Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 Home Security 2012 Virus Partially Removed


  • This topic is locked This topic is locked
33 replies to this topic

#1 SaphicDrmr

SaphicDrmr

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 27 January 2012 - 12:29 PM

Hi There,

I hope I've got what you need here. I was able to partially remove the Win 7 Home Security 2012 Virus, but don't think I got it all because I had to do it manually. My MBAM, and none of the other Antimal software apps I installed, would update. The reason I say partially is because I've been left with a computer on which my search results redirect when I click on them and most of my onboard programs will not connect with the internet even though I have a connection. I've tried updating MBAM, going to the iTunes store and one or two others. I have not attached the GMER log because I'm running Windows 7 64-bit and the link said it's only for 32-bit.

Hope this everything you need to help me.

Attached File  Attach.zip   5.19KB   0 downloads
Attached File  DDS.txt   26.46KB   0 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 AM

Posted 30 January 2012 - 02:33 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 SaphicDrmr

SaphicDrmr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 30 January 2012 - 11:11 AM

Hi,

I didn't have any problems running ComboFix. The computer is running the same: no internet access for onboard programs and search engine results are redirecting.

Sher

Attached File  ComboFix.tx.txt   33.76KB   1 downloads

ComboFix 12-01-30.02 - Sher 01/30/2012 7:49.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2320 [GMT -7:00]
Running from: c:\users\Sher\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-02-05 01:06 . 2012-01-22 14:23 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-05 01:06 . 2011-10-05 00:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{899BDCA9-9FAC-4C04-B026-6CF0864FCBA6}\gapaengine.dll
2012-01-30 15:22 . 2012-01-30 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-30 03:39 . 2012-01-06 04:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2711CD4-9A22-411E-8F4B-FE5FE0BA1B42}\mpengine.dll
2012-01-29 01:42 . 2012-01-29 01:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-28 20:43 . 2010-11-09 20:56 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-28 20:43 . 2010-11-09 20:56 27472 ----a-w- c:\windows\system32\sbbd.exe
2012-01-28 20:43 . 2012-01-29 00:55 -------- d-----w- C:\VIPRERESCUE
2012-01-27 04:08 . 2012-01-27 04:08 -------- d-----w- c:\users\Sher\AppData\Roaming\Malwarebytes
2012-01-27 04:03 . 2012-01-27 04:03 -------- d-----w- c:\programdata\Malwarebytes
2012-01-27 04:03 . 2012-01-27 15:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-24 03:17 . 2012-01-06 04:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-23 03:01 . 2012-01-23 03:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-22 14:23 . 2012-01-23 04:10 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-01-22 14:23 . 2012-01-23 04:10 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-22 07:09 . 2012-01-22 07:09 -------- d-----w- c:\users\Sher\AppData\Local\Google
2012-01-19 01:33 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-17 03:41 . 2012-01-23 02:55 -------- d-----w- c:\users\Sher\AppData\Roaming\SUPERAntiSpyware.com
2012-01-15 19:45 . 2012-01-16 13:29 -------- d-----w- c:\users\Sher\AppData\Roaming\Umzu
2012-01-15 19:45 . 2012-01-15 19:48 -------- d-----w- c:\users\Sher\AppData\Roaming\Eptodor
2012-01-15 19:45 . 2012-01-23 04:09 -------- d-----w- c:\users\Sher\AppData\Roaming\Xeafyfb
2012-01-15 19:45 . 2012-01-15 21:52 -------- d-----w- c:\users\Sher\AppData\Roaming\Kii
2012-01-15 16:52 . 2012-01-15 16:52 -------- d-----w- c:\users\Sher\AppData\Local\Apps
2012-01-15 16:21 . 2012-01-15 16:21 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-01-15 16:20 . 2011-12-31 00:02 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-01-11 16:25 . 2012-01-11 16:25 -------- d-----we c:\windows\system64
2012-01-11 15:29 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 15:29 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 15:29 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 15:29 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 15:29 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 15:29 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 15:28 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 15:28 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 01:02 . 2012-01-22 20:32 -------- d-----w- c:\programdata\RegAce
2012-01-11 01:02 . 2012-01-22 20:32 -------- d-----w- c:\windows\RegAce
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 14:27 . 2010-06-22 18:57 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-01-21 16:56 . 2011-08-06 13:14 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-21 16:55 . 2011-11-03 03:39 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-01-21 16:55 . 2011-11-03 03:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-01-21 16:55 . 2011-11-03 03:39 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-01-19 00:53 . 2011-10-14 01:48 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-01-19 00:53 . 2011-08-06 13:14 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-19 00:53 . 2011-08-06 13:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-17 00:49 . 2011-08-06 13:14 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-04 09:26 . 2010-06-23 12:31 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-11-25 08:28 . 2011-11-25 08:28 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:52 . 2011-12-14 21:45 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:32 . 2011-12-14 21:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 21:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-27_16.14.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-23 18:10 . 2012-01-29 03:35 76790 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-30 14:30 47726 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-23 18:00 . 2012-01-30 14:30 20608 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-442393386-697873805-276909878-1000_UserData.bin
+ 2012-01-28 20:43 . 2010-11-09 20:56 27472 c:\windows\system64\sbbd.exe
+ 2012-01-28 20:43 . 2010-11-09 20:56 49752 c:\windows\system64\drivers\SBREDrv.sys
+ 2010-06-23 17:05 . 2012-01-28 02:45 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-23 17:05 . 2012-01-26 01:52 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-23 17:05 . 2012-01-26 01:52 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-28 00:52 . 2012-01-28 02:45 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-28 02:45 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-26 01:52 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-22 18:57 . 2012-01-30 14:27 45056 c:\windows\system64\acovcnt.exe
- 2010-06-22 18:57 . 2012-01-27 04:07 45056 c:\windows\system64\acovcnt.exe
+ 2010-06-23 18:10 . 2012-01-29 03:35 76790 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-30 14:30 47726 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-23 18:00 . 2012-01-30 14:30 20608 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-442393386-697873805-276909878-1000_UserData.bin
+ 2010-06-23 17:05 . 2012-01-28 02:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-23 17:05 . 2012-01-26 01:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-28 00:52 . 2012-01-28 02:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-23 17:05 . 2012-01-26 01:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-28 02:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-26 01:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-23 17:59 . 2012-01-22 10:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-23 17:59 . 2012-01-28 00:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-22 05:14 . 2012-01-28 00:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-22 05:14 . 2012-01-22 10:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-22 05:14 . 2012-01-28 00:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-01-22 05:14 . 2012-01-22 10:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-01-22 05:14 . 2012-01-22 10:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-01-22 05:14 . 2012-01-28 00:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2010-06-23 17:59 . 2012-01-22 10:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-23 17:59 . 2012-01-28 00:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-23 17:59 . 2012-01-28 00:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-23 17:59 . 2012-01-22 10:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-23 17:59 . 2012-01-22 18:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-23 17:59 . 2012-01-28 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-23 17:59 . 2012-01-28 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-23 17:59 . 2012-01-22 18:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-27 04:07 . 2012-01-27 04:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-29 03:32 . 2012-01-30 14:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-29 03:32 . 2012-01-30 14:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-27 04:07 . 2012-01-27 04:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-29 01:42 . 2012-01-29 01:42 243360 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10y_ActiveX.exe
+ 2012-01-29 01:42 . 2012-01-29 01:42 328864 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10y_ActiveX.dll
- 2009-07-14 04:54 . 2012-02-05 00:54 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-28 00:51 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 02:19 . 2012-01-28 00:20 329552 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:12 . 2012-01-22 14:15 262144 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-01-28 01:06 262144 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-09-15 02:19 . 2012-01-28 00:20 329552 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:12 . 2012-01-22 14:15 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-01-28 01:06 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:46 . 2012-01-28 19:31 100088 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-01-29 03:08 412384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-27 04:06 412384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-05 00:54 3063808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-28 00:51 3063808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-05 00:54 4784128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-28 00:51 4784128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:45 . 2012-01-28 01:22 7138719 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-01-23 04:18 7138719 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-16 00:57 . 2012-01-29 03:08 4880990 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-442393386-697873805-276909878-1000-12288.dat
- 2009-07-14 02:34 . 2012-01-22 18:20 10747904 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-01-28 01:18 10747904 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-01-28 01:18 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-01-22 18:20 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-03-24 02:56 . 2012-01-29 03:08 19055896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-442393386-697873805-276909878-1000-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Freecorder\prxtbFre2.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files (x86)\BitTorrent\bittorrent.exe" [2011-04-27 400760]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2008-10-01 1126400]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2010-06-22 47672]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2010-06-22 33136]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"Flash Map Utility"="c:\program files (x86)\Flash Map\DongleNAS.exe" [2008-11-22 278528]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"AdobeVersionCue"="c:\program files (x86)\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1732608]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"MioNet"="c:\program files (x86)\MioNet\MioNetLauncher.exe" [2010-02-09 32768]
"EPSON_UD_START"="c:\program files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" [2009-04-16 329632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"WD Anywhere Backup"="c:\program files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-11-13 222432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-15 110592]
Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-29 1026088]
EFI Hot Folders.lnk - c:\program files (x86)\Fiery\HotFolder\hffw.exe [2011-6-2 1458176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-22 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-22 79360]
R3 EraserUtilDrv10741;EraserUtilDrv10741;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [x]
R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys [x]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\DRIVERS\lvsels64.sys [x]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MioNet;MioNet;c:\program files (x86)\MioNet\MioNetManager.exe [2010-02-09 139264]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 Amdsercy;Amdsercy; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 EFI ES1000;EFI ES1000;c:\program files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [2007-04-25 9216]
S2 EMP_QWSA;EMP_QWSA;c:\program files (x86)\EPSON Projector\Quick Wireless Connection V1.26\EMP_QWSA.exe [2010-12-20 102400]
S2 EMP_UDSA;EMP_UDSA;c:\program files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2009-04-16 98304]
S2 Fiery Bridge Mailbox Synchronization;Fiery Bridge Mailbox Synchronization;c:\program files (x86)\Fiery\Fiery Bridge\x86\MailboxSyncService.exe [2008-08-05 94208]
S2 FMAuditOnsite;FMAudit Onsite;c:\program files (x86)\FMAuditOnsite\fmaonsite.exe [2012-01-11 55376]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2009-11-13 25824]
S3 EPPVADQW_simple;EPSON Projector QW Audio Device;c:\windows\system32\drivers\EMP_QWAU.sys [x]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-06 7751712]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-06 1833504]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"lxdjamon"="c:\program files (x86)\Lexmark 1400 Series\lxdjamon.exe" [2009-04-27 25256]
"LXDJCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXDJtime.dll" [2007-04-13 29696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 16330272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.45 192.168.0.44
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
FF - ProfilePath - c:\users\Sher\AppData\Roaming\Mozilla\Firefox\Profiles\p6tcjfei.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f9,7f,5a,48,37,fa,cb,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,15,ff,85,1d,5a,dd,07,4e,93,43,57,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,15,ff,85,1d,5a,dd,07,4e,93,43,57,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-30 08:48:06
ComboFix-quarantined-files.txt 2012-01-30 15:47
ComboFix2.txt 2012-01-22 23:49
ComboFix3.txt 2012-01-22 20:27
ComboFix4.txt 2012-01-16 14:42
ComboFix5.txt 2012-01-27 15:27
.
Pre-Run: 141,301,633,024 bytes free
Post-Run: 140,782,211,072 bytes free
.
- - End Of File - - 21F93B41D10F93F2B78C588A2EB52C9C

Edited by gringo_pr, 30 January 2012 - 12:30 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 AM

Posted 30 January 2012 - 12:31 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 SaphicDrmr

SaphicDrmr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 30 January 2012 - 12:43 PM

TDSSKiller would not run under either its original name or an alias. I made sure to run it as administrator and also attempted to run it in both normal and safe mode. No luck.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 AM

Posted 30 January 2012 - 12:59 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 SaphicDrmr

SaphicDrmr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 30 January 2012 - 01:19 PM

I ran fixTDSS and it came back with "infected MBR detected" so I told it to repair it. It came back with "repair successful" so I restarted my computer...which will now not launch windows. I'm currently doing a startup repair, which has been unsuccessful once, but I thought I'd try it again.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 AM

Posted 30 January 2012 - 02:48 PM

Hello

I want you to boot up the computer again by pressing F10

when you get to the boot edit screen i want you to remove the part in red

NOEXECUTE=OPTIN /minint
restart the computer and when you get back into windows

I want you to click on the start orb

in the search field I want you to type CMD

right click on CMD and select run as admin

In the window that opens copy and paste

bcdedit /set {current} winpe no
Press enter

restart the computer and see if it boots normally now

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 SaphicDrmr

SaphicDrmr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 30 January 2012 - 03:14 PM

That took care of it. Booted up fine. Should I go ahead and run TDSSkiller now?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 AM

Posted 30 January 2012 - 04:07 PM

yes run tdss now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 SaphicDrmr

SaphicDrmr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 30 January 2012 - 05:18 PM

Contents of TDSSKiller Log:

15:15:45.0454 2760 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
15:15:45.0469 2760 ============================================================
15:15:45.0469 2760 Current date / time: 2012/01/30 15:15:45.0469
15:15:45.0469 2760 SystemInfo:
15:15:45.0469 2760
15:15:45.0469 2760 OS Version: 6.1.7601 ServicePack: 1.0
15:15:45.0469 2760 Product type: Workstation
15:15:45.0469 2760 ComputerName: SARASVATI
15:15:45.0469 2760 UserName: Sher
15:15:45.0469 2760 Windows directory: C:\Windows
15:15:45.0469 2760 System windows directory: C:\Windows
15:15:45.0469 2760 Running under WOW64
15:15:45.0469 2760 Processor architecture: Intel x64
15:15:45.0469 2760 Number of processors: 4
15:15:45.0469 2760 Page size: 0x1000
15:15:45.0469 2760 Boot type: Normal boot
15:15:45.0469 2760 ============================================================
15:15:46.0515 2760 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:15:46.0717 2760 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
15:15:46.0795 2760 \Device\Harddisk0\DR0:
15:15:46.0795 2760 MBR used
15:15:46.0795 2760 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
15:15:46.0795 2760 \Device\Harddisk1\DR1:
15:15:46.0795 2760 MBR used
15:15:46.0795 2760 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
15:15:46.0858 2760 Initialize success
15:15:46.0858 2760 ============================================================
15:15:51.0039 3176 ============================================================
15:15:51.0039 3176 Scan started
15:15:51.0039 3176 Mode: Manual;
15:15:51.0039 3176 ============================================================
15:15:51.0585 3176 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:15:51.0600 3176 1394ohci - ok
15:15:51.0647 3176 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:15:51.0647 3176 ACPI - ok
15:15:51.0694 3176 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:15:51.0709 3176 AcpiPmi - ok
15:15:51.0772 3176 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:15:51.0787 3176 adp94xx - ok
15:15:51.0834 3176 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:15:51.0850 3176 adpahci - ok
15:15:51.0897 3176 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:15:51.0912 3176 adpu320 - ok
15:15:52.0006 3176 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:15:52.0006 3176 AFD - ok
15:15:52.0068 3176 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:15:52.0084 3176 agp440 - ok
15:15:52.0146 3176 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:15:52.0146 3176 aliide - ok
15:15:52.0224 3176 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:15:52.0240 3176 amdide - ok
15:15:52.0302 3176 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:15:52.0318 3176 AmdK8 - ok
15:15:52.0365 3176 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:15:52.0380 3176 AmdPPM - ok
15:15:52.0443 3176 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:15:52.0458 3176 amdsata - ok
15:15:52.0505 3176 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:15:52.0521 3176 amdsbs - ok
15:15:52.0552 3176 Amdsercy - ok
15:15:52.0630 3176 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:15:52.0630 3176 amdxata - ok
15:15:52.0677 3176 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:15:52.0692 3176 AppID - ok
15:15:52.0755 3176 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:15:52.0770 3176 arc - ok
15:15:52.0817 3176 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:15:52.0817 3176 arcsas - ok
15:15:52.0848 3176 AsDsm (7c00a16745957b42ae47b8a47e33a2c3) C:\Windows\system32\drivers\AsDsm.sys
15:15:52.0848 3176 AsDsm - ok
15:15:52.0973 3176 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
15:15:52.0973 3176 ASMMAP64 - ok
15:15:53.0051 3176 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:15:53.0051 3176 AsyncMac - ok
15:15:53.0113 3176 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:15:53.0129 3176 atapi - ok
15:15:53.0176 3176 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
15:15:53.0238 3176 athr - ok
15:15:53.0301 3176 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:15:53.0316 3176 b06bdrv - ok
15:15:53.0379 3176 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:15:53.0394 3176 b57nd60a - ok
15:15:53.0457 3176 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:15:53.0472 3176 Beep - ok
15:15:53.0550 3176 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:15:53.0566 3176 blbdrive - ok
15:15:53.0613 3176 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:15:53.0628 3176 bowser - ok
15:15:53.0675 3176 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:15:53.0675 3176 BrFiltLo - ok
15:15:53.0737 3176 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:15:53.0737 3176 BrFiltUp - ok
15:15:53.0784 3176 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:15:53.0800 3176 BridgeMP - ok
15:15:53.0862 3176 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:15:53.0878 3176 Brserid - ok
15:15:53.0909 3176 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:15:53.0909 3176 BrSerWdm - ok
15:15:53.0956 3176 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:15:53.0956 3176 BrUsbMdm - ok
15:15:53.0987 3176 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:15:54.0003 3176 BrUsbSer - ok
15:15:54.0065 3176 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:15:54.0081 3176 BthEnum - ok
15:15:54.0112 3176 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:15:54.0112 3176 BTHMODEM - ok
15:15:54.0159 3176 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:15:54.0174 3176 BthPan - ok
15:15:54.0221 3176 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:15:54.0237 3176 BTHPORT - ok
15:15:54.0315 3176 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:15:54.0330 3176 BTHUSB - ok
15:15:54.0377 3176 btwaudio (162e149abd1d36a4a8b05a06f3f48e79) C:\Windows\system32\drivers\btwaudio.sys
15:15:54.0408 3176 btwaudio - ok
15:15:54.0455 3176 btwavdt (8964a01861b2539160dc8fe72b400e39) C:\Windows\system32\drivers\btwavdt.sys
15:15:54.0471 3176 btwavdt - ok
15:15:54.0533 3176 btwl2cap (fda1b5124e07003c3d0d279e5050485e) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:15:54.0549 3176 btwl2cap - ok
15:15:54.0611 3176 btwrchid (387fc34f3488aca2a16394cd7421e7a0) C:\Windows\system32\DRIVERS\btwrchid.sys
15:15:54.0627 3176 btwrchid - ok
15:15:54.0736 3176 catchme - ok
15:15:54.0783 3176 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:15:54.0798 3176 cdfs - ok
15:15:54.0845 3176 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:15:54.0861 3176 cdrom - ok
15:15:54.0892 3176 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:15:54.0892 3176 circlass - ok
15:15:54.0954 3176 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:15:54.0970 3176 CLFS - ok
15:15:55.0032 3176 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:15:55.0048 3176 CmBatt - ok
15:15:55.0110 3176 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:15:55.0110 3176 cmdide - ok
15:15:55.0173 3176 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:15:55.0188 3176 CNG - ok
15:15:55.0204 3176 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:15:55.0204 3176 Compbatt - ok
15:15:55.0266 3176 CompFilter64 (41f879d9d141cdce729d87ba0e95f731) C:\Windows\system32\DRIVERS\lvbflt64.sys
15:15:55.0282 3176 CompFilter64 - ok
15:15:55.0360 3176 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:15:55.0360 3176 CompositeBus - ok
15:15:55.0407 3176 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:15:55.0422 3176 crcdisk - ok
15:15:55.0485 3176 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:15:55.0516 3176 DfsC - ok
15:15:55.0563 3176 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:15:55.0563 3176 discache - ok
15:15:55.0625 3176 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:15:55.0625 3176 Disk - ok
15:15:55.0672 3176 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:15:55.0687 3176 drmkaud - ok
15:15:55.0765 3176 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:15:55.0765 3176 dtsoftbus01 - ok
15:15:55.0828 3176 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:15:55.0859 3176 DXGKrnl - ok
15:15:55.0999 3176 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:15:56.0124 3176 ebdrv - ok
15:15:56.0202 3176 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:15:56.0218 3176 elxstor - ok
15:15:56.0280 3176 EPPVADQW_simple (0a11fd70ee6fa8b00204e4f1af79ff11) C:\Windows\system32\drivers\EMP_QWAU.sys
15:15:56.0296 3176 EPPVADQW_simple - ok
15:15:56.0358 3176 EraserUtilDrv10741 - ok
15:15:56.0421 3176 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:15:56.0436 3176 ErrDev - ok
15:15:56.0499 3176 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:15:56.0514 3176 exfat - ok
15:15:56.0577 3176 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:15:56.0592 3176 fastfat - ok
15:15:56.0623 3176 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:15:56.0623 3176 fdc - ok
15:15:56.0748 3176 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:15:56.0764 3176 FileInfo - ok
15:15:56.0795 3176 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:15:56.0811 3176 Filetrace - ok
15:15:56.0857 3176 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:15:56.0873 3176 flpydisk - ok
15:15:56.0920 3176 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:15:56.0920 3176 FltMgr - ok
15:15:56.0982 3176 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:15:56.0982 3176 FsDepends - ok
15:15:57.0029 3176 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:15:57.0029 3176 Fs_Rec - ok
15:15:57.0076 3176 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:15:57.0076 3176 fvevol - ok
15:15:57.0107 3176 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:15:57.0123 3176 gagp30kx - ok
15:15:57.0185 3176 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:15:57.0201 3176 GEARAspiWDM - ok
15:15:57.0247 3176 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:15:57.0263 3176 hcw85cir - ok
15:15:57.0325 3176 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:15:57.0341 3176 HdAudAddService - ok
15:15:57.0403 3176 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:15:57.0419 3176 HDAudBus - ok
15:15:57.0450 3176 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:15:57.0466 3176 HidBatt - ok
15:15:57.0481 3176 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:15:57.0497 3176 HidBth - ok
15:15:57.0559 3176 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:15:57.0575 3176 HidIr - ok
15:15:57.0622 3176 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:15:57.0637 3176 HidUsb - ok
15:15:57.0700 3176 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:15:57.0715 3176 HpSAMD - ok
15:15:57.0778 3176 HtcUsbMdmV64 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys
15:15:57.0793 3176 HtcUsbMdmV64 - ok
15:15:57.0856 3176 HtcVCom32 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcVComV64.sys
15:15:57.0871 3176 HtcVCom32 - ok
15:15:57.0949 3176 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:15:57.0965 3176 HTTP - ok
15:15:58.0027 3176 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:15:58.0027 3176 hwpolicy - ok
15:15:58.0105 3176 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:15:58.0121 3176 i8042prt - ok
15:15:58.0199 3176 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\DRIVERS\iaStor.sys
15:15:58.0215 3176 iaStor - ok
15:15:58.0277 3176 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:15:58.0308 3176 iaStorV - ok
15:15:58.0355 3176 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:15:58.0371 3176 iirsp - ok
15:15:58.0464 3176 IntcAzAudAddService (3a3bb4869d04b72f7f54b746066550c6) C:\Windows\system32\drivers\RTKVHD64.sys
15:15:58.0542 3176 IntcAzAudAddService - ok
15:15:58.0605 3176 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:15:58.0620 3176 intelide - ok
15:15:58.0667 3176 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:15:58.0667 3176 intelppm - ok
15:15:58.0745 3176 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:15:58.0761 3176 IpFilterDriver - ok
15:15:58.0870 3176 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:15:58.0885 3176 IPMIDRV - ok
15:15:58.0963 3176 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:15:58.0995 3176 IPNAT - ok
15:15:59.0057 3176 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:15:59.0073 3176 IRENUM - ok
15:15:59.0135 3176 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:15:59.0151 3176 isapnp - ok
15:15:59.0213 3176 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:15:59.0244 3176 iScsiPrt - ok
15:15:59.0291 3176 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
15:15:59.0307 3176 itecir - ok
15:15:59.0369 3176 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:15:59.0385 3176 kbdclass - ok
15:15:59.0431 3176 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:15:59.0447 3176 kbdhid - ok
15:15:59.0509 3176 kbfiltr (4c9b832435061634dfbeb980ad67bfff) C:\Windows\system32\DRIVERS\kbfiltr.sys
15:15:59.0525 3176 kbfiltr - ok
15:15:59.0572 3176 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:15:59.0572 3176 KSecDD - ok
15:15:59.0634 3176 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:15:59.0650 3176 KSecPkg - ok
15:15:59.0665 3176 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:15:59.0681 3176 ksthunk - ok
15:15:59.0743 3176 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:15:59.0775 3176 lltdio - ok
15:15:59.0821 3176 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:15:59.0837 3176 LSI_FC - ok
15:15:59.0868 3176 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:15:59.0899 3176 LSI_SAS - ok
15:15:59.0946 3176 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:15:59.0962 3176 LSI_SAS2 - ok
15:15:59.0993 3176 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:16:00.0009 3176 LSI_SCSI - ok
15:16:00.0040 3176 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:16:00.0040 3176 luafv - ok
15:16:00.0055 3176 LVPr2M64 - ok
15:16:00.0118 3176 LVRS64 (a43a6cbea073990a784603ef065a281b) C:\Windows\system32\DRIVERS\lvrs64.sys
15:16:00.0149 3176 LVRS64 - ok
15:16:00.0196 3176 lvsels64 (b0c0292b0c70e203cba44333c0e3d106) C:\Windows\system32\DRIVERS\lvsels64.sys
15:16:00.0211 3176 lvsels64 - ok
15:16:00.0414 3176 LVUVC64 (4350876ab0d0c77d0b40a1c85935c96b) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:16:00.0601 3176 LVUVC64 - ok
15:16:00.0679 3176 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:16:00.0695 3176 megasas - ok
15:16:00.0726 3176 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:16:00.0757 3176 MegaSR - ok
15:16:00.0804 3176 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:16:00.0820 3176 Modem - ok
15:16:00.0867 3176 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:16:00.0867 3176 monitor - ok
15:16:00.0929 3176 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:16:00.0945 3176 mouclass - ok
15:16:01.0007 3176 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:16:01.0023 3176 mouhid - ok
15:16:01.0085 3176 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:16:01.0085 3176 mountmgr - ok
15:16:01.0194 3176 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
15:16:01.0225 3176 MpFilter - ok
15:16:01.0288 3176 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:16:01.0303 3176 mpio - ok
15:16:01.0350 3176 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:16:01.0381 3176 MpNWMon - ok
15:16:01.0428 3176 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:16:01.0444 3176 mpsdrv - ok
15:16:01.0506 3176 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:16:01.0522 3176 MRxDAV - ok
15:16:01.0600 3176 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:16:01.0615 3176 mrxsmb - ok
15:16:01.0693 3176 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:16:01.0709 3176 mrxsmb10 - ok
15:16:01.0756 3176 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:16:01.0787 3176 mrxsmb20 - ok
15:16:01.0849 3176 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:16:01.0865 3176 msahci - ok
15:16:01.0912 3176 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:16:01.0927 3176 msdsm - ok
15:16:01.0990 3176 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:16:02.0005 3176 Msfs - ok
15:16:02.0037 3176 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:16:02.0052 3176 mshidkmdf - ok
15:16:02.0099 3176 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:16:02.0115 3176 msisadrv - ok
15:16:02.0161 3176 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:16:02.0177 3176 MSKSSRV - ok
15:16:02.0271 3176 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:16:02.0286 3176 MSPCLOCK - ok
15:16:02.0302 3176 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:16:02.0317 3176 MSPQM - ok
15:16:02.0380 3176 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:16:02.0395 3176 MsRPC - ok
15:16:02.0442 3176 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:16:02.0442 3176 mssmbios - ok
15:16:02.0505 3176 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:16:02.0520 3176 MSTEE - ok
15:16:02.0551 3176 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:16:02.0567 3176 MTConfig - ok
15:16:02.0645 3176 MTsensor (a523d9f6aeb152c4480d754df7fa9f7f) C:\Windows\system32\DRIVERS\ATK64AMD.sys
15:16:02.0661 3176 MTsensor - ok
15:16:02.0707 3176 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:16:02.0707 3176 Mup - ok
15:16:02.0754 3176 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:16:02.0785 3176 NativeWifiP - ok
15:16:02.0910 3176 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:16:02.0941 3176 NDIS - ok
15:16:02.0973 3176 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:16:02.0988 3176 NdisCap - ok
15:16:03.0051 3176 Ndisrd (c8bb39e8767f01c94d76327b8262662b) C:\Windows\system32\DRIVERS\ndisrd.sys
15:16:03.0066 3176 Ndisrd - ok
15:16:03.0129 3176 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:16:03.0144 3176 NdisTapi - ok
15:16:03.0207 3176 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:16:03.0222 3176 Ndisuio - ok
15:16:03.0300 3176 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:16:03.0300 3176 NdisWan - ok
15:16:03.0347 3176 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:16:03.0363 3176 NDProxy - ok
15:16:03.0425 3176 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:16:03.0441 3176 NetBIOS - ok
15:16:03.0503 3176 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:16:03.0519 3176 NetBT - ok
15:16:03.0690 3176 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:16:03.0893 3176 netw5v64 - ok
15:16:04.0002 3176 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:16:04.0018 3176 nfrd960 - ok
15:16:04.0111 3176 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:16:04.0127 3176 NisDrv - ok
15:16:04.0189 3176 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:16:04.0205 3176 Npfs - ok
15:16:04.0236 3176 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:16:04.0252 3176 nsiproxy - ok
15:16:04.0330 3176 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:16:04.0361 3176 Ntfs - ok
15:16:04.0408 3176 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:16:04.0423 3176 Null - ok
15:16:04.0782 3176 nvlddmkm (0d3f6e25c658530a2ad4b648849f1483) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:16:04.0860 3176 nvlddmkm - ok
15:16:04.0923 3176 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:16:04.0954 3176 nvraid - ok
15:16:05.0016 3176 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:16:05.0032 3176 nvstor - ok
15:16:05.0094 3176 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:16:05.0110 3176 nv_agp - ok
15:16:05.0172 3176 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:16:05.0188 3176 ohci1394 - ok
15:16:05.0266 3176 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:16:05.0281 3176 Parport - ok
15:16:05.0344 3176 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:16:05.0359 3176 partmgr - ok
15:16:05.0406 3176 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:16:05.0422 3176 pci - ok
15:16:05.0453 3176 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:16:05.0469 3176 pciide - ok
15:16:05.0515 3176 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:16:05.0531 3176 pcmcia - ok
15:16:05.0593 3176 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:16:05.0593 3176 pcw - ok
15:16:05.0640 3176 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:16:05.0656 3176 PEAUTH - ok
15:16:05.0749 3176 pneteth (8ac5649c9070674d4607301c180ab10b) C:\Windows\system32\DRIVERS\pneteth.sys
15:16:05.0765 3176 pneteth - ok
15:16:05.0796 3176 pnetmdm (06841f5cd8410b6bdc0b5a631b8f8787) C:\Windows\system32\DRIVERS\pnetmdm64.sys
15:16:05.0812 3176 pnetmdm - ok
15:16:05.0874 3176 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:16:05.0905 3176 PptpMiniport - ok
15:16:05.0921 3176 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:16:05.0937 3176 Processor - ok
15:16:05.0999 3176 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:16:05.0999 3176 Psched - ok
15:16:06.0061 3176 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:16:06.0155 3176 ql2300 - ok
15:16:06.0217 3176 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:16:06.0249 3176 ql40xx - ok
15:16:06.0280 3176 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:16:06.0295 3176 QWAVEdrv - ok
15:16:06.0311 3176 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:16:06.0327 3176 RasAcd - ok
15:16:06.0405 3176 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:16:06.0405 3176 RasAgileVpn - ok
15:16:06.0483 3176 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:16:06.0498 3176 Rasl2tp - ok
15:16:06.0561 3176 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:16:06.0576 3176 RasPppoe - ok
15:16:06.0607 3176 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:16:06.0639 3176 RasSstp - ok
15:16:06.0717 3176 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:16:06.0732 3176 rdbss - ok
15:16:06.0763 3176 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:16:06.0779 3176 rdpbus - ok
15:16:06.0810 3176 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:16:06.0810 3176 RDPCDD - ok
15:16:06.0841 3176 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:16:06.0841 3176 RDPENCDD - ok
15:16:06.0873 3176 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:16:06.0873 3176 RDPREFMP - ok
15:16:06.0919 3176 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:16:06.0935 3176 RDPWD - ok
15:16:06.0997 3176 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:16:06.0997 3176 rdyboost - ok
15:16:07.0091 3176 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:16:07.0107 3176 RFCOMM - ok
15:16:07.0185 3176 rimmptsk (528d70eabe8305a02f387fec839b9a47) C:\Windows\system32\DRIVERS\rimmpx64.sys
15:16:07.0200 3176 rimmptsk - ok
15:16:07.0247 3176 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
15:16:07.0263 3176 rimsptsk - ok
15:16:07.0341 3176 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
15:16:07.0356 3176 rismxdp - ok
15:16:07.0450 3176 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
15:16:07.0465 3176 ROOTMODEM - ok
15:16:07.0528 3176 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:16:07.0543 3176 rspndr - ok
15:16:07.0606 3176 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
15:16:07.0621 3176 RTL8169 - ok
15:16:07.0684 3176 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:16:07.0699 3176 sbp2port - ok
15:16:07.0762 3176 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:16:07.0777 3176 scfilter - ok
15:16:07.0855 3176 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:16:07.0887 3176 sdbus - ok
15:16:07.0933 3176 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:16:07.0949 3176 secdrv - ok
15:16:08.0027 3176 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:16:08.0043 3176 Serenum - ok
15:16:08.0058 3176 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:16:08.0074 3176 Serial - ok
15:16:08.0152 3176 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:16:08.0167 3176 sermouse - ok
15:16:08.0245 3176 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:16:08.0261 3176 sffdisk - ok
15:16:08.0308 3176 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:16:08.0323 3176 sffp_mmc - ok
15:16:08.0370 3176 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:16:08.0386 3176 sffp_sd - ok
15:16:08.0448 3176 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:16:08.0464 3176 sfloppy - ok
15:16:08.0526 3176 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
15:16:08.0542 3176 SiSGbeLH - ok
15:16:08.0589 3176 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:16:08.0604 3176 SiSRaid2 - ok
15:16:08.0667 3176 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:16:08.0682 3176 SiSRaid4 - ok
15:16:08.0729 3176 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:16:08.0760 3176 Smb - ok
15:16:08.0869 3176 SNP2UVC (1a5806e5c2e232c193b90d2ade8a977c) C:\Windows\system32\DRIVERS\snp2uvc.sys
15:16:08.0932 3176 SNP2UVC - ok
15:16:08.0963 3176 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:16:08.0963 3176 spldr - ok
15:16:09.0025 3176 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:16:09.0057 3176 srv - ok
15:16:09.0103 3176 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:16:09.0135 3176 srv2 - ok
15:16:09.0181 3176 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:16:09.0213 3176 srvnet - ok
15:16:09.0291 3176 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:16:09.0306 3176 stexstor - ok
15:16:09.0369 3176 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:16:09.0384 3176 swenum - ok
15:16:09.0462 3176 SynTP (572438150fc79e41a0348e3dc56b1dd2) C:\Windows\system32\DRIVERS\SynTP.sys
15:16:09.0493 3176 SynTP - ok
15:16:09.0618 3176 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:16:09.0665 3176 Tcpip - ok
15:16:09.0790 3176 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:16:09.0805 3176 TCPIP6 - ok
15:16:09.0883 3176 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:16:09.0899 3176 tcpipreg - ok
15:16:09.0946 3176 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:16:09.0961 3176 TDPIPE - ok
15:16:10.0039 3176 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:16:10.0055 3176 TDTCP - ok
15:16:10.0149 3176 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:16:10.0164 3176 tdx - ok
15:16:10.0227 3176 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:16:10.0242 3176 TermDD - ok
15:16:10.0351 3176 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:16:10.0367 3176 tssecsrv - ok
15:16:10.0429 3176 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:16:10.0445 3176 TsUsbFlt - ok
15:16:10.0507 3176 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:16:10.0523 3176 tunnel - ok
15:16:10.0585 3176 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:16:10.0601 3176 uagp35 - ok
15:16:10.0648 3176 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:16:10.0679 3176 udfs - ok
15:16:10.0741 3176 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:16:10.0757 3176 uliagpkx - ok
15:16:10.0851 3176 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:16:10.0866 3176 umbus - ok
15:16:10.0897 3176 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:16:10.0913 3176 UmPass - ok
15:16:10.0991 3176 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:16:11.0022 3176 USBAAPL64 - ok
15:16:11.0085 3176 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:16:11.0116 3176 usbaudio - ok
15:16:11.0209 3176 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:16:11.0225 3176 usbccgp - ok
15:16:11.0272 3176 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:16:11.0287 3176 usbcir - ok
15:16:11.0381 3176 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:16:11.0381 3176 usbehci - ok
15:16:11.0443 3176 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:16:11.0490 3176 usbhub - ok
15:16:11.0537 3176 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:16:11.0553 3176 usbohci - ok
15:16:11.0615 3176 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:16:11.0631 3176 usbprint - ok
15:16:11.0693 3176 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:16:11.0709 3176 usbscan - ok
15:16:11.0787 3176 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:16:11.0802 3176 USBSTOR - ok
15:16:11.0849 3176 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:16:11.0865 3176 usbuhci - ok
15:16:11.0927 3176 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:16:11.0958 3176 usbvideo - ok
15:16:12.0021 3176 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:16:12.0021 3176 vdrvroot - ok
15:16:12.0083 3176 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:16:12.0114 3176 vga - ok
15:16:12.0145 3176 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:16:12.0161 3176 VgaSave - ok
15:16:12.0223 3176 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:16:12.0239 3176 vhdmp - ok
15:16:12.0301 3176 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:16:12.0317 3176 viaide - ok
15:16:12.0364 3176 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:16:12.0379 3176 volmgr - ok
15:16:12.0442 3176 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:16:12.0457 3176 volmgrx - ok
15:16:12.0551 3176 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:16:12.0551 3176 volsnap - ok
15:16:12.0613 3176 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:16:12.0629 3176 vsmraid - ok
15:16:12.0676 3176 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:16:12.0691 3176 vwifibus - ok
15:16:12.0754 3176 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:16:12.0769 3176 vwififlt - ok
15:16:12.0832 3176 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:16:12.0847 3176 WacomPen - ok
15:16:12.0925 3176 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:16:12.0941 3176 WANARP - ok
15:16:12.0957 3176 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:16:12.0957 3176 Wanarpv6 - ok
15:16:13.0050 3176 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:16:13.0066 3176 Wd - ok
15:16:13.0144 3176 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:16:13.0159 3176 Wdf01000 - ok
15:16:13.0284 3176 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:16:13.0300 3176 WfpLwf - ok
15:16:13.0362 3176 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:16:13.0378 3176 WIMMount - ok
15:16:13.0487 3176 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:16:13.0503 3176 WinUSB - ok
15:16:13.0581 3176 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:16:13.0596 3176 WmiAcpi - ok
15:16:13.0659 3176 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:16:13.0674 3176 ws2ifsl - ok
15:16:13.0721 3176 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:16:13.0737 3176 WSDPrintDevice - ok
15:16:13.0815 3176 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:16:13.0846 3176 WudfPf - ok
15:16:13.0908 3176 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:16:13.0939 3176 WUDFRd - ok
15:16:14.0017 3176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:16:14.0095 3176 \Device\Harddisk0\DR0 - ok
15:16:14.0111 3176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:16:14.0361 3176 \Device\Harddisk1\DR1 - ok
15:16:14.0361 3176 Boot (0x1200) (8a1e94f6d4c3c59c0e1b668ccf07cada) \Device\Harddisk0\DR0\Partition0
15:16:14.0361 3176 \Device\Harddisk0\DR0\Partition0 - ok
15:16:14.0376 3176 Boot (0x1200) (6e4d7224f36be1b3f3a159ac10a823fc) \Device\Harddisk1\DR1\Partition0
15:16:14.0376 3176 \Device\Harddisk1\DR1\Partition0 - ok
15:16:14.0376 3176 ============================================================
15:16:14.0376 3176 Scan finished
15:16:14.0376 3176 ============================================================
15:16:14.0392 4736 Detected object count: 0
15:16:14.0392 4736 Actual detected object count: 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 AM

Posted 30 January 2012 - 08:31 PM

I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 SaphicDrmr

SaphicDrmr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 30 January 2012 - 09:16 PM

I didn't have any problems running ComboFix. The search result redirect appears to be solved. In IE9 when I click on search results I'm no longer redirected; however I still appear to have no internet connection between onboard programs and the internet. I'm still unable to connect to the iTunes store, download MBAM updates or install Flash player because it needs to download some components.

The ComboFix log is attached.

Attached File  ComboFixLog.txt   34.87KB   0 downloads

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 AM

Posted 30 January 2012 - 09:35 PM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 SaphicDrmr

SaphicDrmr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 30 January 2012 - 10:13 PM

Here's the FSS log you requested.

Farbar Service Scanner Version: 18-01-2012 01
Ran by Sher (administrator) on 30-01-2012 at 20:10:31
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users