Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili/Zeroaccess root-kit removal


  • This topic is locked This topic is locked
12 replies to this topic

#1 metalcoholic

metalcoholic

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 21 March 2012 - 10:16 PM

Hello Guys!
Great site and a good find because I am in trouble here, I believe Zero-access or similar root-kit has infected my computer.

TDSS and the removal tool from Symantec fail to detect anything. I ran malewarebytes today and it found several infected files. they were deleted, but of course this solved nothing. A system restore also did not work as the virus re-downloaded itself.

I am running Windows 7 64 bit, and use norton as my antivirus.

Here is the DSS log, and thank you for reading.



DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_25
Run by bleep you windows 7 at 20:07:22 on 2012-03-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6322 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Games\Hi Rez\HiPatchService.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Installed Programs\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Installed Programs\FireFox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Installed Programs\FireFox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;<local>
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Installed Programs\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
uRun: [DAEMON Tools Lite] "C:\Installed Programs\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Installed Programs\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Installed Programs\BitComet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Installed Programs\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CEAA8B82-E090-4C0C-A47F-01531BAB655A} : DhcpNameServer = 192.168.0.1
mASetup: {ADC7DB3D-DEFD-BB68-BFBC-EFE85DBACA22} - C:\Users\bleep you windows 7\AppData\Roaming\local.exe
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Installed Programs\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Installed Programs\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\bleep you windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\009zje8x.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e57b448&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.http - 202.4.155.234
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Installed Programs\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Users\bleep you windows 7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002_e44\BHDrvx64.sys [2012-3-17 1157240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120321.001_e48\IDSviA64.sys [2012-3-21 488568]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-10-14 55936]
R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Games\Hi Rez\HiPatchService.exe [2012-1-23 8704]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-10 652360]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-5 138360]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam C160(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\Windows\system32\DRIVERS\WPN111vx.sys --> C:\Windows\system32\DRIVERS\WPN111vx.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Installed Programs\BitComet\tools\BitCometService.exe -service --> C:\Installed Programs\BitComet\tools\BitCometService.exe -service [?]
.
=============== Created Last 30 ================
.
2012-03-22 02:43:09 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-03-22 02:20:06 -------- d-----w- C:\!KillBox
2012-03-22 01:52:28 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E89F86C6-F5A2-4594-B8C8-AFEF1B010F07}\mpengine.dll
2012-03-21 22:19:29 -------- d-----w- C:\Program Files\Enigma Software Group
2012-03-19 22:15:38 -------- d-----w- C:\Users\bleep you windows 7\AppData\Roaming\MinMaxGames
2012-03-18 16:24:24 -------- d-----w- C:\Users\bleep you windows 7\AppData\Local\{B94FEBAA-1D49-476B-9B1C-19AE17FE013E}
2012-03-18 16:24:14 -------- d-----w- C:\Users\bleep you windows 7\AppData\Local\{DCC90780-76E9-46FD-8A62-C306B0D8587D}
2012-03-13 09:33:35 -------- d-----w- C:\Users\bleep you windows 7\AppData\Local\ECSD
2012-03-11 21:29:37 -------- d-----w- C:\Users\bleep you windows 7\AppData\Local\My Games
2012-03-10 16:25:49 -------- d-----w- C:\Users\bleep you windows 7\AppData\Local\{83503423-3D89-4DD2-B904-C4ACC01FF16B}
2012-03-10 16:25:38 -------- d-----w- C:\Users\bleep you windows 7\AppData\Local\{B4FA517B-29F3-4A95-82E0-768967080915}
2012-03-10 15:38:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-10 15:20:12 -------- d-----w- C:\Users\bleep you windows 7\AppData\Roaming\Malwarebytes
2012-03-10 15:20:03 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-10 15:20:02 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-10 15:20:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-09 02:38:43 -------- d-----w- C:\ProgramData\Firefly Studios
2012-03-09 02:36:33 -------- d-----w- C:\Program Files (x86)\GameSpy Arcade
2012-03-09 02:16:04 -------- d-----w- C:\Users\bleep you windows 7\AppData\Local\Irrational Games
2012-03-09 01:45:12 -------- d-----w- C:\Users\bleep you windows 7\AppData\Local\AlephOne
2012-03-08 18:53:06 -------- d-----w- C:\Users\bleep you windows 7\AppData\Local\SIX_Projects
2012-03-08 18:53:02 -------- d-----w- C:\Users\bleep you windows 7\AppData\Roaming\six-updater
2012-03-07 16:12:30 -------- d-----w- C:\Program Files\SD EnterNET
2012-03-07 16:11:50 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-03-07 16:11:50 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-03-07 16:11:50 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-03-07 16:11:50 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-03-07 16:11:50 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-03-07 16:11:50 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-03-07 16:11:49 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-03-07 16:11:49 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-02-26 17:24:42 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-02-26 16:54:17 -------- d-----w- C:\AMD
2012-02-21 05:25:15 -------- d-----w- C:\ProgramData\Codemasters
2012-02-21 05:22:38 17686528 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
2012-02-21 05:22:38 1347584 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
2012-02-21 05:22:37 -------- d-----w- C:\Program Files (x86)\BRS
.
==================== Find3M ====================
.
2012-02-21 05:21:45 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-02-21 05:21:44 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-02-21 05:21:44 122968 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-02-21 05:21:44 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-28 17:18:30 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-24 17:15:57 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 20:07:54.80 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:37 PM

Posted 22 March 2012 - 12:07 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 metalcoholic

metalcoholic
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 22 March 2012 - 01:05 PM

THANK YOU so much for your quick response. here is my combofix log:

ComboFix 12-03-22.01 - bleep you windows 7 03/22/2012 9:38.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6154 [GMT -7:00]
Running from: c:\users\bleep you windows 7\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
.
.
2012-03-22 17:29 . 2012-03-22 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-22 02:43 . 2012-03-22 02:43 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-03-22 02:20 . 2012-03-22 02:20 -------- d-----w- C:\!KillBox
2012-03-22 01:52 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E89F86C6-F5A2-4594-B8C8-AFEF1B010F07}\mpengine.dll
2012-03-21 22:19 . 2012-03-21 22:19 -------- d-----w- c:\program files\Enigma Software Group
2012-03-19 22:15 . 2012-03-19 22:15 -------- d-----w- c:\users\bleep you windows 7\AppData\Roaming\MinMaxGames
2012-03-13 09:33 . 2012-03-13 09:33 -------- d-----w- c:\users\bleep you windows 7\AppData\Local\ECSD
2012-03-11 21:29 . 2012-03-11 21:29 -------- d-----w- c:\users\bleep you windows 7\AppData\Local\My Games
2012-03-10 15:38 . 2012-03-22 01:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-10 15:20 . 2012-03-10 15:20 -------- d-----w- c:\users\bleep you windows 7\AppData\Roaming\Malwarebytes
2012-03-10 15:20 . 2012-03-10 15:20 -------- d-----w- c:\programdata\Malwarebytes
2012-03-10 15:20 . 2012-03-10 15:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-10 15:20 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 02:38 . 2012-03-09 02:38 -------- d-----w- c:\programdata\Firefly Studios
2012-03-09 02:36 . 2012-03-09 02:36 -------- d-----w- c:\program files (x86)\GameSpy Arcade
2012-03-09 02:16 . 2012-03-09 02:16 -------- d-----w- c:\users\bleep you windows 7\AppData\Local\Irrational Games
2012-03-09 01:45 . 2012-03-09 01:45 -------- d-----w- c:\users\bleep you windows 7\AppData\Local\AlephOne
2012-03-08 18:53 . 2012-03-08 18:53 -------- d-----w- c:\users\bleep you windows 7\AppData\Local\SIX_Projects
2012-03-08 18:53 . 2012-03-20 10:46 -------- d-----w- c:\users\bleep you windows 7\AppData\Roaming\six-updater
2012-03-07 16:12 . 2012-03-07 16:12 -------- d-----w- c:\program files\SD EnterNET
2012-03-07 16:11 . 2005-11-14 07:22 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-03-07 16:11 . 2005-11-14 07:22 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-03-07 16:11 . 2005-11-14 07:21 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-03-07 16:11 . 2005-11-14 07:20 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-03-07 16:11 . 2005-11-14 07:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-03-07 16:11 . 2005-11-14 07:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-03-07 16:11 . 2012-03-07 16:11 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-03-07 16:11 . 2012-03-07 16:11 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-02-26 17:25 . 2012-02-26 17:25 -------- d-----w- c:\programdata\ATI
2012-02-26 17:24 . 2012-02-26 17:24 -------- d-----w- c:\program files (x86)\AMD APP
2012-02-26 16:54 . 2012-02-26 16:54 -------- d-----w- C:\AMD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 05:21 . 2011-06-10 17:04 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-21 05:21 . 2011-06-10 17:04 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-21 05:21 . 2011-06-10 17:04 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-21 05:21 . 2011-06-10 17:04 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-10 18:22 . 2012-02-10 18:22 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{487E2D93-16C7-4F5B-80A5-B785686C9B9B}\gapaengine.dll
2012-01-31 12:44 . 2011-05-12 18:22 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-28 17:18 . 2012-01-28 08:38 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-24 17:15 . 2011-05-12 21:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:06 . 2012-02-16 19:15 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 10:44 . 2012-02-16 19:15 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 19:15 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 19:15 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 19:15 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 19:15 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\installed programs\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111vx.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\installed programs\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002_e44\BHDrvx64.sys [2012-03-17 1157240]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120321.001_e48\IDSvia64.sys [2012-03-21 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AODDriver4.1;AODDriver4.1;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-10-14 55936]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\games\Hi Rez\HiPatchService.exe [2012-02-21 8704]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-27 138360]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: &D&ownload &with BitComet - c:\installed programs\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\installed programs\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\bleep you windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\009zje8x.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e57b448&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.http - 202.4.155.234
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{ADC7DB3D-DEFD-BB68-BFBC-EFE85DBACA22} - c:\users\bleep you windows 7\AppData\Roaming\local.exe
AddRemove-BattlEye for OA - c:\games\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-DarkSpace - c:\games\Dark Space\uninst.exe
AddRemove-{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116} - c:\games\SimCity 4\EAUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-473145152-1641071510-1711537155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Gu} ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-473145152-1641071510-1711537155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Gu} \OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-473145152-1641071510-1711537155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*/ô<W]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-473145152-1641071510-1711537155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*/ô<W\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-473145152-1641071510-1711537155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*Gu} ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:46,3a,5c,56,69,64,65,6f,5c,54,68,65,20,53,69,6d,70,73,6f,6e,73,5c,53,
65,61,73,6f,6e,20,31,34,5c,54,68,65,20,53,69,6d,70,73,6f,6e,73,20,5b,31,34,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-473145152-1641071510-1711537155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*/ô<W]
@Allowed: (Read) (RestrictedCode)
"0"=hex:46,3a,5c,56,69,64,65,6f,5c,54,68,65,20,53,69,6d,70,73,6f,6e,73,5c,53,
65,61,73,6f,6e,20,32,31,5c,32,31,78,32,32,20,2d,20,54,68,65,20,42,6f,62,20,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-473145152-1641071510-1711537155-1001\Software\SecuROM\License information*]
"datasecu"=hex:d5,9e,04,ce,dd,5f,86,25,40,63,cb,5b,67,2d,8e,bf,6c,8a,c6,9a,17,
65,eb,3e,dc,82,85,6b,d3,ad,a9,1c,63,20,19,9f,3c,6a,92,8f,93,82,45,16,15,8a,\
"rkeysecu"=hex:5d,6b,92,16,cf,42,c3,a3,07,41,11,1d,b4,2a,c3,fa
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-03-22 10:51:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-22 17:51
.
Pre-Run: 36,337,819,648 bytes free
Post-Run: 36,011,806,720 bytes free
.
- - End Of File - - 0DE069306AA6A6DC23DDD6931FF824A0






I did not have any problem using ComboFix. It Took about an hour and a half to complete, no problems when it ran.

As for my PC, it is still redirecting in firefox and sluggish both online and off, reguardless of what application is used. I still get lock ups for several seconds when browsing, but to be expected. I cannot seem to find any other symptoms Other than redirecting links and my machine running slower that it normally does.

Before I posted here I had done a system recovery and that seemed to fix Where it redirected me. "It" would just redirect me to a blank page. however after 5 minutes or so of testing this out, hapilli came back up but this time with gimmieanswers.com as well.
THAT did not happen the first time. I can only assume the virus downloaded a more robust version of itself.

Hopefully i didnt give you too much there. thank you again!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:37 PM

Posted 22 March 2012 - 02:43 PM

Greetings

I want you to uninstall firefox and reinstall it and see if the redirects continue - if asked about user data or user files delete these also


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 metalcoholic

metalcoholic
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 23 March 2012 - 02:23 PM

OK wow interesting results.

Unintalled Firefox entirely, deleted the directory, everything. Reinstalled and Firefox and it seems that the redirecting has stopped. Nothing else to really comment on as far as a change but that seems like a BIG step.


So here is the TDSS Report:



11:25:33.0678 3492 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
11:25:34.0201 3492 ============================================================
11:25:34.0201 3492 Current date / time: 2012/03/23 11:25:34.0201
11:25:34.0201 3492 SystemInfo:
11:25:34.0201 3492
11:25:34.0201 3492 OS Version: 6.1.7601 ServicePack: 1.0
11:25:34.0201 3492 Product type: Workstation
11:25:34.0201 3492 ComputerName: METAL
11:25:34.0201 3492 UserName: bleep you windows 7
11:25:34.0201 3492 Windows directory: C:\Windows
11:25:34.0201 3492 System windows directory: C:\Windows
11:25:34.0201 3492 Running under WOW64
11:25:34.0201 3492 Processor architecture: Intel x64
11:25:34.0201 3492 Number of processors: 6
11:25:34.0201 3492 Page size: 0x1000
11:25:34.0201 3492 Boot type: Normal boot
11:25:34.0201 3492 ============================================================
11:25:36.0111 3492 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:25:36.0129 3492 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:25:36.0151 3492 Drive \Device\Harddisk2\DR2 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x64F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
11:25:36.0195 3492 \Device\Harddisk0\DR0:
11:25:36.0195 3492 MBR used
11:25:36.0195 3492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:25:36.0195 3492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
11:25:36.0195 3492 \Device\Harddisk1\DR1:
11:25:36.0195 3492 MBR used
11:25:36.0197 3492 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x3A380D41
11:25:36.0197 3492 \Device\Harddisk2\DR2:
11:25:36.0197 3492 MBR used
11:25:36.0197 3492 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x162E4E01
11:25:36.0197 3492 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x162E8950, BlocksNum 0x11B50C0
11:25:36.0304 3492 Initialize success
11:25:36.0304 3492 ============================================================
11:25:39.0085 4024 ============================================================
11:25:39.0085 4024 Scan started
11:25:39.0085 4024 Mode: Manual;
11:25:39.0085 4024 ============================================================
11:25:39.0400 4024 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:25:39.0420 4024 1394ohci - ok
11:25:39.0483 4024 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:25:39.0484 4024 ACPI - ok
11:25:39.0531 4024 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:25:39.0552 4024 AcpiPmi - ok
11:25:39.0637 4024 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:25:39.0673 4024 AdobeARMservice - ok
11:25:39.0877 4024 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:25:39.0888 4024 adp94xx - ok
11:25:39.0931 4024 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:25:39.0956 4024 adpahci - ok
11:25:39.0981 4024 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:25:39.0989 4024 adpu320 - ok
11:25:40.0034 4024 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:25:40.0035 4024 AeLookupSvc - ok
11:25:40.0097 4024 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:25:40.0113 4024 AFD - ok
11:25:40.0141 4024 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:25:40.0147 4024 agp440 - ok
11:25:40.0173 4024 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:25:40.0178 4024 ALG - ok
11:25:40.0239 4024 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:25:40.0244 4024 aliide - ok
11:25:40.0304 4024 AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
11:25:40.0354 4024 AMD External Events Utility - ok
11:25:40.0443 4024 AMD FUEL Service - ok
11:25:40.0493 4024 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:25:40.0498 4024 amdide - ok
11:25:40.0512 4024 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
11:25:40.0512 4024 amdiox64 - ok
11:25:40.0566 4024 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:25:40.0572 4024 AmdK8 - ok
11:25:40.0772 4024 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
11:25:40.0943 4024 amdkmdag - ok
11:25:40.0985 4024 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
11:25:40.0995 4024 amdkmdap - ok
11:25:41.0041 4024 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:25:41.0042 4024 AmdPPM - ok
11:25:41.0098 4024 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:25:41.0104 4024 amdsata - ok
11:25:41.0121 4024 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:25:41.0128 4024 amdsbs - ok
11:25:41.0168 4024 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:25:41.0169 4024 amdxata - ok
11:25:41.0294 4024 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:25:41.0301 4024 AODDriver4.01 - ok
11:25:41.0421 4024 AODDriver4.1 (6845a9781ef9d2fa5c494cc684a06b6a) C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
11:25:41.0428 4024 AODDriver4.1 - ok
11:25:41.0452 4024 AODService (419dfc4fcf642a3d8d9794c15fca92fd) C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
11:25:41.0494 4024 AODService - ok
11:25:41.0646 4024 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:25:41.0660 4024 AppID - ok
11:25:41.0693 4024 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:25:41.0699 4024 AppIDSvc - ok
11:25:41.0735 4024 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:25:41.0741 4024 Appinfo - ok
11:25:41.0888 4024 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:25:41.0890 4024 Apple Mobile Device - ok
11:25:41.0939 4024 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:25:41.0961 4024 AppMgmt - ok
11:25:42.0025 4024 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:25:42.0032 4024 arc - ok
11:25:42.0043 4024 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:25:42.0050 4024 arcsas - ok
11:25:42.0217 4024 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:25:42.0267 4024 aspnet_state - ok
11:25:42.0324 4024 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:25:42.0325 4024 AsyncMac - ok
11:25:42.0365 4024 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:25:42.0366 4024 atapi - ok
11:25:42.0441 4024 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
11:25:42.0442 4024 AtiHDAudioService - ok
11:25:42.0498 4024 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:25:42.0503 4024 AudioEndpointBuilder - ok
11:25:42.0511 4024 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:25:42.0514 4024 AudioSrv - ok
11:25:42.0554 4024 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:25:42.0560 4024 AxInstSV - ok
11:25:42.0611 4024 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:25:42.0621 4024 b06bdrv - ok
11:25:42.0651 4024 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:25:42.0673 4024 b57nd60a - ok
11:25:42.0710 4024 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:25:42.0716 4024 BDESVC - ok
11:25:42.0763 4024 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:25:42.0764 4024 Beep - ok
11:25:42.0822 4024 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:25:42.0828 4024 BFE - ok
11:25:43.0060 4024 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002_e44\BHDrvx64.sys
11:25:43.0065 4024 BHDrvx64 - ok
11:25:43.0137 4024 BITCOMET_HELPER_SERVICE - ok
11:25:43.0275 4024 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:25:43.0283 4024 BITS - ok
11:25:43.0373 4024 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:25:43.0374 4024 blbdrive - ok
11:25:43.0588 4024 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
11:25:43.0616 4024 Bonjour Service - ok
11:25:43.0836 4024 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:25:43.0837 4024 bowser - ok
11:25:43.0880 4024 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:25:43.0904 4024 BrFiltLo - ok
11:25:43.0932 4024 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:25:43.0957 4024 BrFiltUp - ok
11:25:44.0023 4024 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:25:44.0030 4024 BridgeMP - ok
11:25:44.0073 4024 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:25:44.0074 4024 Browser - ok
11:25:44.0095 4024 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:25:44.0120 4024 Brserid - ok
11:25:44.0150 4024 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:25:44.0177 4024 BrSerWdm - ok
11:25:44.0199 4024 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:25:44.0204 4024 BrUsbMdm - ok
11:25:44.0220 4024 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:25:44.0239 4024 BrUsbSer - ok
11:25:44.0261 4024 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:25:44.0268 4024 BTHMODEM - ok
11:25:44.0309 4024 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:25:44.0333 4024 bthserv - ok
11:25:44.0364 4024 catchme - ok
11:25:44.0410 4024 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:25:44.0416 4024 cdfs - ok
11:25:44.0485 4024 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:25:44.0507 4024 cdrom - ok
11:25:44.0567 4024 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:25:44.0573 4024 CertPropSvc - ok
11:25:44.0608 4024 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:25:44.0633 4024 circlass - ok
11:25:44.0667 4024 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:25:44.0669 4024 CLFS - ok
11:25:44.0789 4024 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:25:44.0827 4024 clr_optimization_v2.0.50727_32 - ok
11:25:44.0901 4024 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:25:44.0908 4024 clr_optimization_v2.0.50727_64 - ok
11:25:45.0032 4024 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:25:45.0034 4024 clr_optimization_v4.0.30319_32 - ok
11:25:45.0046 4024 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:25:45.0048 4024 clr_optimization_v4.0.30319_64 - ok
11:25:45.0167 4024 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:25:45.0172 4024 CmBatt - ok
11:25:45.0212 4024 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:25:45.0218 4024 cmdide - ok
11:25:45.0266 4024 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:25:45.0268 4024 CNG - ok
11:25:45.0284 4024 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:25:45.0290 4024 Compbatt - ok
11:25:45.0335 4024 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:25:45.0336 4024 CompositeBus - ok
11:25:45.0352 4024 COMSysApp - ok
11:25:45.0369 4024 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:25:45.0375 4024 crcdisk - ok
11:25:45.0427 4024 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:25:45.0428 4024 CryptSvc - ok
11:25:45.0481 4024 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:25:45.0486 4024 CSC - ok
11:25:45.0506 4024 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
11:25:45.0510 4024 CscService - ok
11:25:45.0574 4024 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:25:45.0577 4024 DcomLaunch - ok
11:25:45.0622 4024 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:25:45.0630 4024 defragsvc - ok
11:25:45.0686 4024 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:25:45.0688 4024 DfsC - ok
11:25:45.0746 4024 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:25:45.0749 4024 Dhcp - ok
11:25:45.0790 4024 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:25:45.0792 4024 discache - ok
11:25:45.0822 4024 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:25:45.0823 4024 Disk - ok
11:25:45.0864 4024 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:25:45.0866 4024 Dnscache - ok
11:25:45.0924 4024 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:25:45.0931 4024 dot3svc - ok
11:25:45.0976 4024 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:25:45.0977 4024 DPS - ok
11:25:46.0035 4024 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:25:46.0040 4024 drmkaud - ok
11:25:46.0095 4024 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:25:46.0096 4024 dtsoftbus01 - ok
11:25:46.0160 4024 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:25:46.0164 4024 DXGKrnl - ok
11:25:46.0185 4024 EagleX64 - ok
11:25:46.0236 4024 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:25:46.0237 4024 EapHost - ok
11:25:46.0544 4024 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:25:46.0629 4024 ebdrv - ok
11:25:46.0721 4024 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:25:46.0723 4024 eeCtrl - ok
11:25:46.0853 4024 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:25:46.0854 4024 EFS - ok
11:25:47.0028 4024 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:25:47.0049 4024 ehRecvr - ok
11:25:47.0210 4024 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:25:47.0278 4024 ehSched - ok
11:25:47.0472 4024 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:25:47.0504 4024 elxstor - ok
11:25:47.0622 4024 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:25:47.0623 4024 EraserUtilRebootDrv - ok
11:25:47.0666 4024 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:25:47.0671 4024 ErrDev - ok
11:25:47.0730 4024 EuMusDesignVirtualAudioCableWdm (932c05033053ada2404fd836c9ab2c70) C:\Windows\system32\DRIVERS\vrtaucbl.sys
11:25:47.0740 4024 EuMusDesignVirtualAudioCableWdm - ok
11:25:47.0789 4024 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:25:47.0792 4024 EventSystem - ok
11:25:47.0839 4024 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:25:47.0846 4024 exfat - ok
11:25:47.0865 4024 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:25:47.0872 4024 fastfat - ok
11:25:47.0935 4024 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:25:47.0938 4024 Fax - ok
11:25:47.0980 4024 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:25:47.0986 4024 fdc - ok
11:25:48.0028 4024 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:25:48.0029 4024 fdPHost - ok
11:25:48.0037 4024 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:25:48.0038 4024 FDResPub - ok
11:25:48.0078 4024 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:25:48.0079 4024 FileInfo - ok
11:25:48.0096 4024 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:25:48.0102 4024 Filetrace - ok
11:25:48.0115 4024 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:25:48.0120 4024 flpydisk - ok
11:25:48.0180 4024 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:25:48.0181 4024 FltMgr - ok
11:25:48.0230 4024 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:25:48.0239 4024 FontCache - ok
11:25:48.0388 4024 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:25:48.0389 4024 FontCache3.0.0.0 - ok
11:25:48.0440 4024 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:25:48.0447 4024 FsDepends - ok
11:25:48.0467 4024 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:25:48.0467 4024 Fs_Rec - ok
11:25:48.0513 4024 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:25:48.0515 4024 fvevol - ok
11:25:48.0558 4024 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:25:48.0566 4024 gagp30kx - ok
11:25:48.0621 4024 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:25:48.0622 4024 GEARAspiWDM - ok
11:25:48.0671 4024 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:25:48.0677 4024 gpsvc - ok
11:25:48.0699 4024 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:25:48.0707 4024 hamachi - ok
11:25:48.0724 4024 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:25:48.0750 4024 hcw85cir - ok
11:25:48.0816 4024 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:25:48.0835 4024 HdAudAddService - ok
11:25:49.0118 4024 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:25:49.0121 4024 HDAudBus - ok
11:25:49.0298 4024 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:25:49.0309 4024 HidBatt - ok
11:25:49.0327 4024 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:25:49.0344 4024 HidBth - ok
11:25:49.0389 4024 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:25:49.0406 4024 HidIr - ok
11:25:49.0445 4024 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:25:49.0446 4024 hidserv - ok
11:25:49.0488 4024 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:25:49.0490 4024 HidUsb - ok
11:25:49.0603 4024 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) C:\Games\Hi Rez\HiPatchService.exe
11:25:49.0610 4024 HiPatchService - ok
11:25:49.0650 4024 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:25:49.0661 4024 hkmsvc - ok
11:25:49.0707 4024 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:25:49.0709 4024 HomeGroupListener - ok
11:25:49.0754 4024 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:25:49.0756 4024 HomeGroupProvider - ok
11:25:49.0816 4024 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:25:49.0833 4024 HpSAMD - ok
11:25:49.0893 4024 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:25:49.0900 4024 HTTP - ok
11:25:49.0914 4024 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:25:49.0915 4024 hwpolicy - ok
11:25:49.0964 4024 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:25:49.0981 4024 i8042prt - ok
11:25:50.0021 4024 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:25:50.0065 4024 iaStorV - ok
11:25:50.0219 4024 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:25:50.0248 4024 idsvc - ok
11:25:50.0496 4024 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120322.002\IDSvia64.sys
11:25:50.0520 4024 IDSVia64 - ok
11:25:50.0705 4024 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:25:50.0728 4024 iirsp - ok
11:25:50.0779 4024 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:25:50.0786 4024 IKEEXT - ok
11:25:50.0800 4024 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:25:50.0822 4024 intelide - ok
11:25:50.0853 4024 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:25:50.0894 4024 intelppm - ok
11:25:50.0958 4024 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:25:50.0980 4024 IPBusEnum - ok
11:25:51.0024 4024 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:25:51.0049 4024 IpFilterDriver - ok
11:25:51.0093 4024 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:25:51.0098 4024 iphlpsvc - ok
11:25:51.0114 4024 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:25:51.0156 4024 IPMIDRV - ok
11:25:51.0201 4024 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:25:51.0226 4024 IPNAT - ok
11:25:51.0309 4024 iPod Service (a9e53e1a9c4274eebc00d36ae5ed40de) C:\Program Files\iPod\bin\iPodService.exe
11:25:51.0360 4024 iPod Service - ok
11:25:51.0475 4024 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:25:51.0511 4024 IRENUM - ok
11:25:51.0553 4024 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:25:51.0589 4024 isapnp - ok
11:25:51.0633 4024 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:25:51.0683 4024 iScsiPrt - ok
11:25:51.0718 4024 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:25:51.0719 4024 kbdclass - ok
11:25:51.0811 4024 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:25:51.0812 4024 kbdhid - ok
11:25:51.0856 4024 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:25:51.0857 4024 KeyIso - ok
11:25:51.0873 4024 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:25:51.0874 4024 KSecDD - ok
11:25:51.0912 4024 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:25:51.0913 4024 KSecPkg - ok
11:25:51.0961 4024 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:25:51.0962 4024 ksthunk - ok
11:25:52.0004 4024 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:25:52.0043 4024 KtmRm - ok
11:25:52.0108 4024 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:25:52.0110 4024 LanmanServer - ok
11:25:52.0158 4024 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:25:52.0196 4024 LanmanWorkstation - ok
11:25:52.0255 4024 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:25:52.0256 4024 lltdio - ok
11:25:52.0305 4024 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:25:52.0342 4024 lltdsvc - ok
11:25:52.0361 4024 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:25:52.0362 4024 lmhosts - ok
11:25:52.0414 4024 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:25:52.0464 4024 LSI_FC - ok
11:25:52.0472 4024 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:25:52.0508 4024 LSI_SAS - ok
11:25:52.0522 4024 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:25:52.0558 4024 LSI_SAS2 - ok
11:25:52.0573 4024 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:25:52.0610 4024 LSI_SCSI - ok
11:25:52.0657 4024 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:25:52.0659 4024 luafv - ok
11:25:52.0720 4024 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
11:25:52.0754 4024 LVRS64 - ok
11:25:52.0820 4024 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
11:25:52.0880 4024 LVUVC64 - ok
11:25:52.0957 4024 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:25:52.0958 4024 MBAMProtector - ok
11:25:53.0020 4024 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:25:53.0025 4024 MBAMService - ok
11:25:53.0068 4024 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:25:53.0074 4024 Mcx2Svc - ok
11:25:53.0110 4024 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:25:53.0134 4024 megasas - ok
11:25:53.0163 4024 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:25:53.0171 4024 MegaSR - ok
11:25:53.0230 4024 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:25:53.0231 4024 MMCSS - ok
11:25:53.0271 4024 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:25:53.0277 4024 Modem - ok
11:25:53.0334 4024 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:25:53.0343 4024 monitor - ok
11:25:53.0386 4024 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:25:53.0387 4024 mouclass - ok
11:25:53.0404 4024 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:25:53.0406 4024 mouhid - ok
11:25:53.0450 4024 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:25:53.0451 4024 mountmgr - ok
11:25:53.0515 4024 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
11:25:53.0516 4024 MpFilter - ok
11:25:53.0562 4024 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:25:53.0570 4024 mpio - ok
11:25:53.0585 4024 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:25:53.0586 4024 MpNWMon - ok
11:25:53.0658 4024 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:25:53.0660 4024 mpsdrv - ok
11:25:53.0721 4024 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:25:53.0727 4024 MpsSvc - ok
11:25:53.0774 4024 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:25:53.0780 4024 MRxDAV - ok
11:25:53.0827 4024 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:25:53.0833 4024 msahci - ok
11:25:53.0887 4024 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:25:53.0894 4024 msdsm - ok
11:25:53.0961 4024 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:25:53.0968 4024 MSDTC - ok
11:25:54.0030 4024 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:25:54.0031 4024 Msfs - ok
11:25:54.0047 4024 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:25:54.0052 4024 mshidkmdf - ok
11:25:54.0090 4024 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:25:54.0091 4024 msisadrv - ok
11:25:54.0144 4024 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:25:54.0163 4024 MSiSCSI - ok
11:25:54.0168 4024 msiserver - ok
11:25:54.0196 4024 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:25:54.0201 4024 MSKSSRV - ok
11:25:54.0336 4024 MsMpSvc (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
11:25:54.0336 4024 MsMpSvc - ok
11:25:54.0356 4024 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:25:54.0361 4024 MSPCLOCK - ok
11:25:54.0377 4024 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:25:54.0382 4024 MSPQM - ok
11:25:54.0435 4024 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:25:54.0437 4024 MsRPC - ok
11:25:54.0486 4024 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:25:54.0486 4024 mssmbios - ok
11:25:54.0534 4024 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:25:54.0539 4024 MSTEE - ok
11:25:54.0579 4024 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:25:54.0585 4024 MTConfig - ok
11:25:54.0614 4024 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:25:54.0614 4024 Mup - ok
11:25:54.0736 4024 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
11:25:54.0737 4024 N360 - ok
11:25:54.0785 4024 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:25:54.0787 4024 napagent - ok
11:25:54.0844 4024 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:25:54.0847 4024 NativeWifiP - ok
11:25:55.0018 4024 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120322.019\ENG64.SYS
11:25:55.0019 4024 NAVENG - ok
11:25:55.0069 4024 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120322.019\EX64.SYS
11:25:55.0076 4024 NAVEX15 - ok
11:25:55.0282 4024 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:25:55.0286 4024 NDIS - ok
11:25:55.0331 4024 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:25:55.0337 4024 NdisCap - ok
11:25:55.0372 4024 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:25:55.0373 4024 NdisTapi - ok
11:25:55.0431 4024 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:25:55.0433 4024 Ndisuio - ok
11:25:55.0485 4024 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:25:55.0486 4024 NdisWan - ok
11:25:55.0529 4024 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:25:55.0530 4024 NDProxy - ok
11:25:55.0539 4024 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:25:55.0558 4024 NetBIOS - ok
11:25:55.0599 4024 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:25:55.0602 4024 NetBT - ok
11:25:55.0643 4024 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:25:55.0644 4024 Netlogon - ok
11:25:55.0701 4024 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:25:55.0704 4024 Netman - ok
11:25:55.0862 4024 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:55.0881 4024 NetMsmqActivator - ok
11:25:55.0903 4024 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:55.0904 4024 NetPipeActivator - ok
11:25:55.0958 4024 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:25:55.0961 4024 netprofm - ok
11:25:55.0966 4024 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:55.0967 4024 NetTcpActivator - ok
11:25:55.0969 4024 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:55.0970 4024 NetTcpPortSharing - ok
11:25:56.0056 4024 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:25:56.0063 4024 nfrd960 - ok
11:25:56.0088 4024 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:25:56.0089 4024 NisDrv - ok
11:25:56.0203 4024 NisSrv (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
11:25:56.0205 4024 NisSrv - ok
11:25:56.0310 4024 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:25:56.0313 4024 NlaSvc - ok
11:25:56.0398 4024 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:25:56.0400 4024 Npfs - ok
11:25:56.0446 4024 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:25:56.0447 4024 nsi - ok
11:25:56.0460 4024 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:25:56.0462 4024 nsiproxy - ok
11:25:56.0521 4024 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:25:56.0527 4024 Ntfs - ok
11:25:56.0565 4024 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:25:56.0566 4024 Null - ok
11:25:56.0618 4024 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:25:56.0639 4024 nvraid - ok
11:25:56.0667 4024 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:25:56.0692 4024 nvstor - ok
11:25:56.0738 4024 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:25:56.0745 4024 nv_agp - ok
11:25:56.0794 4024 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:25:56.0800 4024 ohci1394 - ok
11:25:56.0839 4024 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:25:56.0841 4024 p2pimsvc - ok
11:25:56.0891 4024 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:25:56.0895 4024 p2psvc - ok
11:25:56.0934 4024 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:25:56.0940 4024 Parport - ok
11:25:56.0995 4024 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:25:56.0996 4024 partmgr - ok
11:25:57.0008 4024 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:25:57.0009 4024 PcaSvc - ok
11:25:57.0057 4024 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:25:57.0058 4024 pci - ok
11:25:57.0099 4024 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:25:57.0100 4024 pciide - ok
11:25:57.0122 4024 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:25:57.0130 4024 pcmcia - ok
11:25:57.0170 4024 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:25:57.0171 4024 pcw - ok
11:25:57.0194 4024 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:25:57.0200 4024 PEAUTH - ok
11:25:57.0260 4024 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:25:57.0266 4024 PeerDistSvc - ok
11:25:57.0348 4024 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:25:57.0358 4024 PerfHost - ok
11:25:57.0424 4024 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:25:57.0454 4024 pla - ok
11:25:57.0507 4024 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:25:57.0511 4024 PlugPlay - ok
11:25:57.0552 4024 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:25:57.0558 4024 PNRPAutoReg - ok
11:25:57.0580 4024 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:25:57.0582 4024 PNRPsvc - ok
11:25:57.0633 4024 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:25:57.0637 4024 PolicyAgent - ok
11:25:57.0684 4024 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:25:57.0686 4024 Power - ok
11:25:57.0742 4024 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:25:57.0744 4024 PptpMiniport - ok
11:25:57.0788 4024 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:25:57.0794 4024 Processor - ok
11:25:57.0845 4024 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:25:57.0847 4024 ProfSvc - ok
11:25:57.0891 4024 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:25:57.0892 4024 ProtectedStorage - ok
11:25:57.0938 4024 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:25:57.0939 4024 Psched - ok
11:25:57.0968 4024 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:25:57.0999 4024 ql2300 - ok
11:25:58.0017 4024 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:25:58.0024 4024 ql40xx - ok
11:25:58.0063 4024 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:25:58.0070 4024 QWAVE - ok
11:25:58.0112 4024 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:25:58.0117 4024 QWAVEdrv - ok
11:25:58.0133 4024 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:25:58.0138 4024 RasAcd - ok
11:25:58.0190 4024 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:25:58.0192 4024 RasAgileVpn - ok
11:25:58.0206 4024 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:25:58.0213 4024 RasAuto - ok
11:25:58.0251 4024 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:25:58.0253 4024 Rasl2tp - ok
11:25:58.0295 4024 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:25:58.0304 4024 RasMan - ok
11:25:58.0317 4024 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:25:58.0318 4024 RasPppoe - ok
11:25:58.0330 4024 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:25:58.0331 4024 RasSstp - ok
11:25:58.0373 4024 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:25:58.0376 4024 rdbss - ok
11:25:58.0388 4024 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:25:58.0390 4024 rdpbus - ok
11:25:58.0399 4024 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:25:58.0400 4024 RDPCDD - ok
11:25:58.0441 4024 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:25:58.0448 4024 RDPDR - ok
11:25:58.0468 4024 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:25:58.0470 4024 RDPENCDD - ok
11:25:58.0481 4024 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:25:58.0483 4024 RDPREFMP - ok
11:25:58.0548 4024 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
11:25:58.0554 4024 RdpVideoMiniport - ok
11:25:58.0596 4024 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:25:58.0603 4024 RDPWD - ok
11:25:58.0629 4024 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:25:58.0630 4024 rdyboost - ok
11:25:58.0675 4024 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:25:58.0681 4024 RemoteAccess - ok
11:25:58.0726 4024 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:25:58.0734 4024 RemoteRegistry - ok
11:25:58.0786 4024 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:25:58.0788 4024 RpcEptMapper - ok
11:25:58.0799 4024 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:25:58.0805 4024 RpcLocator - ok
11:25:58.0851 4024 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:25:58.0854 4024 RpcSs - ok
11:25:58.0906 4024 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:25:58.0908 4024 rspndr - ok
11:25:58.0970 4024 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:25:58.0999 4024 RTL8167 - ok
11:25:59.0035 4024 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:25:59.0040 4024 s3cap - ok
11:25:59.0081 4024 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:25:59.0082 4024 SamSs - ok
11:25:59.0100 4024 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:25:59.0106 4024 sbp2port - ok
11:25:59.0148 4024 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:25:59.0155 4024 SCardSvr - ok
11:25:59.0195 4024 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:25:59.0218 4024 scfilter - ok
11:25:59.0265 4024 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:25:59.0275 4024 Schedule - ok
11:25:59.0318 4024 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:25:59.0319 4024 SCPolicySvc - ok
11:25:59.0414 4024 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:25:59.0463 4024 SDRSVC - ok
11:25:59.0619 4024 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:25:59.0620 4024 secdrv - ok
11:25:59.0635 4024 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:25:59.0636 4024 seclogon - ok
11:25:59.0681 4024 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:25:59.0682 4024 SENS - ok
11:25:59.0696 4024 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:25:59.0702 4024 SensrSvc - ok
11:25:59.0752 4024 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:25:59.0753 4024 Serenum - ok
11:25:59.0767 4024 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:25:59.0769 4024 Serial - ok
11:25:59.0816 4024 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:25:59.0839 4024 sermouse - ok
11:25:59.0883 4024 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:25:59.0889 4024 SessionEnv - ok
11:25:59.0933 4024 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:25:59.0938 4024 sffdisk - ok
11:25:59.0947 4024 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:25:59.0972 4024 sffp_mmc - ok
11:25:59.0995 4024 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:26:00.0000 4024 sffp_sd - ok
11:26:00.0045 4024 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:26:00.0051 4024 sfloppy - ok
11:26:00.0104 4024 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:26:00.0111 4024 SharedAccess - ok
11:26:00.0158 4024 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:26:00.0162 4024 ShellHWDetection - ok
11:26:00.0214 4024 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:26:00.0221 4024 SiSRaid2 - ok
11:26:00.0263 4024 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:26:00.0270 4024 SiSRaid4 - ok
11:26:00.0322 4024 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:26:00.0328 4024 Smb - ok
11:26:00.0387 4024 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:26:00.0388 4024 SNMPTRAP - ok
11:26:00.0395 4024 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:26:00.0396 4024 spldr - ok
11:26:00.0443 4024 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:26:00.0448 4024 Spooler - ok
11:26:00.0531 4024 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:26:00.0575 4024 sppsvc - ok
11:26:00.0631 4024 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:26:00.0638 4024 sppuinotify - ok
11:26:00.0737 4024 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS
11:26:00.0763 4024 SRTSP - ok
11:26:00.0802 4024 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
11:26:00.0819 4024 SRTSPX - ok
11:26:00.0860 4024 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:26:00.0865 4024 srv - ok
11:26:00.0909 4024 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:26:00.0912 4024 srv2 - ok
11:26:00.0925 4024 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:26:00.0926 4024 srvnet - ok
11:26:00.0980 4024 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:26:00.0982 4024 SSDPSRV - ok
11:26:00.0995 4024 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:26:00.0996 4024 SstpSvc - ok
11:26:01.0081 4024 Steam Client Service - ok
11:26:01.0141 4024 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:26:01.0147 4024 stexstor - ok
11:26:01.0196 4024 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:26:01.0201 4024 stisvc - ok
11:26:01.0252 4024 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:26:01.0253 4024 storflt - ok
11:26:01.0268 4024 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:26:01.0274 4024 storvsc - ok
11:26:01.0284 4024 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:26:01.0284 4024 swenum - ok
11:26:01.0336 4024 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:26:01.0345 4024 swprv - ok
11:26:01.0433 4024 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
11:26:01.0435 4024 SymDS - ok
11:26:01.0485 4024 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
11:26:01.0489 4024 SymEFA - ok
11:26:01.0541 4024 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:26:01.0547 4024 SymEvent - ok
11:26:01.0587 4024 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
11:26:01.0608 4024 SymIRON - ok
11:26:01.0650 4024 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS
11:26:01.0652 4024 SymNetS - ok
11:26:01.0658 4024 Synth3dVsc - ok
11:26:01.0719 4024 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:26:01.0745 4024 SysMain - ok
11:26:01.0788 4024 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:26:01.0795 4024 TabletInputService - ok
11:26:01.0830 4024 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:26:01.0833 4024 TapiSrv - ok
11:26:01.0882 4024 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:26:01.0884 4024 TBS - ok
11:26:01.0963 4024 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:26:01.0971 4024 Tcpip - ok
11:26:02.0013 4024 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:26:02.0020 4024 TCPIP6 - ok
11:26:02.0088 4024 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:26:02.0089 4024 tcpipreg - ok
11:26:02.0131 4024 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:26:02.0137 4024 TDPIPE - ok
11:26:02.0150 4024 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:26:02.0155 4024 TDTCP - ok
11:26:02.0202 4024 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:26:02.0203 4024 tdx - ok
11:26:02.0241 4024 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:26:02.0242 4024 TermDD - ok
11:26:02.0287 4024 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:26:02.0298 4024 TermService - ok
11:26:02.0341 4024 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:26:02.0343 4024 Themes - ok
11:26:02.0388 4024 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:26:02.0389 4024 THREADORDER - ok
11:26:02.0431 4024 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:26:02.0433 4024 TrkWks - ok
11:26:02.0506 4024 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:26:02.0508 4024 TrustedInstaller - ok
11:26:02.0564 4024 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:26:02.0570 4024 tssecsrv - ok
11:26:02.0612 4024 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:26:02.0618 4024 TsUsbFlt - ok
11:26:02.0625 4024 tsusbhub - ok
11:26:02.0681 4024 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:26:02.0683 4024 tunnel - ok
11:26:02.0724 4024 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:26:02.0731 4024 uagp35 - ok
11:26:02.0777 4024 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:26:02.0780 4024 udfs - ok
11:26:02.0831 4024 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:26:02.0837 4024 UI0Detect - ok
11:26:02.0858 4024 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:26:02.0865 4024 uliagpkx - ok
11:26:02.0910 4024 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:26:02.0912 4024 umbus - ok
11:26:02.0927 4024 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:26:02.0932 4024 UmPass - ok
11:26:02.0976 4024 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
11:26:02.0984 4024 UmRdpService - ok
11:26:03.0099 4024 UMVPFSrv (8b802b483cbde06f62dbc04dc7afaf8e) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
11:26:03.0103 4024 UMVPFSrv - ok
11:26:03.0151 4024 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:26:03.0159 4024 upnphost - ok
11:26:03.0208 4024 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
11:26:03.0214 4024 USBAAPL64 - ok
11:26:03.0283 4024 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:26:03.0290 4024 usbaudio - ok
11:26:03.0340 4024 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:26:03.0341 4024 usbccgp - ok
11:26:03.0364 4024 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:26:03.0370 4024 usbcir - ok
11:26:03.0381 4024 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:26:03.0383 4024 usbehci - ok
11:26:03.0451 4024 UsbFltr (68bad03835873d4bbbde95cbb135a395) C:\Windows\system32\Drivers\UsbFltr.sys
11:26:03.0452 4024 UsbFltr - ok
11:26:03.0479 4024 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:26:03.0482 4024 usbhub - ok
11:26:03.0500 4024 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:26:03.0501 4024 usbohci - ok
11:26:03.0517 4024 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:26:03.0535 4024 usbprint - ok
11:26:03.0574 4024 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:26:03.0580 4024 USBSTOR - ok
11:26:03.0621 4024 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:26:03.0626 4024 usbuhci - ok
11:26:03.0684 4024 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:26:03.0685 4024 UxSms - ok
11:26:03.0727 4024 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:03.0728 4024 VaultSvc - ok
11:26:03.0780 4024 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:26:03.0780 4024 vdrvroot - ok
11:26:03.0838 4024 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:26:03.0848 4024 vds - ok
11:26:03.0888 4024 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:26:03.0905 4024 vga - ok
11:26:03.0927 4024 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:26:03.0928 4024 VgaSave - ok
11:26:03.0935 4024 VGPU - ok
11:26:03.0999 4024 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:26:04.0007 4024 vhdmp - ok
11:26:04.0047 4024 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:26:04.0053 4024 viaide - ok
11:26:04.0088 4024 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:26:04.0089 4024 vmbus - ok
11:26:04.0107 4024 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:26:04.0126 4024 VMBusHID - ok
11:26:04.0163 4024 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:26:04.0164 4024 volmgr - ok
11:26:04.0212 4024 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:26:04.0213 4024 volmgrx - ok
11:26:04.0262 4024 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:26:04.0264 4024 volsnap - ok
11:26:04.0290 4024 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:26:04.0297 4024 vsmraid - ok
11:26:04.0390 4024 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:26:04.0420 4024 VSS - ok
11:26:04.0490 4024 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:26:04.0496 4024 vwifibus - ok
11:26:04.0549 4024 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:26:04.0561 4024 W32Time - ok
11:26:04.0759 4024 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:26:04.0764 4024 WacomPen - ok
11:26:04.0818 4024 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:26:04.0838 4024 WANARP - ok
11:26:04.0841 4024 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:26:04.0841 4024 Wanarpv6 - ok
11:26:04.0924 4024 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:26:04.0946 4024 WatAdminSvc - ok
11:26:05.0012 4024 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:26:05.0041 4024 wbengine - ok
11:26:05.0098 4024 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:26:05.0105 4024 WbioSrvc - ok
11:26:05.0148 4024 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:26:05.0156 4024 wcncsvc - ok
11:26:05.0193 4024 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:26:05.0199 4024 WcsPlugInService - ok
11:26:05.0254 4024 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:26:05.0260 4024 Wd - ok
11:26:05.0309 4024 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:26:05.0312 4024 Wdf01000 - ok
11:26:05.0326 4024 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:26:05.0327 4024 WdiServiceHost - ok
11:26:05.0330 4024 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:26:05.0332 4024 WdiSystemHost - ok
11:26:05.0377 4024 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:26:05.0386 4024 WebClient - ok
11:26:05.0427 4024 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:26:05.0434 4024 Wecsvc - ok
11:26:05.0448 4024 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:26:05.0450 4024 wercplsupport - ok
11:26:05.0474 4024 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:26:05.0480 4024 WerSvc - ok
11:26:05.0539 4024 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:26:05.0540 4024 WfpLwf - ok
11:26:05.0565 4024 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:26:05.0571 4024 WIMMount - ok
11:26:05.0613 4024 WinDefend - ok
11:26:05.0618 4024 WinHttpAutoProxySvc - ok
11:26:05.0695 4024 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:26:05.0697 4024 Winmgmt - ok
11:26:05.0760 4024 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:26:05.0789 4024 WinRM - ok
11:26:05.0854 4024 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:26:05.0859 4024 WinUsb - ok
11:26:05.0911 4024 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:26:05.0919 4024 Wlansvc - ok
11:26:06.0046 4024 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:26:06.0071 4024 wlidsvc - ok
11:26:06.0121 4024 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:26:06.0126 4024 WmiAcpi - ok
11:26:06.0199 4024 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:26:06.0205 4024 wmiApSrv - ok
11:26:06.0258 4024 WMPNetworkSvc - ok
11:26:06.0309 4024 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:26:06.0314 4024 WPCSvc - ok
11:26:06.0358 4024 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:26:06.0360 4024 WPDBusEnum - ok
11:26:06.0447 4024 WPN111 (788914c42ad8318f1dd7a565eaffb049) C:\Windows\system32\DRIVERS\WPN111vx.sys
11:26:06.0465 4024 WPN111 - ok
11:26:06.0505 4024 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:26:06.0506 4024 ws2ifsl - ok
11:26:06.0544 4024 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:26:06.0547 4024 wscsvc - ok
11:26:06.0562 4024 WSearch - ok
11:26:06.0631 4024 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:26:06.0667 4024 wuauserv - ok
11:26:06.0716 4024 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:26:06.0718 4024 WudfPf - ok
11:26:06.0738 4024 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:26:06.0745 4024 WUDFRd - ok
11:26:06.0795 4024 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:26:06.0797 4024 wudfsvc - ok
11:26:06.0838 4024 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:26:06.0845 4024 WwanSvc - ok
11:26:06.0905 4024 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
11:26:06.0907 4024 xusb21 - ok
11:26:06.0930 4024 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:26:06.0979 4024 \Device\Harddisk0\DR0 - ok
11:26:06.0981 4024 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
11:26:07.0011 4024 \Device\Harddisk1\DR1 - ok
11:26:07.0030 4024 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk2\DR2
11:26:07.0103 4024 \Device\Harddisk2\DR2 - ok
11:26:07.0129 4024 Boot (0x1200) (5146d98c2fa5b286a1547023440f2928) \Device\Harddisk0\DR0\Partition0
11:26:07.0130 4024 \Device\Harddisk0\DR0\Partition0 - ok
11:26:07.0135 4024 Boot (0x1200) (93d5cb0c0c2c2ddca5ca0d444be05f27) \Device\Harddisk0\DR0\Partition1
11:26:07.0136 4024 \Device\Harddisk0\DR0\Partition1 - ok
11:26:07.0138 4024 Boot (0x1200) (1c647444b26881c52c722cc293482b87) \Device\Harddisk1\DR1\Partition0
11:26:07.0138 4024 \Device\Harddisk1\DR1\Partition0 - ok
11:26:07.0140 4024 Boot (0x1200) (4b3f772f18c528f19d13f1bf4072fc54) \Device\Harddisk2\DR2\Partition0
11:26:07.0141 4024 \Device\Harddisk2\DR2\Partition0 - ok
11:26:07.0143 4024 Boot (0x1200) (f41d645d8f1a4fac42c609a01b9ac7c1) \Device\Harddisk2\DR2\Partition1
11:26:07.0143 4024 \Device\Harddisk2\DR2\Partition1 - ok
11:26:07.0144 4024 ============================================================
11:26:07.0144 4024 Scan finished
11:26:07.0144 4024 ============================================================
11:26:07.0149 1620 Detected object count: 0
11:26:07.0149 1620 Actual detected object count: 0



And here is the aswMBR log



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-23 11:27:52
-----------------------------
11:27:52.153 OS Version: Windows x64 6.1.7601 Service Pack 1
11:27:52.153 Number of processors: 6 586 0xA00
11:27:52.153 ComputerName: METAL UserName:
11:27:53.116 Initialize success
11:29:14.796 AVAST engine defs: 12032301
11:29:26.007 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:29:26.008 Disk 0 Vendor: ST3500418AS CC46 Size: 476940MB BusType: 3
11:29:26.010 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-4
11:29:26.011 Disk 1 Vendor: Hitachi_HDS721050CLA362 JP2OA3MA Size: 476940MB BusType: 3
11:29:26.012 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-3
11:29:26.014 Disk 2 Vendor: ST3200827AS 3.AHH Size: 190782MB BusType: 3
11:29:26.034 Disk 0 MBR read successfully
11:29:26.035 Disk 0 MBR scan
11:29:26.039 Disk 0 Windows 7 default MBR code
11:29:26.049 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:29:26.072 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
11:29:26.121 Disk 0 scanning C:\Windows\system32\drivers
11:29:42.302 Service scanning
11:30:12.582 Modules scanning
11:30:12.582 Disk 0 trace - called modules:
11:30:12.635 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
11:30:12.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e0c790]
11:30:12.636 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8006e64e40]
11:30:12.637 5 ACPI.sys[fffff88000fac7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007747060]
11:30:15.021 AVAST engine scan C:\Windows
11:30:20.216 AVAST engine scan C:\Windows\system32
11:34:43.948 AVAST engine scan C:\Windows\system32\drivers
11:35:04.365 AVAST engine scan C:\Users\bleep you windows 7
11:42:24.600 AVAST engine scan C:\ProgramData
11:47:49.212 Scan finished successfully
12:21:12.531 Disk 0 MBR has been saved successfully to "C:\Users\bleep you windows 7\Desktop\MBR.dat"
12:21:12.578 The log file has been saved successfully to "C:\Users\bleep you windows 7\Desktop\aswMBR.txt"


I really hope this problem is mostly fixed. Thanks!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:37 PM

Posted 23 March 2012 - 03:53 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 metalcoholic

metalcoholic
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 23 March 2012 - 05:31 PM

Here is the comboFix report
ComboFix 12-03-22.01 - bleep you windows 7 03/23/2012 14:52:17.2.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5848 [GMT -7:00]
Running from: c:\downloads\ComboFix.exe
Command switches used :: c:\users\bleep you windows 7\Desktop\CFscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-23 to 2012-03-23 )))))))))))))))))))))))))))))))
.
.
2012-03-23 22:19 . 2012-03-23 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-22 02:43 . 2012-03-22 02:43 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-03-22 02:20 . 2012-03-22 02:20 -------- d-----w- C:\!KillBox
2012-03-21 22:19 . 2012-03-21 22:19 -------- d-----w- c:\program files\Enigma Software Group
2012-03-19 22:15 . 2012-03-19 22:15 -------- d-----w- c:\users\bleep you windows 7\AppData\Roaming\MinMaxGames
2012-03-13 09:33 . 2012-03-13 09:33 -------- d-----w- c:\users\bleep you windows 7\AppData\Local\ECSD
2012-03-11 21:29 . 2012-03-11 21:29 -------- d-----w- c:\users\bleep you windows 7\AppData\Local\My Games
2012-03-10 15:38 . 2012-03-22 01:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-10 15:20 . 2012-03-10 15:20 -------- d-----w- c:\users\bleep you windows 7\AppData\Roaming\Malwarebytes
2012-03-10 15:20 . 2012-03-10 15:20 -------- d-----w- c:\programdata\Malwarebytes
2012-03-10 15:20 . 2012-03-10 15:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-10 15:20 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 02:38 . 2012-03-23 16:58 -------- d-----w- c:\programdata\Firefly Studios
2012-03-09 02:36 . 2012-03-09 02:36 -------- d-----w- c:\program files (x86)\GameSpy Arcade
2012-03-09 02:16 . 2012-03-09 02:16 -------- d-----w- c:\users\bleep you windows 7\AppData\Local\Irrational Games
2012-03-09 01:45 . 2012-03-09 01:45 -------- d-----w- c:\users\bleep you windows 7\AppData\Local\AlephOne
2012-03-08 18:53 . 2012-03-08 18:53 -------- d-----w- c:\users\bleep you windows 7\AppData\Local\SIX_Projects
2012-03-08 18:53 . 2012-03-20 10:46 -------- d-----w- c:\users\bleep you windows 7\AppData\Roaming\six-updater
2012-03-07 16:12 . 2012-03-07 16:12 -------- d-----w- c:\program files\SD EnterNET
2012-03-07 16:11 . 2005-11-14 07:22 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-03-07 16:11 . 2005-11-14 07:22 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-03-07 16:11 . 2005-11-14 07:21 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-03-07 16:11 . 2005-11-14 07:20 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-03-07 16:11 . 2005-11-14 07:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-03-07 16:11 . 2005-11-14 07:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-03-07 16:11 . 2012-03-07 16:11 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-03-07 16:11 . 2012-03-07 16:11 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-02-26 17:25 . 2012-02-26 17:25 -------- d-----w- c:\programdata\ATI
2012-02-26 17:24 . 2012-02-26 17:24 -------- d-----w- c:\program files (x86)\AMD APP
2012-02-26 16:54 . 2012-02-26 16:54 -------- d-----w- C:\AMD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 03:27 . 2012-03-23 18:22 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0D89701-49A4-4C89-A5F9-7990576E6E56}\mpengine.dll
2012-03-14 03:27 . 2011-05-15 23:17 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-21 05:21 . 2011-06-10 17:04 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-21 05:21 . 2011-06-10 17:04 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-21 05:21 . 2011-06-10 17:04 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-21 05:21 . 2011-06-10 17:04 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-10 18:22 . 2012-02-10 18:22 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{487E2D93-16C7-4F5B-80A5-B785686C9B9B}\gapaengine.dll
2012-01-31 12:44 . 2011-05-12 18:22 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-28 17:18 . 2012-01-28 08:38 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-24 17:15 . 2011-05-12 21:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:06 . 2012-02-16 19:15 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 10:44 . 2012-02-16 19:15 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 19:15 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 19:15 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 19:15 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 19:15 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-22_17.47.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-12 19:04 . 2012-03-23 22:23 56446 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-23 22:23 36940 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-12 18:06 . 2012-03-23 22:23 22754 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-473145152-1641071510-1711537155-1001_UserData.bin
- 2011-05-12 17:47 . 2012-03-22 17:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-12 17:47 . 2012-03-23 22:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-12 17:47 . 2012-03-23 22:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-12 17:47 . 2012-03-22 17:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-23 22:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-22 17:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-12 18:06 . 2012-03-23 22:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-12 18:06 . 2012-03-22 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-12 18:06 . 2012-03-22 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-12 18:06 . 2012-03-23 22:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-11 21:29 . 2012-03-11 21:29 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2012-03-22 17:46 . 2012-03-22 17:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-23 22:21 . 2012-03-23 22:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-23 22:21 . 2012-03-23 22:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-22 17:46 . 2012-03-22 17:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-03-23 18:16 662408 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-22 02:50 662408 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-22 02:50 122236 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-23 18:16 122236 c:\windows\system32\perfc009.dat
- 2011-05-12 18:49 . 2012-03-22 17:30 138992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-05-12 18:49 . 2012-03-23 22:20 138992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-03-23 22:20 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-22 17:30 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-12 18:49 . 2012-03-20 20:44 229488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-473145152-1641071510-1711537155-1001-8192.dat
+ 2011-05-12 18:49 . 2012-03-23 22:20 229488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-473145152-1641071510-1711537155-1001-8192.dat
+ 2012-03-23 16:58 . 2012-03-23 16:58 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-23 16:58 . 2012-03-23 16:58 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-11 21:29 . 2012-03-11 21:29 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-05-12 19:23 . 2012-03-23 22:20 17648082 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-473145152-1641071510-1711537155-1001-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\installed programs\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111vx.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\installed programs\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002_e44\BHDrvx64.sys [2012-03-17 1157240]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120322.002\IDSvia64.sys [2012-03-21 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AODDriver4.1;AODDriver4.1;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-10-14 55936]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\games\Hi Rez\HiPatchService.exe [2012-02-21 8704]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-27 138360]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: &D&ownload &with BitComet - c:\installed programs\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\installed programs\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\bleep you windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\zwnsdmqy.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-473145152-1641071510-1711537155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Gu} ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-473145152-1641071510-1711537155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Gu} \OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-473145152-1641071510-1711537155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*/ô<W]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-473145152-1641071510-1711537155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*/ô<W\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-473145152-1641071510-1711537155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*Gu} ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:46,3a,5c,56,69,64,65,6f,5c,54,68,65,20,53,69,6d,70,73,6f,6e,73,5c,53,
65,61,73,6f,6e,20,31,34,5c,54,68,65,20,53,69,6d,70,73,6f,6e,73,20,5b,31,34,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-473145152-1641071510-1711537155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*/ô<W]
@Allowed: (Read) (RestrictedCode)
"0"=hex:46,3a,5c,56,69,64,65,6f,5c,54,68,65,20,53,69,6d,70,73,6f,6e,73,5c,53,
65,61,73,6f,6e,20,32,31,5c,32,31,78,32,32,20,2d,20,54,68,65,20,42,6f,62,20,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-473145152-1641071510-1711537155-1001\Software\SecuROM\License information*]
"datasecu"=hex:d5,9e,04,ce,dd,5f,86,25,40,63,cb,5b,67,2d,8e,bf,6c,8a,c6,9a,17,
65,eb,3e,dc,82,85,6b,d3,ad,a9,1c,63,20,19,9f,3c,6a,92,8f,93,82,45,16,15,8a,\
"rkeysecu"=hex:5d,6b,92,16,cf,42,c3,a3,07,41,11,1d,b4,2a,c3,fa
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-03-23 15:26:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-23 22:26
ComboFix2.txt 2012-03-22 17:51
.
Pre-Run: 31,596,380,160 bytes free
Post-Run: 31,626,899,456 bytes free
.
- - End Of File - - AE039E0B007C10BEE0C1395B7757D65B






Since removing firefox (and resinstalling) and running the script i have not had any noticeable problems at all. either in firefox or internet explorer. all seems well with nothing unusualy to really report. i cant think of anything else to add.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:37 PM

Posted 23 March 2012 - 05:40 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 metalcoholic

metalcoholic
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 23 March 2012 - 07:21 PM

Here is the extra report:




1.0
Acoustica Effects Pack
Acoustica Mixcraft 5
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
AI War: Fleet Command
AIM 7
Aliens versus Predator Classic 2000
AMD OverDrive Beta
AMD VISION Engine Control Center
Antares Autotune Evo VST RTAS v6.0.9
Apple Application Support
Apple Software Update
Baldur's Gate™ II - Throne of Bhaal ™
Batman Arkham City version 1.0
BattlEye for OA Uninstall
Beat Hazard
BitComet 1.27
Borderlands
Brink
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cheat Engine 6.1
Close Combat - Modern Tactics
D3DX10
DAEMON Tools Lite
DarkSpace 1.600
Dawn of War - Soulstorm
Deus Ex - Human Revolution version 1.0
Diablo II
DiRT 2
DivX Setup
Driver San Francisco
Driver Sweeper version 3.2.0
Dual-Core Optimizer
E.Y.E: Divine Cybermancy
erLT
Evochron Mercenary
Freedom Force vs. the 3rd Reich
Galcon Fusion
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Hearts of Iron III
Hi-Rez Studios Authenticate and Update Service
Hitman 2: Silent Assassin
Hitman: Blood Money
Hitman: Codename 47
Inside a Star-filled Sky
Java Auto Updater
Java™ 6 Update 25
Logitech Webcam Software
Lume
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Machinarium
Mafia
Malwarebytes Anti-Malware version 1.60.1.1000
MegaTrainer eXperience V1.0.9.0
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
NavyFIELD NorthAmerica
Norton Security Suite
NVIDIA PhysX
Oblivion
Oolite 1.75.3.4575
OpenAL
PAYDAY: The Heist
Plants vs. Zombies: Game of the Year
QuickTime
Railroad Tycoon 2: Platinum
Rapture3D 2.3.26 Game
Realm of the Mad God
Rochard
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SEGA Genesis & Mega Drive Classics
Sid Meier's Civilization V
SimCity 4 Deluxe
Six Updater
Skulltag
Skype™ 5.5
Soldat 1.6.0
Soldat 1.6.2
Space Pirates and Zombies
Star Ruler
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
Stronghold 2
Stronghold Kingdoms
Team Fortress 2
Team Fortress Classic
TeamSpeak 3 Client
Terraria
The Misadventures of P.B. Winterbottom
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 Pets
The Sims™ 3 Town Life Stuff
The Sims™ 3 World Adventures
The Witcher 2
Total War: SHOGUN 2
Tribes Ascend Closed Beta
Tropico 3 - Steam Special Edition
UE3Redist
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.9
Warhammer 40,000 Space Marine
Warhammer 40,000: Dawn of War – Dark Crusade
Warhammer® 40,000®: Dawn of War® II – Retribution™
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.01 (32-bit)
Yahoo! Messenger

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:37 PM

Posted 23 March 2012 - 08:19 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 25 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:37 PM

Posted 26 March 2012 - 08:55 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:37 PM

Posted 28 March 2012 - 11:19 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:37 PM

Posted 31 March 2012 - 11:24 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users