Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE9 Google Results are redirecting


  • This topic is locked This topic is locked
22 replies to this topic

#1 babraham76

babraham76

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 07 March 2012 - 05:39 PM

Hello there,
I have a problem with my IE 9 that all of my google results are redirecting to odd sites. I am not noticing this behavior in Firefox or Chrome. I ran the usual suspects of spyware cleaners to no avail. Thank you for your help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by brian at 14:29:39 on 2012-03-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8118.5011 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
C:\Program Files (x86)\Fortinet\FortiClient\fcappdb.exe
C:\Program Files (x86)\Fortinet\FortiClient\fortiwf.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
C:\Program Files\EVault Software\Agent\VVAgent.exe
C:\Program Files\EVault Software\Agent\buagent.exe
C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Seagull\BarTender Suite\Printer Maestro\Maestro.Service.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\GeNUIT\THINWORX\Client\bin\TWCService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\BackupAssist v6\BackupAssistService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files (x86)\Fortinet\FortiClient\FCHelper.exe
C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\EVault Software\Agent Assistant\Maestro.exe
C:\Program Files (x86)\Seagull\BarTender Suite\System\BtSystem.Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagull\BarTender Suite\Commander\CmdrSrv.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files (x86)\Mozilla Firefox 8\firefox.exe
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\f6ph0kn1.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://help.fourstardist.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SDHelper: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Brian\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Akamai NetSession Interface] "C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Update] rundll32.exe "C:\Users\Brian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\xiuzb.dll",DllRegisterServer
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Brian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Brian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Sphericall &Dial - C:\Program Files\Sphere\Dial.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: garmin.com\buy
Trusted Zone: garmin.com\connect
Trusted Zone: garmin.com\my
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///K:/activeX/DCP.cab
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1328197436056
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - hxxp://10.10.40.18/aplugLiteDL.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://10.10.40.2/plugin/h263ctrl.cab
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.115/WebSlingPlayer.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=722
TCP: DhcpNameServer = 10.10.10.32 10.10.10.33
TCP: Interfaces\{819010F7-CD2A-4039-938B-22ACBDE6FF0F} : DhcpNameServer = 10.10.10.32 10.10.10.33
TCP: Interfaces\{819010F7-CD2A-4039-938B-22ACBDE6FF0F}\142425148414D4 : DhcpNameServer = 68.190.192.35 71.9.127.107 68.116.46.115
TCP: Interfaces\{819010F7-CD2A-4039-938B-22ACBDE6FF0F}\242514454565 : DhcpNameServer = 10.99.1.1
TCP: Interfaces\{819010F7-CD2A-4039-938B-22ACBDE6FF0F}\8416C6C6 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: SDHelper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: acaptuser32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 10.0.0.1 activate.adobe.com
Hosts: 10.99.1.4 brattv
Hosts: 10.10.10.32 dc1
Hosts: 10.10.10.33 dc2
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\f6ph0kn1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\f6ph0kn1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\f6ph0kn1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\f6ph0kn1.default\extensions\TechnicianConsole@logmeinrescue.com\platform\WINNT\components\RescueComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll
FF - plugin: C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll
FF - plugin: C:\Program Files (x86)\GeNUIT\THINWORX\Client\bin\NPTWCP.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Brian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;C:\Windows\system32\drivers\AppleHFS.sys --> C:\Windows\system32\drivers\AppleHFS.sys [?]
R0 AppleMNT;AppleMNT;C:\Windows\system32\drivers\AppleMNT.sys --> C:\Windows\system32\drivers\AppleMNT.sys [?]
R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 fortiapd;fortiapd;C:\Windows\system32\drivers\fortiapd.sys --> C:\Windows\system32\drivers\fortiapd.sys [?]
R1 FortiShield;Fortinet Fortishield;C:\Windows\system32\drivers\FortiShield.sys --> C:\Windows\system32\drivers\FortiShield.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 VHDMgr;VHD manager driver;\??\C:\Windows\system32\drivers\VHDMount-x64.sys --> C:\Windows\system32\drivers\VHDMount-x64.sys [?]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\system32\AppleOSSMgr.exe --> C:\Windows\system32\AppleOSSMgr.exe [?]
R2 AppleTimeSrv;Apple Time Service;C:\Windows\system32\AppleTimeSrv.exe --> C:\Windows\system32\AppleTimeSrv.exe [?]
R2 BarTender System Service;BarTender System Service;C:\Program Files (x86)\Seagull\BarTender Suite\System\BtSystem.Service.exe [2009-2-10 54640]
R2 Commander Service;Commander Service;C:\Program Files (x86)\Seagull\BarTender Suite\Commander\CmdrSrv.exe [2009-2-10 1906032]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-23 8448944]
R2 Dokan;Dokan;\??\C:\Windows\system32\drivers\dokan.sys --> C:\Windows\system32\drivers\dokan.sys [?]
R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2010-7-5 11776]
R2 EVault InfoStage Agent;EVault Software Agent;C:\Program Files\EVault Software\Agent\VVAgent.exe [2011-7-25 6488576]
R2 EVault InfoStage BUAgent;EVault Software BUAgent;C:\Program Files\EVault Software\Agent\buagent.exe [2011-7-25 10012672]
R2 FortiSslvpnDaemon;FortiClient SSL VPN;C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [2010-3-22 703080]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 KeyAgent;KeyAgent;\??\C:\Windows\system32\drivers\KeyAgent.sys --> C:\Windows\system32\drivers\KeyAgent.sys [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MacHALDriver;Mac HAL;\??\C:\Windows\system32\drivers\MacHALDriver.sys --> C:\Windows\system32\drivers\MacHALDriver.sys [?]
R2 Maestro;Printer Maestro;C:\Program Files (x86)\Seagull\BarTender Suite\Printer Maestro\Maestro.Service.exe [2009-2-10 226672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-7 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-3 2253120]
R2 SlingAgentService;SlingAgentService;C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-3 94024]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 THINWORX Client Service;THINWORX Client Service;C:\Program Files (x86)\GeNUIT\THINWORX\Client\bin\TWCService.exe [2011-5-25 121856]
R3 acpials;ALS Sensor Filter;C:\Windows\system32\DRIVERS\acpials.sys --> C:\Windows\system32\DRIVERS\acpials.sys [?]
R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\system32\DRIVERS\AppleBtBc.sys --> C:\Windows\system32\DRIVERS\AppleBtBc.sys [?]
R3 AppleDisplayFlt;Apple Display Driver;C:\Windows\system32\DRIVERS\aaplmonf.sys --> C:\Windows\system32\DRIVERS\aaplmonf.sys [?]
R3 applemtm;Apple Multitouch Mouse;C:\Windows\system32\DRIVERS\applemtm.sys --> C:\Windows\system32\DRIVERS\applemtm.sys [?]
R3 applemtp;Apple Multitouch;C:\Windows\system32\DRIVERS\applemtp.sys --> C:\Windows\system32\DRIVERS\applemtp.sys [?]
R3 AppleODD;Apple ODD;C:\Windows\system32\DRIVERS\AppleODD.sys --> C:\Windows\system32\DRIVERS\AppleODD.sys [?]
R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
R3 CirrusFilter;CS420xLowerFilter;C:\Windows\system32\DRIVERS\CS420x64.sys --> C:\Windows\system32\DRIVERS\CS420x64.sys [?]
R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys --> C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [?]
R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]
R3 Fortidrv2;Fortinet Fortinet Packet Filter Service;C:\Windows\system32\DRIVERS\fortidrv.sys --> C:\Windows\system32\DRIVERS\fortidrv.sys [?]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\system32\DRIVERS\IRFilter.sys --> C:\Windows\system32\DRIVERS\IRFilter.sys [?]
R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\system32\DRIVERS\KeyMagic.sys --> C:\Windows\system32\DRIVERS\KeyMagic.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-3-7 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 pppop;PPPoP WAN Adapter;C:\Windows\system32\DRIVERS\pppop64.sys --> C:\Windows\system32\DRIVERS\pppop64.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S1 Fortips;Fortips;C:\Windows\system32\drivers\fortips.sys --> C:\Windows\system32\drivers\fortips.sys [?]
S1 FortiRdr;FortiRdr;C:\Windows\system32\drivers\FortiRdr2.sys --> C:\Windows\system32\drivers\FortiRdr2.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-18 136176]
S2 MouseWithoutBordersSvc;Mouse without Borders Service;C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2011-8-31 17920]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 applebmt;Apple Wireless Mouse;C:\Windows\system32\DRIVERS\applebmt.sys --> C:\Windows\system32\DRIVERS\applebmt.sys [?]
S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
S3 dccdrv;dccdrv;C:\Windows\system32\Drivers\dccdrv64.sys --> C:\Windows\system32\Drivers\dccdrv64.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 ft_vnic;Fortinet network virtual adapter;C:\Windows\system32\DRIVERS\ftvnic.sys --> C:\Windows\system32\DRIVERS\ftvnic.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-18 136176]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
.
=============== Created Last 30 ================
.
2012-03-07 22:01:42 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{90F4B339-6012-42C3-AA5B-EB2D6A360AF3}\offreg.dll
2012-03-07 21:41:35 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-03-07 19:52:40 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-03-07 19:51:28 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-03-07 19:51:25 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-03-07 17:40:59 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-07 17:01:20 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-07 16:37:39 -------- d-----w- C:\ProcAlyzer Dumps
2012-03-07 14:57:37 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{90F4B339-6012-42C3-AA5B-EB2D6A360AF3}\mpengine.dll
2012-03-06 16:04:01 -------- d-----w- C:\120226 - Trangs 40th BDay Maui
2012-03-06 15:29:49 -------- d-----w- C:\120303 - Desert Sprint Triathlon
2012-02-29 20:58:54 2106216 ------w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-02-29 20:58:54 1998168 ------w- C:\Windows\SysWow64\D3DX9_43.dll
2012-02-29 20:58:37 453456 ------w- C:\Windows\SysWow64\d3dx10_42.dll
2012-02-29 20:58:36 81768 ------w- C:\Windows\SysWow64\xinput1_3.dll
2012-02-22 18:17:17 224048 ------w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-02-22 18:17:16 130864 ------w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-02-22 18:08:34 -------- d-----w- C:\ISOs
2012-02-17 00:16:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-02-17 00:16:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-02-16 23:42:35 -------- d-----w- C:\Program Files\Microsoft System Center Virtual Machine Manager 2008 R2
2012-02-16 23:42:10 -------- d-----w- C:\ProgramData\VMMLogs
2012-02-16 21:44:53 -------- d-----w- C:\Program Files (x86)\Julien MANICI
2012-02-16 17:39:03 -------- d-----w- C:\Users\Brian\AppData\Roaming\SoftGrid Client
2012-02-16 17:37:02 -------- d-----w- C:\Users\Brian\AppData\Roaming\TP
2012-02-15 07:22:22 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 07:22:22 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 07:22:22 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 07:22:22 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 07:22:21 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 07:22:21 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 07:22:20 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 07:22:20 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-14 17:26:41 -------- d-----w- C:\Program Files (x86)\Network Print Monitor
2012-02-14 15:29:15 -------- d-----w- C:\Users\Brian\AppData\Local\PSU
2012-02-14 15:27:40 482408 ------w- C:\Windows\ssndii.exe
2012-02-14 15:27:27 81920 ------w- C:\Windows\SysWow64\ssdevm.dll
2012-02-14 15:27:27 74240 ------w- C:\Windows\System32\ssdevm64.dll
2012-02-14 15:27:27 701440 ------w- C:\Windows\SysWow64\msxml2.dll
2012-02-14 15:27:27 49152 ------w- C:\Windows\SysWow64\ssusbpn.dll
2012-02-14 15:27:27 47104 ------w- C:\Windows\System32\ssusbp64.dll
2012-02-14 15:27:27 38160 ------w- C:\Windows\SysWow64\msxml2r.dll
2012-02-14 15:27:27 21776 ------w- C:\Windows\SysWow64\msxml2a.dll
2012-02-14 15:27:02 11576 ------w- C:\Windows\System32\drivers\SSPORT.SYS
2012-02-14 15:27:01 -------- d-----w- C:\Program Files (x86)\Samsung
2012-02-14 15:26:53 -------- d-----w- C:\Drivers
2012-02-14 15:21:42 33792 ------w- C:\Windows\System32\Spool\prtprocs\x64\cl31cpc.dll
2012-02-13 15:28:48 -------- d-----w- C:\Users\Brian\AppData\Roaming\.Tribler
2012-02-13 15:28:30 -------- d-----w- C:\Program Files (x86)\Tribler
2012-02-11 00:01:05 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9801011D-7996-4E31-BCCE-B0F0B591E798}\gapaengine.dll
2012-02-08 19:16:02 52864 ------w- C:\Windows\System32\drivers\VHDMount-x64.sys
2012-02-08 19:16:01 -------- d-----w- C:\ProgramData\BackupAssist v6
2012-02-08 19:15:56 -------- d-----w- C:\Program Files (x86)\BackupAssist v6
2012-02-08 19:15:24 -------- d-----w- C:\Users\Brian\AppData\Local\Downloaded Installations
.
==================== Find3M ====================
.
2012-03-07 18:16:54 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-07 15:51:46 87456 ------w- C:\Windows\System32\LMIRfsClientNP.dll
2012-02-07 15:51:44 80768 ------w- C:\Windows\System32\LMIinit.dll
2012-02-07 15:51:44 34688 ------w- C:\Windows\System32\LMIport.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 03:42:18 112056 ------w- C:\Windows\SysWow64\acaptuser32.dll
2012-01-03 17:59:00 0 ------w- C:\Windows\SysWow64\dlumd9.dll
2012-01-03 17:59:00 0 ------w- C:\Windows\SysWow64\dlumd11.dll
2012-01-03 17:59:00 0 ------w- C:\Windows\SysWow64\dlumd10.dll
2012-01-03 17:59:00 0 ------w- C:\Windows\System32\dlumd9.dll
2012-01-03 17:59:00 0 ------w- C:\Windows\System32\dlumd11.dll
2012-01-03 17:59:00 0 ------w- C:\Windows\System32\dlumd10.dll
2012-01-03 17:58:58 2071040 ------w- C:\Windows\System32\DisplayLinkUsbCo64_6.1.32700.0.dll
2012-01-03 17:58:58 17408 ------w- C:\Windows\System32\drivers\DisplayLinkUsbPort_6.1.32700.0.sys
2011-12-19 21:45:22 146736 ------w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-12-19 21:43:54 320816 ------w- C:\Windows\System32\VBoxNetFltNobj.dll
2011-12-19 21:43:54 165680 ------w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-12-15 22:00:00 87456 ------w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2011-12-15 21:59:58 80768 ------w- C:\Windows\System32\LMIinit.dll.000.bak
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-25 18:04:26 36892 --sh--w- C:\Windows\SysWOW64\bassmod.dll
.
============= FINISH: 14:30:45.27 ===============

Edited by babraham76, 07 March 2012 - 06:19 PM.


BC AdBot (Login to Remove)

 


#2 babraham76

babraham76
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 08 March 2012 - 06:09 PM

Just an update, this is only happening in IE9 32bit. It does not appear to happen in IE9 64bit.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:55 PM

Posted 09 March 2012 - 03:16 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 babraham76

babraham76
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 09 March 2012 - 12:32 PM

Thanks Gringo,
I am working remotely today. I started combofix but it looks like it has cut me off the network. I will not be able to post the log until I get back to the office on Monday morning. I will post it as soon as I get in.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:55 PM

Posted 09 March 2012 - 01:16 PM

OK see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:55 PM

Posted 12 March 2012 - 01:47 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 babraham76

babraham76
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 12 March 2012 - 08:41 AM

Hi Gringo, I am on my way to the office. I should have the results posted then.

#8 babraham76

babraham76
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 12 March 2012 - 09:07 AM

First, Thank you for your patience Gringo!
Combo Log File below.
My main problem was that IE9, 32bit version, was re-directing most of my Google search results. It was limited to this version only. The 64bit version was fine, as well as Firefox and Chrome.

I removed one item from my registry and the file associated with it before I started Combofix on Saturday:
rundll32.exe "C:\Users\Brian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\xiuzb.dll",DllRegisterServer
It was in the HKCU\..\Run

Things appear to be better. No redirects yet this AM. I have restarted and googled for a good 10 minutes.


ComboFix 12-03-12.02 - brian 03/12/2012 6:50.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8118.5145 [GMT -7:00]
Running from: c:\users\Brian\Desktop\01 - CLEAN\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\users\Brian\Documents\DPE.DUS
c:\windows\SysWow64\dlumd10.dll
c:\windows\SysWow64\dlumd11.dll
c:\windows\SysWow64\dlumd9.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 )))))))))))))))))))))))))))))))
.
.
2012-03-12 13:54 . 2012-03-12 13:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-12 13:54 . 2012-03-12 13:54 -------- d-----w- c:\users\UpdatusUser.BrianPC\AppData\Local\temp
2012-03-12 13:54 . 2012-03-12 13:54 -------- d-----w- c:\users\evaultadmin\AppData\Local\temp
2012-03-12 13:54 . 2012-03-12 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-12 13:54 . 2012-03-12 13:54 -------- d-----w- c:\users\babraham\AppData\Local\temp
2012-03-12 13:54 . 2012-03-12 13:54 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-03-11 23:50 . 2012-02-08 07:13 8643640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60BF497D-963D-44BF-8E5D-FD2B101CBC76}\mpengine.dll
2012-03-08 16:51 . 2012-03-08 16:51 388096 ------r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-07 23:26 . 2012-03-08 15:18 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-07 19:52 . 2012-03-07 19:52 55384 ------w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-07 19:51 . 2012-03-07 19:51 -------- d-----w- c:\programdata\Lavasoft
2012-03-07 19:51 . 2012-03-07 19:51 -------- d-----w- c:\program files (x86)\Lavasoft
2012-03-07 17:32 . 2012-03-07 17:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-07 17:01 . 2012-03-07 17:31 472808 ------w- c:\windows\SysWow64\deployJava1.dll
2012-03-06 16:04 . 2012-03-06 16:04 -------- d-----w- C:\120226 - Trangs 40th BDay Maui
2012-03-06 15:29 . 2012-03-06 15:55 -------- d-----w- C:\120303 - Desert Sprint Triathlon
2012-02-29 20:58 . 2010-05-26 19:41 2106216 ------w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-02-29 20:58 . 2010-05-26 19:41 1998168 ------w- c:\windows\SysWow64\D3DX9_43.dll
2012-02-29 20:58 . 2009-09-05 01:29 453456 ------w- c:\windows\SysWow64\d3dx10_42.dll
2012-02-29 20:58 . 2007-04-05 02:53 81768 ------w- c:\windows\SysWow64\xinput1_3.dll
2012-02-22 18:17 . 2011-12-19 21:45 224048 ------w- c:\windows\system32\drivers\VBoxDrv.sys
2012-02-22 18:17 . 2011-12-19 21:45 130864 ------w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-02-22 18:08 . 2012-02-29 19:41 -------- d-----w- C:\ISOs
2012-02-17 00:16 . 2011-12-14 07:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-17 00:16 . 2011-12-14 02:59 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-02-16 23:42 . 2012-02-16 23:42 -------- d-----w- c:\program files\Microsoft System Center Virtual Machine Manager 2008 R2
2012-02-16 23:42 . 2012-02-16 23:42 -------- d-----w- c:\programdata\VMMLogs
2012-02-16 21:44 . 2012-02-16 21:44 -------- d-----w- c:\program files (x86)\Julien MANICI
2012-02-16 17:39 . 2012-02-16 17:39 -------- d-----w- c:\users\Brian\AppData\Roaming\SoftGrid Client
2012-02-16 17:37 . 2012-02-16 17:37 -------- d-----w- c:\users\Brian\AppData\Roaming\TP
2012-02-15 07:22 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 07:22 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 07:22 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 07:22 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 07:22 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 07:22 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 07:22 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:22 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 17:26 . 2012-02-14 17:26 -------- d-----w- c:\program files (x86)\Network Print Monitor
2012-02-14 15:29 . 2012-02-14 15:29 -------- d-----w- c:\users\Brian\AppData\Local\PSU
2012-02-14 15:27 . 2009-08-30 08:07 482408 ------w- c:\windows\ssndii.exe
2012-02-14 15:27 . 2009-12-09 23:59 701440 ------w- c:\windows\SysWow64\msxml2.dll
2012-02-14 15:27 . 2009-12-09 23:59 38160 ------w- c:\windows\SysWow64\msxml2r.dll
2012-02-14 15:27 . 2009-12-09 23:59 21776 ------w- c:\windows\SysWow64\msxml2a.dll
2012-02-14 15:27 . 2009-12-09 23:59 81920 ------w- c:\windows\SysWow64\ssdevm.dll
2012-02-14 15:27 . 2009-12-09 23:59 49152 ------w- c:\windows\SysWow64\ssusbpn.dll
2012-02-14 15:27 . 2009-12-09 23:59 74240 ------w- c:\windows\system32\ssdevm64.dll
2012-02-14 15:27 . 2009-12-09 23:59 47104 ------w- c:\windows\system32\ssusbp64.dll
2012-02-14 15:27 . 2007-08-14 04:48 11576 ------w- c:\windows\system32\drivers\SSPORT.SYS
2012-02-14 15:27 . 2012-02-14 15:27 -------- d-----w- c:\program files (x86)\Samsung
2012-02-14 15:26 . 2012-02-14 15:26 -------- d-----w- C:\Drivers
2012-02-14 15:21 . 2007-08-14 11:42 33792 ------w- c:\windows\system32\Spool\prtprocs\x64\cl31cpc.dll
2012-02-13 15:28 . 2012-02-22 15:09 -------- d-----w- c:\users\Brian\AppData\Roaming\.Tribler
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 23:46 . 2011-05-14 03:05 414368 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-11 00:00 . 2012-02-11 00:01 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9801011D-7996-4E31-BCCE-B0F0B591E798}\gapaengine.dll
2012-02-08 07:13 . 2011-02-17 19:38 8643640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-07 15:51 . 2011-02-18 00:25 87456 ------w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-07 15:51 . 2011-02-18 00:25 34688 ------w- c:\windows\system32\LMIport.dll
2012-02-07 15:51 . 2011-02-18 00:25 80768 ------w- c:\windows\system32\LMIinit.dll
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 03:42 . 2012-01-16 14:38 112056 ------w- c:\windows\SysWow64\acaptuser32.dll
2012-01-03 17:59 . 2012-01-03 17:59 0 ------w- c:\windows\system32\dlumd9.dll
2012-01-03 17:59 . 2012-01-03 17:59 0 ------w- c:\windows\system32\dlumd11.dll
2012-01-03 17:59 . 2012-01-03 17:59 0 ------w- c:\windows\system32\dlumd10.dll
2012-01-03 17:58 . 2012-01-03 17:58 2071040 ------w- c:\windows\system32\DisplayLinkUsbCo64_6.1.32700.0.dll
2012-01-03 17:58 . 2012-01-03 17:58 17408 ------w- c:\windows\system32\drivers\DisplayLinkUsbPort_6.1.32700.0.sys
2011-12-19 21:45 . 2011-12-19 21:45 146736 ------w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 21:43 . 2011-12-19 21:43 320816 ------w- c:\windows\system32\VBoxNetFltNobj.dll
2011-12-19 21:43 . 2011-12-19 21:43 165680 ------w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-12-15 22:00 . 2011-02-18 00:25 87456 ------w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-12-15 21:59 . 2011-02-18 00:25 80768 ------w- c:\windows\system32\LMIinit.dll.000.bak
2011-05-25 18:04 36892 --sh--w- c:\windows\SysWOW64\bassmod.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Brian\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-3-8 26555136]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2011-11-8 7070608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys [x]
R1 FortiRdr;FortiRdr;c:\windows\system32\drivers\FortiRdr2.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2010-07-05 11776]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-17 136176]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
R2 MouseWithoutBordersSvc;Mouse without Borders Service;c:\program files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2011-09-01 17920]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 applebmt;Apple Wireless Mouse;c:\windows\system32\DRIVERS\applebmt.sys [x]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
R3 dccdrv;dccdrv;c:\windows\system32\Drivers\dccdrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-17 136176]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 fortiapd;fortiapd;c:\windows\system32\drivers\fortiapd.sys [x]
S1 FortiShield;Fortinet Fortishield;c:\windows\system32\drivers\FortiShield.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [x]
S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [x]
S2 BarTender System Service;BarTender System Service;c:\program files (x86)\Seagull\BarTender Suite\System\BtSystem.Service.exe [2009-02-10 54640]
S2 Commander Service;Commander Service;c:\program files (x86)\Seagull\BarTender Suite\Commander\CmdrSrv.exe [2009-02-10 1906032]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-23 8448944]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 EVault InfoStage Agent;EVault Software Agent;c:\program files\EVault Software\Agent\VVAgent.exe [2011-07-26 6488576]
S2 EVault InfoStage BUAgent;EVault Software BUAgent;c:\program files\EVault Software\Agent\buagent.exe [2011-07-26 10012672]
S2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\SysWOW64\FortiSSLVPNdaemon.exe [2010-03-22 703080]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-07 375176]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [x]
S2 Maestro;Printer Maestro;c:\program files (x86)\Seagull\BarTender Suite\Printer Maestro\Maestro.Service.exe [2009-02-10 226672]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-04 94024]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 THINWORX Client Service;THINWORX Client Service;c:\program files (x86)\GeNUIT\THINWORX\Client\bin\TWCService.exe [2011-04-11 121856]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [x]
S3 AppleDisplayFlt;Apple Display Driver;c:\windows\system32\DRIVERS\aaplmonf.sys [x]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [x]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [x]
S3 AppleODD;Apple ODD;c:\windows\system32\DRIVERS\AppleODD.sys [x]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 Fortidrv2;Fortinet Fortinet Packet Filter Service;c:\windows\system32\DRIVERS\fortidrv.sys [x]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [x]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 19:07 451872 ------w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2010-11-12 740152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://help.fourstardist.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Sphericall &Dial - c:\program files\Sphere\Dial.htm
Trusted Zone: garmin.com\buy
Trusted Zone: garmin.com\connect
Trusted Zone: garmin.com\my
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.10.10.32 10.10.10.33
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///K:/activeX/DCP.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - hxxp://10.10.40.18/aplugLiteDL.cab
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\f6ph0kn1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Brian\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-iCloudServices - c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Wow6432Node-HKLM-Run-Spybot-S&D Cleaning - c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Brian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:57,51,0e,85,ca,d0,cb,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,d4,e5,f7,d2,b8,2b,47,a4,f7,af,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,d4,e5,f7,d2,b8,2b,47,a4,f7,af,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-12 06:55:59
ComboFix-quarantined-files.txt 2012-03-12 13:55
.
Pre-Run: 85,109,829,632 bytes free
Post-Run: 85,217,181,696 bytes free
.
- - End Of File - - F959ACC6D2AB760019D7B6D39BDE58DC

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:55 PM

Posted 12 March 2012 - 04:51 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 babraham76

babraham76
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 13 March 2012 - 05:23 PM

Thanks Gringo.

TDSSKiller Report below, aswMBR scan and log in next post.

15:21:25.0393 5724 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
15:21:25.0738 5724 ============================================================
15:21:25.0738 5724 Current date / time: 2012/03/13 15:21:25.0738
15:21:25.0738 5724 SystemInfo:
15:21:25.0738 5724
15:21:25.0738 5724 OS Version: 6.1.7601 ServicePack: 1.0
15:21:25.0738 5724 Product type: Workstation
15:21:25.0738 5724 ComputerName: BRIANPC
15:21:25.0738 5724 UserName: brian
15:21:25.0738 5724 Windows directory: C:\Windows
15:21:25.0738 5724 System windows directory: C:\Windows
15:21:25.0738 5724 Running under WOW64
15:21:25.0738 5724 Processor architecture: Intel x64
15:21:25.0738 5724 Number of processors: 4
15:21:25.0738 5724 Page size: 0x1000
15:21:25.0738 5724 Boot type: Normal boot
15:21:25.0738 5724 ============================================================
15:21:25.0937 5724 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:21:26.0230 5724 Drive \Device\Harddisk1\DR1 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:21:26.0246 5724 Drive \Device\Harddisk3\DR3 - Size: 0x7D600000 (1.96 Gb), SectorSize: 0x200, Cylinders: 0xFF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:21:26.0248 5724 \Device\Harddisk0\DR0:
15:21:26.0249 5724 MBR used
15:21:26.0249 5724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23000
15:21:26.0249 5724 \Device\Harddisk1\DR1:
15:21:26.0249 5724 GPT used
15:21:26.0249 5724 \Device\Harddisk1\DR1\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {2F62C3D2-DC2F-46FC-8AE8-90CC677DE84E}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000
15:21:26.0249 5724 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {9462E09C-2CB0-46A5-B87F-DE324154E2A6}, Name: OSXXX, StartLBA 0x64028, BlocksNum 0x1BD8A540
15:21:26.0249 5724 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {426F6F74-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {C721573A-4C25-4530-AE5F-55BBF9648DB4}, Name: Recovery HD, StartLBA 0x1BDEE568, BlocksNum 0x135F20
15:21:26.0249 5724 \Device\Harddisk3\DR3:
15:21:26.0250 5724 MBR used
15:21:26.0250 5724 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xB, StartLBA 0x2, BlocksNum 0x3EAFFE
15:21:26.0251 5724 Initialize success
15:21:26.0251 5724 ============================================================
15:21:31.0887 3000 ============================================================
15:21:31.0887 3000 Scan started
15:21:31.0887 3000 Mode: Manual;
15:21:31.0887 3000 ============================================================
15:21:32.0100 3000 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
15:21:32.0103 3000 1394ohci - ok
15:21:32.0123 3000 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:21:32.0127 3000 ACPI - ok
15:21:32.0140 3000 acpials (12c5274cd87449a2a37a607cdb321922) C:\Windows\system32\DRIVERS\acpials.sys
15:21:32.0143 3000 acpials - ok
15:21:32.0163 3000 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:21:32.0165 3000 AcpiPmi - ok
15:21:32.0184 3000 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:21:32.0190 3000 adp94xx - ok
15:21:32.0207 3000 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:21:32.0211 3000 adpahci - ok
15:21:32.0225 3000 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:21:32.0228 3000 adpu320 - ok
15:21:32.0249 3000 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:21:32.0254 3000 AFD - ok
15:21:32.0268 3000 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:21:32.0269 3000 agp440 - ok
15:21:32.0284 3000 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:21:32.0285 3000 aliide - ok
15:21:32.0298 3000 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:21:32.0299 3000 amdide - ok
15:21:32.0314 3000 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:21:32.0315 3000 AmdK8 - ok
15:21:32.0328 3000 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:21:32.0330 3000 AmdPPM - ok
15:21:32.0344 3000 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:21:32.0345 3000 amdsata - ok
15:21:32.0360 3000 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:21:32.0363 3000 amdsbs - ok
15:21:32.0377 3000 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:21:32.0378 3000 amdxata - ok
15:21:32.0392 3000 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:21:32.0394 3000 AppID - ok
15:21:32.0413 3000 applebmt (ec9e15d9e66faa24e5154c97528a8815) C:\Windows\system32\DRIVERS\applebmt.sys
15:21:32.0414 3000 applebmt - ok
15:21:32.0428 3000 AppleBtBc (a8f106b9cad3c39af5dc01e425f9aba2) C:\Windows\system32\DRIVERS\AppleBtBc.sys
15:21:32.0428 3000 AppleBtBc - ok
15:21:32.0443 3000 AppleDisplayFlt (a755645e92aaeaafb7382a19d2e0d48f) C:\Windows\system32\DRIVERS\aaplmonf.sys
15:21:32.0450 3000 AppleDisplayFlt - ok
15:21:32.0467 3000 AppleHFS (82ddc6ca9859277a3cc73c849763df53) C:\Windows\system32\drivers\AppleHFS.sys
15:21:32.0467 3000 AppleHFS - ok
15:21:32.0481 3000 AppleMNT (697f89e4fb66c97fbc6b49c880d28533) C:\Windows\system32\drivers\AppleMNT.sys
15:21:32.0482 3000 AppleMNT - ok
15:21:32.0497 3000 applemtm (c5da061ba2dfb8d0f877306f9f2c380d) C:\Windows\system32\DRIVERS\applemtm.sys
15:21:32.0498 3000 applemtm - ok
15:21:32.0515 3000 applemtp (782fda3a50acbab92d1b665b2b743340) C:\Windows\system32\DRIVERS\applemtp.sys
15:21:32.0516 3000 applemtp - ok
15:21:32.0530 3000 AppleODD (f25a1ea98d573e54e8655f2bb165db71) C:\Windows\system32\DRIVERS\AppleODD.sys
15:21:32.0531 3000 AppleODD - ok
15:21:32.0549 3000 appliand (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
15:21:32.0557 3000 appliand - ok
15:21:32.0569 3000 appliandMP (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
15:21:32.0570 3000 appliandMP - ok
15:21:32.0588 3000 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:21:32.0590 3000 arc - ok
15:21:32.0602 3000 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:21:32.0605 3000 arcsas - ok
15:21:32.0622 3000 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:21:32.0622 3000 AsyncMac - ok
15:21:32.0636 3000 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:21:32.0636 3000 atapi - ok
15:21:32.0659 3000 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:21:32.0665 3000 b06bdrv - ok
15:21:32.0681 3000 b57nd60a (93af5ccce5145aa3c2f0a41e7f65149a) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:21:32.0682 3000 b57nd60a - ok
15:21:32.0731 3000 BCM43XX (b4557de42ad47b822b41092f00f8730c) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:21:32.0761 3000 BCM43XX - ok
15:21:32.0778 3000 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:21:32.0779 3000 Beep - ok
15:21:32.0796 3000 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:21:32.0797 3000 blbdrive - ok
15:21:32.0814 3000 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:21:32.0815 3000 bowser - ok
15:21:32.0829 3000 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:21:32.0830 3000 BrFiltLo - ok
15:21:32.0843 3000 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:21:32.0844 3000 BrFiltUp - ok
15:21:32.0859 3000 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:21:32.0861 3000 BridgeMP - ok
15:21:32.0879 3000 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:21:32.0883 3000 Brserid - ok
15:21:32.0899 3000 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:21:32.0900 3000 BrSerWdm - ok
15:21:32.0914 3000 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:21:32.0915 3000 BrUsbMdm - ok
15:21:32.0928 3000 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:21:32.0929 3000 BrUsbSer - ok
15:21:32.0944 3000 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:21:32.0952 3000 BthEnum - ok
15:21:32.0968 3000 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:21:32.0971 3000 BTHMODEM - ok
15:21:32.0985 3000 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:21:32.0989 3000 BthPan - ok
15:21:33.0007 3000 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:21:33.0013 3000 BTHPORT - ok
15:21:33.0029 3000 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:21:33.0030 3000 BTHUSB - ok
15:21:33.0034 3000 catchme - ok
15:21:33.0050 3000 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:21:33.0052 3000 cdfs - ok
15:21:33.0069 3000 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:21:33.0080 3000 cdrom - ok
15:21:33.0096 3000 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:21:33.0097 3000 circlass - ok
15:21:33.0111 3000 CirrusFilter (57bb1b89bb59ad7f2b214c732f95bb65) C:\Windows\system32\DRIVERS\CS420x64.sys
15:21:33.0112 3000 CirrusFilter - ok
15:21:33.0127 3000 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:21:33.0131 3000 CLFS - ok
15:21:33.0152 3000 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:21:33.0152 3000 CmBatt - ok
15:21:33.0172 3000 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:21:33.0173 3000 cmdide - ok
15:21:33.0189 3000 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:21:33.0194 3000 CNG - ok
15:21:33.0211 3000 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:21:33.0211 3000 Compbatt - ok
15:21:33.0225 3000 CompFilter64 - ok
15:21:33.0245 3000 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:21:33.0246 3000 CompositeBus - ok
15:21:33.0261 3000 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:21:33.0262 3000 crcdisk - ok
15:21:33.0283 3000 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:21:33.0290 3000 CSC - ok
15:21:33.0306 3000 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
15:21:33.0313 3000 dc3d - ok
15:21:33.0328 3000 dccdrv (9e6c9dd215705b1beea4a40db6660df6) C:\Windows\system32\Drivers\dccdrv64.sys
15:21:33.0336 3000 dccdrv - ok
15:21:33.0356 3000 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:21:33.0358 3000 DfsC - ok
15:21:33.0369 3000 DgiVecp - ok
15:21:33.0388 3000 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:21:33.0389 3000 discache - ok
15:21:33.0403 3000 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:21:33.0403 3000 Disk - ok
15:21:33.0422 3000 DisplayLinkUsbPort (cde8b5bd143f5717b359801d49cff706) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys
15:21:33.0423 3000 DisplayLinkUsbPort - ok
15:21:33.0439 3000 dlkmd (cf5e65abbc0e0125c0ac2070aa77410e) C:\Windows\system32\drivers\dlkmd.sys
15:21:33.0441 3000 dlkmd - ok
15:21:33.0468 3000 dlkmdldr (85b9395172ac24f5d4d4606f2dfde5aa) C:\Windows\system32\drivers\dlkmdldr.sys
15:21:33.0469 3000 dlkmdldr - ok
15:21:33.0484 3000 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
15:21:33.0485 3000 dmvsc - ok
15:21:33.0504 3000 Dokan (1c92ce85ed00554bdd118923e751a162) C:\Windows\system32\drivers\dokan.sys
15:21:33.0514 3000 Dokan - ok
15:21:33.0535 3000 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:21:33.0536 3000 drmkaud - ok
15:21:33.0553 3000 DSI_SiUSBXp_3_1 (50aad2a07bd8b90a8cfb4f6d7a4d165a) C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys
15:21:33.0554 3000 DSI_SiUSBXp_3_1 - ok
15:21:33.0579 3000 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:21:33.0584 3000 DXGKrnl - ok
15:21:33.0638 3000 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:21:33.0674 3000 ebdrv - ok
15:21:33.0700 3000 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:21:33.0707 3000 elxstor - ok
15:21:33.0720 3000 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:21:33.0721 3000 ErrDev - ok
15:21:33.0745 3000 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:21:33.0748 3000 exfat - ok
15:21:33.0764 3000 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:21:33.0767 3000 fastfat - ok
15:21:33.0783 3000 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:21:33.0785 3000 fdc - ok
15:21:33.0803 3000 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:21:33.0804 3000 FileInfo - ok
15:21:33.0817 3000 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:21:33.0820 3000 Filetrace - ok
15:21:33.0833 3000 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:21:33.0835 3000 flpydisk - ok
15:21:33.0851 3000 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:21:33.0853 3000 FltMgr - ok
15:21:33.0868 3000 fortiapd (eb626e0a3e09b27403d352505576ffbc) C:\Windows\system32\drivers\fortiapd.sys
15:21:33.0876 3000 fortiapd - ok
15:21:33.0888 3000 Fortidrv2 (4caf297779b4cbdeb2b239ba8c8a5161) C:\Windows\system32\DRIVERS\fortidrv.sys
15:21:33.0889 3000 Fortidrv2 - ok
15:21:33.0902 3000 Fortips (fe945086f5aeb108a44c14cf9690869d) C:\Windows\system32\drivers\fortips.sys
15:21:33.0911 3000 Fortips - ok
15:21:33.0923 3000 FortiRdr (9a0d91ad56a3037568cbbcf6967d9a5b) C:\Windows\system32\drivers\FortiRdr2.sys
15:21:33.0931 3000 FortiRdr - ok
15:21:33.0943 3000 FortiShield (e01ae3ff51cc0a78b96e6ffacaa2677a) C:\Windows\system32\drivers\FortiShield.sys
15:21:33.0952 3000 FortiShield - ok
15:21:33.0968 3000 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:21:33.0969 3000 FsDepends - ok
15:21:33.0983 3000 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:21:33.0984 3000 Fs_Rec - ok
15:21:33.0999 3000 ft_vnic (beb74d1707da5ee996b53b67c8e910f2) C:\Windows\system32\DRIVERS\ftvnic.sys
15:21:34.0000 3000 ft_vnic - ok
15:21:34.0016 3000 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:21:34.0019 3000 fvevol - ok
15:21:34.0033 3000 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:21:34.0035 3000 gagp30kx - ok
15:21:34.0049 3000 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:21:34.0050 3000 GEARAspiWDM - ok
15:21:34.0070 3000 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:21:34.0071 3000 hcw85cir - ok
15:21:34.0089 3000 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:21:34.0093 3000 HdAudAddService - ok
15:21:34.0108 3000 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:21:34.0109 3000 HDAudBus - ok
15:21:34.0123 3000 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:21:34.0124 3000 HidBatt - ok
15:21:34.0139 3000 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:21:34.0147 3000 HidBth - ok
15:21:34.0162 3000 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:21:34.0164 3000 HidIr - ok
15:21:34.0180 3000 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:21:34.0189 3000 HidUsb - ok
15:21:34.0209 3000 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:21:34.0210 3000 HpSAMD - ok
15:21:34.0235 3000 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:21:34.0244 3000 HTTP - ok
15:21:34.0258 3000 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:21:34.0258 3000 hwpolicy - ok
15:21:34.0276 3000 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:21:34.0278 3000 i8042prt - ok
15:21:34.0297 3000 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:21:34.0302 3000 iaStorV - ok
15:21:34.0320 3000 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:21:34.0321 3000 iirsp - ok
15:21:34.0339 3000 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:21:34.0340 3000 intelide - ok
15:21:34.0354 3000 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:21:34.0355 3000 intelppm - ok
15:21:34.0375 3000 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:21:34.0377 3000 IpFilterDriver - ok
15:21:34.0393 3000 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:21:34.0395 3000 IPMIDRV - ok
15:21:34.0409 3000 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:21:34.0411 3000 IPNAT - ok
15:21:34.0427 3000 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:21:34.0429 3000 IRENUM - ok
15:21:34.0443 3000 IRRemoteFlt (a2ea52f7140d9439ef0eca7a9e2940c9) C:\Windows\system32\DRIVERS\IRFilter.sys
15:21:34.0444 3000 IRRemoteFlt - ok
15:21:34.0458 3000 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:21:34.0459 3000 isapnp - ok
15:21:34.0480 3000 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:21:34.0485 3000 iScsiPrt - ok
15:21:34.0501 3000 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:21:34.0511 3000 kbdclass - ok
15:21:34.0525 3000 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:21:34.0535 3000 kbdhid - ok
15:21:34.0552 3000 KeyAgent (cc63859c38fd7ec3d27e3830efdb20bc) C:\Windows\system32\drivers\KeyAgent.sys
15:21:34.0553 3000 KeyAgent - ok
15:21:34.0574 3000 KeyMagic (cd8f342e5b262a6e347d710289cab25d) C:\Windows\system32\DRIVERS\KeyMagic.sys
15:21:34.0575 3000 KeyMagic - ok
15:21:34.0594 3000 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:21:34.0595 3000 KSecDD - ok
15:21:34.0611 3000 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:21:34.0613 3000 KSecPkg - ok
15:21:34.0628 3000 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:21:34.0629 3000 ksthunk - ok
15:21:34.0654 3000 libusb0 (02538e602280c07438c94489dcbe77d5) C:\Windows\system32\DRIVERS\libusb0.sys
15:21:34.0657 3000 libusb0 - ok
15:21:34.0674 3000 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:21:34.0676 3000 lltdio - ok
15:21:34.0689 3000 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
15:21:34.0690 3000 LMIInfo - ok
15:21:34.0707 3000 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
15:21:34.0708 3000 lmimirr - ok
15:21:34.0724 3000 LMIRfsClientNP - ok
15:21:34.0741 3000 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
15:21:34.0742 3000 LMIRfsDriver - ok
15:21:34.0762 3000 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:21:34.0764 3000 LSI_FC - ok
15:21:34.0777 3000 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:21:34.0779 3000 LSI_SAS - ok
15:21:34.0795 3000 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:21:34.0796 3000 LSI_SAS2 - ok
15:21:34.0810 3000 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:21:34.0812 3000 LSI_SCSI - ok
15:21:34.0828 3000 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:21:34.0830 3000 luafv - ok
15:21:34.0842 3000 LVPr2M64 - ok
15:21:34.0862 3000 LVRS64 - ok
15:21:34.0884 3000 LVUVC64 - ok
15:21:34.0898 3000 MacHALDriver (591ac457c606902b0839c5ff15b8b236) C:\Windows\system32\drivers\MacHALDriver.sys
15:21:34.0900 3000 MacHALDriver - ok
15:21:34.0921 3000 MAUSBFASTTRACKPRO (066991e50a5cbbeefb2ec6880069cdb5) C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys
15:21:34.0938 3000 MAUSBFASTTRACKPRO - ok
15:21:34.0953 3000 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:21:34.0954 3000 megasas - ok
15:21:34.0968 3000 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:21:34.0972 3000 MegaSR - ok
15:21:34.0988 3000 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:21:34.0989 3000 Modem - ok
15:21:35.0001 3000 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:21:35.0002 3000 monitor - ok
15:21:35.0014 3000 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:21:35.0021 3000 mouclass - ok
15:21:35.0035 3000 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:21:35.0043 3000 mouhid - ok
15:21:35.0055 3000 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:21:35.0056 3000 mountmgr - ok
15:21:35.0072 3000 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
15:21:35.0074 3000 MpFilter - ok
15:21:35.0086 3000 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:21:35.0089 3000 mpio - ok
15:21:35.0101 3000 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:21:35.0103 3000 MpNWMon - ok
15:21:35.0115 3000 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:21:35.0116 3000 mpsdrv - ok
15:21:35.0132 3000 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:21:35.0134 3000 MRxDAV - ok
15:21:35.0149 3000 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:21:35.0151 3000 mrxsmb - ok
15:21:35.0165 3000 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:21:35.0168 3000 mrxsmb10 - ok
15:21:35.0181 3000 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:21:35.0183 3000 mrxsmb20 - ok
15:21:35.0201 3000 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:21:35.0202 3000 msahci - ok
15:21:35.0220 3000 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:21:35.0223 3000 msdsm - ok
15:21:35.0244 3000 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:21:35.0245 3000 Msfs - ok
15:21:35.0260 3000 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:21:35.0261 3000 mshidkmdf - ok
15:21:35.0279 3000 MSHUSBVideo (26668cc2920de2497a8e369b16e48ca3) C:\Windows\system32\Drivers\nx6000.sys
15:21:35.0281 3000 MSHUSBVideo - ok
15:21:35.0294 3000 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:21:35.0295 3000 msisadrv - ok
15:21:35.0312 3000 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:21:35.0313 3000 MSKSSRV - ok
15:21:35.0328 3000 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:21:35.0329 3000 MSPCLOCK - ok
15:21:35.0343 3000 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:21:35.0344 3000 MSPQM - ok
15:21:35.0363 3000 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:21:35.0367 3000 MsRPC - ok
15:21:35.0383 3000 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:21:35.0383 3000 mssmbios - ok
15:21:35.0397 3000 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:21:35.0398 3000 MSTEE - ok
15:21:35.0414 3000 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:21:35.0416 3000 MTConfig - ok
15:21:35.0430 3000 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:21:35.0431 3000 Mup - ok
15:21:35.0449 3000 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:21:35.0453 3000 NativeWifiP - ok
15:21:35.0477 3000 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:21:35.0489 3000 NDIS - ok
15:21:35.0509 3000 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:21:35.0510 3000 NdisCap - ok
15:21:35.0550 3000 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:21:35.0558 3000 NdisTapi - ok
15:21:35.0597 3000 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:21:35.0599 3000 Ndisuio - ok
15:21:35.0614 3000 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:21:35.0617 3000 NdisWan - ok
15:21:35.0630 3000 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:21:35.0631 3000 NDProxy - ok
15:21:35.0646 3000 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:21:35.0647 3000 NetBIOS - ok
15:21:35.0661 3000 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:21:35.0664 3000 NetBT - ok
15:21:35.0703 3000 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:21:35.0704 3000 nfrd960 - ok
15:21:35.0718 3000 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:21:35.0719 3000 NisDrv - ok
15:21:35.0738 3000 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:21:35.0740 3000 Npfs - ok
15:21:35.0756 3000 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:21:35.0757 3000 nsiproxy - ok
15:21:35.0789 3000 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:21:35.0806 3000 Ntfs - ok
15:21:35.0822 3000 NuidFltr (77eb11da191d12d12e28d7bd8905c42c) C:\Windows\system32\DRIVERS\NuidFltr.sys
15:21:35.0823 3000 NuidFltr - ok
15:21:35.0836 3000 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:21:35.0837 3000 Null - ok
15:21:35.0851 3000 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
15:21:35.0852 3000 NVHDA - ok
15:21:35.0994 3000 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:21:36.0051 3000 nvlddmkm - ok
15:21:36.0069 3000 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:21:36.0071 3000 nvraid - ok
15:21:36.0084 3000 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:21:36.0086 3000 nvstor - ok
15:21:36.0104 3000 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:21:36.0106 3000 nv_agp - ok
15:21:36.0118 3000 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:21:36.0120 3000 ohci1394 - ok
15:21:36.0140 3000 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:21:36.0142 3000 Parport - ok
15:21:36.0155 3000 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:21:36.0156 3000 partmgr - ok
15:21:36.0174 3000 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:21:36.0176 3000 pci - ok
15:21:36.0190 3000 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:21:36.0191 3000 pciide - ok
15:21:36.0207 3000 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:21:36.0212 3000 pcmcia - ok
15:21:36.0226 3000 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:21:36.0227 3000 pcw - ok
15:21:36.0249 3000 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:21:36.0258 3000 PEAUTH - ok
15:21:36.0288 3000 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
15:21:36.0289 3000 Point64 - ok
15:21:36.0309 3000 pppop (b0e7d5d2cfaa6ed5f20eb8b84a35e593) C:\Windows\system32\DRIVERS\pppop64.sys
15:21:36.0310 3000 pppop - ok
15:21:36.0325 3000 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:21:36.0327 3000 PptpMiniport - ok
15:21:36.0342 3000 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:21:36.0344 3000 Processor - ok
15:21:36.0362 3000 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:21:36.0364 3000 Psched - ok
15:21:36.0379 3000 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:21:36.0380 3000 PxHlpa64 - ok
15:21:36.0412 3000 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:21:36.0429 3000 ql2300 - ok
15:21:36.0446 3000 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:21:36.0448 3000 ql40xx - ok
15:21:36.0463 3000 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:21:36.0465 3000 QWAVEdrv - ok
15:21:36.0478 3000 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:21:36.0479 3000 RasAcd - ok
15:21:36.0495 3000 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:21:36.0496 3000 RasAgileVpn - ok
15:21:36.0515 3000 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:21:36.0517 3000 Rasl2tp - ok
15:21:36.0535 3000 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:21:36.0536 3000 RasPppoe - ok
15:21:36.0551 3000 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:21:36.0553 3000 RasSstp - ok
15:21:36.0571 3000 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:21:36.0575 3000 rdbss - ok
15:21:36.0591 3000 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:21:36.0592 3000 rdpbus - ok
15:21:36.0606 3000 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:21:36.0606 3000 RDPCDD - ok
15:21:36.0627 3000 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:21:36.0630 3000 RDPDR - ok
15:21:36.0643 3000 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:21:36.0644 3000 RDPENCDD - ok
15:21:36.0660 3000 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:21:36.0661 3000 RDPREFMP - ok
15:21:36.0677 3000 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:21:36.0684 3000 RdpVideoMiniport - ok
15:21:36.0700 3000 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:21:36.0704 3000 RDPWD - ok
15:21:36.0720 3000 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:21:36.0723 3000 rdyboost - ok
15:21:36.0743 3000 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:21:36.0746 3000 RFCOMM - ok
15:21:36.0767 3000 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:21:36.0768 3000 rspndr - ok
15:21:36.0782 3000 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:21:36.0783 3000 s3cap - ok
15:21:36.0799 3000 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\DRIVERS\sbp2port.sys
15:21:36.0800 3000 sbp2port - ok
15:21:36.0816 3000 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:21:36.0817 3000 scfilter - ok
15:21:36.0841 3000 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:21:36.0842 3000 secdrv - ok
15:21:36.0860 3000 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:21:36.0861 3000 Serenum - ok
15:21:36.0875 3000 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:21:36.0877 3000 Serial - ok
15:21:36.0890 3000 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:21:36.0891 3000 sermouse - ok
15:21:36.0911 3000 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:21:36.0912 3000 sffdisk - ok
15:21:36.0925 3000 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:21:36.0926 3000 sffp_mmc - ok
15:21:36.0940 3000 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:21:36.0941 3000 sffp_sd - ok
15:21:36.0954 3000 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:21:36.0955 3000 sfloppy - ok
15:21:36.0972 3000 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:21:36.0974 3000 SiSRaid2 - ok
15:21:36.0988 3000 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:21:36.0990 3000 SiSRaid4 - ok
15:21:37.0007 3000 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:21:37.0011 3000 Smb - ok
15:21:37.0031 3000 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:21:37.0033 3000 spldr - ok
15:21:37.0055 3000 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:21:37.0060 3000 srv - ok
15:21:37.0077 3000 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:21:37.0081 3000 srv2 - ok
15:21:37.0094 3000 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:21:37.0097 3000 srvnet - ok
15:21:37.0110 3000 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
15:21:37.0118 3000 SSPORT - ok
15:21:37.0135 3000 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:21:37.0137 3000 stexstor - ok
15:21:37.0148 3000 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:21:37.0150 3000 StillCam - ok
15:21:37.0163 3000 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:21:37.0164 3000 storflt - ok
15:21:37.0178 3000 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:21:37.0179 3000 storvsc - ok
15:21:37.0192 3000 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:21:37.0192 3000 swenum - ok
15:21:37.0208 3000 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
15:21:37.0210 3000 Synth3dVsc - ok
15:21:37.0249 3000 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:21:37.0267 3000 Tcpip - ok
15:21:37.0299 3000 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:21:37.0307 3000 TCPIP6 - ok
15:21:37.0323 3000 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:21:37.0324 3000 tcpipreg - ok
15:21:37.0339 3000 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:21:37.0347 3000 TDPIPE - ok
15:21:37.0360 3000 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:21:37.0361 3000 TDTCP - ok
15:21:37.0376 3000 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:21:37.0379 3000 tdx - ok
15:21:37.0393 3000 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:21:37.0394 3000 TermDD - ok
15:21:37.0408 3000 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
15:21:37.0410 3000 terminpt - ok
15:21:37.0419 3000 truecrypt - ok
15:21:37.0436 3000 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:21:37.0437 3000 tssecsrv - ok
15:21:37.0451 3000 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:21:37.0452 3000 TsUsbFlt - ok
15:21:37.0464 3000 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:21:37.0465 3000 TsUsbGD - ok
15:21:37.0477 3000 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
15:21:37.0480 3000 tsusbhub - ok
15:21:37.0497 3000 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:21:37.0499 3000 tunnel - ok
15:21:37.0511 3000 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:21:37.0512 3000 uagp35 - ok
15:21:37.0529 3000 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:21:37.0533 3000 udfs - ok
15:21:37.0550 3000 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:21:37.0552 3000 uliagpkx - ok
15:21:37.0565 3000 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:21:37.0566 3000 umbus - ok
15:21:37.0578 3000 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:21:37.0580 3000 UmPass - ok
15:21:37.0600 3000 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:21:37.0611 3000 USBAAPL64 - ok
15:21:37.0626 3000 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:21:37.0637 3000 usbaudio - ok
15:21:37.0650 3000 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:21:37.0659 3000 usbccgp - ok
15:21:37.0672 3000 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:21:37.0674 3000 usbcir - ok
15:21:37.0687 3000 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:21:37.0688 3000 usbehci - ok
15:21:37.0703 3000 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:21:37.0720 3000 usbhub - ok
15:21:37.0732 3000 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:21:37.0733 3000 usbohci - ok
15:21:37.0745 3000 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:21:37.0752 3000 usbprint - ok
15:21:37.0766 3000 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:21:37.0774 3000 USBSTOR - ok
15:21:37.0787 3000 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:21:37.0788 3000 usbuhci - ok
15:21:37.0801 3000 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:21:37.0812 3000 usbvideo - ok
15:21:37.0832 3000 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
15:21:37.0833 3000 VBoxDrv - ok
15:21:37.0848 3000 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
15:21:37.0849 3000 VBoxNetAdp - ok
15:21:37.0863 3000 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
15:21:37.0864 3000 VBoxNetFlt - ok
15:21:37.0878 3000 VBoxUSB (3cc7909465536d89551c2b5374a2f48a) C:\Windows\system32\Drivers\VBoxUSB.sys
15:21:37.0880 3000 VBoxUSB - ok
15:21:37.0893 3000 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
15:21:37.0894 3000 VBoxUSBMon - ok
15:21:37.0907 3000 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:21:37.0908 3000 vdrvroot - ok
15:21:37.0922 3000 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:21:37.0923 3000 vga - ok
15:21:37.0935 3000 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:21:37.0936 3000 VgaSave - ok
15:21:37.0947 3000 VGPU - ok
15:21:37.0962 3000 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\DRIVERS\vhdmp.sys
15:21:37.0965 3000 vhdmp - ok
15:21:37.0979 3000 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:21:37.0980 3000 viaide - ok
15:21:37.0995 3000 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:21:37.0998 3000 vmbus - ok
15:21:38.0011 3000 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:21:38.0012 3000 VMBusHID - ok
15:21:38.0026 3000 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:21:38.0027 3000 volmgr - ok
15:21:38.0048 3000 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:21:38.0052 3000 volmgrx - ok
15:21:38.0070 3000 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:21:38.0074 3000 volsnap - ok
15:21:38.0091 3000 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:21:38.0093 3000 vsmraid - ok
15:21:38.0109 3000 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:21:38.0110 3000 vwifibus - ok
15:21:38.0129 3000 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:21:38.0130 3000 WacomPen - ok
15:21:38.0146 3000 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:21:38.0148 3000 WANARP - ok
15:21:38.0151 3000 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:21:38.0152 3000 Wanarpv6 - ok
15:21:38.0176 3000 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:21:38.0178 3000 Wd - ok
15:21:38.0190 3000 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
15:21:38.0198 3000 WDC_SAM - ok
15:21:38.0216 3000 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:21:38.0223 3000 Wdf01000 - ok
15:21:38.0250 3000 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:21:38.0251 3000 WfpLwf - ok
15:21:38.0263 3000 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:21:38.0264 3000 WIMMount - ok
15:21:38.0301 3000 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:21:38.0309 3000 WinUsb - ok
15:21:38.0324 3000 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:21:38.0326 3000 WmiAcpi - ok
15:21:38.0349 3000 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:21:38.0350 3000 ws2ifsl - ok
15:21:38.0370 3000 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:21:38.0372 3000 WudfPf - ok
15:21:38.0385 3000 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:21:38.0387 3000 WUDFRd - ok
15:21:38.0403 3000 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:21:38.0406 3000 \Device\Harddisk0\DR0 - ok
15:21:38.0409 3000 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
15:21:38.0410 3000 \Device\Harddisk1\DR1 - ok
15:21:38.0415 3000 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3
15:21:38.0418 3000 \Device\Harddisk3\DR3 - ok
15:21:38.0420 3000 Boot (0x1200) (99aa1ab992dfd554d850db48cc1d2379) \Device\Harddisk0\DR0\Partition0
15:21:38.0421 3000 \Device\Harddisk0\DR0\Partition0 - ok
15:21:38.0423 3000 Boot (0x1200) (a327ad4f07e33aa8c4950a2998d6cc7e) \Device\Harddisk1\DR1\Partition0
15:21:38.0423 3000 \Device\Harddisk1\DR1\Partition0 - ok
15:21:38.0426 3000 Boot (0x1200) (2d438383a6d8a661f38ab87c5ba668b1) \Device\Harddisk1\DR1\Partition1
15:21:38.0426 3000 \Device\Harddisk1\DR1\Partition1 - ok
15:21:38.0429 3000 Boot (0x1200) (f6ea6214d02257a01f293ccfe93ccfc8) \Device\Harddisk1\DR1\Partition2
15:21:38.0429 3000 \Device\Harddisk1\DR1\Partition2 - ok
15:21:38.0433 3000 Boot (0x1200) (933b4713428a3027c73517d7b83f9a75) \Device\Harddisk3\DR3\Partition0
15:21:38.0433 3000 \Device\Harddisk3\DR3\Partition0 - ok
15:21:38.0434 3000 ============================================================
15:21:38.0434 3000 Scan finished
15:21:38.0434 3000 ============================================================
15:21:38.0445 6768 Detected object count: 0
15:21:38.0445 6768 Actual detected object count: 0

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:55 PM

Posted 13 March 2012 - 05:31 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 babraham76

babraham76
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 13 March 2012 - 05:50 PM

aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-13 15:22:10
-----------------------------
15:22:10.913 OS Version: Windows x64 6.1.7601 Service Pack 1
15:22:10.913 Number of processors: 4 586 0x2502
15:22:10.914 ComputerName: BRIANPC UserName: brian
15:22:11.398 Initialize success
15:22:35.623 AVAST engine defs: 12031300
15:22:45.340 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:22:45.344 Disk 0 Vendor: OWC_Mercury_Extreme_Pro_SSD 343A13F0 Size: 228936MB BusType: 3
15:22:45.349 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
15:22:45.352 Disk 1 Vendor: OWC_Mercury_Extreme_Pro_SSD 320A13F0 Size: 228936MB BusType: 3
15:22:45.356 Disk 0 MBR read successfully
15:22:45.359 Disk 0 MBR scan
15:22:45.365 Disk 0 Windows 7 default MBR code
15:22:45.368 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228934 MB offset 2048
15:22:45.420 Disk 0 scanning C:\Windows\system32\drivers
15:22:51.479 Service scanning
15:23:09.751 Modules scanning
15:23:09.764 Disk 0 trace - called modules:
15:23:09.773 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:23:10.110 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e21060]
15:23:10.114 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8007598e40]
15:23:10.118 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007bf7060]
15:23:10.568 AVAST engine scan C:\Windows
15:23:13.725 AVAST engine scan C:\Windows\system32
15:26:23.290 AVAST engine scan C:\Windows\system32\drivers
15:26:31.164 AVAST engine scan C:\Users\Brian
15:31:49.070 AVAST engine scan C:\ProgramData
15:32:23.201 Scan finished successfully
15:49:41.068 Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\01 - CLEAN\MBR.dat"
15:49:41.116 The log file has been saved successfully to "C:\Users\Brian\Desktop\01 - CLEAN\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:55 PM

Posted 13 March 2012 - 08:48 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 babraham76

babraham76
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 14 March 2012 - 01:27 PM

Combofix log below.
No issues running combo fix.
Things appear to be running normal, no redirects on any browser!


ComboFix 12-03-12.02 - brian 03/14/2012 11:20:13.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8118.5828 [GMT -7:00]
Running from: c:\users\Brian\Desktop\01 - CLEAN\ComboFix.exe
Command switches used :: c:\users\Brian\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\x64
c:\windows\Downloaded Program Files\x64\racodec.ax
c:\windows\Downloaded Program Files\x86
c:\windows\Downloaded Program Files\x86\racodec.ax
c:\windows\SysWow64\dlumd10.dll
c:\windows\SysWow64\dlumd11.dll
c:\windows\SysWow64\dlumd9.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 18:24 . 2012-03-14 18:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-14 18:24 . 2012-03-14 18:24 -------- d-----w- c:\users\UpdatusUser.BrianPC\AppData\Local\temp
2012-03-14 18:24 . 2012-03-14 18:24 -------- d-----w- c:\users\evaultadmin\AppData\Local\temp
2012-03-14 18:24 . 2012-03-14 18:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-14 18:24 . 2012-03-14 18:24 -------- d-----w- c:\users\babraham\AppData\Local\temp
2012-03-14 18:24 . 2012-03-14 18:24 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-03-14 15:37 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 15:37 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 15:37 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 15:32 . 2012-03-14 15:32 0 ----a-w- c:\windows\system32\dlumd9.dll
2012-03-14 15:32 . 2012-03-14 15:32 0 ----a-w- c:\windows\system32\dlumd11.dll
2012-03-14 15:32 . 2012-03-14 15:32 0 ----a-w- c:\windows\system32\dlumd10.dll
2012-03-14 05:05 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 05:05 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 05:05 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 20:24 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 20:24 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 20:24 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 20:24 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 20:24 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 20:24 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 20:24 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 20:24 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:12 . 2012-02-08 07:13 8643640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AB1C510-469A-4922-AE5C-C7C0E11558F3}\mpengine.dll
2012-03-12 16:17 . 2012-03-12 16:17 -------- d-----w- c:\program files\iPod
2012-03-12 16:17 . 2012-03-12 16:18 -------- d-----w- c:\program files\iTunes
2012-03-12 16:17 . 2012-03-12 16:18 -------- d-----w- c:\program files (x86)\iTunes
2012-03-08 16:51 . 2012-03-08 16:51 388096 ------r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-07 23:26 . 2012-03-08 15:18 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-07 19:52 . 2012-03-07 19:52 55384 ------w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-07 19:51 . 2012-03-07 19:51 -------- d-----w- c:\programdata\Lavasoft
2012-03-07 19:51 . 2012-03-07 19:51 -------- d-----w- c:\program files (x86)\Lavasoft
2012-03-07 17:32 . 2012-03-07 17:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-07 17:01 . 2012-03-07 17:31 472808 ------w- c:\windows\SysWow64\deployJava1.dll
2012-03-06 16:04 . 2012-03-06 16:04 -------- d-----w- C:\120226 - Trangs 40th BDay Maui
2012-03-06 15:29 . 2012-03-06 15:55 -------- d-----w- C:\120303 - Desert Sprint Triathlon
2012-02-29 20:58 . 2010-05-26 19:41 2106216 ------w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-02-29 20:58 . 2010-05-26 19:41 1998168 ------w- c:\windows\SysWow64\D3DX9_43.dll
2012-02-29 20:58 . 2009-09-05 01:29 453456 ------w- c:\windows\SysWow64\d3dx10_42.dll
2012-02-29 20:58 . 2007-04-05 02:53 81768 ------w- c:\windows\SysWow64\xinput1_3.dll
2012-02-22 18:17 . 2011-12-19 21:45 224048 ------w- c:\windows\system32\drivers\VBoxDrv.sys
2012-02-22 18:17 . 2011-12-19 21:45 130864 ------w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-02-22 18:08 . 2012-02-29 19:41 -------- d-----w- C:\ISOs
2012-02-17 00:16 . 2011-12-14 07:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-17 00:16 . 2011-12-14 02:59 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-02-16 23:42 . 2012-02-16 23:42 -------- d-----w- c:\program files\Microsoft System Center Virtual Machine Manager 2008 R2
2012-02-16 23:42 . 2012-02-16 23:42 -------- d-----w- c:\programdata\VMMLogs
2012-02-16 21:44 . 2012-02-16 21:44 -------- d-----w- c:\program files (x86)\Julien MANICI
2012-02-16 17:39 . 2012-02-16 17:39 -------- d-----w- c:\users\Brian\AppData\Roaming\SoftGrid Client
2012-02-16 17:37 . 2012-02-16 17:37 -------- d-----w- c:\users\Brian\AppData\Roaming\TP
2012-02-15 07:22 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 07:22 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 07:22 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 07:22 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 07:22 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 07:22 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:22 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 17:26 . 2012-02-14 17:26 -------- d-----w- c:\program files (x86)\Network Print Monitor
2012-02-14 15:29 . 2012-02-14 15:29 -------- d-----w- c:\users\Brian\AppData\Local\PSU
2012-02-14 15:27 . 2009-08-30 08:07 482408 ------w- c:\windows\ssndii.exe
2012-02-14 15:27 . 2009-12-09 23:59 701440 ------w- c:\windows\SysWow64\msxml2.dll
2012-02-14 15:27 . 2009-12-09 23:59 38160 ------w- c:\windows\SysWow64\msxml2r.dll
2012-02-14 15:27 . 2009-12-09 23:59 21776 ------w- c:\windows\SysWow64\msxml2a.dll
2012-02-14 15:27 . 2009-12-09 23:59 81920 ------w- c:\windows\SysWow64\ssdevm.dll
2012-02-14 15:27 . 2009-12-09 23:59 49152 ------w- c:\windows\SysWow64\ssusbpn.dll
2012-02-14 15:27 . 2009-12-09 23:59 74240 ------w- c:\windows\system32\ssdevm64.dll
2012-02-14 15:27 . 2009-12-09 23:59 47104 ------w- c:\windows\system32\ssusbp64.dll
2012-02-14 15:27 . 2007-08-14 04:48 11576 ------w- c:\windows\system32\drivers\SSPORT.SYS
2012-02-14 15:27 . 2012-02-14 15:27 -------- d-----w- c:\program files (x86)\Samsung
2012-02-14 15:26 . 2012-02-14 15:26 -------- d-----w- C:\Drivers
2012-02-14 15:21 . 2007-08-14 11:42 33792 ------w- c:\windows\system32\Spool\prtprocs\x64\cl31cpc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 23:46 . 2011-05-14 03:05 414368 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-11 00:00 . 2012-02-11 00:01 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9801011D-7996-4E31-BCCE-B0F0B591E798}\gapaengine.dll
2012-02-08 21:24 . 2012-02-08 21:24 2067968 ----a-w- c:\windows\system32\DisplayLinkUsbCo64_6.1.36484.0.dll
2012-02-08 21:24 . 2012-02-08 21:24 17408 ----a-w- c:\windows\system32\drivers\DisplayLinkUsbPort_6.1.36484.0.sys
2012-02-08 14:18 . 2012-02-08 14:18 1126832 ----a-w- c:\windows\system32\dlumd64.dll
2012-02-08 14:18 . 2012-02-08 14:18 934320 ----a-w- c:\windows\SysWow64\dlumd32.dll
2012-02-08 14:18 . 2012-02-08 14:18 105904 ----a-w- c:\windows\system32\DLTmmB.dll
2012-02-08 14:18 . 2012-02-08 14:18 102832 ----a-w- c:\windows\system32\ManageTMMLifeTime.dll
2012-02-08 07:13 . 2011-02-17 19:38 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-07 15:51 . 2011-02-18 00:25 87456 ------w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-07 15:51 . 2011-02-18 00:25 34688 ------w- c:\windows\system32\LMIport.dll
2012-02-07 15:51 . 2011-02-18 00:25 80768 ------w- c:\windows\system32\LMIinit.dll
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 03:42 . 2012-01-16 14:38 112056 ------w- c:\windows\SysWow64\acaptuser32.dll
2011-12-19 21:45 . 2011-12-19 21:45 146736 ------w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 21:43 . 2011-12-19 21:43 320816 ------w- c:\windows\system32\VBoxNetFltNobj.dll
2011-12-19 21:43 . 2011-12-19 21:43 165680 ------w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-12-15 22:00 . 2011-02-18 00:25 87456 ------w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-12-15 21:59 . 2011-02-18 00:25 80768 ------w- c:\windows\system32\LMIinit.dll.000.bak
2011-05-25 18:04 36892 --sh--w- c:\windows\SysWOW64\bassmod.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-12_13.54.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-03-14 15:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-08 23:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-08 23:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-14 15:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-14 15:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-08 23:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-03-12 17:16 72214 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-14 15:44 47274 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-17 18:01 . 2012-03-14 15:44 11816 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-682003330-1220945662-2146912999-1116_UserData.bin
+ 2010-03-18 16:36 . 2010-03-18 16:36 57168 c:\windows\system32\vcomp100.dll
- 2010-03-18 17:36 . 2010-03-18 17:36 57168 c:\windows\system32\vcomp100.dll
- 2009-07-14 05:30 . 2012-02-22 18:17 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-03-14 15:36 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-02-15 18:01 . 2012-02-15 18:01 52736 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_c111aaecb61e9a2b\usbaapl64.sys
+ 2012-02-08 14:19 . 2012-02-08 14:19 38400 c:\windows\system32\DriverStore\FileRepository\dlcdcecm.inf_amd64_neutral_21418b86eab2244c\x64\dlcdcecm.sys
- 2011-11-23 18:18 . 2011-11-23 18:18 38400 c:\windows\system32\DriverStore\FileRepository\dlcdcecm.inf_amd64_neutral_21418b86eab2244c\x64\dlcdcecm.sys
+ 2012-02-08 21:24 . 2012-02-08 21:24 17408 c:\windows\system32\DriverStore\FileRepository\displaylinkusb.inf_amd64_neutral_5377c405c3e5ea47\DisplayLinkUsbPort64.sys
- 2012-01-03 18:00 . 2011-11-23 18:18 15184 c:\windows\system32\drivers\dlkmdldr.sys
+ 2012-03-14 15:41 . 2012-02-08 14:19 15184 c:\windows\system32\drivers\dlkmdldr.sys
+ 2011-02-18 01:16 . 2012-03-14 15:41 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-18 01:16 . 2012-03-09 20:24 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-18 01:16 . 2012-03-14 15:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-18 01:16 . 2012-03-09 20:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-09 20:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-14 15:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-14 15:44 88864 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-02-17 19:04 . 2012-02-17 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-17 19:04 . 2012-03-13 21:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-17 18:24 . 2012-02-17 00:25 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-02-17 18:24 . 2012-03-14 15:31 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-02-17 18:24 . 2012-02-17 00:25 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-02-17 18:24 . 2012-03-14 15:31 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-02-17 18:24 . 2012-02-17 00:25 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-02-17 18:24 . 2012-03-14 15:31 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-02-21 04:28 . 2012-02-21 04:28 53608 c:\windows\Installer\$PatchCache$\Managed\057978BEDBCC3104FB5D20494DADB50D\2.1.7\pthreadVC2.dll
+ 2012-02-21 04:28 . 2012-02-21 04:28 23248 c:\windows\Installer\$PatchCache$\Managed\057978BEDBCC3104FB5D20494DADB50D\2.1.7\AppleVersions.dll
- 2012-03-08 23:39 . 2012-03-08 23:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-14 15:41 . 2012-03-14 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-14 15:41 . 2012-03-14 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-08 23:39 . 2012-03-08 23:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-14 15:36 . 2012-03-14 15:36 3638 c:\windows\Installer\{D9D8900B-CFEB-44C6-B417-D6308B5B145D}\controlPanelIcon.exe
+ 2012-03-07 16:47 . 2012-03-14 15:44 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-03-07 16:47 . 2012-03-08 23:41 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:36 . 2012-03-14 15:48 667562 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-08 23:45 667562 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-14 15:48 124610 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-08 23:45 124610 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-02-22 18:17 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-14 15:36 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-22 18:17 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-03-14 15:36 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-02-08 14:19 . 2012-02-08 14:19 185464 c:\windows\system32\DriverStore\FileRepository\dlusbaudio.inf_amd64_neutral_5b54cd1622813b07\dlusbaudio_x64.sys
- 2011-11-23 18:18 . 2011-11-23 18:18 185464 c:\windows\system32\DriverStore\FileRepository\dlusbaudio.inf_amd64_neutral_5b54cd1622813b07\dlusbaudio_x64.sys
- 2012-01-03 18:00 . 2011-11-23 18:18 308560 c:\windows\system32\drivers\dlkmd.sys
+ 2012-03-14 15:41 . 2012-02-08 14:19 308560 c:\windows\system32\drivers\dlkmd.sys
- 2009-07-14 05:12 . 2012-03-08 23:39 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-03-14 15:41 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-03-08 23:38 478996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-14 15:40 478996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-02-03 15:20 . 2012-02-03 15:20 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-03-12 15:39 . 2012-03-12 15:39 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
- 2011-02-17 18:24 . 2012-02-17 00:25 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-02-17 18:24 . 2012-03-14 15:31 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-02-17 18:24 . 2012-02-17 00:25 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-02-17 18:24 . 2012-03-14 15:31 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-02-17 18:24 . 2012-03-14 15:31 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-02-17 18:24 . 2012-02-17 00:25 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-02-17 18:24 . 2012-02-17 00:25 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-02-17 18:24 . 2012-03-14 15:31 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-02-17 18:24 . 2012-03-14 15:31 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-02-17 18:24 . 2012-02-17 00:25 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-02-17 18:24 . 2012-03-14 15:31 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
- 2011-02-17 18:24 . 2012-02-17 00:25 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2012-03-12 16:18 . 2012-03-12 16:18 380928 c:\windows\Installer\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}\iTunesIco.exe
+ 2012-02-15 18:02 . 2012-02-15 18:02 236904 c:\windows\Installer\$PatchCache$\Managed\A977DA8BAD2856347A0DDAD3FC5CC5FF\5.1.1\OutlookChangeNotifierAddIn_x64.dll
+ 2012-02-15 18:02 . 2012-02-15 18:02 227176 c:\windows\Installer\$PatchCache$\Managed\A977DA8BAD2856347A0DDAD3FC5CC5FF\5.1.1\OutlookChangeNotifierAddIn.dll
+ 2009-07-14 04:45 . 2012-03-14 15:41 4959184 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-02-17 14:34 4959184 c:\windows\system32\FNTCACHE.DAT
+ 2012-02-15 18:01 . 2012-02-15 18:01 4547944 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_c111aaecb61e9a2b\usbaaplrc.dll
+ 2012-02-08 21:24 . 2012-02-08 21:24 2067968 c:\windows\system32\DriverStore\FileRepository\displaylinkusb.inf_amd64_neutral_5377c405c3e5ea47\DisplayLinkUsbCo64.dll
+ 2012-02-08 21:24 . 2012-02-08 21:24 6343304 c:\windows\system32\DriverStore\FileRepository\displaylinkusb.inf_amd64_neutral_5377c405c3e5ea47\DisplayLinkCore64.dat
+ 2009-07-14 04:45 . 2012-03-14 15:44 7159180 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-03-08 00:31 7159180 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-02-08 14:24 . 2012-02-08 14:24 3854336 c:\windows\Installer\3feb736.msi
+ 2012-03-01 06:55 . 2012-03-01 06:55 3462656 c:\windows\Installer\3feb6f9.msp
+ 2011-02-17 18:24 . 2012-03-14 15:31 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-02-17 18:24 . 2012-02-17 00:25 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-02-17 18:24 . 2012-03-14 15:31 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-02-17 18:24 . 2012-02-17 00:25 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-02-17 18:24 . 2012-02-17 00:25 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-02-17 18:24 . 2012-03-14 15:31 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-02-17 18:24 . 2012-02-17 00:25 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-02-17 18:24 . 2012-03-14 15:31 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2009-07-14 02:34 . 2012-02-17 14:32 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-14 15:40 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-03-09 14:36 . 2012-03-14 15:36 56297240 c:\windows\system32\MRT.exe
+ 2011-03-03 00:17 . 2012-03-14 15:40 31850963 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-682003330-1220945662-2146912999-1116-8192.dat
+ 2011-03-03 00:17 . 2012-03-14 15:40 51889174 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-682003330-1220945662-2146912999-1116-4096.dat
+ 2012-03-12 16:16 . 2012-03-12 16:16 48986624 c:\windows\Installer\72484c.msi
+ 2012-03-12 16:16 . 2012-03-12 16:16 11105280 c:\windows\Installer\723c65.msi
+ 2012-03-12 16:16 . 2012-03-12 16:16 20396032 c:\windows\Installer\723bf9.msi
+ 2012-03-12 15:38 . 2012-03-12 15:38 18984960 c:\windows\Installer\503980.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Brian\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-3-8 26555136]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2011-11-8 7070608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys [x]
R1 FortiRdr;FortiRdr;c:\windows\system32\drivers\FortiRdr2.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2010-07-05 11776]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-17 136176]
R2 MouseWithoutBordersSvc;Mouse without Borders Service;c:\program files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2011-09-01 17920]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 applebmt;Apple Wireless Mouse;c:\windows\system32\DRIVERS\applebmt.sys [x]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
R3 dccdrv;dccdrv;c:\windows\system32\Drivers\dccdrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-17 136176]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 fortiapd;fortiapd;c:\windows\system32\drivers\fortiapd.sys [x]
S1 FortiShield;Fortinet Fortishield;c:\windows\system32\drivers\FortiShield.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [x]
S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [x]
S2 BarTender System Service;BarTender System Service;c:\program files (x86)\Seagull\BarTender Suite\System\BtSystem.Service.exe [2009-02-10 54640]
S2 Commander Service;Commander Service;c:\program files (x86)\Seagull\BarTender Suite\Commander\CmdrSrv.exe [2009-02-10 1906032]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2012-02-08 8454064]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 EVault InfoStage Agent;EVault Software Agent;c:\program files\EVault Software\Agent\VVAgent.exe [2011-07-26 6488576]
S2 EVault InfoStage BUAgent;EVault Software BUAgent;c:\program files\EVault Software\Agent\buagent.exe [2011-07-26 10012672]
S2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\SysWOW64\FortiSSLVPNdaemon.exe [2010-03-22 703080]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-07 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [x]
S2 Maestro;Printer Maestro;c:\program files (x86)\Seagull\BarTender Suite\Printer Maestro\Maestro.Service.exe [2009-02-10 226672]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-04 94024]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 THINWORX Client Service;THINWORX Client Service;c:\program files (x86)\GeNUIT\THINWORX\Client\bin\TWCService.exe [2011-04-11 121856]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [x]
S3 AppleDisplayFlt;Apple Display Driver;c:\windows\system32\DRIVERS\aaplmonf.sys [x]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [x]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [x]
S3 AppleODD;Apple ODD;c:\windows\system32\DRIVERS\AppleODD.sys [x]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.36484.0.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 Fortidrv2;Fortinet Fortinet Packet Filter Service;c:\windows\system32\DRIVERS\fortidrv.sys [x]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [x]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 19:07 451872 ------w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ------w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2010-11-12 740152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://help.fourstardist.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Sphericall &Dial - c:\program files\Sphere\Dial.htm
Trusted Zone: garmin.com\buy
Trusted Zone: garmin.com\connect
Trusted Zone: garmin.com\my
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.10.10.32 10.10.10.33
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///K:/activeX/DCP.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - hxxp://10.10.40.18/aplugLiteDL.cab
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\f6ph0kn1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:57,51,0e,85,ca,d0,cb,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,d4,e5,f7,d2,b8,2b,47,a4,f7,af,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,d4,e5,f7,d2,b8,2b,47,a4,f7,af,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-14 11:26:14
ComboFix-quarantined-files.txt 2012-03-14 18:26
ComboFix2.txt 2012-03-12 13:55
.
Pre-Run: 83,262,951,424 bytes free
Post-Run: 82,771,947,520 bytes free
.
- - End Of File - - 0D96910C10578A4C83D10EBA15FB3C5F

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:55 PM

Posted 14 March 2012 - 04:32 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users