Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects & Malwarebytes detected Trojan Agent LTGen


  • This topic is locked This topic is locked
18 replies to this topic

#1 TheHat

TheHat

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 12 April 2012 - 02:24 PM

My machine seems to take a while before Firefox opens, sometime 5 - 8 secs. It seems to run ok once opened, however sometimes the internet gets to a crawl. Recently when using Google searches are redirecting to a Digital TV site, click on the original link again and it goes to the correct site.

A recent Avast and Malwarebytes pop up revealed a Trojan, I thought I had cleaned it with Malewarebytes but it reappeared, I have cleaned it once more.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Gary at 15:38:38 on 2012-04-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2040.767 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [IBP]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - c:\program files\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\HMIPCore.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C03B0631-3DCE-4EDC-98A1-E65385E7F92C} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gary\appdata\roaming\mozilla\firefox\profiles\3994sp75.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\acrobat 8.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\gary\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-30 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-2 337880]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-2 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-2 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-3-27 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-11 654408]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-3-23 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2011-9-17 40576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-6 22344]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-17 21520]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-21 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-2-17 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-2-17 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-21 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-11 40776]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2011-2-17 13704]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-23 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-2 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 HideMyIpSRV;HideMyIpSRV;c:\program files\hide my ip\HideMyIpSrv.exe [2011-11-3 3249512]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-04-11 16:29:11 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-11 08:36:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 09:48:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 09:48:10 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 09:48:07 4125344 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-03-11 13:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:02:14 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 09:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 11:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 11:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 15:40:50.30 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 AM

Posted 13 April 2012 - 04:02 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 AM

Posted 16 April 2012 - 12:30 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 TheHat

TheHat
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 16 April 2012 - 06:18 AM

Yes apologies still need help. I didn't get an email notification.

I'll check those settings.

Ok going through list now.

#5 TheHat

TheHat
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 16 April 2012 - 06:25 AM

Results from Security check

Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Windows Password Reset Enterprise
Adobe After Effects CS3 Presets
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Secunia PSI (2.0.0.3003)
CCleaner
Java™ 6 Update 31
Java™ SE Development Kit 6 Update 24
Java™ SE Development Kit 6 Update 26
Java™ SE Development Kit 6 Update 31
Java DB 10.6.2.1
Adobe Flash Player 11.2.202.233
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

#6 TheHat

TheHat
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 16 April 2012 - 07:21 AM

Combifix log below. I will give the PC a good test now for you. One thing I did notice, Firefox asked me whether to make it the default browser, it's always been before so that's a bit weird.




ComboFix 12-04-16.01 - Gary 16/04/2012 12:46:04.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2040.1199 [GMT 1:00]
Running from: c:\users\Gary\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 12:00 . 2012-04-16 12:01 -------- d-----w- c:\users\Gary\AppData\Local\temp
2012-04-16 12:00 . 2012-04-16 12:00 -------- d-----w- c:\users\Mcx1-GARY-PC\AppData\Local\temp
2012-04-16 12:00 . 2012-04-16 12:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 12:00 . 2012-04-16 12:00 -------- d-----w- c:\users\Charlie\AppData\Local\temp
2012-04-16 11:46 . 2012-04-16 11:46 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A2E255D-B9E8-470D-BBF6-FB951B40DF6E}\offreg.dll
2012-04-16 10:45 . 2012-04-16 10:45 -------- d-----w- c:\program files\7-Zip
2012-04-15 09:33 . 2012-04-15 09:33 -------- d-----w- c:\users\Charlie\AppData\Roaming\Foxit Software
2012-04-13 08:18 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A2E255D-B9E8-470D-BBF6-FB951B40DF6E}\mpengine.dll
2012-04-12 21:43 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 21:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 21:43 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 21:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 21:42 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 21:42 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 08:39 . 2012-04-11 08:39 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 09:23 . 2012-04-14 18:48 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-02 09:30 . 2012-04-02 09:30 -------- d-----w- c:\program files\iPod
2012-04-02 09:30 . 2012-04-02 09:31 -------- d-----w- c:\program files\iTunes
2012-03-29 08:04 . 2012-03-29 08:04 -------- d-----w- c:\users\Gary\AppData\Local\{C6EF5588-7975-11E1-826D-B8AC6F996F26}
2012-03-27 08:46 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-23 16:27 . 2012-04-04 18:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-23 16:27 . 2012-03-23 16:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-19 09:44 . 2012-03-13 04:39 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-19 09:44 . 2012-03-13 04:39 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 18:48 . 2011-05-18 08:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 08:36 . 2011-02-19 14:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 14:56 . 2012-02-06 09:21 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 13:48 . 2012-03-11 13:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-07 10:35 . 2012-03-07 10:35 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-06 23:15 . 2011-02-02 11:37 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-02-02 11:37 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-30 17:28 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-02-02 11:38 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-02-02 11:38 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-02-02 11:38 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-02-02 11:38 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 09:18 . 2011-02-01 13:53 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 09:12 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-14 09:12 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 09:12 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 09:12 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 11:01 . 2012-02-15 11:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38 . 2012-03-14 09:13 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 09:13 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32 . 2012-03-14 09:12 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 09:12 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 09:12 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 04:39 . 2011-09-30 09:10 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Gary^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-10 22:46 624248 ----a-w- c:\program files\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 17:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 07:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 21:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-22 12:27 136176 ----atw- c:\users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 19:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 18:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveZilla]
2011-01-28 10:51 6987776 ----a-w- c:\program files\LiveZilla\LiveZilla.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 12:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 02:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 19:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 17:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2011-03-01 08:56 34592 ----a-w- c:\program files\NOS\bin\getPlusUninst_Adobe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-24 09:49 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 136176]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 13704]
R3 RapportKELL;RapportKELL;c:\windows\system32\Drivers\RapportKELL.sys [2012-03-11 56208]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-02 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R4 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2011-06-04 3249512]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2012-03-11 71440]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2012-03-11 164112]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-11 931640]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2011-09-17 40576]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-17 21520]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:48]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 18:04]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 18:04]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3795463041-1943488711-1008610671-1001Core.job
- c:\users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 12:27]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3795463041-1943488711-1008610671-1001UA.job
- c:\users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 12:27]
.
.
------- Supplementary Scan -------
.
IE: Append to existing PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\HMIPCore.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\3994sp75.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-IBP - (no file)
MSConfigStartUp-MSServices - c:\program files\Password & Key Finder\Reminder\MSServices.exe
AddRemove-Streamripper - c:\program files\Streamripper\Uninstall.exe
AddRemove-3672102801.go.sky.com - c:\program files\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-16 13:06:46
ComboFix-quarantined-files.txt 2012-04-16 12:06
.
Pre-Run: 15,475,404,800 bytes free
Post-Run: 15,476,830,208 bytes free
.
- - End Of File - - D1527FEFD6B1EB05D219D2972F0DDC4E

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 AM

Posted 16 April 2012 - 06:18 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 TheHat

TheHat
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 17 April 2012 - 04:31 AM

Ok, I have completed the scans, results below. Since doing the first scans performance seems a little snappier however Google is still redirecting to various pages other than the link selected. Some of these results are being flagged by Avast as being trojans or dodgy sites. The internet also still seems slow to react, Firefox still taking an age to open, not sure if any of this is relevant.

09:32:42.0835 1272 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
09:32:43.0256 1272 ============================================================
09:32:43.0256 1272 Current date / time: 2012/04/17 09:32:43.0256
09:32:43.0256 1272 SystemInfo:
09:32:43.0256 1272
09:32:43.0256 1272 OS Version: 6.1.7601 ServicePack: 1.0
09:32:43.0256 1272 Product type: Workstation
09:32:43.0256 1272 ComputerName: GARY-PC
09:32:43.0256 1272 UserName: Gary
09:32:43.0256 1272 Windows directory: C:\Windows
09:32:43.0256 1272 System windows directory: C:\Windows
09:32:43.0256 1272 Processor architecture: Intel x86
09:32:43.0256 1272 Number of processors: 2
09:32:43.0256 1272 Page size: 0x1000
09:32:43.0256 1272 Boot type: Normal boot
09:32:43.0256 1272 ============================================================
09:32:44.0879 1272 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:32:44.0894 1272 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:32:44.0910 1272 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:32:44.0926 1272 \Device\Harddisk0\DR0:
09:32:44.0926 1272 MBR used
09:32:44.0926 1272 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:32:44.0926 1272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
09:32:44.0926 1272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x2E034800
09:32:44.0926 1272 \Device\Harddisk1\DR1:
09:32:44.0926 1272 MBR used
09:32:44.0926 1272 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
09:32:44.0926 1272 \Device\Harddisk2\DR2:
09:32:44.0926 1272 MBR used
09:32:44.0926 1272 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x765F, BlocksNum 0x3A37D231
09:32:45.0004 1272 Initialize success
09:32:45.0004 1272 ============================================================
09:32:52.0632 4616 ============================================================
09:32:52.0632 4616 Scan started
09:32:52.0632 4616 Mode: Manual;
09:32:52.0632 4616 ============================================================
09:32:53.0818 4616 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
09:32:53.0818 4616 1394ohci - ok
09:32:53.0880 4616 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
09:32:53.0880 4616 ACPI - ok
09:32:53.0911 4616 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
09:32:53.0927 4616 AcpiPmi - ok
09:32:53.0974 4616 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:32:53.0974 4616 AdobeFlashPlayerUpdateSvc - ok
09:32:54.0020 4616 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:32:54.0020 4616 adp94xx - ok
09:32:54.0052 4616 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:32:54.0052 4616 adpahci - ok
09:32:54.0083 4616 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:32:54.0083 4616 adpu320 - ok
09:32:54.0114 4616 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
09:32:54.0114 4616 AeLookupSvc - ok
09:32:54.0161 4616 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
09:32:54.0161 4616 AFD - ok
09:32:54.0192 4616 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
09:32:54.0192 4616 agp440 - ok
09:32:54.0223 4616 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:32:54.0223 4616 aic78xx - ok
09:32:54.0254 4616 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
09:32:54.0254 4616 ALG - ok
09:32:54.0317 4616 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
09:32:54.0317 4616 aliide - ok
09:32:54.0332 4616 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
09:32:54.0332 4616 amdagp - ok
09:32:54.0348 4616 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
09:32:54.0348 4616 amdide - ok
09:32:54.0379 4616 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:32:54.0379 4616 AmdK8 - ok
09:32:54.0395 4616 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:32:54.0410 4616 AmdPPM - ok
09:32:54.0426 4616 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
09:32:54.0442 4616 amdsata - ok
09:32:54.0473 4616 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:32:54.0473 4616 amdsbs - ok
09:32:54.0488 4616 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
09:32:54.0488 4616 amdxata - ok
09:32:54.0551 4616 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
09:32:54.0551 4616 AppID - ok
09:32:54.0582 4616 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
09:32:54.0582 4616 AppIDSvc - ok
09:32:54.0613 4616 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
09:32:54.0613 4616 Appinfo - ok
09:32:54.0707 4616 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:32:54.0707 4616 Apple Mobile Device - ok
09:32:54.0754 4616 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
09:32:54.0754 4616 AppMgmt - ok
09:32:54.0832 4616 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:32:54.0847 4616 arc - ok
09:32:54.0863 4616 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:32:54.0878 4616 arcsas - ok
09:32:54.0925 4616 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
09:32:54.0925 4616 aswFsBlk - ok
09:32:54.0956 4616 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
09:32:54.0956 4616 aswMonFlt - ok
09:32:55.0003 4616 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
09:32:55.0019 4616 aswRdr - ok
09:32:55.0081 4616 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
09:32:55.0081 4616 aswSnx - ok
09:32:55.0112 4616 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
09:32:55.0112 4616 aswSP - ok
09:32:55.0128 4616 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
09:32:55.0128 4616 aswTdi - ok
09:32:55.0144 4616 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:32:55.0144 4616 AsyncMac - ok
09:32:55.0190 4616 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
09:32:55.0190 4616 atapi - ok
09:32:55.0237 4616 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:32:55.0237 4616 AudioEndpointBuilder - ok
09:32:55.0253 4616 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:32:55.0268 4616 Audiosrv - ok
09:32:55.0378 4616 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
09:32:55.0393 4616 avast! Antivirus - ok
09:32:55.0424 4616 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
09:32:55.0440 4616 AxInstSV - ok
09:32:55.0502 4616 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:32:55.0518 4616 b06bdrv - ok
09:32:55.0549 4616 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:32:55.0549 4616 b57nd60x - ok
09:32:55.0658 4616 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
09:32:55.0658 4616 BcmSqlStartupSvc - ok
09:32:55.0690 4616 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
09:32:55.0690 4616 BDESVC - ok
09:32:55.0705 4616 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:32:55.0705 4616 Beep - ok
09:32:55.0752 4616 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
09:32:55.0768 4616 BFE - ok
09:32:55.0830 4616 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
09:32:55.0846 4616 BITS - ok
09:32:55.0861 4616 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:32:55.0861 4616 blbdrive - ok
09:32:55.0955 4616 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:32:55.0955 4616 Bonjour Service - ok
09:32:56.0017 4616 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
09:32:56.0017 4616 bowser - ok
09:32:56.0033 4616 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:32:56.0033 4616 BrFiltLo - ok
09:32:56.0048 4616 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:32:56.0048 4616 BrFiltUp - ok
09:32:56.0080 4616 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
09:32:56.0080 4616 BridgeMP - ok
09:32:56.0126 4616 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
09:32:56.0126 4616 Browser - ok
09:32:56.0142 4616 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:32:56.0158 4616 Brserid - ok
09:32:56.0173 4616 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:32:56.0173 4616 BrSerWdm - ok
09:32:56.0189 4616 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:32:56.0189 4616 BrUsbMdm - ok
09:32:56.0220 4616 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:32:56.0220 4616 BrUsbSer - ok
09:32:56.0236 4616 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:32:56.0251 4616 BTHMODEM - ok
09:32:56.0282 4616 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
09:32:56.0282 4616 bthserv - ok
09:32:56.0407 4616 catchme - ok
09:32:56.0438 4616 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:32:56.0438 4616 cdfs - ok
09:32:56.0516 4616 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
09:32:56.0532 4616 cdrom - ok
09:32:56.0594 4616 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:32:56.0594 4616 CertPropSvc - ok
09:32:56.0610 4616 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:32:56.0626 4616 circlass - ok
09:32:56.0641 4616 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:32:56.0641 4616 CLFS - ok
09:32:56.0688 4616 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:32:56.0704 4616 clr_optimization_v2.0.50727_32 - ok
09:32:56.0766 4616 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:32:56.0766 4616 clr_optimization_v4.0.30319_32 - ok
09:32:56.0782 4616 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:32:56.0782 4616 CmBatt - ok
09:32:56.0797 4616 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
09:32:56.0797 4616 cmdide - ok
09:32:56.0844 4616 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
09:32:56.0860 4616 CNG - ok
09:32:56.0875 4616 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:32:56.0875 4616 Compbatt - ok
09:32:56.0906 4616 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
09:32:56.0922 4616 CompositeBus - ok
09:32:56.0938 4616 COMSysApp - ok
09:32:56.0953 4616 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:32:56.0953 4616 crcdisk - ok
09:32:57.0031 4616 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
09:32:57.0031 4616 CryptSvc - ok
09:32:57.0062 4616 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
09:32:57.0078 4616 CSC - ok
09:32:57.0094 4616 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
09:32:57.0109 4616 CscService - ok
09:32:57.0125 4616 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:32:57.0140 4616 DcomLaunch - ok
09:32:57.0187 4616 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
09:32:57.0203 4616 defragsvc - ok
09:32:57.0234 4616 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
09:32:57.0250 4616 DfsC - ok
09:32:57.0281 4616 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
09:32:57.0296 4616 Dhcp - ok
09:32:57.0312 4616 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:32:57.0312 4616 discache - ok
09:32:57.0374 4616 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:32:57.0374 4616 Disk - ok
09:32:57.0437 4616 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
09:32:57.0437 4616 Dnscache - ok
09:32:57.0468 4616 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
09:32:57.0484 4616 dot3svc - ok
09:32:57.0546 4616 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
09:32:57.0546 4616 Dot4 - ok
09:32:57.0577 4616 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
09:32:57.0593 4616 Dot4Print - ok
09:32:57.0608 4616 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
09:32:57.0608 4616 dot4usb - ok
09:32:57.0640 4616 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
09:32:57.0702 4616 DPS - ok
09:32:57.0842 4616 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:32:57.0858 4616 drmkaud - ok
09:32:58.0076 4616 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
09:32:58.0076 4616 DXGKrnl - ok
09:32:58.0108 4616 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
09:32:58.0108 4616 EapHost - ok
09:32:58.0217 4616 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:32:58.0264 4616 ebdrv - ok
09:32:58.0310 4616 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
09:32:58.0310 4616 EFS - ok
09:32:58.0373 4616 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
09:32:58.0373 4616 ehRecvr - ok
09:32:58.0420 4616 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
09:32:58.0435 4616 ehSched - ok
09:32:58.0576 4616 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys
09:32:58.0576 4616 ElbyCDIO - ok
09:32:58.0685 4616 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:32:58.0685 4616 elxstor - ok
09:32:58.0732 4616 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
09:32:58.0732 4616 epmntdrv - ok
09:32:58.0778 4616 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
09:32:58.0778 4616 ErrDev - ok
09:32:58.0825 4616 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
09:32:58.0841 4616 EuGdiDrv - ok
09:32:58.0872 4616 EuMusDesignVirtualAudioCableWdm (78847678315e7acaee4d08c2f886ed01) C:\Windows\system32\DRIVERS\vrtaucbl.sys
09:32:58.0888 4616 EuMusDesignVirtualAudioCableWdm - ok
09:32:58.0966 4616 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
09:32:58.0966 4616 EventSystem - ok
09:32:58.0997 4616 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:32:58.0997 4616 exfat - ok
09:32:59.0028 4616 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:32:59.0028 4616 fastfat - ok
09:32:59.0122 4616 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
09:32:59.0137 4616 Fax - ok
09:32:59.0153 4616 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:32:59.0153 4616 fdc - ok
09:32:59.0168 4616 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
09:32:59.0184 4616 fdPHost - ok
09:32:59.0184 4616 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
09:32:59.0200 4616 FDResPub - ok
09:32:59.0215 4616 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:32:59.0215 4616 FileInfo - ok
09:32:59.0231 4616 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:32:59.0231 4616 Filetrace - ok
09:32:59.0309 4616 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:32:59.0324 4616 FLEXnet Licensing Service - ok
09:32:59.0340 4616 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:32:59.0340 4616 flpydisk - ok
09:32:59.0371 4616 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:32:59.0371 4616 FltMgr - ok
09:32:59.0449 4616 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
09:32:59.0449 4616 FontCache - ok
09:32:59.0543 4616 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:32:59.0543 4616 FontCache3.0.0.0 - ok
09:32:59.0558 4616 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:32:59.0558 4616 FsDepends - ok
09:32:59.0574 4616 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
09:32:59.0590 4616 Fs_Rec - ok
09:32:59.0636 4616 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
09:32:59.0652 4616 fvevol - ok
09:32:59.0668 4616 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:32:59.0683 4616 gagp30kx - ok
09:32:59.0699 4616 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:32:59.0714 4616 GEARAspiWDM - ok
09:32:59.0746 4616 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
09:32:59.0761 4616 gpsvc - ok
09:32:59.0870 4616 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:32:59.0870 4616 gupdate - ok
09:32:59.0902 4616 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:32:59.0902 4616 gupdatem - ok
09:32:59.0933 4616 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:32:59.0933 4616 hcw85cir - ok
09:32:59.0980 4616 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
09:32:59.0980 4616 HdAudAddService - ok
09:33:00.0011 4616 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
09:33:00.0026 4616 HDAudBus - ok
09:33:00.0042 4616 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:33:00.0042 4616 HidBatt - ok
09:33:00.0073 4616 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:33:00.0073 4616 HidBth - ok
09:33:00.0198 4616 HideMyIpSRV (e2466c30994d7bf8ae01e4019c677670) C:\Program Files\Hide My IP\HideMyIpSrv.exe
09:33:00.0276 4616 HideMyIpSRV - ok
09:33:00.0307 4616 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:33:00.0307 4616 HidIr - ok
09:33:00.0338 4616 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
09:33:00.0338 4616 hidserv - ok
09:33:00.0370 4616 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
09:33:00.0370 4616 HidUsb - ok
09:33:00.0416 4616 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
09:33:00.0416 4616 hkmsvc - ok
09:33:00.0463 4616 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
09:33:00.0479 4616 HomeGroupListener - ok
09:33:00.0526 4616 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
09:33:00.0541 4616 HomeGroupProvider - ok
09:33:00.0713 4616 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:33:00.0728 4616 hpqcxs08 - ok
09:33:00.0744 4616 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:33:00.0744 4616 hpqddsvc - ok
09:33:00.0775 4616 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
09:33:00.0791 4616 HpSAMD - ok
09:33:00.0838 4616 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
09:33:00.0853 4616 HTTP - ok
09:33:00.0869 4616 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
09:33:00.0869 4616 hwpolicy - ok
09:33:00.0900 4616 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
09:33:00.0900 4616 i8042prt - ok
09:33:00.0947 4616 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
09:33:00.0947 4616 iaStorV - ok
09:33:01.0025 4616 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:33:01.0040 4616 idsvc - ok
09:33:01.0165 4616 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:33:01.0243 4616 igfx - ok
09:33:01.0259 4616 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:33:01.0259 4616 iirsp - ok
09:33:01.0337 4616 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
09:33:01.0352 4616 IKEEXT - ok
09:33:01.0384 4616 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
09:33:01.0399 4616 intelide - ok
09:33:01.0415 4616 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:33:01.0415 4616 intelppm - ok
09:33:01.0477 4616 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
09:33:01.0477 4616 IPBusEnum - ok
09:33:01.0493 4616 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:33:01.0493 4616 IpFilterDriver - ok
09:33:01.0555 4616 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
09:33:01.0571 4616 iphlpsvc - ok
09:33:01.0602 4616 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
09:33:01.0602 4616 IPMIDRV - ok
09:33:01.0618 4616 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:33:01.0633 4616 IPNAT - ok
09:33:01.0711 4616 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
09:33:01.0727 4616 iPod Service - ok
09:33:01.0758 4616 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:33:01.0758 4616 IRENUM - ok
09:33:01.0774 4616 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
09:33:01.0774 4616 isapnp - ok
09:33:01.0820 4616 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
09:33:01.0820 4616 iScsiPrt - ok
09:33:01.0867 4616 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:33:01.0867 4616 kbdclass - ok
09:33:01.0883 4616 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
09:33:01.0898 4616 kbdhid - ok
09:33:01.0914 4616 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:33:01.0930 4616 KeyIso - ok
09:33:01.0945 4616 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
09:33:01.0945 4616 KSecDD - ok
09:33:01.0992 4616 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
09:33:01.0992 4616 KSecPkg - ok
09:33:02.0023 4616 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
09:33:02.0023 4616 KtmRm - ok
09:33:02.0070 4616 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
09:33:02.0086 4616 LanmanServer - ok
09:33:02.0117 4616 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
09:33:02.0132 4616 LanmanWorkstation - ok
09:33:02.0164 4616 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:33:02.0164 4616 lltdio - ok
09:33:02.0195 4616 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
09:33:02.0210 4616 lltdsvc - ok
09:33:02.0226 4616 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
09:33:02.0242 4616 lmhosts - ok
09:33:02.0257 4616 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:33:02.0273 4616 LSI_FC - ok
09:33:02.0288 4616 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:33:02.0288 4616 LSI_SAS - ok
09:33:02.0351 4616 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:33:02.0351 4616 LSI_SAS2 - ok
09:33:02.0382 4616 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:33:02.0382 4616 LSI_SCSI - ok
09:33:02.0398 4616 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:33:02.0398 4616 luafv - ok
09:33:02.0460 4616 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
09:33:02.0460 4616 MBAMProtector - ok
09:33:02.0522 4616 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:33:02.0538 4616 MBAMService - ok
09:33:02.0569 4616 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
09:33:02.0585 4616 Mcx2Svc - ok
09:33:02.0647 4616 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
09:33:02.0663 4616 MDM - ok
09:33:02.0678 4616 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:33:02.0678 4616 megasas - ok
09:33:02.0710 4616 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:33:02.0710 4616 MegaSR - ok
09:33:02.0741 4616 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:33:02.0741 4616 MMCSS - ok
09:33:02.0756 4616 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:33:02.0772 4616 Modem - ok
09:33:02.0803 4616 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:33:02.0803 4616 monitor - ok
09:33:02.0850 4616 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:33:02.0850 4616 mouclass - ok
09:33:02.0881 4616 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:33:02.0881 4616 mouhid - ok
09:33:02.0928 4616 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
09:33:02.0928 4616 mountmgr - ok
09:33:02.0959 4616 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
09:33:02.0959 4616 mpio - ok
09:33:02.0975 4616 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:33:02.0990 4616 mpsdrv - ok
09:33:03.0037 4616 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
09:33:03.0053 4616 MpsSvc - ok
09:33:03.0146 4616 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
09:33:03.0146 4616 MRxDAV - ok
09:33:03.0318 4616 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:33:03.0334 4616 mrxsmb - ok
09:33:03.0380 4616 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:33:03.0380 4616 mrxsmb10 - ok
09:33:03.0412 4616 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:33:03.0427 4616 mrxsmb20 - ok
09:33:03.0443 4616 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
09:33:03.0443 4616 msahci - ok
09:33:03.0490 4616 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
09:33:03.0490 4616 msdsm - ok
09:33:03.0521 4616 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
09:33:03.0521 4616 MSDTC - ok
09:33:03.0583 4616 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:33:03.0583 4616 Msfs - ok
09:33:03.0599 4616 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:33:03.0599 4616 mshidkmdf - ok
09:33:03.0646 4616 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
09:33:03.0646 4616 msisadrv - ok
09:33:03.0692 4616 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
09:33:03.0739 4616 MSiSCSI - ok
09:33:03.0739 4616 msiserver - ok
09:33:03.0770 4616 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:33:03.0770 4616 MSKSSRV - ok
09:33:03.0786 4616 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:33:03.0786 4616 MSPCLOCK - ok
09:33:03.0817 4616 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:33:03.0817 4616 MSPQM - ok
09:33:03.0833 4616 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:33:03.0848 4616 MsRPC - ok
09:33:03.0864 4616 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
09:33:03.0864 4616 mssmbios - ok
09:33:03.0973 4616 MSSQL$MSSMLBIZ - ok
09:33:04.0004 4616 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
09:33:04.0004 4616 MSSQLServerADHelper - ok
09:33:04.0020 4616 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:33:04.0020 4616 MSTEE - ok
09:33:04.0051 4616 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:33:04.0051 4616 MTConfig - ok
09:33:04.0082 4616 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:33:04.0082 4616 Mup - ok
09:33:04.0129 4616 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
09:33:04.0129 4616 napagent - ok
09:33:04.0176 4616 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:33:04.0176 4616 NativeWifiP - ok
09:33:04.0223 4616 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
09:33:04.0238 4616 NDIS - ok
09:33:04.0270 4616 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:33:04.0270 4616 NdisCap - ok
09:33:04.0301 4616 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:33:04.0301 4616 NdisTapi - ok
09:33:04.0332 4616 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
09:33:04.0332 4616 Ndisuio - ok
09:33:04.0379 4616 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
09:33:04.0394 4616 NdisWan - ok
09:33:04.0426 4616 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
09:33:04.0441 4616 NDProxy - ok
09:33:04.0472 4616 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
09:33:04.0472 4616 Net Driver HPZ12 - ok
09:33:04.0488 4616 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:33:04.0504 4616 NetBIOS - ok
09:33:04.0550 4616 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
09:33:04.0550 4616 NetBT - ok
09:33:04.0597 4616 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:33:04.0597 4616 Netlogon - ok
09:33:04.0660 4616 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
09:33:04.0660 4616 Netman - ok
09:33:04.0691 4616 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
09:33:04.0691 4616 netprofm - ok
09:33:04.0753 4616 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:33:04.0753 4616 NetTcpPortSharing - ok
09:33:04.0784 4616 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:33:04.0800 4616 nfrd960 - ok
09:33:04.0831 4616 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
09:33:04.0847 4616 NlaSvc - ok
09:33:04.0925 4616 nosGetPlusHelper (0e58f99692802c501454eac3d2ac3394) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
09:33:04.0940 4616 nosGetPlusHelper - ok
09:33:04.0956 4616 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:33:04.0956 4616 Npfs - ok
09:33:04.0987 4616 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
09:33:04.0987 4616 nsi - ok
09:33:05.0003 4616 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:33:05.0003 4616 nsiproxy - ok
09:33:05.0081 4616 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
09:33:05.0096 4616 Ntfs - ok
09:33:05.0096 4616 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:33:05.0112 4616 Null - ok
09:33:05.0143 4616 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
09:33:05.0143 4616 nvraid - ok
09:33:05.0174 4616 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
09:33:05.0174 4616 nvstor - ok
09:33:05.0206 4616 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
09:33:05.0221 4616 nv_agp - ok
09:33:05.0284 4616 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:33:05.0284 4616 odserv - ok
09:33:05.0330 4616 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
09:33:05.0330 4616 ohci1394 - ok
09:33:05.0362 4616 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:33:05.0362 4616 ose - ok
09:33:05.0408 4616 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:33:05.0408 4616 p2pimsvc - ok
09:33:05.0440 4616 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
09:33:05.0455 4616 p2psvc - ok
09:33:05.0486 4616 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:33:05.0486 4616 Parport - ok
09:33:05.0533 4616 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
09:33:05.0533 4616 partmgr - ok
09:33:05.0564 4616 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:33:05.0564 4616 Parvdm - ok
09:33:05.0596 4616 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
09:33:05.0611 4616 PcaSvc - ok
09:33:05.0627 4616 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
09:33:05.0627 4616 pci - ok
09:33:05.0674 4616 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
09:33:05.0674 4616 pciide - ok
09:33:05.0736 4616 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:33:05.0736 4616 pcmcia - ok
09:33:05.0767 4616 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:33:05.0767 4616 pcw - ok
09:33:05.0798 4616 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:33:05.0814 4616 PEAUTH - ok
09:33:05.0892 4616 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
09:33:05.0908 4616 PeerDistSvc - ok
09:33:05.0970 4616 pfc (444f122e68db44c0589227781f3c8b3f) C:\Windows\system32\drivers\pfc.sys
09:33:05.0970 4616 pfc - ok
09:33:06.0017 4616 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
09:33:06.0048 4616 pla - ok
09:33:06.0095 4616 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
09:33:06.0110 4616 PlugPlay - ok
09:33:06.0157 4616 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
09:33:06.0173 4616 Pml Driver HPZ12 - ok
09:33:06.0204 4616 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
09:33:06.0204 4616 PNRPAutoReg - ok
09:33:06.0235 4616 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:33:06.0235 4616 PNRPsvc - ok
09:33:06.0282 4616 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
09:33:06.0298 4616 PolicyAgent - ok
09:33:06.0344 4616 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
09:33:06.0344 4616 Power - ok
09:33:06.0438 4616 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:33:06.0438 4616 PptpMiniport - ok
09:33:06.0454 4616 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:33:06.0469 4616 Processor - ok
09:33:06.0500 4616 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
09:33:06.0500 4616 ProfSvc - ok
09:33:06.0547 4616 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:33:06.0547 4616 ProtectedStorage - ok
09:33:06.0578 4616 prwntdrv (5504b63dcc7f980eed7eff8f2593d60e) C:\Windows\system32\prwntdrv.sys
09:33:06.0594 4616 prwntdrv - ok
09:33:06.0625 4616 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:33:06.0625 4616 Psched - ok
09:33:06.0672 4616 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
09:33:06.0688 4616 PSI - ok
09:33:06.0719 4616 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:33:06.0766 4616 ql2300 - ok
09:33:06.0797 4616 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:33:06.0797 4616 ql40xx - ok
09:33:06.0828 4616 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
09:33:06.0844 4616 QWAVE - ok
09:33:06.0875 4616 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:33:06.0875 4616 QWAVEdrv - ok
09:33:07.0031 4616 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
09:33:07.0031 4616 RapportCerberus_34302 - ok
09:33:07.0124 4616 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
09:33:07.0124 4616 RapportEI - ok
09:33:07.0171 4616 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\Windows\system32\Drivers\RapportKELL.sys
09:33:07.0171 4616 RapportKELL - ok
09:33:07.0249 4616 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
09:33:07.0265 4616 RapportMgmtService - ok
09:33:07.0312 4616 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
09:33:07.0312 4616 RapportPG - ok
09:33:07.0327 4616 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:33:07.0327 4616 RasAcd - ok
09:33:07.0358 4616 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:33:07.0374 4616 RasAgileVpn - ok
09:33:07.0405 4616 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
09:33:07.0421 4616 RasAuto - ok
09:33:07.0436 4616 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:33:07.0452 4616 Rasl2tp - ok
09:33:07.0499 4616 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
09:33:07.0499 4616 RasMan - ok
09:33:07.0530 4616 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:33:07.0530 4616 RasPppoe - ok
09:33:07.0546 4616 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:33:07.0561 4616 RasSstp - ok
09:33:07.0592 4616 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
09:33:07.0592 4616 rdbss - ok
09:33:07.0608 4616 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:33:07.0608 4616 rdpbus - ok
09:33:07.0655 4616 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:33:07.0655 4616 RDPCDD - ok
09:33:07.0686 4616 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
09:33:07.0686 4616 RDPDR - ok
09:33:07.0733 4616 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:33:07.0733 4616 RDPENCDD - ok
09:33:07.0748 4616 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:33:07.0748 4616 RDPREFMP - ok
09:33:07.0780 4616 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
09:33:07.0780 4616 RdpVideoMiniport - ok
09:33:07.0826 4616 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
09:33:07.0826 4616 RDPWD - ok
09:33:07.0873 4616 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
09:33:07.0873 4616 rdyboost - ok
09:33:07.0904 4616 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
09:33:07.0904 4616 RemoteAccess - ok
09:33:07.0920 4616 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
09:33:07.0936 4616 RemoteRegistry - ok
09:33:07.0982 4616 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
09:33:07.0982 4616 RpcEptMapper - ok
09:33:08.0014 4616 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
09:33:08.0029 4616 RpcLocator - ok
09:33:08.0076 4616 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:33:08.0076 4616 RpcSs - ok
09:33:08.0123 4616 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:33:08.0123 4616 rspndr - ok
09:33:08.0154 4616 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
09:33:08.0154 4616 s3cap - ok
09:33:08.0201 4616 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:33:08.0201 4616 SamSs - ok
09:33:08.0232 4616 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
09:33:08.0232 4616 sbp2port - ok
09:33:08.0404 4616 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
09:33:08.0419 4616 SBSDWSCService - ok
09:33:08.0450 4616 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
09:33:08.0450 4616 SCardSvr - ok
09:33:08.0482 4616 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
09:33:08.0497 4616 scfilter - ok
09:33:08.0528 4616 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
09:33:08.0544 4616 Schedule - ok
09:33:08.0591 4616 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:33:08.0591 4616 SCPolicySvc - ok
09:33:08.0606 4616 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
09:33:08.0622 4616 SDRSVC - ok
09:33:08.0653 4616 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:33:08.0653 4616 secdrv - ok
09:33:08.0684 4616 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
09:33:08.0700 4616 seclogon - ok
09:33:08.0778 4616 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files\Secunia\PSI\PSIA.exe
09:33:08.0794 4616 Secunia PSI Agent - ok
09:33:08.0840 4616 Secunia Update Agent (20b9e1adbc58958b480933e4da005dfb) C:\Program Files\Secunia\PSI\sua.exe
09:33:08.0872 4616 Secunia Update Agent - ok
09:33:08.0903 4616 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
09:33:08.0918 4616 SENS - ok
09:33:08.0934 4616 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
09:33:08.0950 4616 SensrSvc - ok
09:33:08.0981 4616 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:33:08.0981 4616 Serenum - ok
09:33:08.0996 4616 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:33:09.0012 4616 Serial - ok
09:33:09.0043 4616 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:33:09.0043 4616 sermouse - ok
09:33:09.0090 4616 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
09:33:09.0106 4616 SessionEnv - ok
09:33:09.0137 4616 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
09:33:09.0137 4616 sffdisk - ok
09:33:09.0168 4616 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
09:33:09.0168 4616 sffp_mmc - ok
09:33:09.0184 4616 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
09:33:09.0184 4616 sffp_sd - ok
09:33:09.0215 4616 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:33:09.0230 4616 sfloppy - ok
09:33:09.0262 4616 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
09:33:09.0262 4616 SharedAccess - ok
09:33:09.0308 4616 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
09:33:09.0324 4616 ShellHWDetection - ok
09:33:09.0340 4616 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
09:33:09.0340 4616 sisagp - ok
09:33:09.0371 4616 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:33:09.0371 4616 SiSRaid2 - ok
09:33:09.0402 4616 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:33:09.0402 4616 SiSRaid4 - ok
09:33:09.0449 4616 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:33:09.0449 4616 Smb - ok
09:33:09.0496 4616 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
09:33:09.0496 4616 SNMPTRAP - ok
09:33:09.0527 4616 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:33:09.0527 4616 spldr - ok
09:33:09.0558 4616 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
09:33:09.0574 4616 Spooler - ok
09:33:09.0683 4616 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
09:33:09.0730 4616 sppsvc - ok
09:33:09.0776 4616 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
09:33:09.0792 4616 sppuinotify - ok
09:33:09.0886 4616 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:33:09.0886 4616 SQLBrowser - ok
09:33:09.0932 4616 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:33:09.0932 4616 SQLWriter - ok
09:33:09.0979 4616 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
09:33:09.0979 4616 srv - ok
09:33:09.0995 4616 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
09:33:10.0010 4616 srv2 - ok
09:33:10.0026 4616 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
09:33:10.0026 4616 srvnet - ok
09:33:10.0073 4616 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
09:33:10.0088 4616 SSDPSRV - ok
09:33:10.0104 4616 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
09:33:10.0120 4616 SstpSvc - ok
09:33:10.0151 4616 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:33:10.0151 4616 stexstor - ok
09:33:10.0213 4616 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
09:33:10.0229 4616 StiSvc - ok
09:33:10.0276 4616 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
09:33:10.0276 4616 storflt - ok
09:33:10.0307 4616 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
09:33:10.0307 4616 storvsc - ok
09:33:10.0338 4616 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
09:33:10.0338 4616 swenum - ok
09:33:10.0354 4616 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
09:33:10.0369 4616 swprv - ok
09:33:10.0385 4616 Synth3dVsc - ok
09:33:10.0432 4616 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
09:33:10.0463 4616 SysMain - ok
09:33:10.0494 4616 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
09:33:10.0525 4616 TabletInputService - ok
09:33:10.0556 4616 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
09:33:10.0572 4616 TapiSrv - ok
09:33:10.0588 4616 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
09:33:10.0603 4616 TBS - ok
09:33:10.0650 4616 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
09:33:10.0681 4616 Tcpip - ok
09:33:10.0712 4616 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
09:33:10.0728 4616 TCPIP6 - ok
09:33:10.0775 4616 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
09:33:10.0775 4616 tcpipreg - ok
09:33:10.0806 4616 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
09:33:10.0822 4616 TDPIPE - ok
09:33:10.0853 4616 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
09:33:10.0853 4616 TDTCP - ok
09:33:10.0884 4616 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
09:33:10.0884 4616 tdx - ok
09:33:10.0900 4616 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
09:33:10.0915 4616 TermDD - ok
09:33:10.0962 4616 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
09:33:10.0978 4616 TermService - ok
09:33:10.0993 4616 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
09:33:11.0009 4616 Themes - ok
09:33:11.0024 4616 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:33:11.0040 4616 THREADORDER - ok
09:33:11.0071 4616 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
09:33:11.0087 4616 TrkWks - ok
09:33:11.0118 4616 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
09:33:11.0118 4616 TrustedInstaller - ok
09:33:11.0149 4616 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:33:11.0149 4616 tssecsrv - ok
09:33:11.0180 4616 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
09:33:11.0196 4616 TsUsbFlt - ok
09:33:11.0196 4616 tsusbhub - ok
09:33:11.0258 4616 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
09:33:11.0258 4616 tunnel - ok
09:33:11.0290 4616 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:33:11.0290 4616 uagp35 - ok
09:33:11.0414 4616 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
09:33:11.0414 4616 udfs - ok
09:33:11.0446 4616 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
09:33:11.0461 4616 UI0Detect - ok
09:33:11.0477 4616 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
09:33:11.0477 4616 uliagpkx - ok
09:33:11.0524 4616 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
09:33:11.0539 4616 umbus - ok
09:33:11.0555 4616 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:33:11.0555 4616 UmPass - ok
09:33:11.0602 4616 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
09:33:11.0617 4616 UmRdpService - ok
09:33:11.0633 4616 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
09:33:11.0648 4616 upnphost - ok
09:33:11.0695 4616 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
09:33:11.0711 4616 USBAAPL - ok
09:33:11.0742 4616 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
09:33:11.0742 4616 usbccgp - ok
09:33:11.0758 4616 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
09:33:11.0773 4616 usbcir - ok
09:33:11.0804 4616 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
09:33:11.0804 4616 usbehci - ok
09:33:11.0836 4616 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
09:33:11.0836 4616 usbhub - ok
09:33:11.0851 4616 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
09:33:11.0867 4616 usbohci - ok
09:33:11.0882 4616 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:33:11.0882 4616 usbprint - ok
09:33:11.0914 4616 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
09:33:11.0914 4616 usbscan - ok
09:33:11.0945 4616 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:33:11.0945 4616 USBSTOR - ok
09:33:11.0976 4616 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:33:11.0992 4616 usbuhci - ok
09:33:12.0070 4616 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
09:33:12.0085 4616 UxSms - ok
09:33:12.0116 4616 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:33:12.0132 4616 VaultSvc - ok
09:33:12.0163 4616 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
09:33:12.0163 4616 vdrvroot - ok
09:33:12.0210 4616 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
09:33:12.0226 4616 vds - ok
09:33:12.0288 4616 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:33:12.0288 4616 vga - ok
09:33:12.0304 4616 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:33:12.0304 4616 VgaSave - ok
09:33:12.0319 4616 VGPU - ok
09:33:12.0366 4616 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
09:33:12.0366 4616 vhdmp - ok
09:33:12.0397 4616 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
09:33:12.0413 4616 viaagp - ok
09:33:12.0428 4616 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:33:12.0428 4616 ViaC7 - ok
09:33:12.0460 4616 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
09:33:12.0460 4616 viaide - ok
09:33:12.0491 4616 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
09:33:12.0491 4616 vmbus - ok
09:33:12.0522 4616 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
09:33:12.0522 4616 VMBusHID - ok
09:33:12.0553 4616 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
09:33:12.0569 4616 volmgr - ok
09:33:12.0600 4616 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:33:12.0600 4616 volmgrx - ok
09:33:12.0631 4616 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
09:33:12.0631 4616 volsnap - ok
09:33:12.0694 4616 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:33:12.0694 4616 vsmraid - ok
09:33:12.0740 4616 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
09:33:12.0772 4616 VSS - ok
09:33:12.0787 4616 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
09:33:12.0787 4616 vwifibus - ok
09:33:12.0834 4616 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
09:33:12.0850 4616 W32Time - ok
09:33:12.0865 4616 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:33:12.0881 4616 WacomPen - ok
09:33:12.0943 4616 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:33:12.0943 4616 WANARP - ok
09:33:12.0943 4616 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:33:12.0959 4616 Wanarpv6 - ok
09:33:13.0037 4616 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
09:33:13.0052 4616 WatAdminSvc - ok
09:33:13.0130 4616 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
09:33:13.0193 4616 wbengine - ok
09:33:13.0224 4616 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
09:33:13.0240 4616 WbioSrvc - ok
09:33:13.0286 4616 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
09:33:13.0302 4616 wcncsvc - ok
09:33:13.0318 4616 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
09:33:13.0333 4616 WcsPlugInService - ok
09:33:13.0349 4616 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:33:13.0349 4616 Wd - ok
09:33:13.0567 4616 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
09:33:13.0614 4616 WDC_SAM - ok
09:33:13.0661 4616 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:33:13.0661 4616 Wdf01000 - ok
09:33:13.0676 4616 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:33:13.0692 4616 WdiServiceHost - ok
09:33:13.0708 4616 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:33:13.0708 4616 WdiSystemHost - ok
09:33:13.0754 4616 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
09:33:13.0770 4616 WebClient - ok
09:33:13.0817 4616 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
09:33:13.0817 4616 Wecsvc - ok
09:33:13.0848 4616 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
09:33:13.0864 4616 wercplsupport - ok
09:33:13.0895 4616 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
09:33:13.0895 4616 WerSvc - ok
09:33:13.0926 4616 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:33:13.0926 4616 WfpLwf - ok
09:33:13.0942 4616 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:33:13.0957 4616 WIMMount - ok
09:33:14.0035 4616 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
09:33:14.0051 4616 WinDefend - ok
09:33:14.0066 4616 WinHttpAutoProxySvc - ok
09:33:14.0113 4616 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
09:33:14.0113 4616 Winmgmt - ok
09:33:14.0176 4616 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
09:33:14.0207 4616 WinRM - ok
09:33:14.0269 4616 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
09:33:14.0285 4616 WinUsb - ok
09:33:14.0332 4616 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
09:33:14.0347 4616 Wlansvc - ok
09:33:14.0472 4616 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:33:14.0503 4616 wlidsvc - ok
09:33:14.0519 4616 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
09:33:14.0534 4616 WmiAcpi - ok
09:33:14.0581 4616 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
09:33:14.0581 4616 wmiApSrv - ok
09:33:14.0659 4616 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:33:14.0675 4616 WMPNetworkSvc - ok
09:33:14.0706 4616 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
09:33:14.0706 4616 WPCSvc - ok
09:33:14.0753 4616 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
09:33:14.0768 4616 WPDBusEnum - ok
09:33:14.0800 4616 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:33:14.0800 4616 ws2ifsl - ok
09:33:14.0815 4616 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
09:33:14.0831 4616 wscsvc - ok
09:33:14.0846 4616 WSearch - ok
09:33:14.0940 4616 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
09:33:15.0018 4616 wuauserv - ok
09:33:15.0049 4616 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
09:33:15.0049 4616 WudfPf - ok
09:33:15.0080 4616 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:33:15.0080 4616 WUDFRd - ok
09:33:15.0174 4616 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
09:33:15.0190 4616 wudfsvc - ok
09:33:15.0205 4616 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
09:33:15.0221 4616 WwanSvc - ok
09:33:15.0283 4616 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
09:33:15.0283 4616 yukonw7 - ok
09:33:15.0299 4616 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:33:15.0361 4616 \Device\Harddisk0\DR0 - ok
09:33:15.0377 4616 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1
09:33:16.0204 4616 \Device\Harddisk1\DR1 - ok
09:33:16.0204 4616 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
09:33:16.0204 4616 \Device\Harddisk2\DR2 - ok
09:33:16.0219 4616 Boot (0x1200) (26d89ebfff7afdb4417c037d0bd14fd5) \Device\Harddisk0\DR0\Partition0
09:33:16.0219 4616 \Device\Harddisk0\DR0\Partition0 - ok
09:33:16.0235 4616 Boot (0x1200) (e03f9d9786c5c0cb44d7d4777ed3ee13) \Device\Harddisk0\DR0\Partition1
09:33:16.0235 4616 \Device\Harddisk0\DR0\Partition1 - ok
09:33:16.0250 4616 Boot (0x1200) (ac6111fdc6a37898df17f93b74d16e03) \Device\Harddisk0\DR0\Partition2
09:33:16.0250 4616 \Device\Harddisk0\DR0\Partition2 - ok
09:33:16.0266 4616 Boot (0x1200) (64a82775873b01e211de51b2bbad13e1) \Device\Harddisk1\DR1\Partition0
09:33:16.0282 4616 \Device\Harddisk1\DR1\Partition0 - ok
09:33:16.0282 4616 Boot (0x1200) (bc204d0099365b53a17f021d46bfb264) \Device\Harddisk2\DR2\Partition0
09:33:16.0282 4616 \Device\Harddisk2\DR2\Partition0 - ok
09:33:16.0282 4616 ============================================================
09:33:16.0282 4616 Scan finished
09:33:16.0282 4616 ============================================================
09:33:16.0313 2276 Detected object count: 0
09:33:16.0313 2276 Actual detected object count: 0
09:36:30.0332 0716 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-17 09:49:21
-----------------------------
09:49:21.543 OS Version: Windows 6.1.7601 Service Pack 1
09:49:21.543 Number of processors: 2 586 0xF06
09:49:21.559 ComputerName: GARY-PC UserName: Gary
09:49:22.542 Initialize success
09:49:26.847 AVAST engine defs: 12041700
09:49:58.034 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
09:49:58.034 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476938MB BusType: 3
09:49:58.049 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
09:49:58.049 Disk 1 Vendor: ST3500630AS 3.AFM Size: 476940MB BusType: 3
09:49:58.065 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3
09:49:58.065 Disk 2 Vendor: SAMSUNG_HD501LJ CR100-12 Size: 476940MB BusType: 3
09:49:58.081 Disk 0 MBR read successfully
09:49:58.096 Disk 0 MBR scan
09:49:58.096 Disk 0 Windows 7 default MBR code
09:49:58.112 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:49:58.127 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99899 MB offset 206848
09:49:58.143 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 376937 MB offset 204800000
09:49:58.159 Disk 0 scanning sectors +976766976
09:49:58.346 Disk 0 scanning C:\Windows\system32\drivers
09:50:08.548 Service scanning
09:50:26.738 Modules scanning
09:50:37.020 Disk 0 trace - called modules:
09:50:37.036 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
09:50:37.051 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a43478]
09:50:37.067 3 CLASSPNP.SYS[88bd359e] -> nt!IofCallDriver -> [0x8596a918]
09:50:37.067 5 ACPI.sys[8889b3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85968030]
09:50:37.519 AVAST engine scan C:\Windows
09:50:39.267 AVAST engine scan C:\Windows\system32
09:52:35.284 AVAST engine scan C:\Windows\system32\drivers
09:52:44.176 AVAST engine scan C:\Users\Gary
10:10:16.218 AVAST engine scan C:\ProgramData
10:19:52.988 Scan finished successfully
10:25:51.275 Disk 0 MBR has been saved successfully to "C:\Users\Gary\Desktop\MBR.dat"
10:25:51.290 The log file has been saved successfully to "C:\Users\Gary\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 AM

Posted 17 April 2012 - 08:01 AM

Greetings

I would like you to check all the browsers that are installed on the computer and let me know which ones are redirecting and to where

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 TheHat

TheHat
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 18 April 2012 - 03:49 AM

OK have run the script, report below. I have had a couple of redirects in Google using firefox, details below. This only occurs when I do a search in google and try to click on a result. Any direct URL's/Bookmarks etc have been fine.I will test Chrome & IE today and post results.

Thanks

Gary

Searched for dabs.com - taken to - http://www.outrate.co.uk/shopping/store/stid/4574.aspx - firefox
Search for - Moneybookers - taken to - http://www.outrate.co.uk/shopping/store/stid/3553.aspx - firefox



ComboFix 12-04-17.01 - Gary 18/04/2012 9:25.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2040.1065 [GMT 1:00]
Running from: c:\users\Gary\Desktop\ComboFix.exe
Command switches used :: c:\users\Gary\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 08:40 . 2012-04-18 08:40 -------- d-----w- c:\users\Mcx1-GARY-PC\AppData\Local\temp
2012-04-18 08:40 . 2012-04-18 08:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 08:40 . 2012-04-18 08:40 -------- d-----w- c:\users\Charlie\AppData\Local\temp
2012-04-17 08:30 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C4F1BA3-BD46-42A0-9EAF-07377FEF3539}\mpengine.dll
2012-04-16 12:06 . 2012-04-18 08:40 -------- d-----w- c:\users\Gary\AppData\Local\temp
2012-04-16 10:45 . 2012-04-16 10:45 -------- d-----w- c:\program files\7-Zip
2012-04-15 09:33 . 2012-04-15 09:33 -------- d-----w- c:\users\Charlie\AppData\Roaming\Foxit Software
2012-04-12 21:43 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 21:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 21:43 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 21:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 21:42 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 21:42 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 08:39 . 2012-04-11 08:39 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 09:23 . 2012-04-14 18:48 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-02 09:30 . 2012-04-02 09:30 -------- d-----w- c:\program files\iPod
2012-04-02 09:30 . 2012-04-02 09:31 -------- d-----w- c:\program files\iTunes
2012-03-29 08:04 . 2012-03-29 08:04 -------- d-----w- c:\users\Gary\AppData\Local\{C6EF5588-7975-11E1-826D-B8AC6F996F26}
2012-03-27 08:46 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-23 16:27 . 2012-04-04 18:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-23 16:27 . 2012-03-23 16:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-19 09:44 . 2012-03-13 04:39 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-19 09:44 . 2012-03-13 04:39 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 18:48 . 2011-05-18 08:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 08:36 . 2011-02-19 14:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 14:56 . 2012-02-06 09:21 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 13:48 . 2012-03-11 13:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-07 10:35 . 2012-03-07 10:35 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-06 23:15 . 2011-02-02 11:37 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-02-02 11:37 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-30 17:28 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-02-02 11:38 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-02-02 11:38 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-02-02 11:38 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-02-02 11:38 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 09:18 . 2011-02-01 13:53 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 09:12 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-14 09:12 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 09:12 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 09:12 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 11:01 . 2012-02-15 11:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38 . 2012-03-14 09:13 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 09:13 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32 . 2012-03-14 09:12 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 09:12 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 09:12 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 04:39 . 2011-09-30 09:10 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Gary^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-10 22:46 624248 ----a-w- c:\program files\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 17:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 07:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 21:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-22 12:27 136176 ----atw- c:\users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 19:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 18:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveZilla]
2011-01-28 10:51 6987776 ----a-w- c:\program files\LiveZilla\LiveZilla.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 12:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 02:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 19:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 17:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2011-03-01 08:56 34592 ----a-w- c:\program files\NOS\bin\getPlusUninst_Adobe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-24 09:49 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 136176]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 13704]
R3 RapportKELL;RapportKELL;c:\windows\system32\Drivers\RapportKELL.sys [2012-03-11 56208]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-02 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R4 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2011-06-04 3249512]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2012-03-11 71440]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2012-03-11 164112]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-11 931640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2011-09-17 40576]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - RapportIaso
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:48]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 18:04]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 18:04]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3795463041-1943488711-1008610671-1001Core.job
- c:\users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 12:27]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3795463041-1943488711-1008610671-1001UA.job
- c:\users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 12:27]
.
.
------- Supplementary Scan -------
.
IE: Append to existing PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\HMIPCore.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\3994sp75.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(180)
c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-04-18 09:44:57
ComboFix-quarantined-files.txt 2012-04-18 08:44
ComboFix2.txt 2012-04-16 12:06
.
Pre-Run: 15,129,202,688 bytes free
Post-Run: 14,945,857,536 bytes free
.
- - End Of File - - A3C31ADFE60C4F765B9162EA18D9F614

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 AM

Posted 18 April 2012 - 07:50 AM

Hello


Since it is the only one redirecting lets uninstall firefox and when asked about user data or settings remove those also

reinstall firefox and let me know if it still happens



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 TheHat

TheHat
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 19 April 2012 - 01:31 AM

Ok will do. I'll come back to you in a day or so. I'll give chrome a good test as well. Many thanks for all your help. Speak soon.

Gary

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 AM

Posted 19 April 2012 - 08:22 AM

Ok let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 AM

Posted 22 April 2012 - 12:19 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 TheHat

TheHat
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 23 April 2012 - 08:35 AM

Hi Gringo

Apologies for the late reply, my PC gave me a new problem of the boot up repair option getting stuck in a loop, all sorted now.

I deleted Firefox and reinstalled a fresh copy, this seems to have sorted the redirect issue, and the PC seems to work ok. So I would say all solved. I tried Chrome and no redirects.

Many Thanks for all your help, I will add a donation.

Regards

Gary




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users