Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef/alureon infection


  • This topic is locked This topic is locked
21 replies to this topic

#1 dancharleton

dancharleton

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 04 March 2012 - 05:27 PM

Hello and thanks in advance for assistance. I am running windows 7 64bit home edition. I have recently started having difficulty with redirects from google search pages. Security essentials tells me I have sirefef and alureon files active, but of course blocking/deleting these only works temporarily and I keep getting the same notifications [sirefef.b, alureon.fp, sirefef.j, and a bunch of other .(random letters)]. In fact, any attempts to clean things out cause me to be unable to boot when I restart and I am forced to restore to a previous point. I am also unable to turn on my firewall. I am afraid this is only bound to get worse. I appreciate any help greatly!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by -0 -0 -0 -0 -0 -0 -0 at 17:22:32 on 2012-03-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3817 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\OEM\RunCmd_X64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
c:\windows\system32\oem\setEvent.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360410g106p03h5v195r47m1s20p
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360410g106p03h5v195r47m1s20p
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360410g106p03h5v195r47m1s20p
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360410g106p03h5v195r47m1s20p
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\-0-0-0~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{27AA3A48-CC0C-44B8-92EB-D5BE4E95F2EC} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-3 652360]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-15 240160]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S1 aqhhiiwb;aqhhiiwb;\??\C:\Windows\system32\drivers\aqhhiiwb.sys --> C:\Windows\system32\drivers\aqhhiiwb.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-20 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-20 135664]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-04 22:18:29 48464 ----a-w- C:\Windows\System32\drivers\aqhhiiwb.sys
2012-03-04 22:07:59 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD987621-94BA-4B32-AAA7-4345B9653BD6}\offreg.dll
2012-03-04 21:48:10 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD987621-94BA-4B32-AAA7-4345B9653BD6}\mpengine.dll
2012-03-04 21:24:48 -------- d-----w- C:\Windows\pss
2012-03-04 21:02:27 -------- d-----w- C:\Program Files\CCleaner
2012-03-03 19:34:51 48464 ----a-w- C:\Windows\System32\drivers\gwmtvjxi.sys
2012-03-03 19:28:49 48464 ----a-w- C:\Windows\System32\drivers\kmerbjhk.sys
2012-03-02 22:18:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-02 21:39:21 48464 ----a-w- C:\Windows\System32\drivers\lliktcbe.sys
2012-03-02 03:21:59 -------- d-----w- C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Roaming\Malwarebytes
2012-03-02 03:21:49 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-02 03:21:48 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-02 03:21:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-02 01:15:46 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1E787289-7AA9-4183-AF18-B39494DB050C}\gapaengine.dll
2012-03-02 01:10:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-02 01:09:39 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-03-02 01:09:10 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-03-02 01:09:07 -------- d-----w- C:\MoTemp
2012-02-29 17:45:17 -------- d-----w- C:\ProgramData\AVAST Software
2012-02-29 17:45:17 -------- d-----w- C:\Program Files\AVAST Software
2012-02-25 22:26:15 -------- d-----w- C:\Program Files\Magic Bullet Looks Vegas
2012-02-25 22:26:05 -------- d-----w- C:\Program Files (x86)\Red Giant Link
2012-02-25 22:12:21 -------- d--h--w- C:\$AVG
2012-02-25 22:01:16 -------- d--h--w- C:\ProgramData\Common Files
2012-02-25 22:00:15 -------- d-----w- C:\ProgramData\AVG2012
2012-02-25 22:00:05 -------- d-----w- C:\Program Files (x86)\AVG
2012-02-25 21:55:41 -------- d-----w- C:\ProgramData\MFAData
2012-02-25 17:05:13 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-02-25 17:04:07 -------- d-----we C:\Windows\system64
2012-02-25 16:36:12 -------- d-----w- C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\LooksBuilder
2012-02-25 16:35:37 -------- d-----w- C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Roaming\Red Giant Link
2012-02-25 16:32:59 -------- d-----w- C:\ProgramData\RedGiant
2012-02-25 16:32:15 -------- d-----w- C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Babylon
2012-02-25 16:32:12 -------- d-----w- C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Roaming\Babylon
2012-02-25 16:32:12 -------- d-----w- C:\ProgramData\Babylon
2012-02-25 16:05:18 -------- d-----w- C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Roaming\Sony Creative Software Inc
2012-02-25 15:39:05 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-25 15:39:05 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-25 15:39:05 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-25 15:39:05 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-25 15:39:05 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-25 15:39:05 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-25 15:39:05 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-25 06:51:58 -------- d-----w- C:\Program Files (x86)\MBLooks
2012-02-25 06:51:58 -------- d-----w- C:\Program Files (x86)\Magic Bullet MisFire
2012-02-25 06:51:58 -------- d-----w- C:\Program Files (x86)\LooksBuilder
2012-02-25 06:34:56 86016 ----a-w- C:\Windows\unvise32qt.exe
2012-02-25 05:55:20 -------- d-----w- C:\Program Files (x86)\Magic Bullet Looks Vegas
2012-02-25 05:40:02 -------- d-----w- C:\Windows\SysWow64\spool
2012-02-25 04:58:22 -------- d-----w- C:\Program Files (x86)\Sony Setup
2012-02-25 03:50:26 53248 ----a-r- C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Roaming\Microsoft\Installer\{656C6151-03B2-4077-8E29-0950037FC8B4}\ARPPRODUCTICON.exe
2012-02-24 21:37:15 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-02-24 21:33:52 -------- d-----w- C:\Program Files (x86)\Adobe Story
2012-02-24 11:11:27 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDA40248-22FE-4371-BD02-9B3790A22DF7}\mpengine.dll
2012-02-22 03:27:01 -------- d-----w- C:\Users\-0 -0 -0 -0 -0 -0 -0\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-02-22 03:26:58 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2012-02-10 20:26:16 29544 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-02-10 20:26:16 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-02-10 20:26:16 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-02-10 20:26:11 -------- d-----w- C:\Program Files\iTunes
2012-02-10 20:26:11 -------- d-----w- C:\Program Files (x86)\iTunes
2012-02-10 20:26:11 -------- d-----w- C:\Program Files (x86)\iPod
2012-02-06 20:59:34 -------- d-----w- C:\Program Files\Bonjour
2012-02-06 20:59:34 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-02-06 20:07:15 -------- d-----w- C:\ProgramData\Premium
2012-02-06 20:07:14 -------- d-----w- C:\ProgramData\InstallMate
.
==================== Find3M ====================
.
2012-03-02 02:52:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-25 17:04:19 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:45:22 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:42:13 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 08:41:26 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-12-16 08:02:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:59:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-16 07:58:33 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-12-16 07:26:35 482816 ----a-w- C:\Windows\System32\html.iec
2011-12-16 06:49:33 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-12-16 06:43:48 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:15:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2005-03-22 09:49:14 287232 ----a-w- C:\Program Files (x86)\Adobelmsvc Installer.dll
2005-03-22 08:29:36 19533824 ----a-w- C:\Program Files (x86)\Photoshop.exe
2005-03-22 07:48:16 2142208 ----a-w- C:\Program Files (x86)\PSArt.dll
2005-03-22 07:48:14 1748992 ----a-w- C:\Program Files (x86)\PSViews.dll
2005-03-22 07:48:14 1323008 ----a-w- C:\Program Files (x86)\Photoshop.dll
2005-03-22 07:43:50 1144622 ----a-w- C:\Program Files (x86)\Tw10122.dat
2005-03-22 07:41:12 19980288 ----a-w- C:\Program Files (x86)\ImageReady.exe
2005-03-22 07:13:04 41984 ----a-w- C:\Program Files (x86)\Plugin.dll
2005-03-16 22:57:34 61440 ----a-w- C:\Program Files (x86)\regsresen_US.dll
2005-03-13 17:10:58 4096000 ----a-w- C:\Program Files (x86)\PDFL70.dll
2005-03-13 16:01:44 1805824 ----a-w- C:\Program Files (x86)\AGM.dll
2005-03-11 00:31:36 3715072 ----a-w- C:\Program Files (x86)\MPS.dll
2005-03-09 21:59:30 1560169 ----a-w- C:\Program Files (x86)\AdobeLM.dll
2005-03-09 08:32:48 151552 ----a-w- C:\Program Files (x86)\AXE8SharedExpat.dll
2005-03-09 08:32:48 151552 ----a-w- C:\Program Files (x86)\AXE16SharedExpat.dll
2005-03-09 08:17:28 475136 ----a-w- C:\Program Files (x86)\AdobeXMP.dll
2005-03-09 08:07:42 630784 ----a-w- C:\Program Files (x86)\ACE.dll
2005-03-09 08:07:42 266240 ----a-w- C:\Program Files (x86)\ARE.dll
2005-03-09 08:07:42 217088 ----a-w- C:\Program Files (x86)\BIBUtils.dll
2005-03-09 08:07:42 2162688 ----a-w- C:\Program Files (x86)\CoolType.dll
2005-03-09 08:07:42 180224 ----a-w- C:\Program Files (x86)\Bib.dll
2005-03-08 11:23:12 4153344 ----a-w- C:\Program Files (x86)\VersionCue.dll
2005-03-08 11:23:12 3170304 ----a-w- C:\Program Files (x86)\VersionCueUI.dll
2005-03-03 19:39:24 425984 ----a-w- C:\Program Files (x86)\AdobeUpdater.dll
2005-02-17 15:28:10 663552 ----a-w- C:\Program Files (x86)\FileInfo.dll
2005-02-15 06:03:42 561152 ----a-w- C:\Program Files (x86)\JP2KLib.dll
2005-02-10 17:36:14 143360 ----a-w- C:\Program Files (x86)\epic_eula.dll
2005-02-08 17:43:58 49152 ----a-w- C:\Program Files (x86)\persresen_US.dll
2005-02-08 17:43:58 45056 ----a-w- C:\Program Files (x86)\eularesen_US.dll
2005-02-07 12:45:06 5632 ----a-w- C:\Program Files (x86)\agldt28l.dll
2005-01-19 18:31:00 155648 ----a-w- C:\Program Files (x86)\epic_regs.dll
2005-01-18 16:31:12 114688 ----a-w- C:\Program Files (x86)\epic_pers.dll
2005-01-12 18:23:20 180224 ----a-w- C:\Program Files (x86)\pdfsettings.dll
2004-08-24 19:55:48 126976 ----a-w- C:\Program Files (x86)\asneu.dll
2004-06-22 16:57:52 589824 ----a-w- C:\Program Files (x86)\libagluc28.dll
2003-05-08 22:34:06 499712 ----a-w- C:\Program Files (x86)\msvcp71.dll
2003-05-08 22:32:52 348160 ----a-w- C:\Program Files (x86)\msvcr71.dll
2000-08-29 04:19:16 401462 ----a-w- C:\Program Files (x86)\MSVCP60.DLL
1999-12-03 10:01:32 22800 ----a-w- C:\Program Files (x86)\Shfolder.dll
1999-02-02 04:00:00 266293 ----a-w- C:\Program Files (x86)\Msvcrt.dll
.
============= FINISH: 17:23:53.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:58 AM

Posted 04 March 2012 - 09:32 PM

Hi

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 dancharleton

dancharleton
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 04 March 2012 - 11:34 PM

Wow thank you for the quick reply. Here is the TDSS log, and the combofix log is attached:

21:59:12.0933 0316 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
21:59:13.0263 0316 ============================================================
21:59:13.0263 0316 Current date / time: 2012/03/04 21:59:13.0263
21:59:13.0263 0316 SystemInfo:
21:59:13.0263 0316
21:59:13.0263 0316 OS Version: 6.1.7600 ServicePack: 0.0
21:59:13.0263 0316 Product type: Workstation
21:59:13.0263 0316 ComputerName: -0-0-0-0-0-0-0
21:59:13.0263 0316 UserName: -0 -0 -0 -0 -0 -0 -0
21:59:13.0263 0316 Windows directory: C:\Windows
21:59:13.0263 0316 System windows directory: C:\Windows
21:59:13.0263 0316 Running under WOW64
21:59:13.0263 0316 Processor architecture: Intel x64
21:59:13.0263 0316 Number of processors: 2
21:59:13.0263 0316 Page size: 0x1000
21:59:13.0263 0316 Boot type: Normal boot
21:59:13.0263 0316 ============================================================
21:59:14.0650 0316 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:59:14.0696 0316 \Device\Harddisk0\DR0:
21:59:14.0696 0316 MBR used
21:59:14.0697 0316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
21:59:14.0697 0316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x55713000
21:59:14.0716 0316 Initialize success
21:59:14.0716 0316 ============================================================
21:59:41.0818 2752 ============================================================
21:59:41.0818 2752 Scan started
21:59:41.0818 2752 Mode: Manual; TDLFS;
21:59:41.0818 2752 ============================================================
21:59:42.0394 2752 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:59:42.0399 2752 1394ohci - ok
21:59:42.0446 2752 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:59:42.0453 2752 ACPI - ok
21:59:42.0478 2752 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:59:42.0479 2752 AcpiPmi - ok
21:59:42.0577 2752 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:59:42.0588 2752 adp94xx - ok
21:59:42.0617 2752 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:59:42.0622 2752 adpahci - ok
21:59:42.0634 2752 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:59:42.0637 2752 adpu320 - ok
21:59:42.0700 2752 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
21:59:42.0707 2752 AFD - ok
21:59:42.0716 2752 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:59:42.0718 2752 agp440 - ok
21:59:42.0745 2752 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:59:42.0746 2752 aliide - ok
21:59:42.0758 2752 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:59:42.0759 2752 amdide - ok
21:59:42.0782 2752 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:59:42.0782 2752 AmdK8 - ok
21:59:42.0812 2752 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:59:42.0813 2752 AmdPPM - ok
21:59:42.0836 2752 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
21:59:42.0838 2752 amdsata - ok
21:59:42.0861 2752 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:59:42.0864 2752 amdsbs - ok
21:59:42.0890 2752 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
21:59:42.0890 2752 amdxata - ok
21:59:42.0937 2752 amlpzvpa (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\amlpzvpa.sys
21:59:42.0940 2752 amlpzvpa - ok
21:59:42.0954 2752 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:59:42.0955 2752 AppID - ok
21:59:43.0015 2752 aqhhiiwb (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\aqhhiiwb.sys
21:59:43.0017 2752 aqhhiiwb - ok
21:59:43.0027 2752 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:59:43.0030 2752 arc - ok
21:59:43.0041 2752 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:59:43.0044 2752 arcsas - ok
21:59:43.0082 2752 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:59:43.0082 2752 AsyncMac - ok
21:59:43.0101 2752 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:59:43.0101 2752 atapi - ok
21:59:43.0127 2752 auhxhqab (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\auhxhqab.sys
21:59:43.0128 2752 auhxhqab - ok
21:59:43.0176 2752 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:59:43.0185 2752 b06bdrv - ok
21:59:43.0211 2752 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:59:43.0215 2752 b57nd60a - ok
21:59:43.0252 2752 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:59:43.0253 2752 Beep - ok
21:59:43.0276 2752 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:59:43.0277 2752 blbdrive - ok
21:59:43.0329 2752 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:59:43.0329 2752 bowser - ok
21:59:43.0359 2752 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:59:43.0369 2752 BrFiltLo - ok
21:59:43.0409 2752 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:59:43.0409 2752 BrFiltUp - ok
21:59:43.0439 2752 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:59:43.0439 2752 Brserid - ok
21:59:43.0449 2752 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:59:43.0449 2752 BrSerWdm - ok
21:59:43.0499 2752 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:59:43.0499 2752 BrUsbMdm - ok
21:59:43.0509 2752 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:59:43.0509 2752 BrUsbSer - ok
21:59:43.0519 2752 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:59:43.0519 2752 BTHMODEM - ok
21:59:43.0549 2752 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:59:43.0549 2752 cdfs - ok
21:59:43.0589 2752 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:59:43.0589 2752 cdrom - ok
21:59:43.0609 2752 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:59:43.0609 2752 circlass - ok
21:59:43.0649 2752 cjktofth (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\cjktofth.sys
21:59:43.0649 2752 cjktofth - ok
21:59:43.0699 2752 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:59:43.0699 2752 CLFS - ok
21:59:43.0739 2752 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:59:43.0739 2752 CmBatt - ok
21:59:43.0759 2752 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:59:43.0769 2752 cmdide - ok
21:59:43.0808 2752 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
21:59:43.0812 2752 CNG - ok
21:59:43.0840 2752 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:59:43.0843 2752 Compbatt - ok
21:59:43.0869 2752 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:59:43.0870 2752 CompositeBus - ok
21:59:43.0899 2752 cqmedmvl (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\cqmedmvl.sys
21:59:43.0900 2752 cqmedmvl - ok
21:59:43.0924 2752 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:59:43.0925 2752 crcdisk - ok
21:59:43.0962 2752 dbpjsuxl (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\dbpjsuxl.sys
21:59:43.0963 2752 dbpjsuxl - ok
21:59:44.0019 2752 dc3d (486a81e022f89b64c8dd811083abad62) C:\Windows\system32\DRIVERS\dc3d.sys
21:59:44.0020 2752 dc3d - ok
21:59:44.0080 2752 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:59:44.0082 2752 DfsC - ok
21:59:44.0095 2752 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:59:44.0096 2752 discache - ok
21:59:44.0132 2752 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:59:44.0134 2752 Disk - ok
21:59:44.0171 2752 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:59:44.0172 2752 drmkaud - ok
21:59:44.0217 2752 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
21:59:44.0226 2752 DXGKrnl - ok
21:59:44.0323 2752 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:59:44.0381 2752 ebdrv - ok
21:59:44.0421 2752 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:59:44.0427 2752 elxstor - ok
21:59:44.0442 2752 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:59:44.0442 2752 ErrDev - ok
21:59:44.0472 2752 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:59:44.0473 2752 exfat - ok
21:59:44.0483 2752 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:59:44.0486 2752 fastfat - ok
21:59:44.0497 2752 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:59:44.0497 2752 fdc - ok
21:59:44.0525 2752 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:59:44.0526 2752 FileInfo - ok
21:59:44.0539 2752 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:59:44.0539 2752 Filetrace - ok
21:59:44.0547 2752 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:59:44.0548 2752 flpydisk - ok
21:59:44.0570 2752 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:59:44.0572 2752 FltMgr - ok
21:59:44.0626 2752 fmdtawrg (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\fmdtawrg.sys
21:59:44.0629 2752 fmdtawrg - ok
21:59:44.0676 2752 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:59:44.0679 2752 FsDepends - ok
21:59:44.0703 2752 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:59:44.0717 2752 Fs_Rec - ok
21:59:44.0739 2752 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
21:59:44.0741 2752 fvevol - ok
21:59:44.0764 2752 fywzabxw (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\fywzabxw.sys
21:59:44.0766 2752 fywzabxw - ok
21:59:44.0791 2752 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:59:44.0793 2752 gagp30kx - ok
21:59:44.0832 2752 GEARAspiWDM (d279181e1cf2d85d31cdcffd56b16795) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:59:44.0832 2752 GEARAspiWDM - ok
21:59:44.0875 2752 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:59:44.0876 2752 hcw85cir - ok
21:59:44.0911 2752 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:59:44.0914 2752 HdAudAddService - ok
21:59:44.0950 2752 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:59:44.0951 2752 HDAudBus - ok
21:59:44.0959 2752 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:59:44.0960 2752 HidBatt - ok
21:59:45.0003 2752 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:59:45.0005 2752 HidBth - ok
21:59:45.0032 2752 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:59:45.0034 2752 HidIr - ok
21:59:45.0082 2752 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:59:45.0082 2752 HidUsb - ok
21:59:45.0128 2752 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:59:45.0129 2752 HpSAMD - ok
21:59:45.0161 2752 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
21:59:45.0162 2752 HssDrv - ok
21:59:45.0213 2752 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:59:45.0214 2752 HTCAND64 - ok
21:59:45.0271 2752 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
21:59:45.0274 2752 htcnprot - ok
21:59:45.0319 2752 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:59:45.0326 2752 HTTP - ok
21:59:45.0343 2752 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:59:45.0343 2752 hwpolicy - ok
21:59:45.0360 2752 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:59:45.0362 2752 i8042prt - ok
21:59:45.0396 2752 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
21:59:45.0402 2752 iaStorV - ok
21:59:45.0456 2752 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:59:45.0458 2752 iirsp - ok
21:59:45.0573 2752 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
21:59:45.0587 2752 IntcAzAudAddService - ok
21:59:45.0616 2752 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:59:45.0617 2752 intelide - ok
21:59:45.0649 2752 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:59:45.0649 2752 intelppm - ok
21:59:45.0681 2752 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:59:45.0683 2752 IpFilterDriver - ok
21:59:45.0717 2752 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:59:45.0718 2752 IPMIDRV - ok
21:59:45.0749 2752 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:59:45.0751 2752 IPNAT - ok
21:59:45.0762 2752 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:59:45.0763 2752 IRENUM - ok
21:59:45.0773 2752 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:59:45.0775 2752 isapnp - ok
21:59:45.0796 2752 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:59:45.0799 2752 iScsiPrt - ok
21:59:45.0827 2752 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:59:45.0827 2752 kbdclass - ok
21:59:45.0841 2752 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:59:45.0841 2752 kbdhid - ok
21:59:45.0889 2752 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
21:59:45.0890 2752 KSecDD - ok
21:59:45.0908 2752 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
21:59:45.0910 2752 KSecPkg - ok
21:59:45.0919 2752 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:59:45.0919 2752 ksthunk - ok
21:59:45.0986 2752 leeyzodp (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\leeyzodp.sys
21:59:45.0989 2752 leeyzodp - ok
21:59:46.0038 2752 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:59:46.0040 2752 lltdio - ok
21:59:46.0090 2752 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:59:46.0092 2752 LSI_FC - ok
21:59:46.0118 2752 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:59:46.0121 2752 LSI_SAS - ok
21:59:46.0130 2752 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:59:46.0131 2752 LSI_SAS2 - ok
21:59:46.0151 2752 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:59:46.0154 2752 LSI_SCSI - ok
21:59:46.0181 2752 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:59:46.0183 2752 luafv - ok
21:59:46.0206 2752 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:59:46.0207 2752 MBAMProtector - ok
21:59:46.0273 2752 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
21:59:46.0277 2752 mcdbus - ok
21:59:46.0313 2752 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:59:46.0315 2752 megasas - ok
21:59:46.0346 2752 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:59:46.0351 2752 MegaSR - ok
21:59:46.0368 2752 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:59:46.0369 2752 Modem - ok
21:59:46.0392 2752 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:59:46.0393 2752 monitor - ok
21:59:46.0407 2752 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:59:46.0407 2752 mouclass - ok
21:59:46.0424 2752 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:59:46.0425 2752 mouhid - ok
21:59:46.0439 2752 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:59:46.0441 2752 mountmgr - ok
21:59:46.0477 2752 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
21:59:46.0480 2752 MpFilter - ok
21:59:46.0516 2752 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:59:46.0521 2752 mpio - ok
21:59:46.0553 2752 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:59:46.0555 2752 MpNWMon - ok
21:59:46.0579 2752 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:59:46.0581 2752 mpsdrv - ok
21:59:46.0608 2752 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:59:46.0610 2752 MRxDAV - ok
21:59:46.0649 2752 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:59:46.0651 2752 mrxsmb - ok
21:59:46.0695 2752 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:59:46.0697 2752 mrxsmb10 - ok
21:59:46.0712 2752 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:59:46.0713 2752 mrxsmb20 - ok
21:59:46.0724 2752 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:59:46.0726 2752 msahci - ok
21:59:46.0738 2752 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:59:46.0741 2752 msdsm - ok
21:59:46.0764 2752 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:59:46.0765 2752 Msfs - ok
21:59:46.0781 2752 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:59:46.0782 2752 mshidkmdf - ok
21:59:46.0791 2752 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:59:46.0791 2752 msisadrv - ok
21:59:46.0833 2752 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:59:46.0834 2752 MSKSSRV - ok
21:59:46.0883 2752 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:59:46.0884 2752 MSPCLOCK - ok
21:59:46.0902 2752 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:59:46.0902 2752 MSPQM - ok
21:59:46.0930 2752 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:59:46.0934 2752 MsRPC - ok
21:59:46.0949 2752 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:59:46.0950 2752 mssmbios - ok
21:59:46.0971 2752 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:59:46.0972 2752 MSTEE - ok
21:59:46.0996 2752 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:59:46.0997 2752 MTConfig - ok
21:59:47.0019 2752 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:59:47.0021 2752 Mup - ok
21:59:47.0052 2752 myseebgu (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\myseebgu.sys
21:59:47.0054 2752 myseebgu - ok
21:59:47.0079 2752 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:59:47.0084 2752 NativeWifiP - ok
21:59:47.0124 2752 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:59:47.0136 2752 NDIS - ok
21:59:47.0160 2752 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:59:47.0161 2752 NdisCap - ok
21:59:47.0188 2752 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:59:47.0189 2752 NdisTapi - ok
21:59:47.0209 2752 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:59:47.0210 2752 Ndisuio - ok
21:59:47.0233 2752 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:59:47.0236 2752 NdisWan - ok
21:59:47.0252 2752 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:59:47.0253 2752 NDProxy - ok
21:59:47.0269 2752 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:59:47.0270 2752 NetBIOS - ok
21:59:47.0288 2752 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:59:47.0291 2752 NetBT - ok
21:59:47.0344 2752 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
21:59:47.0351 2752 netr28x - ok
21:59:47.0386 2752 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:59:47.0388 2752 nfrd960 - ok
21:59:47.0420 2752 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:59:47.0421 2752 NisDrv - ok
21:59:47.0437 2752 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:59:47.0438 2752 Npfs - ok
21:59:47.0451 2752 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:59:47.0451 2752 nsiproxy - ok
21:59:47.0500 2752 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
21:59:47.0535 2752 Ntfs - ok
21:59:47.0556 2752 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:59:47.0556 2752 Null - ok
21:59:47.0582 2752 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
21:59:47.0587 2752 NVENETFD - ok
21:59:47.0794 2752 nvlddmkm (aa0828f3223e1a2952f80a8d2047dd40) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:59:47.0853 2752 nvlddmkm - ok
21:59:47.0879 2752 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys
21:59:47.0880 2752 NVNET - ok
21:59:47.0905 2752 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
21:59:47.0907 2752 nvraid - ok
21:59:47.0917 2752 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
21:59:47.0920 2752 nvstor - ok
21:59:47.0951 2752 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
21:59:47.0953 2752 nvstor64 - ok
21:59:47.0978 2752 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:59:47.0981 2752 nv_agp - ok
21:59:47.0995 2752 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:59:47.0996 2752 ohci1394 - ok
21:59:48.0077 2752 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:59:48.0079 2752 Parport - ok
21:59:48.0110 2752 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:59:48.0112 2752 partmgr - ok
21:59:48.0151 2752 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:59:48.0154 2752 pci - ok
21:59:48.0164 2752 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:59:48.0164 2752 pciide - ok
21:59:48.0201 2752 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:59:48.0204 2752 pcmcia - ok
21:59:48.0235 2752 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:59:48.0236 2752 pcw - ok
21:59:48.0261 2752 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:59:48.0267 2752 PEAUTH - ok
21:59:48.0323 2752 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
21:59:48.0324 2752 pnarp - ok
21:59:48.0351 2752 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:59:48.0353 2752 PptpMiniport - ok
21:59:48.0380 2752 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:59:48.0381 2752 Processor - ok
21:59:48.0449 2752 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:59:48.0452 2752 Psched - ok
21:59:48.0480 2752 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
21:59:48.0481 2752 purendis - ok
21:59:48.0529 2752 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:59:48.0564 2752 ql2300 - ok
21:59:48.0700 2752 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:59:48.0704 2752 ql40xx - ok
21:59:48.0751 2752 qtnhcgzv (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\qtnhcgzv.sys
21:59:48.0752 2752 qtnhcgzv - ok
21:59:48.0768 2752 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:59:48.0768 2752 QWAVEdrv - ok
21:59:48.0802 2752 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:59:48.0802 2752 RasAcd - ok
21:59:48.0835 2752 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:59:48.0835 2752 RasAgileVpn - ok
21:59:48.0854 2752 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:59:48.0856 2752 Rasl2tp - ok
21:59:48.0872 2752 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:59:48.0873 2752 RasPppoe - ok
21:59:48.0906 2752 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:59:48.0907 2752 RasSstp - ok
21:59:48.0928 2752 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:59:48.0933 2752 rdbss - ok
21:59:48.0961 2752 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:59:48.0962 2752 rdpbus - ok
21:59:48.0989 2752 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:59:48.0990 2752 RDPCDD - ok
21:59:49.0018 2752 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:59:49.0019 2752 RDPENCDD - ok
21:59:49.0033 2752 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:59:49.0034 2752 RDPREFMP - ok
21:59:49.0059 2752 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:59:49.0062 2752 RDPWD - ok
21:59:49.0093 2752 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:59:49.0096 2752 rdyboost - ok
21:59:49.0131 2752 rgckwdbr (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\rgckwdbr.sys
21:59:49.0133 2752 rgckwdbr - ok
21:59:49.0161 2752 rrudhimd (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\rrudhimd.sys
21:59:49.0163 2752 rrudhimd - ok
21:59:49.0177 2752 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:59:49.0178 2752 rspndr - ok
21:59:49.0206 2752 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:59:49.0208 2752 sbp2port - ok
21:59:49.0239 2752 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:59:49.0240 2752 scfilter - ok
21:59:49.0264 2752 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:59:49.0265 2752 secdrv - ok
21:59:49.0316 2752 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:59:49.0316 2752 Serenum - ok
21:59:49.0340 2752 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:59:49.0341 2752 Serial - ok
21:59:49.0351 2752 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:59:49.0351 2752 sermouse - ok
21:59:49.0399 2752 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:59:49.0400 2752 sffdisk - ok
21:59:49.0433 2752 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:59:49.0433 2752 sffp_mmc - ok
21:59:49.0445 2752 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:59:49.0445 2752 sffp_sd - ok
21:59:49.0466 2752 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:59:49.0467 2752 sfloppy - ok
21:59:49.0496 2752 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:59:49.0497 2752 SiSRaid2 - ok
21:59:49.0508 2752 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:59:49.0510 2752 SiSRaid4 - ok
21:59:49.0544 2752 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:59:49.0545 2752 Smb - ok
21:59:49.0584 2752 soiemegt (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\soiemegt.sys
21:59:49.0586 2752 soiemegt - ok
21:59:49.0594 2752 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:59:49.0594 2752 spldr - ok
21:59:49.0657 2752 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
21:59:49.0666 2752 sptd - ok
21:59:49.0714 2752 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:59:49.0722 2752 srv - ok
21:59:49.0753 2752 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:59:49.0756 2752 srv2 - ok
21:59:49.0801 2752 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:59:49.0802 2752 srvnet - ok
21:59:49.0838 2752 ssvbhtld (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\ssvbhtld.sys
21:59:49.0838 2752 ssvbhtld - ok
21:59:49.0905 2752 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:59:49.0907 2752 stexstor - ok
21:59:49.0919 2752 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:59:49.0920 2752 swenum - ok
21:59:50.0015 2752 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
21:59:50.0016 2752 taphss - ok
21:59:50.0096 2752 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
21:59:50.0131 2752 Tcpip - ok
21:59:50.0179 2752 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
21:59:50.0192 2752 TCPIP6 - ok
21:59:50.0210 2752 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:59:50.0210 2752 tcpipreg - ok
21:59:50.0232 2752 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:59:50.0232 2752 TDPIPE - ok
21:59:50.0257 2752 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:59:50.0258 2752 TDTCP - ok
21:59:50.0285 2752 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:59:50.0287 2752 tdx - ok
21:59:50.0295 2752 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:59:50.0296 2752 TermDD - ok
21:59:50.0325 2752 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:59:50.0325 2752 tssecsrv - ok
21:59:50.0351 2752 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:59:50.0353 2752 tunnel - ok
21:59:50.0382 2752 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:59:50.0384 2752 uagp35 - ok
21:59:50.0419 2752 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:59:50.0423 2752 udfs - ok
21:59:50.0439 2752 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:59:50.0441 2752 uliagpkx - ok
21:59:50.0468 2752 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:59:50.0469 2752 umbus - ok
21:59:50.0498 2752 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:59:50.0498 2752 UmPass - ok
21:59:50.0540 2752 uqemgald (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\uqemgald.sys
21:59:50.0541 2752 uqemgald - ok
21:59:50.0608 2752 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
21:59:50.0611 2752 usbaudio - ok
21:59:50.0637 2752 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
21:59:50.0640 2752 usbccgp - ok
21:59:50.0669 2752 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:59:50.0671 2752 usbcir - ok
21:59:50.0699 2752 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
21:59:50.0699 2752 usbehci - ok
21:59:50.0723 2752 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
21:59:50.0726 2752 usbhub - ok
21:59:50.0735 2752 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:59:50.0736 2752 usbohci - ok
21:59:50.0760 2752 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:59:50.0760 2752 usbprint - ok
21:59:50.0815 2752 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:59:50.0817 2752 usbscan - ok
21:59:50.0840 2752 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:59:50.0842 2752 USBSTOR - ok
21:59:50.0869 2752 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:59:50.0870 2752 usbuhci - ok
21:59:50.0934 2752 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
21:59:50.0939 2752 usbvideo - ok
21:59:50.0968 2752 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:59:50.0970 2752 vdrvroot - ok
21:59:51.0003 2752 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:59:51.0004 2752 vga - ok
21:59:51.0030 2752 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:59:51.0031 2752 VgaSave - ok
21:59:51.0064 2752 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:59:51.0067 2752 vhdmp - ok
21:59:51.0076 2752 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:59:51.0077 2752 viaide - ok
21:59:51.0104 2752 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:59:51.0105 2752 volmgr - ok
21:59:51.0124 2752 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:59:51.0128 2752 volmgrx - ok
21:59:51.0156 2752 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:59:51.0159 2752 volsnap - ok
21:59:51.0199 2752 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:59:51.0201 2752 vsmraid - ok
21:59:51.0231 2752 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:59:51.0232 2752 vwifibus - ok
21:59:51.0251 2752 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:59:51.0252 2752 vwififlt - ok
21:59:51.0265 2752 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:59:51.0266 2752 WacomPen - ok
21:59:51.0293 2752 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:59:51.0294 2752 WANARP - ok
21:59:51.0298 2752 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:59:51.0299 2752 Wanarpv6 - ok
21:59:51.0323 2752 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:59:51.0325 2752 Wd - ok
21:59:51.0346 2752 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:59:51.0353 2752 Wdf01000 - ok
21:59:51.0393 2752 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:59:51.0393 2752 WfpLwf - ok
21:59:51.0402 2752 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:59:51.0403 2752 WIMMount - ok
21:59:51.0449 2752 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:59:51.0450 2752 WinUsb - ok
21:59:51.0460 2752 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:59:51.0461 2752 WmiAcpi - ok
21:59:51.0502 2752 wnxaszvi (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\wnxaszvi.sys
21:59:51.0504 2752 wnxaszvi - ok
21:59:51.0539 2752 wpjpruko (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\wpjpruko.sys
21:59:51.0541 2752 wpjpruko - ok
21:59:51.0561 2752 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:59:51.0561 2752 ws2ifsl - ok
21:59:51.0584 2752 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:59:51.0586 2752 WudfPf - ok
21:59:51.0605 2752 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:59:51.0607 2752 WUDFRd - ok
21:59:51.0631 2752 xyicspsh (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\xyicspsh.sys
21:59:51.0633 2752 xyicspsh - ok
21:59:51.0669 2752 zrazuwig (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\zrazuwig.sys
21:59:51.0671 2752 zrazuwig - ok
21:59:51.0710 2752 MBR (0x1B8) (70e629b51c16b3c007730c6ae57144c9) \Device\Harddisk0\DR0
21:59:53.0945 2752 \Device\Harddisk0\DR0 - ok
21:59:53.0985 2752 Boot (0x1200) (d7795794227a098716f46dda757c7018) \Device\Harddisk0\DR0\Partition0
21:59:53.0985 2752 \Device\Harddisk0\DR0\Partition0 - ok
21:59:53.0995 2752 Boot (0x1200) (3bb44e2708978199a91b4c8a2be38418) \Device\Harddisk0\DR0\Partition1
21:59:53.0995 2752 \Device\Harddisk0\DR0\Partition1 - ok
21:59:53.0995 2752 ============================================================
21:59:53.0995 2752 Scan finished
21:59:53.0995 2752 ============================================================
21:59:54.0055 1900 Detected object count: 0
21:59:54.0055 1900 Actual detected object count: 0

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:58 AM

Posted 05 March 2012 - 08:41 AM

Hi

Please run the following, there are a couple of further diagnostics I want to check out before we continue


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 dancharleton

dancharleton
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 05 March 2012 - 06:26 PM

Okay sure thing! Logs are attached.

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:58 AM

Posted 05 March 2012 - 06:48 PM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic445061.html/page__pid__2620605

Collect::
c:\windows\system32\drivers\gwmtvjxi.sys
c:\windows\system32\drivers\kmerbjhk.sys
c:\windows\system32\drivers\lliktcbe.sys
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
C:\Windows\SysNative\irenum.dll

File::
C:\ProgramData\ERkWq0ed.dat

NetSvc::
procmon10
adobeversioncue

Driver::
procmon10
adobeversioncue

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 dancharleton

dancharleton
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 05 March 2012 - 09:23 PM

OK here is the MWB log (ESET log attached)

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.06.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
-0 -0 -0 -0 -0 -0 -0 :: -0-0-0-0-0-0-0 [administrator]

Protection: Enabled

3/5/2012 7:17:51 PM
mbam-log-2012-03-05 (19-17-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195235
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Attached Files



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:58 AM

Posted 05 March 2012 - 09:56 PM

Do you have the new log from the ComboFix script?

It should be located at C:\ComboFix.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 dancharleton

dancharleton
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 05 March 2012 - 10:00 PM

Whoops I forgot! Here it is.

Attached Files



#10 dancharleton

dancharleton
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 05 March 2012 - 10:02 PM

Also it is amazing how fast you are responding, I couldn't ask for better assistance. Even if this all doesn't work out I owe you a debt of gratitude for investing so much time!

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:58 AM

Posted 06 March 2012 - 06:58 PM

Hi

There are still some indications of malware in the log that is stubbornly refusing to go, so let's give it another try

please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic445061.html/page__pid__2622034#entry2622034

Collect::
C:\Windows\System32\drivers\aqhhiiwb.sys

NetSvc::
procmon10
adobeversioncue

Driver::
procmon10
adobeversioncue

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT


If you could please run a fresh OTL scan as well as that often picks up things other scans don't

Please post both the ComboFix and the new OTL log

thanks

Edited by CatByte, 06 March 2012 - 07:03 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 dancharleton

dancharleton
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 07 March 2012 - 04:54 PM

OTL log is attached. It's weird, but despite following the same instructions, it doesn't generate the "extras" file, despite several attempts running it. Anyway, here is the one log.

ComboFix 12-03-04.02 - -0 -0 -0 -0 -0 -0 -0 03/07/2012 14:48:45.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4505 [GMT -5:00]
Running from: c:\users\-0 -0 -0 -0 -0 -0 -0\Desktop\ComboFix.exe
Command switches used :: c:\users\-0 -0 -0 -0 -0 -0 -0\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 19:53 . 2012-03-07 19:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-07 18:46 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{748ED74F-3660-4A2B-9A38-41BB6E86BAC8}\mpengine.dll
2012-03-06 00:23 . 2012-03-06 00:23 -------- d-----w- c:\program files (x86)\ESET
2012-03-06 00:23 . 2012-03-06 00:23 -------- d--h--w- c:\windows\AxInstSV
2012-03-04 21:02 . 2012-03-05 00:42 -------- d-----w- c:\program files\CCleaner
2012-03-02 22:18 . 2012-03-02 22:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-02 03:21 . 2012-03-02 03:21 -------- d-----w- c:\users\-0 -0 -0 -0 -0 -0 -0\AppData\Roaming\Malwarebytes
2012-03-02 03:21 . 2012-03-02 03:21 -------- d-----w- c:\programdata\Malwarebytes
2012-03-02 03:21 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 03:21 . 2012-03-06 00:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-02 02:53 . 2012-03-02 02:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-02 01:09 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-02 01:09 . 2012-03-02 02:17 -------- d-----w- C:\MoTemp
2012-02-29 17:45 . 2012-03-01 16:38 -------- d-----w- c:\programdata\AVAST Software
2012-02-29 17:45 . 2012-03-01 16:38 -------- d-----w- c:\program files\AVAST Software
2012-02-28 01:34 . 2012-03-02 03:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-25 22:26 . 2012-02-27 23:31 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2012-02-25 22:26 . 2012-02-27 14:35 -------- d-----w- c:\program files (x86)\Red Giant Link
2012-02-25 22:12 . 2012-02-25 22:12 -------- d-----w- C:\$AVG
2012-02-25 22:01 . 2012-02-25 22:01 -------- d--h--w- c:\programdata\Common Files
2012-02-25 22:00 . 2012-02-27 23:31 -------- d-----w- c:\programdata\AVG2012
2012-02-25 22:00 . 2012-03-01 18:52 -------- d-----w- c:\program files (x86)\AVG
2012-02-25 21:55 . 2012-03-01 18:57 -------- d-----w- c:\programdata\MFAData
2012-02-25 17:05 . 2012-03-04 22:07 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-25 17:04 . 2012-03-02 03:34 -------- d-----w- c:\windows\system32\Macromed
2012-02-25 16:36 . 2012-02-25 17:13 -------- d-----w- c:\users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\LooksBuilder
2012-02-25 16:35 . 2012-03-02 03:37 -------- d-----w- c:\users\-0 -0 -0 -0 -0 -0 -0\AppData\Roaming\Red Giant Link
2012-02-25 16:32 . 2012-03-02 03:33 -------- d-----w- c:\programdata\RedGiant
2012-02-25 16:32 . 2012-02-25 16:32 1492 ----a-w- C:\user.js
2012-02-25 16:32 . 2012-03-02 03:33 -------- d-----w- c:\users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Babylon
2012-02-25 16:32 . 2012-02-25 16:32 -------- d-----w- c:\users\-0 -0 -0 -0 -0 -0 -0\AppData\Roaming\Babylon
2012-02-25 16:32 . 2012-02-25 16:32 -------- d-----w- c:\programdata\Babylon
2012-02-25 16:05 . 2012-02-25 16:05 -------- d-----w- c:\users\-0 -0 -0 -0 -0 -0 -0\AppData\Roaming\Sony Creative Software Inc
2012-02-25 15:39 . 2012-02-25 15:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-25 15:39 . 2012-02-25 15:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-25 15:39 . 2012-02-25 15:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-25 15:39 . 2012-02-25 15:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-25 15:39 . 2012-02-25 15:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-25 15:39 . 2012-02-25 15:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-25 15:39 . 2012-02-25 15:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-25 06:51 . 2012-02-27 20:55 -------- d-----w- c:\program files (x86)\LooksBuilder
2012-02-25 06:51 . 2012-02-25 06:51 -------- d-----w- c:\program files (x86)\MBLooks
2012-02-25 06:51 . 2012-02-25 06:51 -------- d-----w- c:\program files (x86)\Magic Bullet MisFire
2012-02-25 06:34 . 1999-11-10 16:05 86016 ----a-w- c:\windows\unvise32qt.exe
2012-02-25 05:55 . 2012-03-02 03:37 -------- d-----w- c:\program files (x86)\Magic Bullet Looks Vegas
2012-02-25 05:40 . 2012-03-02 03:37 -------- d-----w- c:\windows\SysWow64\spool
2012-02-25 04:58 . 2012-03-02 03:33 -------- d-----w- c:\program files (x86)\Sony Setup
2012-02-25 03:50 . 2012-02-25 03:50 53248 ----a-r- c:\users\-0 -0 -0 -0 -0 -0 -0\AppData\Roaming\Microsoft\Installer\{656C6151-03B2-4077-8E29-0950037FC8B4}\ARPPRODUCTICON.exe
2012-02-25 03:30 . 2012-03-02 03:33 -------- d-----w- c:\program files (x86)\QuickTime
2012-02-24 21:37 . 2012-02-25 22:36 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-02-24 21:33 . 2012-02-24 21:33 -------- d-----w- c:\program files (x86)\Adobe Story
2012-02-22 03:27 . 2012-02-22 03:27 -------- d-----w- c:\users\-0 -0 -0 -0 -0 -0 -0\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-02-22 03:26 . 2012-02-22 03:26 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-02-10 20:26 . 2009-03-19 21:34 29544 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-02-10 20:26 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-02-10 20:26 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-02-10 20:26 . 2012-03-02 03:37 -------- d-----w- c:\program files (x86)\iTunes
2012-02-10 20:26 . 2012-03-02 03:33 -------- d-----w- c:\program files\iTunes
2012-02-10 20:26 . 2012-03-02 03:33 -------- d-----w- c:\program files (x86)\iPod
2012-02-06 21:04 . 2012-03-02 03:33 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-02-06 20:59 . 2012-03-02 03:37 -------- d-----w- c:\program files (x86)\Bonjour
2012-02-06 20:59 . 2012-02-06 20:59 -------- d-----w- c:\program files\Bonjour
2012-02-06 20:07 . 2012-02-06 20:07 -------- d-----w- c:\programdata\Premium
2012-02-06 20:07 . 2012-03-02 03:33 -------- d-----w- c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 02:52 . 2010-04-21 01:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-25 17:04 . 2011-07-10 23:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2010-04-20 20:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2005-03-22 09:49 . 2005-03-22 09:49 287232 ----a-w- c:\program files (x86)\Adobelmsvc Installer.dll
2005-03-22 08:29 . 2005-03-22 08:29 19533824 ----a-w- c:\program files (x86)\Photoshop.exe
2005-03-22 07:48 . 2005-03-22 07:48 2142208 ----a-w- c:\program files (x86)\PSArt.dll
2005-03-22 07:48 . 2005-03-22 07:48 1748992 ----a-w- c:\program files (x86)\PSViews.dll
2005-03-22 07:48 . 2005-03-22 07:48 1323008 ----a-w- c:\program files (x86)\Photoshop.dll
2005-03-22 07:43 . 2005-03-22 07:43 1144622 ----a-w- c:\program files (x86)\Tw10122.dat
2005-03-22 07:41 . 2005-03-22 07:41 19980288 ----a-w- c:\program files (x86)\ImageReady.exe
2005-03-22 07:13 . 2005-03-22 07:13 41984 ----a-w- c:\program files (x86)\Plugin.dll
2005-03-16 22:57 . 2005-03-16 22:57 61440 ----a-w- c:\program files (x86)\regsresen_US.dll
2005-03-13 17:10 . 2005-03-13 17:10 4096000 ----a-w- c:\program files (x86)\PDFL70.dll
2005-03-13 16:01 . 2005-03-13 16:01 1805824 ----a-w- c:\program files (x86)\AGM.dll
2005-03-11 00:31 . 2005-03-11 00:31 3715072 ----a-w- c:\program files (x86)\MPS.dll
2005-03-09 21:59 . 2005-03-09 21:59 1560169 ----a-w- c:\program files (x86)\AdobeLM.dll
2005-03-09 08:32 . 2005-03-09 08:32 151552 ----a-w- c:\program files (x86)\AXE8SharedExpat.dll
2005-03-09 08:32 . 2005-03-09 08:32 151552 ----a-w- c:\program files (x86)\AXE16SharedExpat.dll
2005-03-09 08:17 . 2005-03-09 08:17 475136 ----a-w- c:\program files (x86)\AdobeXMP.dll
2005-03-09 08:07 . 2005-03-09 08:07 630784 ----a-w- c:\program files (x86)\ACE.dll
2005-03-09 08:07 . 2005-03-09 08:07 266240 ----a-w- c:\program files (x86)\ARE.dll
2005-03-09 08:07 . 2005-03-09 08:07 217088 ----a-w- c:\program files (x86)\BIBUtils.dll
2005-03-09 08:07 . 2005-03-09 08:07 2162688 ----a-w- c:\program files (x86)\CoolType.dll
2005-03-09 08:07 . 2005-03-09 08:07 180224 ----a-w- c:\program files (x86)\Bib.dll
2005-03-08 11:23 . 2005-03-08 11:23 4153344 ----a-w- c:\program files (x86)\VersionCue.dll
2005-03-08 11:23 . 2005-03-08 11:23 3170304 ----a-w- c:\program files (x86)\VersionCueUI.dll
2005-03-03 19:39 . 2005-03-03 19:39 425984 ----a-w- c:\program files (x86)\AdobeUpdater.dll
2005-02-17 15:28 . 2005-02-17 15:28 663552 ----a-w- c:\program files (x86)\FileInfo.dll
2005-02-15 06:03 . 2005-02-15 06:03 561152 ----a-w- c:\program files (x86)\JP2KLib.dll
2005-02-10 17:36 . 2005-02-10 17:36 143360 ----a-w- c:\program files (x86)\epic_eula.dll
2005-02-08 17:43 . 2005-02-08 17:43 49152 ----a-w- c:\program files (x86)\persresen_US.dll
2005-02-08 17:43 . 2005-02-08 17:43 45056 ----a-w- c:\program files (x86)\eularesen_US.dll
2005-02-07 12:45 . 2005-02-07 12:45 5632 ----a-w- c:\program files (x86)\agldt28l.dll
2005-01-19 18:31 . 2005-01-19 18:31 155648 ----a-w- c:\program files (x86)\epic_regs.dll
2005-01-18 16:31 . 2005-01-18 16:31 114688 ----a-w- c:\program files (x86)\epic_pers.dll
2005-01-12 18:23 . 2005-01-12 18:23 180224 ----a-w- c:\program files (x86)\pdfsettings.dll
2004-08-24 19:55 . 2004-08-24 19:55 126976 ----a-w- c:\program files (x86)\asneu.dll
2004-06-22 16:57 . 2004-06-22 16:57 589824 ----a-w- c:\program files (x86)\libagluc28.dll
2003-05-08 22:34 . 2003-05-08 22:34 499712 ----a-w- c:\program files (x86)\msvcp71.dll
2003-05-08 22:32 . 2003-05-08 22:32 348160 ----a-w- c:\program files (x86)\msvcr71.dll
2000-08-29 04:19 . 2000-08-29 04:19 401462 ----a-w- c:\program files (x86)\MSVCP60.DLL
1999-02-02 04:00 . 1999-02-02 04:00 266293 ----a-w- c:\program files (x86)\Msvcrt.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_04.27.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-15 20:36 . 2012-03-07 18:43 57492 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2010-04-20 20:52 . 2012-03-07 19:54 11996 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-07-14 05:10 . 2012-03-07 18:43 46312 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-20 19:56 . 2012-03-07 18:43 15174 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3063234839-2823473153-2640018886-1000_UserData.bin
+ 2010-04-20 15:56 . 2012-03-07 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-20 15:56 . 2012-03-05 04:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-20 15:56 . 2012-03-05 04:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-20 15:56 . 2012-03-07 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-24 04:12 . 2012-03-07 18:43 1530 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
- 2012-03-05 04:26 . 2012-03-05 04:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-07 19:55 . 2012-03-07 19:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-07 19:55 . 2012-03-07 19:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-05 04:26 . 2012-03-05 04:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-03-07 19:55 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-05 04:26 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-07 19:55 786432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-05 04:26 786432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-20 18:00 . 2012-03-07 18:42 489046 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-03-07 18:43 660280 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-07 18:43 121208 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:54 . 2012-03-07 19:55 3129344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-05 04:26 3129344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:34 . 2012-03-05 01:21 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-07 18:57 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-15 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-08 585728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20 20:15]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20 20:15]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063234839-2823473153-2640018886-1000Core.job
- c:\users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-20 20:13]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063234839-2823473153-2640018886-1000UA.job
- c:\users\-0 -0 -0 -0 -0 -0 -0\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-20 20:13]
.
2012-02-29 c:\windows\Tasks\Norton Security Scan for -0 -0 -0 -0 -0 -0 -0.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-20 14:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"PLD_FrameworkRun"="c:\windows\System32\oem\RunCMD_X64.exe" [2009-08-11 337920]
"Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 2342800]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
procmon10
adobeversioncue
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360410g106p03h5v195r47m1s20p
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360410g106p03h5v195r47m1s20p
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\oem\setEvent.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-03-07 14:59:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-07 19:59
ComboFix2.txt 2012-03-06 00:08
ComboFix3.txt 2012-03-05 04:32
.
Pre-Run: 338,755,915,776 bytes free
Post-Run: 338,645,884,928 bytes free
.
- - End Of File - - F2D1488AC2EF897202C96D8FAAA9FA01

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:58 AM

Posted 07 March 2012 - 06:35 PM

Hi,

OTL only generates the Extra's log on the first run,

The OTL log didn't attach on that last post if you could please post it

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 dancharleton

dancharleton
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 07 March 2012 - 06:39 PM

ok here we go

Attached Files

  • Attached File  OTL.Txt   124.44KB   1 downloads


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:58 AM

Posted 07 March 2012 - 07:14 PM

how is the computer running now?

Are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users