216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
20:59:03.0503 5216 HidIr - ok
20:59:03.0535 5216 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
20:59:03.0535 5216 HidUsb - ok
20:59:03.0566 5216 hitmanpro35 (c6ff685e2ea55c3ac5c90b9e7d6930c0) C:\windows\system32\drivers\hitmanpro36.sys
20:59:03.0566 5216 hitmanpro35 - ok
20:59:03.0613 5216 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
20:59:03.0613 5216 HpSAMD - ok
20:59:03.0659 5216 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
20:59:03.0659 5216 HTTP - ok
20:59:03.0675 5216 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
20:59:03.0675 5216 hwpolicy - ok
20:59:03.0722 5216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:59:03.0722 5216 i8042prt - ok
20:59:03.0769 5216 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
20:59:03.0769 5216 iaStor - ok
20:59:03.0800 5216 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
20:59:03.0800 5216 iaStorV - ok
20:59:04.0049 5216 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\windows\system32\DRIVERS\igdkmd64.sys
20:59:04.0221 5216 igfx - ok
20:59:04.0315 5216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
20:59:04.0315 5216 iirsp - ok
20:59:04.0361 5216 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
20:59:04.0361 5216 Impcd - ok
20:59:04.0377 5216 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
20:59:04.0393 5216 IntcDAud - ok
20:59:04.0393 5216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:59:04.0393 5216 intelide - ok
20:59:04.0424 5216 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:59:04.0439 5216 intelppm - ok
20:59:04.0471 5216 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:59:04.0471 5216 IpFilterDriver - ok
20:59:04.0502 5216 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
20:59:04.0502 5216 IPMIDRV - ok
20:59:04.0533 5216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:59:04.0533 5216 IPNAT - ok
20:59:04.0564 5216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:59:04.0564 5216 IRENUM - ok
20:59:04.0595 5216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
20:59:04.0595 5216 isapnp - ok
20:59:04.0611 5216 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
20:59:04.0611 5216 iScsiPrt - ok
20:59:04.0642 5216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:59:04.0642 5216 kbdclass - ok
20:59:04.0658 5216 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
20:59:04.0658 5216 kbdhid - ok
20:59:04.0689 5216 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
20:59:04.0705 5216 KSecDD - ok
20:59:04.0720 5216 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
20:59:04.0720 5216 KSecPkg - ok
20:59:04.0751 5216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:59:04.0751 5216 ksthunk - ok
20:59:04.0814 5216 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:59:04.0814 5216 lltdio - ok
20:59:04.0861 5216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
20:59:04.0876 5216 LSI_FC - ok
20:59:04.0876 5216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
20:59:04.0876 5216 LSI_SAS - ok
20:59:04.0907 5216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
20:59:04.0907 5216 LSI_SAS2 - ok
20:59:04.0923 5216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
20:59:04.0923 5216 LSI_SCSI - ok
20:59:04.0939 5216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:59:04.0939 5216 luafv - ok
20:59:04.0985 5216 MBAMProtector - ok
20:59:05.0017 5216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
20:59:05.0017 5216 megasas - ok
20:59:05.0048 5216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
20:59:05.0048 5216 MegaSR - ok
20:59:05.0126 5216 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\windows\system32\5B2D.tmp
20:59:05.0126 5216 MEMSWEEP2 - ok
20:59:05.0141 5216 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:59:05.0141 5216 Modem - ok
20:59:05.0173 5216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:59:05.0173 5216 monitor - ok
20:59:05.0204 5216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:59:05.0219 5216 mouclass - ok
20:59:05.0235 5216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
20:59:05.0235 5216 mouhid - ok
20:59:05.0235 5216 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
20:59:05.0235 5216 mountmgr - ok
20:59:05.0297 5216 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
20:59:05.0297 5216 MpFilter - ok
20:59:05.0313 5216 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
20:59:05.0313 5216 mpio - ok
20:59:05.0329 5216 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
20:59:05.0329 5216 MpNWMon - ok
20:59:05.0344 5216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:59:05.0344 5216 mpsdrv - ok
20:59:05.0360 5216 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
20:59:05.0360 5216 MRxDAV - ok
20:59:05.0422 5216 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
20:59:05.0422 5216 mrxsmb - ok
20:59:05.0453 5216 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:59:05.0453 5216 mrxsmb10 - ok
20:59:05.0485 5216 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:59:05.0500 5216 mrxsmb20 - ok
20:59:05.0516 5216 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
20:59:05.0516 5216 msahci - ok
20:59:05.0531 5216 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
20:59:05.0531 5216 msdsm - ok
20:59:05.0578 5216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:59:05.0578 5216 Msfs - ok
20:59:05.0609 5216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:59:05.0609 5216 mshidkmdf - ok
20:59:05.0625 5216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
20:59:05.0625 5216 msisadrv - ok
20:59:05.0641 5216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:59:05.0641 5216 MSKSSRV - ok
20:59:05.0687 5216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:59:05.0687 5216 MSPCLOCK - ok
20:59:05.0703 5216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:59:05.0703 5216 MSPQM - ok
20:59:05.0734 5216 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
20:59:05.0734 5216 MsRPC - ok
20:59:05.0765 5216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:59:05.0765 5216 mssmbios - ok
20:59:05.0765 5216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:59:05.0765 5216 MSTEE - ok
20:59:05.0812 5216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
20:59:05.0812 5216 MTConfig - ok
20:59:05.0828 5216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:59:05.0828 5216 Mup - ok
20:59:05.0890 5216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:59:05.0890 5216 NativeWifiP - ok
20:59:05.0953 5216 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
20:59:05.0968 5216 NDIS - ok
20:59:06.0015 5216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:59:06.0015 5216 NdisCap - ok
20:59:06.0046 5216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:59:06.0046 5216 NdisTapi - ok
20:59:06.0062 5216 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
20:59:06.0062 5216 Ndisuio - ok
20:59:06.0093 5216 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
20:59:06.0093 5216 NdisWan - ok
20:59:06.0109 5216 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
20:59:06.0124 5216 NDProxy - ok
20:59:06.0140 5216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:59:06.0140 5216 NetBIOS - ok
20:59:06.0140 5216 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
20:59:06.0155 5216 NetBT - ok
20:59:06.0218 5216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
20:59:06.0218 5216 nfrd960 - ok
20:59:06.0249 5216 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
20:59:06.0249 5216 NisDrv - ok
20:59:06.0311 5216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:59:06.0311 5216 Npfs - ok
20:59:06.0327 5216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:59:06.0327 5216 nsiproxy - ok
20:59:06.0421 5216 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
20:59:06.0436 5216 Ntfs - ok
20:59:06.0467 5216 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:59:06.0467 5216 Null - ok
20:59:06.0499 5216 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
20:59:06.0514 5216 nvraid - ok
20:59:06.0530 5216 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
20:59:06.0530 5216 nvstor - ok
20:59:06.0561 5216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
20:59:06.0561 5216 nv_agp - ok
20:59:06.0577 5216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
20:59:06.0577 5216 ohci1394 - ok
20:59:06.0655 5216 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
20:59:06.0655 5216 Parport - ok
20:59:06.0686 5216 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
20:59:06.0686 5216 partmgr - ok
20:59:06.0701 5216 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
20:59:06.0701 5216 pci - ok
20:59:06.0717 5216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
20:59:06.0717 5216 pciide - ok
20:59:06.0748 5216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
20:59:06.0748 5216 pcmcia - ok
20:59:06.0748 5216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:59:06.0748 5216 pcw - ok
20:59:06.0779 5216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:59:06.0795 5216 PEAUTH - ok
20:59:06.0842 5216 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
20:59:06.0842 5216 PptpMiniport - ok
20:59:06.0857 5216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
20:59:06.0873 5216 Processor - ok
20:59:06.0889 5216 PROCEXP151 - ok
20:59:06.0920 5216 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
20:59:06.0920 5216 Psched - ok
20:59:06.0982 5216 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
20:59:06.0982 5216 PxHlpa64 - ok
20:59:07.0060 5216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
20:59:07.0076 5216 ql2300 - ok
20:59:07.0107 5216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
20:59:07.0107 5216 ql40xx - ok
20:59:07.0123 5216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:59:07.0123 5216 QWAVEdrv - ok
20:59:07.0154 5216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:59:07.0154 5216 RasAcd - ok
20:59:07.0201 5216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:59:07.0216 5216 RasAgileVpn - ok
20:59:07.0247 5216 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
20:59:07.0247 5216 Rasl2tp - ok
20:59:07.0263 5216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:59:07.0263 5216 RasPppoe - ok
20:59:07.0279 5216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:59:07.0279 5216 RasSstp - ok
20:59:07.0279 5216 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
20:59:07.0294 5216 rdbss - ok
20:59:07.0325 5216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
20:59:07.0325 5216 rdpbus - ok
20:59:07.0357 5216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:59:07.0357 5216 RDPCDD - ok
20:59:07.0372 5216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:59:07.0372 5216 RDPENCDD - ok
20:59:07.0388 5216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:59:07.0388 5216 RDPREFMP - ok
20:59:07.0419 5216 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
20:59:07.0419 5216 RDPWD - ok
20:59:07.0466 5216 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
20:59:07.0466 5216 rdyboost - ok
20:59:07.0513 5216 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
20:59:07.0513 5216 RFCOMM - ok
20:59:07.0559 5216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:59:07.0575 5216 rspndr - ok
20:59:07.0653 5216 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
20:59:07.0653 5216 RSUSBSTOR - ok
20:59:07.0684 5216 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
20:59:07.0684 5216 RTL8167 - ok
20:59:07.0700 5216 SAVRKBootTasks - ok
20:59:07.0731 5216 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
20:59:07.0731 5216 sbp2port - ok
20:59:07.0747 5216 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
20:59:07.0747 5216 scfilter - ok
20:59:07.0793 5216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:59:07.0793 5216 secdrv - ok
20:59:07.0840 5216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
20:59:07.0840 5216 Serenum - ok
20:59:07.0856 5216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
20:59:07.0871 5216 Serial - ok
20:59:07.0887 5216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
20:59:07.0903 5216 sermouse - ok
20:59:07.0918 5216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
20:59:07.0918 5216 sffdisk - ok
20:59:07.0949 5216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
20:59:07.0949 5216 sffp_mmc - ok
20:59:07.0965 5216 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
20:59:07.0965 5216 sffp_sd - ok
20:59:07.0981 5216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
20:59:07.0981 5216 sfloppy - ok
20:59:08.0012 5216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
20:59:08.0012 5216 SiSRaid2 - ok
20:59:08.0027 5216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
20:59:08.0027 5216 SiSRaid4 - ok
20:59:08.0043 5216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:59:08.0043 5216 Smb - ok
20:59:08.0090 5216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:59:08.0090 5216 spldr - ok
20:59:08.0137 5216 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
20:59:08.0152 5216 srv - ok
20:59:08.0168 5216 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
20:59:08.0168 5216 srv2 - ok
20:59:08.0183 5216 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
20:59:08.0183 5216 srvnet - ok
20:59:08.0230 5216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
20:59:08.0230 5216 stexstor - ok
20:59:08.0293 5216 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\windows\system32\DRIVERS\stwrt64.sys
20:59:08.0293 5216 STHDA - ok
20:59:08.0324 5216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:59:08.0324 5216 swenum - ok
20:59:08.0417 5216 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
20:59:08.0449 5216 Tcpip - ok
20:59:08.0573 5216 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
20:59:08.0573 5216 TCPIP6 - ok
20:59:08.0807 5216 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
20:59:08.0823 5216 tcpipreg - ok
20:59:08.0839 5216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:59:08.0839 5216 TDPIPE - ok
20:59:08.0870 5216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
20:59:08.0870 5216 TDTCP - ok
20:59:08.0885 5216 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
20:59:08.0885 5216 tdx - ok
20:59:08.0901 5216 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
20:59:08.0901 5216 TermDD - ok
20:59:08.0932 5216 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
20:59:08.0932 5216 tssecsrv - ok
20:59:08.0963 5216 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
20:59:08.0979 5216 TsUsbFlt - ok
20:59:08.0995 5216 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
20:59:08.0995 5216 TsUsbGD - ok
20:59:09.0010 5216 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
20:59:09.0010 5216 tunnel - ok
20:59:09.0026 5216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
20:59:09.0026 5216 uagp35 - ok
20:59:09.0057 5216 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
20:59:09.0057 5216 udfs - ok
20:59:09.0104 5216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
20:59:09.0104 5216 uliagpkx - ok
20:59:09.0135 5216 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
20:59:09.0135 5216 umbus - ok
20:59:09.0151 5216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
20:59:09.0151 5216 UmPass - ok
20:59:09.0182 5216 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
20:59:09.0182 5216 usbccgp - ok
20:59:09.0213 5216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
20:59:09.0213 5216 usbcir - ok
20:59:09.0229 5216 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
20:59:09.0229 5216 usbehci - ok
20:59:09.0260 5216 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
20:59:09.0260 5216 usbhub - ok
20:59:09.0275 5216 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
20:59:09.0291 5216 usbohci - ok
20:59:09.0307 5216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:59:09.0307 5216 usbprint - ok
20:59:09.0322 5216 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:59:09.0322 5216 USBSTOR - ok
20:59:09.0369 5216 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
20:59:09.0369 5216 usbuhci - ok
20:59:09.0400 5216 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
20:59:09.0400 5216 usbvideo - ok
20:59:09.0431 5216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
20:59:09.0431 5216 vdrvroot - ok
20:59:09.0463 5216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:59:09.0463 5216 vga - ok
20:59:09.0463 5216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:59:09.0463 5216 VgaSave - ok
20:59:09.0494 5216 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
20:59:09.0494 5216 vhdmp - ok
20:59:09.0509 5216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:59:09.0509 5216 viaide - ok
20:59:09.0541 5216 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
20:59:09.0541 5216 volmgr - ok
20:59:09.0541 5216 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
20:59:09.0556 5216 volmgrx - ok
20:59:09.0603 5216 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
20:59:09.0619 5216 volsnap - ok
20:59:09.0634 5216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
20:59:09.0634 5216 vsmraid - ok
20:59:09.0665 5216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:59:09.0665 5216 vwifibus - ok
20:59:09.0697 5216 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:59:09.0697 5216 vwififlt - ok
20:59:09.0728 5216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
20:59:09.0728 5216 WacomPen - ok
20:59:09.0759 5216 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:59:09.0759 5216 WANARP - ok
20:59:09.0759 5216 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:59:09.0759 5216 Wanarpv6 - ok
20:59:09.0806 5216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
20:59:09.0806 5216 Wd - ok
20:59:09.0837 5216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:59:09.0853 5216 Wdf01000 - ok
20:59:09.0899 5216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:59:09.0899 5216 WfpLwf - ok
20:59:09.0931 5216 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
20:59:09.0931 5216 WimFltr - ok
20:59:09.0946 5216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:59:09.0946 5216 WIMMount - ok
20:59:09.0993 5216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:59:09.0993 5216 WmiAcpi - ok
20:59:10.0040 5216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:59:10.0040 5216 ws2ifsl - ok
20:59:10.0055 5216 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
20:59:10.0055 5216 WudfPf - ok
20:59:10.0087 5216 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
20:59:10.0087 5216 WUDFRd - ok
20:59:10.0118 5216 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:59:10.0165 5216 \Device\Harddisk0\DR0 - ok
20:59:10.0180 5216 Boot (0x1200) (17e6064b18aa88ed8319b3238fe06a25) \Device\Harddisk0\DR0\Partition0
20:59:10.0180 5216 \Device\Harddisk0\DR0\Partition0 - ok
20:59:10.0196 5216 Boot (0x1200) (723ffebde086355ce5f5c8e20d4fdb4a) \Device\Harddisk0\DR0\Partition1
20:59:10.0196 5216 \Device\Harddisk0\DR0\Partition1 - ok
20:59:10.0196 5216 ============================================================
20:59:10.0196 5216 Scan finished
20:59:10.0196 5216 ============================================================
20:59:10.0196 5208 Detected object count: 0
20:59:10.0196 5208 Actual detected object count: 0
20:59:23.0986 4784 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:03 PM

Posted 26 January 2012 - 11:13 PM

Hello

How are things doing now?



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:03 AM

Posted 27 January 2012 - 02:08 AM

Redirects seem to be eliminated. Can I install another browser (FF, Chrome) in order to test them?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:03 PM

Posted 27 January 2012 - 02:12 AM

Hello


Redirects seem to be eliminated. Can I install another browser (FF, Chrome) in order to test them?
yes you can


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:03 AM

Posted 27 January 2012 - 02:20 AM

ComboFix 12-01-26.03 - Chance 01/27/2012 0:10.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2678 [GMT -7:00]
Running from: c:\users\Chance\Desktop\ComboFix.exe
Command switches used :: c:\users\Chance\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\6305a029-cca8-4f63-a756-55a8f8892c65.dll
c:\programdata\PCDr\5907\Downloads\82c29976-999d-4c8f-bac9-590e78eef64b.dll
c:\programdata\PCDr\5907\Downloads\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\5907\Downloads\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2012-01-27 07:15 . 2012-01-27 07:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-26 23:23 . 2012-01-26 23:23 -------- d-----w- c:\users\Chance\AppData\Local\ElevatedDiagnostics
2012-01-26 15:13 . 2012-01-06 04:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{373791BD-2A7A-4FFC-9560-7C93226A7BE6}\mpengine.dll
2012-01-23 16:22 . 2012-01-23 16:22 -------- d-----w- c:\program files\iTunes
2012-01-23 16:22 . 2012-01-23 16:22 -------- d-----w- c:\program files\iPod
2012-01-23 16:22 . 2012-01-23 16:22 -------- d-----w- c:\program files (x86)\iTunes
2012-01-23 16:16 . 2012-01-23 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-23 16:16 . 2012-01-23 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-23 16:16 . 2012-01-23 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-23 16:16 . 2012-01-23 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-23 16:16 . 2012-01-23 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-23 16:16 . 2012-01-23 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-23 16:16 . 2012-01-23 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-01-23 16:16 . 2012-01-23 16:16 -------- d-----w- c:\program files (x86)\QuickTime
2012-01-23 16:15 . 2012-01-23 16:15 -------- d-----w- c:\program files (x86)\Safari
2012-01-23 13:11 . 2012-01-06 04:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-23 13:00 . 2011-05-12 21:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-01-20 23:13 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\5B2D.tmp
2012-01-20 23:13 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\EADD.tmp
2012-01-20 23:13 . 2012-01-20 23:13 -------- d-----w- c:\program files (x86)\Sophos
2012-01-20 20:44 . 2012-01-20 20:44 -------- d-----w- c:\users\Chance\AppData\Roaming\Malwarebytes
2012-01-20 20:44 . 2012-01-20 20:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-20 20:44 . 2012-01-20 20:44 -------- d-----w- c:\programdata\Malwarebytes
2012-01-19 03:04 . 2012-01-19 03:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-19 02:45 . 2012-01-19 02:45 -------- d-----w- c:\program files (x86)\Java
2012-01-18 23:21 . 2012-01-18 23:21 -------- d-----w- c:\windows\SysWow64\Adobe
2012-01-18 23:21 . 2012-01-18 23:21 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-01-18 23:18 . 2012-01-18 23:18 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0376F99-5B05-4C79-89CC-741AC8AD8C27}\gapaengine.dll
2012-01-18 23:16 . 2012-01-18 23:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-01-18 23:16 . 2012-01-18 23:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-18 21:38 . 2012-01-18 21:38 -------- d-----w- c:\windows\system32\Macromed
2012-01-18 15:18 . 2012-01-18 15:18 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-18 15:18 . 2012-01-18 15:18 -------- d-----w- c:\programdata\HitmanPro
2012-01-18 14:11 . 2012-01-18 21:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-18 14:04 . 2012-01-18 14:04 -------- d-----w- c:\users\Chance\AppData\Local\Mozilla
2012-01-17 19:06 . 2011-11-30 09:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72CAC59F-5564-4BBA-9D6C-D6A75409CB72}\mpengine.dll
2012-01-17 12:34 . 2012-01-17 12:34 -------- d-----w- c:\program files\CCleaner
2012-01-17 01:43 . 2012-01-20 21:48 -------- d-----w- c:\users\Chance\AppData\Local\Google
2012-01-17 01:41 . 2012-01-17 01:41 -------- d-----w- c:\users\Chance\AppData\Local\Apps
2012-01-17 01:41 . 2012-01-17 01:43 -------- d-----w- c:\users\Chance\AppData\Local\Deployment
2012-01-17 01:38 . 2012-01-17 01:38 -------- d-----w- C:\TrustedID IDMonitor Identity Protection
2012-01-11 04:01 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 04:01 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 04:01 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 04:01 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 04:01 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 04:01 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 04:01 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 04:01 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-09 03:32 . 2012-01-09 03:32 -------- d-----w- c:\users\Chance\AppData\Local\V-Safe 100
2012-01-08 23:13 . 2012-01-08 23:13 -------- d-----w- c:\users\Chance\AppData\Roaming\Roxio Burn
2012-01-01 19:44 . 2012-01-01 19:44 -------- d-----w- C:\FIND_EULA_PATH
2012-01-01 19:44 . 2012-01-01 19:44 -------- d-----w- c:\program files (x86)\Dell Touch Software Suite
2011-12-31 00:27 . 2012-01-18 23:21 -------- d-----w- c:\users\Chance\AppData\Local\Adobe
2011-12-29 01:24 . 2011-12-29 01:24 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-12-29 01:22 . 2011-12-29 01:22 -------- d-----w- c:\users\Chance\My Backup Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 02:45 . 2011-11-08 12:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-19 02:39 . 2011-11-08 12:37 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-04 09:26 . 2010-11-21 03:27 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-25 16:08 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-24 04:52 . 2011-12-27 03:14 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 12:38 . 2011-11-08 12:38 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-08 12:38 . 2011-11-08 12:38 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-08 12:38 . 2011-11-08 12:38 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-11-08 12:38 . 2011-11-08 12:38 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-11-08 12:38 . 2011-11-08 12:38 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-08 12:38 . 2011-11-08 12:38 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-11-08 12:38 . 2011-11-08 12:38 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-08 12:38 . 2011-11-08 12:38 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-11-08 12:38 . 2011-11-08 12:38 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-11-08 12:38 . 2011-11-08 12:38 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-11-08 12:38 . 2011-11-08 12:38 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-11-08 12:38 . 2011-11-08 12:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-11-08 12:38 . 2011-11-08 12:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-08 12:38 . 2011-11-08 12:38 448512 ----a-w- c:\windows\system32\html.iec
2011-11-08 12:38 . 2011-11-08 12:38 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-11-08 12:38 . 2011-11-08 12:38 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-11-08 12:38 . 2011-11-08 12:38 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-11-08 12:38 . 2011-11-08 12:38 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-08 12:38 . 2011-11-08 12:38 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-08 12:38 . 2011-11-08 12:38 222208 ----a-w- c:\windows\system32\msls31.dll
2011-11-08 12:38 . 2011-11-08 12:38 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-08 12:38 . 2011-11-08 12:38 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-11-08 12:38 . 2011-11-08 12:38 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-08 12:38 . 2011-11-08 12:38 160256 ----a-w- c:\windows\system32\wextract.exe
2011-11-08 12:38 . 2011-11-08 12:38 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-11-08 12:38 . 2011-11-08 12:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-11-08 12:38 . 2011-11-08 12:38 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-11-08 12:38 . 2011-11-08 12:38 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-08 12:38 . 2011-11-08 12:38 12288 ----a-w- c:\windows\system32\mshta.exe
2011-11-08 12:38 . 2011-11-08 12:38 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-11-08 12:38 . 2011-11-08 12:38 114176 ----a-w- c:\windows\system32\admparse.dll
2011-11-08 12:38 . 2011-11-08 12:38 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-08 12:38 . 2011-11-08 12:38 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-11-08 12:38 . 2011-11-08 12:38 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-05 05:32 . 2011-12-27 03:13 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-27 03:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-27 16:47 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-27 16:47 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-27 16:47 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-27 16:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-27 16:47 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-27 16:47 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-27 16:47 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-27 16:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_15.48.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-26 15:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-27 07:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-26 15:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-27 07:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-26 15:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-27 07:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-01-27 07:06 42044 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-27 07:06 38762 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-26 01:57 . 2012-01-27 07:06 7160 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2891026661-2126742661-1277855032-1000_UserData.bin
- 2012-01-26 15:02 . 2012-01-26 15:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-27 07:04 . 2012-01-27 07:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-26 15:02 . 2012-01-26 15:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-27 07:04 . 2012-01-27 07:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-26 01:48 . 2012-01-26 23:10 478280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-26 01:48 . 2012-01-23 13:00 478280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-01-23 18:26 424464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-27 04:05 424464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-26 01:48 . 2012-01-27 04:05 7022048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2891026661-2126742661-1277855032-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\5B2D.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-02 2533400]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 216.129.224.49 216.220.0.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5B2D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-27 00:16:36
ComboFix-quarantined-files.txt 2012-01-27 07:16
ComboFix2.txt 2012-01-26 16:04
ComboFix3.txt 2012-01-17 16:48
.
Pre-Run: 584,339,787,776 bytes free
Post-Run: 584,262,864,896 bytes free
.
- - End Of File - - DE0B416661BD277B4BCB66725C3BA5E6

#12 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:03 AM

Posted 27 January 2012 - 02:31 AM

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chance :: CHANCE-PC [administrator]

Protection: Disabled

1/27/2012 12:28:04 AM
mbam-log-2012-01-27 (00-28-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 180890
Time elapsed: 2 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:03 PM

Posted 27 January 2012 - 02:54 AM

Let me have the hijackthis report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:03 AM

Posted 27 January 2012 - 02:18 PM

Gringo...haven't had a chance to run HiJack This yet...will do in the next hour or two. Thanks for the help thus far!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:03 PM

Posted 27 January 2012 - 03:20 PM

no problem


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users