Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE turned off after Startup


  • This topic is locked This topic is locked
24 replies to this topic

#1 jf2oo6

jf2oo6

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 25 April 2012 - 07:45 PM

I had a thread in Am I infected? forum, and I was directed here. The help I have received so far seemed to have cleaned up my system, but the only problem I still notice is Microsoft Security Essentials is turned off after I start up the computer. I tried to do a DDS scan as directed, but when I tried to open that program is just opened in notepad with a long list of symbols.

Here is the GMER log.



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-25 20:44:36
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9500420AS rev.0002SDM1
Running: gmer.exe; Driver: C:\Users\Jason\AppData\Local\Temp\agloypog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 8325C359 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83295D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91A28340, 0x3441C7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtCreateFile + 6 772655CE 4 Bytes [28, 00, 2C, 00] {SUB [EAX], AL; SUB AL, 0x0}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtCreateFile + B 772655D3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtMapViewOfSection + 6 77265C2E 1 Byte [28]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtMapViewOfSection + 6 77265C2E 4 Bytes [28, 03, 2C, 00] {SUB [EBX], AL; SUB AL, 0x0}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtMapViewOfSection + B 77265C33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenFile + 6 77265CDE 4 Bytes [68, 00, 2C, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenFile + B 77265CE3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcess + 6 77265D8E 4 Bytes [A8, 01, 2C, 00] {TEST AL, 0x1; SUB AL, 0x0}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcess + B 77265D93 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessToken + B 77265DA3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessTokenEx + 6 77265DAE 4 Bytes [A8, 02, 2C, 00] {TEST AL, 0x2; SUB AL, 0x0}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessTokenEx + B 77265DB3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThread + 6 77265E0E 4 Bytes [68, 01, 2C, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThread + B 77265E13 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadToken + 6 77265E1E 4 Bytes [68, 02, 2C, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadToken + B 77265E23 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadTokenEx + B 77265E33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryAttributesFile + 6 77265F3E 4 Bytes [A8, 00, 2C, 00] {TEST AL, 0x0; SUB AL, 0x0}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryAttributesFile + B 77265F43 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryFullAttributesFile + B 77265FF3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationFile + 6 7726663E 4 Bytes [28, 01, 2C, 00] {SUB [ECX], AL; SUB AL, 0x0}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationFile + B 77266643 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationThread + 6 7726669E 4 Bytes [28, 02, 2C, 00] {SUB [EDX], AL; SUB AL, 0x0}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationThread + B 772666A3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 1 Byte [68]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 4 Bytes [68, 03, 2C, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtUnmapViewOfSection + B 772669C3 1 Byte [E2]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1608] kernel32.dll!SetUnhandledExceptionFilter 76DFF4FB 4 Bytes [C2, 04, 00, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtCreateFile + 6 772655CE 4 Bytes [28, 00, 27, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtCreateFile + B 772655D3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtMapViewOfSection + 6 77265C2E 1 Byte [28]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtMapViewOfSection + 6 77265C2E 4 Bytes [28, 03, 27, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtMapViewOfSection + B 77265C33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenFile + 6 77265CDE 4 Bytes [68, 00, 27, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenFile + B 77265CE3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenProcess + 6 77265D8E 4 Bytes [A8, 01, 27, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenProcess + B 77265D93 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenProcessToken + B 77265DA3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenProcessTokenEx + 6 77265DAE 4 Bytes [A8, 02, 27, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenProcessTokenEx + B 77265DB3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenThread + 6 77265E0E 4 Bytes [68, 01, 27, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenThread + B 77265E13 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenThreadToken + 6 77265E1E 4 Bytes [68, 02, 27, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenThreadToken + B 77265E23 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtOpenThreadTokenEx + B 77265E33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtQueryAttributesFile + 6 77265F3E 4 Bytes [A8, 00, 27, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtQueryAttributesFile + B 77265F43 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtQueryFullAttributesFile + B 77265FF3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtSetInformationFile + 6 7726663E 4 Bytes [28, 01, 27, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtSetInformationFile + B 77266643 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtSetInformationThread + 6 7726669E 4 Bytes [28, 02, 27, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtSetInformationThread + B 772666A3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 1 Byte [68]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 4 Bytes [68, 03, 27, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[1872] ntdll.dll!NtUnmapViewOfSection + B 772669C3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtCreateFile + 6 772655CE 4 Bytes [28, 00, 0F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtCreateFile + B 772655D3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtMapViewOfSection + 6 77265C2E 1 Byte [28]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtMapViewOfSection + 6 77265C2E 4 Bytes [28, 03, 0F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtMapViewOfSection + B 77265C33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenFile + 6 77265CDE 4 Bytes [68, 00, 0F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenFile + B 77265CE3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcess + 6 77265D8E 4 Bytes [A8, 01, 0F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcess + B 77265D93 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcessToken + B 77265DA3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcessTokenEx + 6 77265DAE 4 Bytes [A8, 02, 0F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcessTokenEx + B 77265DB3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThread + 6 77265E0E 4 Bytes [68, 01, 0F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThread + B 77265E13 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThreadToken + 6 77265E1E 4 Bytes [68, 02, 0F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThreadToken + B 77265E23 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThreadTokenEx + B 77265E33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtQueryAttributesFile + 6 77265F3E 4 Bytes [A8, 00, 0F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtQueryAttributesFile + B 77265F43 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtQueryFullAttributesFile + B 77265FF3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationFile + 6 7726663E 4 Bytes [28, 01, 0F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationFile + B 77266643 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationThread + 6 7726669E 4 Bytes [28, 02, 0F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationThread + B 772666A3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 1 Byte [68]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 4 Bytes [68, 03, 0F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtUnmapViewOfSection + B 772669C3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtCreateFile + 6 772655CE 4 Bytes [28, 00, 29, 00] {SUB [EAX], AL; SUB [EAX], EAX}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtCreateFile + B 772655D3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtMapViewOfSection + 6 77265C2E 1 Byte [28]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtMapViewOfSection + 6 77265C2E 4 Bytes [28, 03, 29, 00] {SUB [EBX], AL; SUB [EAX], EAX}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtMapViewOfSection + B 77265C33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenFile + 6 77265CDE 4 Bytes [68, 00, 29, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenFile + B 77265CE3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenProcess + 6 77265D8E 4 Bytes [A8, 01, 29, 00] {TEST AL, 0x1; SUB [EAX], EAX}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenProcess + B 77265D93 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenProcessToken + B 77265DA3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenProcessTokenEx + 6 77265DAE 4 Bytes [A8, 02, 29, 00] {TEST AL, 0x2; SUB [EAX], EAX}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenProcessTokenEx + B 77265DB3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenThread + 6 77265E0E 4 Bytes [68, 01, 29, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenThread + B 77265E13 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenThreadToken + 6 77265E1E 4 Bytes [68, 02, 29, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenThreadToken + B 77265E23 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtOpenThreadTokenEx + B 77265E33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtQueryAttributesFile + 6 77265F3E 4 Bytes [A8, 00, 29, 00] {TEST AL, 0x0; SUB [EAX], EAX}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtQueryAttributesFile + B 77265F43 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtQueryFullAttributesFile + B 77265FF3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtSetInformationFile + 6 7726663E 4 Bytes [28, 01, 29, 00] {SUB [ECX], AL; SUB [EAX], EAX}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtSetInformationFile + B 77266643 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtSetInformationThread + 6 7726669E 4 Bytes [28, 02, 29, 00] {SUB [EDX], AL; SUB [EAX], EAX}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtSetInformationThread + B 772666A3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 1 Byte [68]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 4 Bytes [68, 03, 29, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2160] ntdll.dll!NtUnmapViewOfSection + B 772669C3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtCreateFile + 6 772655CE 4 Bytes [28, 00, 25, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtCreateFile + B 772655D3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtMapViewOfSection + 6 77265C2E 1 Byte [28]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtMapViewOfSection + 6 77265C2E 4 Bytes [28, 03, 25, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtMapViewOfSection + B 77265C33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenFile + 6 77265CDE 4 Bytes [68, 00, 25, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenFile + B 77265CE3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcess + 6 77265D8E 4 Bytes [A8, 01, 25, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcess + B 77265D93 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcessToken + B 77265DA3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcessTokenEx + 6 77265DAE 4 Bytes [A8, 02, 25, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcessTokenEx + B 77265DB3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThread + 6 77265E0E 4 Bytes [68, 01, 25, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThread + B 77265E13 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThreadToken + 6 77265E1E 4 Bytes [68, 02, 25, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThreadToken + B 77265E23 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThreadTokenEx + B 77265E33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtQueryAttributesFile + 6 77265F3E 4 Bytes [A8, 00, 25, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtQueryAttributesFile + B 77265F43 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtQueryFullAttributesFile + B 77265FF3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationFile + 6 7726663E 4 Bytes [28, 01, 25, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationFile + B 77266643 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationThread + 6 7726669E 4 Bytes [28, 02, 25, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationThread + B 772666A3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 1 Byte [68]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 4 Bytes [68, 03, 25, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtUnmapViewOfSection + B 772669C3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtCreateFile + 6 772655CE 4 Bytes [28, 00, 46, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtCreateFile + B 772655D3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtMapViewOfSection + 6 77265C2E 1 Byte [28]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtMapViewOfSection + 6 77265C2E 4 Bytes [28, 03, 46, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtMapViewOfSection + B 77265C33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenFile + 6 77265CDE 4 Bytes [68, 00, 46, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenFile + B 77265CE3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenProcess + 6 77265D8E 4 Bytes [A8, 01, 46, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenProcess + B 77265D93 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenProcessToken + B 77265DA3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenProcessTokenEx + 6 77265DAE 4 Bytes [A8, 02, 46, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenProcessTokenEx + B 77265DB3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenThread + 6 77265E0E 4 Bytes [68, 01, 46, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenThread + B 77265E13 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenThreadToken + 6 77265E1E 4 Bytes [68, 02, 46, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenThreadToken + B 77265E23 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenThreadTokenEx + B 77265E33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtQueryAttributesFile + 6 77265F3E 4 Bytes [A8, 00, 46, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtQueryAttributesFile + B 77265F43 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtQueryFullAttributesFile + B 77265FF3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtSetInformationFile + 6 7726663E 4 Bytes [28, 01, 46, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtSetInformationFile + B 77266643 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtSetInformationThread + 6 7726669E 4 Bytes [28, 02, 46, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtSetInformationThread + B 772666A3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 1 Byte [68]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 4 Bytes [68, 03, 46, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtUnmapViewOfSection + B 772669C3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtCreateFile + 6 772655CE 4 Bytes [28, 00, 31, 00] {SUB [EAX], AL; XOR [EAX], EAX}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtCreateFile + B 772655D3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtMapViewOfSection + 6 77265C2E 1 Byte [28]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtMapViewOfSection + 6 77265C2E 4 Bytes [28, 03, 31, 00] {SUB [EBX], AL; XOR [EAX], EAX}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtMapViewOfSection + B 77265C33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenFile + 6 77265CDE 4 Bytes [68, 00, 31, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenFile + B 77265CE3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcess + 6 77265D8E 4 Bytes [A8, 01, 31, 00] {TEST AL, 0x1; XOR [EAX], EAX}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcess + B 77265D93 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcessToken + B 77265DA3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcessTokenEx + 6 77265DAE 4 Bytes [A8, 02, 31, 00] {TEST AL, 0x2; XOR [EAX], EAX}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcessTokenEx + B 77265DB3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThread + 6 77265E0E 4 Bytes [68, 01, 31, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThread + B 77265E13 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThreadToken + 6 77265E1E 4 Bytes [68, 02, 31, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThreadToken + B 77265E23 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThreadTokenEx + B 77265E33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtQueryAttributesFile + 6 77265F3E 4 Bytes [A8, 00, 31, 00] {TEST AL, 0x0; XOR [EAX], EAX}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtQueryAttributesFile + B 77265F43 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtQueryFullAttributesFile + B 77265FF3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtSetInformationFile + 6 7726663E 4 Bytes [28, 01, 31, 00] {SUB [ECX], AL; XOR [EAX], EAX}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtSetInformationFile + B 77266643 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtSetInformationThread + 6 7726669E 4 Bytes [28, 02, 31, 00] {SUB [EDX], AL; XOR [EAX], EAX}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtSetInformationThread + B 772666A3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 1 Byte [68]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 4 Bytes [68, 03, 31, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtUnmapViewOfSection + B 772669C3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtCreateFile + 6 772655CE 4 Bytes [28, 00, 41, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtCreateFile + B 772655D3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtMapViewOfSection + 6 77265C2E 1 Byte [28]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtMapViewOfSection + 6 77265C2E 4 Bytes [28, 03, 41, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtMapViewOfSection + B 77265C33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenFile + 6 77265CDE 4 Bytes [68, 00, 41, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenFile + B 77265CE3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenProcess + 6 77265D8E 4 Bytes [A8, 01, 41, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenProcess + B 77265D93 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenProcessToken + B 77265DA3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenProcessTokenEx + 6 77265DAE 4 Bytes [A8, 02, 41, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenProcessTokenEx + B 77265DB3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenThread + 6 77265E0E 4 Bytes [68, 01, 41, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenThread + B 77265E13 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenThreadToken + 6 77265E1E 4 Bytes [68, 02, 41, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenThreadToken + B 77265E23 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenThreadTokenEx + B 77265E33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtQueryAttributesFile + 6 77265F3E 4 Bytes [A8, 00, 41, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtQueryAttributesFile + B 77265F43 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtQueryFullAttributesFile + B 77265FF3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtSetInformationFile + 6 7726663E 4 Bytes [28, 01, 41, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtSetInformationFile + B 77266643 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtSetInformationThread + 6 7726669E 4 Bytes [28, 02, 41, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtSetInformationThread + B 772666A3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 1 Byte [68]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 4 Bytes [68, 03, 41, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtUnmapViewOfSection + B 772669C3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtCreateFile + 6 772655CE 4 Bytes [28, 00, 33, 00] {SUB [EAX], AL; XOR EAX, [EAX]}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtCreateFile + B 772655D3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtMapViewOfSection + 6 77265C2E 1 Byte [28]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtMapViewOfSection + 6 77265C2E 4 Bytes [28, 03, 33, 00] {SUB [EBX], AL; XOR EAX, [EAX]}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtMapViewOfSection + B 77265C33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenFile + 6 77265CDE 4 Bytes [68, 00, 33, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenFile + B 77265CE3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcess + 6 77265D8E 4 Bytes [A8, 01, 33, 00] {TEST AL, 0x1; XOR EAX, [EAX]}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcess + B 77265D93 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessToken + B 77265DA3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessTokenEx + 6 77265DAE 4 Bytes [A8, 02, 33, 00] {TEST AL, 0x2; XOR EAX, [EAX]}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessTokenEx + B 77265DB3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThread + 6 77265E0E 4 Bytes [68, 01, 33, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThread + B 77265E13 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadToken + 6 77265E1E 4 Bytes [68, 02, 33, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadToken + B 77265E23 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadTokenEx + B 77265E33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryAttributesFile + 6 77265F3E 4 Bytes [A8, 00, 33, 00] {TEST AL, 0x0; XOR EAX, [EAX]}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryAttributesFile + B 77265F43 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryFullAttributesFile + B 77265FF3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationFile + 6 7726663E 4 Bytes [28, 01, 33, 00] {SUB [ECX], AL; XOR EAX, [EAX]}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationFile + B 77266643 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationThread + 6 7726669E 4 Bytes [28, 02, 33, 00] {SUB [EDX], AL; XOR EAX, [EAX]}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationThread + B 772666A3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 1 Byte [68]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 4 Bytes [68, 03, 33, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtUnmapViewOfSection + B 772669C3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtCreateFile + 6 772655CE 4 Bytes [28, 00, 40, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtCreateFile + B 772655D3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtMapViewOfSection + 6 77265C2E 1 Byte [28]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtMapViewOfSection + 6 77265C2E 4 Bytes [28, 03, 40, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtMapViewOfSection + B 77265C33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenFile + 6 77265CDE 4 Bytes [68, 00, 40, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenFile + B 77265CE3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcess + 6 77265D8E 4 Bytes [A8, 01, 40, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcess + B 77265D93 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcessToken + B 77265DA3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcessTokenEx + 6 77265DAE 4 Bytes [A8, 02, 40, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcessTokenEx + B 77265DB3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThread + 6 77265E0E 4 Bytes [68, 01, 40, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThread + B 77265E13 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThreadToken + 6 77265E1E 4 Bytes [68, 02, 40, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThreadToken + B 77265E23 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThreadTokenEx + B 77265E33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtQueryAttributesFile + 6 77265F3E 4 Bytes [A8, 00, 40, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtQueryAttributesFile + B 77265F43 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtQueryFullAttributesFile + B 77265FF3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtSetInformationFile + 6 7726663E 4 Bytes [28, 01, 40, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtSetInformationFile + B 77266643 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtSetInformationThread + 6 7726669E 4 Bytes [28, 02, 40, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtSetInformationThread + B 772666A3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 1 Byte [68]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 4 Bytes [68, 03, 40, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtUnmapViewOfSection + B 772669C3 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!EnableWindow 77158D02 4 Bytes JMP 636D9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxParamW 77173B9B 4 Bytes JMP 6363170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxIndirectParamW 77183B7F 4 Bytes JMP 6382640E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxParamA 7719CF42 4 Bytes JMP 638263A9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxIndirectParamA 7719D274 4 Bytes JMP 63826473 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxIndirectA 771AE869 4 Bytes JMP 63826330 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxIndirectW 771AE963 4 Bytes JMP 638262B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxExA 771AE9C9 4 Bytes JMP 63826253 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxExW 771AE9ED 4 Bytes JMP 638261EF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtCreateFile + 6 772655CE 4 Bytes [28, 00, 2E, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtCreateFile + B 772655D3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtMapViewOfSection + 6 77265C2E 1 Byte [28]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtMapViewOfSection + 6 77265C2E 4 Bytes [28, 03, 2E, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtMapViewOfSection + B 77265C33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtOpenFile + 6 77265CDE 4 Bytes [68, 00, 2E, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtOpenFile + B 77265CE3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtOpenProcess + 6 77265D8E 4 Bytes [A8, 01, 2E, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtOpenProcess + B 77265D93 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtOpenProcessToken + B 77265DA3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtOpenProcessTokenEx + 6 77265DAE 4 Bytes [A8, 02, 2E, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtOpenProcessTokenEx + B 77265DB3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtOpenThread + 6 77265E0E 4 Bytes [68, 01, 2E, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtOpenThread + B 77265E13 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtOpenThreadToken + 6 77265E1E 4 Bytes [68, 02, 2E, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtOpenThreadToken + B 77265E23 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtOpenThreadTokenEx + B 77265E33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtQueryAttributesFile + 6 77265F3E 4 Bytes [A8, 00, 2E, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtQueryAttributesFile + B 77265F43 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtQueryFullAttributesFile + B 77265FF3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtSetInformationFile + 6 7726663E 4 Bytes [28, 01, 2E, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtSetInformationFile + B 77266643 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtSetInformationThread + 6 7726669E 4 Bytes [28, 02, 2E, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtSetInformationThread + B 772666A3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 1 Byte [68]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 4 Bytes [68, 03, 2E, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtUnmapViewOfSection + B 772669C3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtCreateFile + 6 772655CE 4 Bytes [28, 00, 1F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtCreateFile + B 772655D3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtMapViewOfSection + 6 77265C2E 1 Byte [28]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtMapViewOfSection + 6 77265C2E 4 Bytes [28, 03, 1F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtMapViewOfSection + B 77265C33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenFile + 6 77265CDE 4 Bytes [68, 00, 1F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenFile + B 77265CE3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenProcess + 6 77265D8E 4 Bytes [A8, 01, 1F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenProcess + B 77265D93 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenProcessToken + B 77265DA3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenProcessTokenEx + 6 77265DAE 4 Bytes [A8, 02, 1F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenProcessTokenEx + B 77265DB3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenThread + 6 77265E0E 4 Bytes [68, 01, 1F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenThread + B 77265E13 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenThreadToken + 6 77265E1E 4 Bytes [68, 02, 1F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenThreadToken + B 77265E23 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenThreadTokenEx + B 77265E33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtQueryAttributesFile + 6 77265F3E 4 Bytes [A8, 00, 1F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtQueryAttributesFile + B 77265F43 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtQueryFullAttributesFile + B 77265FF3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtSetInformationFile + 6 7726663E 4 Bytes [28, 01, 1F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtSetInformationFile + B 77266643 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtSetInformationThread + 6 7726669E 4 Bytes [28, 02, 1F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtSetInformationThread + B 772666A3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 1 Byte [68]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 4 Bytes [68, 03, 1F, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtUnmapViewOfSection + B 772669C3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtCreateFile + 6 772655CE 4 Bytes [28, 00, 2C, 00] {SUB [EAX], AL; SUB AL, 0x0}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtCreateFile + B 772655D3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtMapViewOfSection + 6 77265C2E 1 Byte [28]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtMapViewOfSection + 6 77265C2E 4 Bytes [28, 03, 2C, 00] {SUB [EBX], AL; SUB AL, 0x0}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtMapViewOfSection + B 77265C33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenFile + 6 77265CDE 4 Bytes [68, 00, 2C, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenFile + B 77265CE3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcess + 6 77265D8E 4 Bytes [A8, 01, 2C, 00] {TEST AL, 0x1; SUB AL, 0x0}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcess + B 77265D93 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcessToken + B 77265DA3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcessTokenEx + 6 77265DAE 4 Bytes [A8, 02, 2C, 00] {TEST AL, 0x2; SUB AL, 0x0}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcessTokenEx + B 77265DB3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThread + 6 77265E0E 4 Bytes [68, 01, 2C, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThread + B 77265E13 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThreadToken + 6 77265E1E 4 Bytes [68, 02, 2C, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThreadToken + B 77265E23 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThreadTokenEx + B 77265E33 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtQueryAttributesFile + 6 77265F3E 4 Bytes [A8, 00, 2C, 00] {TEST AL, 0x0; SUB AL, 0x0}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtQueryAttributesFile + B 77265F43 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtQueryFullAttributesFile + B 77265FF3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtSetInformationFile + 6 7726663E 4 Bytes [28, 01, 2C, 00] {SUB [ECX], AL; SUB AL, 0x0}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtSetInformationFile + B 77266643 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtSetInformationThread + 6 7726669E 4 Bytes [28, 02, 2C, 00] {SUB [EDX], AL; SUB AL, 0x0}
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtSetInformationThread + B 772666A3 1 Byte [E2]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 1 Byte [68]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtUnmapViewOfSection + 6 772669BE 4 Bytes [68, 03, 2C, 00]
.text C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtUnmapViewOfSection + B 772669C3 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] kernel32.dll!CreateThread 76DFDCC2 4 Bytes JMP 636972FB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!EnableWindow 77158D02 4 Bytes JMP 636D9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!GetAsyncKeyState 7715A256 4 Bytes JMP 6367DD9D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!CallNextHookEx 7715ABE1 4 Bytes JMP 636F7BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!UnhookWindowsHookEx 7715ADF9 5 Bytes JMP 6371EB10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!DefWindowProcA 7715BB1C 7 Bytes JMP 63699525 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!CreateWindowExA 7715BF40 4 Bytes JMP 636A335B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!SetWindowsHookExW 7715E30C 4 Bytes JMP 636D2194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!CreateWindowExW 7715EC7C 4 Bytes JMP 636FFF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!GetKeyState 77162B4D 4 Bytes JMP 6367DC73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!IsDialogMessageW 77164104 4 Bytes JMP 63826EDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!DefWindowProcW 7716507D 7 Bytes JMP 636F7C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!CreateDialogParamA 77171F42 4 Bytes JMP 63826740 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!IsDialogMessage 77172019 4 Bytes JMP 63826EB5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!DialogBoxParamW 77173B9B 4 Bytes JMP 6363170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!CreateDialogIndirectParamA 7717721D 4 Bytes JMP 638267B0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!CreateDialogIndirectParamW 7717EA10 4 Bytes JMP 638267E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!DialogBoxIndirectParamW 77183B7F 4 Bytes JMP 6382640E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!EndDialog 77183BA3 4 Bytes JMP 63827189 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!CreateDialogParamW 77185630 4 Bytes JMP 63826778 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!SetKeyboardState 7718695A 5 Bytes JMP 638277A5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!SendInput 77187019 5 Bytes JMP 6382774D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!SetCursorPos 7719C1B0 4 Bytes JMP 63827826 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!DialogBoxParamA 7719CF42 4 Bytes JMP 638263A9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!DialogBoxIndirectParamA 7719D274 4 Bytes JMP 63826473 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!MessageBoxIndirectA 771AE869 4 Bytes JMP 63826330 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!MessageBoxIndirectW 771AE963 4 Bytes JMP 638262B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!MessageBoxExA 771AE9C9 4 Bytes JMP 63826253 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!MessageBoxExW 771AE9ED 4 Bytes JMP 638261EF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!keybd_event 771AEC3B 4 Bytes JMP 6382770A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] SHELL32.dll!RealDriveType + 173D 75BEFDD0 4 Bytes [CF, 01, 71, 69] {IRET ; ADD [ECX+0x69], ESI}
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] SHELL32.dll!RealDriveType + 1745 75BEFDD8 8 Bytes [E0, 61, 70, 69, 79, F7, 70, ...] {LOOPNZ 0x63; JO 0x6d; JNS 0xfffffffffffffffd; JO 0x71}
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] ole32.dll!OleLoadFromStream 76886143 4 Bytes JMP 63826BE7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\0000007b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000007d bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001e3d881e16 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e3d881e16
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\001e3d881e16 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 29 April 2012 - 07:51 AM

Hello and Welcome to Bleeping Computer!!

Use link 2 or 3 for ddS

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jf2oo6

jf2oo6
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 01 May 2012 - 01:59 PM

Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Security Toolbar
ESET Online Scanner v3
ESET Smart Security
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
CCleaner
Java™ 7 Update 3
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jason at 14:56:53 on 2012-05-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1543 [GMT -4:00]
.
AV: ESET Smart Security 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: ESET Smart Security 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\Windows\system32\lxducoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={756FB66D-04C3-4BE4-9C7B-09768AAED8C8}&mid=9bbdc5cc87aa47d0bd26d1577b6cf7e5-795c93fdb56944ba910d5db7d081e8b00addefe9&lang=en&ds=gm011&pr=sa&d=2012-04-28 21:08:53&v=11.0.0.9&sap=hp
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
TB: {ECDEE021-0D17-467F-A1FF-C7A115230949} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [<NO NAME>]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: navy.mil\bolnkossignon.bol
Trusted Zone: navy.mil\www.bol
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{A1FEB7CD-E1E0-4F68-999A-2915C2E358E9} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{A1FEB7CD-E1E0-4F68-999A-2915C2E358E9}\3435D4D2055726C69636 : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{A1FEB7CD-E1E0-4F68-999A-2915C2E358E9}\D61627B6 : DhcpNameServer = 65.32.5.111 65.32.5.112 65.32.5.111 65.32.5.112
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-9-3 137144]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-11-4 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-7-29 41336]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2011-1-11 94208]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-4-28 932736]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2011-1-2 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2011-1-2 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-1 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GKUPRO2D;GKUPRO2D;c:\windows\system32\drivers\GKUPRO2D.sys [2005-2-18 71168]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-1 136176]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-3 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-1 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-04-30 23:09:03 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2c389660-e74b-4088-a386-7419eea69a64}\mpengine.dll
2012-04-29 13:57:13 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-04-29 01:09:08 -------- d-----w- c:\users\jason\appdata\local\AVG Secure Search
2012-04-29 01:08:51 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-29 01:08:48 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-04-29 01:08:46 -------- d-----w- c:\program files\AVG Secure Search
2012-04-29 01:04:42 -------- d--h--w- c:\programdata\Common Files
2012-04-19 16:41:12 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-19 16:36:36 -------- d-----w- c:\windows\system32\appmgmt
2012-04-14 15:11:00 -------- d-----w- c:\users\jason\appdata\roaming\SUPERAntiSpyware.com
2012-04-14 15:10:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-14 15:10:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-14 14:57:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 14:37:48 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cfa55395-3a07-48d6-99d6-8b10bcdee51e}\gapaengine.dll
2012-04-14 14:10:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-14 14:10:02 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-04-14 14:10:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-04-14 14:10:01 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-14 14:10:00 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-04-14 14:09:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-04-14 14:09:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-14 14:08:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-14 14:08:16 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-14 14:08:16 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-14 14:08:16 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-14 14:07:15 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-14 14:07:14 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-14 12:37:48 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-14 12:37:48 -------- d-----w- c:\program files\Kaspersky Lab
2012-04-14 12:34:17 -------- d--h--w- C:\kleaner.tmp
2012-04-13 17:44:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-09 21:42:42 -------- d-----w- c:\program files\iPod
2012-04-09 21:42:41 -------- d-----w- c:\program files\iTunes
2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-19 16:40:58 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-21 00:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-14 23:14:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-14 16:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:57:34.35 ===============







.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/28/2010 6:15:20 PM
System Uptime: 4/30/2012 3:57:03 AM (35 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 Duo CPU T8300 @ 2.40GHz | N/A | 792/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 258.719 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_9005104D&REV_00\4&3A867C58&0&1AF0
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_9005104D&REV_00\4&3A867C58&0&1AF0
Service:
.
==== System Restore Points ===================
.
RP186: 4/14/2012 10:06:16 AM - Windows Update
RP187: 4/14/2012 10:40:07 AM - Windows Update
RP188: 4/18/2012 11:05:42 AM - Installed Microsoft Fix it 50267
RP189: 4/18/2012 11:18:11 AM - Windows Update
RP190: 4/19/2012 12:35:34 PM - Removed Java™ 6 Update 26
RP191: 4/19/2012 12:40:30 PM - Installed Java™ 7 Update 3
RP192: 4/23/2012 7:14:15 PM - Windows Update
RP193: 4/26/2012 3:54:22 PM - Windows Update
RP194: 4/30/2012 7:08:29 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
ABBYY FineReader 6.0 Sprint
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS5
Adobe Reader X (10.1.3)
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 2
AutoCAD 2012 - English
AutoCAD 2012 Language Pack - English
Autodesk Content Service
Autodesk Design Review 2012
Autodesk Inventor Fusion 2012
Autodesk Inventor Fusion 2012 Language Pack
Autodesk Inventor Fusion plug-in for AutoCAD 2012
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
AVG Security Toolbar
Bonjour
CCleaner
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESET Online Scanner v3
ESET Smart Security
FARO LS 1.1.406.58
GOM Player
Google Book Downloader
Google Chrome
Google Earth Plug-in
Google SketchUp 8
Google Talk Plugin
Google Update Helper
GooReader
iCloud
ImTOO MPEG Encoder Platinum
ImTOO Video Converter Ultimate 6
iTunes
Java Auto Updater
Java™ 7 Update 3
Lexmark 5600-6600 Series
Lexmark Printable Web
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Baseline Security Analyzer 2.2
Microsoft IntelliPoint 8.0
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
NVIDIA Drivers
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Setting Utility Series
Skype Toolbars
Skype™ 5.1
SUPERAntiSpyware
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VAIO Control Center
VAIO Original Function Settings
WinRAR 4.00 (32-bit)
Wolfram Mathematica 7 for Students (M-WIN-G 7.0.0 1148361)
Wolfram Notebook Indexer 2.0
Working Model
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
5/1/2012 11:21:16 AM, Error: Service Control Manager [7031] - The Autodesk Content Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/25/2012 7:56:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/25/2012 12:53:15 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.372.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/25/2012 11:35:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.372.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/25/2012 11:25:08 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
4/25/2012 1:43:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.372.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 01 May 2012 - 09:53 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jf2oo6

jf2oo6
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 02 May 2012 - 07:30 PM

ComboFix 12-05-02.03 - Jason 05/02/2012 20:18:58.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1917 [GMT -4:00]
Running from: c:\users\Jason\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL1525.tmp
c:\programdata\SPL3919.tmp
c:\programdata\SPL3AF4.tmp
c:\users\Jason\videos\Adobe Acrobat X (v10.0.3) Pro.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))
.
.
2012-05-03 00:24 . 2012-05-03 00:25 -------- d-----w- c:\users\Jason\AppData\Local\temp
2012-05-03 00:24 . 2012-05-03 00:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-03 00:24 . 2012-05-03 00:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-03 00:24 . 2012-05-03 00:24 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-03 00:14 . 2012-05-03 00:14 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB8DF371-E82B-4EB1-8485-CCF6E95F7D80}\offreg.dll
2012-05-03 00:14 . 2012-05-03 00:14 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB8DF371-E82B-4EB1-8485-CCF6E95F7D80}\MpKsld35e8d09.sys
2012-05-02 21:02 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB8DF371-E82B-4EB1-8485-CCF6E95F7D80}\mpengine.dll
2012-04-30 23:09 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-29 01:09 . 2012-04-29 01:09 -------- d-----w- c:\users\Jason\AppData\Local\AVG Secure Search
2012-04-29 01:08 . 2012-04-29 01:09 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-29 01:08 . 2012-04-29 01:08 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-04-29 01:08 . 2012-04-29 01:09 -------- d-----w- c:\program files\AVG Secure Search
2012-04-29 01:04 . 2012-04-29 01:04 -------- d--h--w- c:\programdata\Common Files
2012-04-19 16:41 . 2012-04-19 16:41 -------- d-----w- c:\program files\Common Files\Java
2012-04-19 16:41 . 2012-04-19 16:40 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-14 15:11 . 2012-04-14 15:11 -------- d-----w- c:\users\Jason\AppData\Roaming\SUPERAntiSpyware.com
2012-04-14 15:10 . 2012-04-14 15:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-14 15:10 . 2012-04-14 15:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-14 14:57 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 14:37 . 2012-04-14 14:37 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFA55395-3A07-48D6-99D6-8B10BCDEE51E}\gapaengine.dll
2012-04-14 14:10 . 2012-02-28 01:58 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-14 14:10 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-14 14:10 . 2012-02-28 01:18 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-14 14:10 . 2012-02-28 01:08 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-04-14 14:10 . 2012-02-28 01:11 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-04-14 14:09 . 2012-02-28 01:13 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-14 14:09 . 2012-02-28 01:11 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-14 14:08 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-14 14:08 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-14 14:08 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-14 14:08 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-14 14:07 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-14 14:07 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-14 12:37 . 2012-04-14 13:37 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-14 12:37 . 2012-04-14 12:37 -------- d-----w- c:\program files\Kaspersky Lab
2012-04-14 12:34 . 2012-04-14 12:34 -------- d-----w- C:\kleaner.tmp
2012-04-13 17:44 . 2012-04-14 14:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-09 21:42 . 2012-04-09 21:42 -------- d-----w- c:\program files\iPod
2012-04-09 21:42 . 2012-04-09 21:43 -------- d-----w- c:\program files\iTunes
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 16:40 . 2011-01-12 21:39 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-21 00:44 . 2010-10-25 02:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2010-10-25 02:25 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-14 23:14 . 2011-06-05 23:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-13 19:03 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 19:03 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 19:03 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01 . 2012-02-15 16:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38 . 2012-03-14 21:37 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 21:37 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-29 01:08 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-29 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-07-22 122880]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-17 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-17 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-29 1116544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-04-04 05:53 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-04-04 05:53 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 08:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 00:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-09-14 20:09 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-28 23:36 136176 ----atw- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5600-6600 Series Fax Server]
2009-05-11 17:02 311976 ----a-w- c:\program files\Lexmark 5600-6600 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxduamon]
2009-05-11 17:02 16040 ----a-w- c:\program files\Lexmark 5600-6600 Series\lxduamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdumon.exe]
2009-05-11 17:02 684712 ----a-w- c:\program files\Lexmark 5600-6600 Series\lxdumon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 19:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 21:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-02-17 21:15 8429568 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 22:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-07-13 20:17 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 136176]
R3 GKUPRO2D;GKUPRO2D;c:\windows\system32\Drivers\GKUPRO2D.sys [2005-02-18 71168]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-02 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 MpKsld35e8d09;MpKsld35e8d09;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB8DF371-E82B-4EB1-8485-CCF6E95F7D80}\MpKsld35e8d09.sys [2012-05-03 29904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 589824]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2009-10-16 94208]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-04-29 932736]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2008-02-17 75008]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2008-02-17 43904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLD35E8D09
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 23:36]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 23:36]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1286681262-2286595208-2502019248-1001Core.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-28 23:36]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1286681262-2286595208-2502019248-1001UA.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-28 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={756FB66D-04C3-4BE4-9C7B-09768AAED8C8}&mid=9bbdc5cc87aa47d0bd26d1577b6cf7e5-795c93fdb56944ba910d5db7d081e8b00addefe9&lang=en&ds=gm011&pr=sa&d=2012-04-28 21:08&v=11.0.0.9&sap=hp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: navy.mil\bolnkossignon.bol
Trusted Zone: navy.mil\www.bol
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
HKCU-Run-AdobeBridge - (no file)
SafeBoot-38378881.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTAgent.exe
MSConfigStartUp-egui - c:\program files\ESET\ESET Smart Security\egui.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-02 20:26:43
ComboFix-quarantined-files.txt 2012-05-03 00:26
.
Pre-Run: 277,380,653,056 bytes free
Post-Run: 277,168,066,560 bytes free
.
- - End Of File - - 4BC6AEC1030C952377EB154D5D237045

No problems with the scan. Everything seems to be ok for now.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 02 May 2012 - 08:53 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jf2oo6

jf2oo6
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 03 May 2012 - 05:14 PM

16:56:00.0000 4464 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:56:00.0540 4464 ============================================================
16:56:00.0540 4464 Current date / time: 2012/05/03 16:56:00.0540
16:56:00.0540 4464 SystemInfo:
16:56:00.0540 4464
16:56:00.0540 4464 OS Version: 6.1.7601 ServicePack: 1.0
16:56:00.0540 4464 Product type: Workstation
16:56:00.0540 4464 ComputerName: JASON-PC
16:56:00.0540 4464 UserName: Jason
16:56:00.0540 4464 Windows directory: C:\Windows
16:56:00.0540 4464 System windows directory: C:\Windows
16:56:00.0540 4464 Processor architecture: Intel x86
16:56:00.0540 4464 Number of processors: 2
16:56:00.0540 4464 Page size: 0x1000
16:56:00.0540 4464 Boot type: Normal boot
16:56:00.0540 4464 ============================================================
16:56:03.0306 4464 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:56:03.0311 4464 ============================================================
16:56:03.0311 4464 \Device\Harddisk0\DR0:
16:56:03.0316 4464 MBR partitions:
16:56:03.0316 4464 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:56:03.0316 4464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
16:56:03.0316 4464 ============================================================
16:56:03.0336 4464 C: <-> \Device\Harddisk0\DR0\Partition1
16:56:03.0336 4464 ============================================================
16:56:03.0336 4464 Initialize success
16:56:03.0336 4464 ============================================================
16:56:07.0642 4352 ============================================================
16:56:07.0642 4352 Scan started
16:56:07.0642 4352 Mode: Manual;
16:56:07.0642 4352 ============================================================
16:56:08.0409 4352 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:56:08.0416 4352 !SASCORE - ok
16:56:08.0593 4352 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:56:08.0597 4352 1394ohci - ok
16:56:08.0627 4352 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:56:08.0642 4352 ACPI - ok
16:56:08.0653 4352 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:56:08.0655 4352 AcpiPmi - ok
16:56:08.0770 4352 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:56:08.0773 4352 AdobeARMservice - ok
16:56:08.0815 4352 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:56:08.0829 4352 adp94xx - ok
16:56:08.0857 4352 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:56:08.0870 4352 adpahci - ok
16:56:08.0885 4352 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:56:08.0887 4352 adpu320 - ok
16:56:08.0911 4352 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:56:08.0914 4352 AeLookupSvc - ok
16:56:08.0975 4352 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
16:56:08.0992 4352 AFD - ok
16:56:09.0014 4352 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:56:09.0018 4352 agp440 - ok
16:56:09.0032 4352 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:56:09.0035 4352 aic78xx - ok
16:56:09.0052 4352 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:56:09.0054 4352 ALG - ok
16:56:09.0068 4352 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:56:09.0069 4352 aliide - ok
16:56:09.0082 4352 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:56:09.0085 4352 amdagp - ok
16:56:09.0101 4352 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:56:09.0104 4352 amdide - ok
16:56:09.0116 4352 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:56:09.0118 4352 AmdK8 - ok
16:56:09.0133 4352 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:56:09.0134 4352 AmdPPM - ok
16:56:09.0172 4352 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:56:09.0175 4352 amdsata - ok
16:56:09.0192 4352 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:56:09.0195 4352 amdsbs - ok
16:56:09.0210 4352 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:56:09.0213 4352 amdxata - ok
16:56:09.0266 4352 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:56:09.0270 4352 ApfiltrService - ok
16:56:09.0311 4352 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:56:09.0312 4352 AppID - ok
16:56:09.0329 4352 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:56:09.0330 4352 AppIDSvc - ok
16:56:09.0365 4352 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
16:56:09.0368 4352 Appinfo - ok
16:56:09.0479 4352 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:56:09.0484 4352 Apple Mobile Device - ok
16:56:09.0515 4352 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
16:56:09.0518 4352 AppMgmt - ok
16:56:09.0535 4352 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:56:09.0538 4352 arc - ok
16:56:09.0570 4352 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:56:09.0573 4352 arcsas - ok
16:56:09.0689 4352 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:56:09.0692 4352 aspnet_state - ok
16:56:09.0708 4352 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:56:09.0711 4352 AsyncMac - ok
16:56:09.0753 4352 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:56:09.0754 4352 atapi - ok
16:56:09.0831 4352 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:56:09.0851 4352 AudioEndpointBuilder - ok
16:56:09.0865 4352 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:56:09.0872 4352 Audiosrv - ok
16:56:09.0980 4352 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
16:56:09.0983 4352 Autodesk Content Service - ok
16:56:10.0029 4352 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
16:56:10.0033 4352 AxInstSV - ok
16:56:10.0082 4352 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:56:10.0095 4352 b06bdrv - ok
16:56:10.0114 4352 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:56:10.0118 4352 b57nd60x - ok
16:56:10.0152 4352 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:56:10.0153 4352 BDESVC - ok
16:56:10.0161 4352 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:56:10.0162 4352 Beep - ok
16:56:10.0219 4352 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
16:56:10.0233 4352 BFE - ok
16:56:10.0314 4352 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
16:56:10.0342 4352 BITS - ok
16:56:10.0363 4352 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:56:10.0365 4352 blbdrive - ok
16:56:10.0468 4352 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:56:10.0484 4352 Bonjour Service - ok
16:56:10.0528 4352 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:56:10.0531 4352 bowser - ok
16:56:10.0550 4352 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:56:10.0554 4352 BrFiltLo - ok
16:56:10.0567 4352 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:56:10.0569 4352 BrFiltUp - ok
16:56:10.0609 4352 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
16:56:10.0612 4352 BridgeMP - ok
16:56:10.0658 4352 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
16:56:10.0660 4352 Browser - ok
16:56:10.0679 4352 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:56:10.0694 4352 Brserid - ok
16:56:10.0707 4352 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:56:10.0710 4352 BrSerWdm - ok
16:56:10.0726 4352 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:56:10.0728 4352 BrUsbMdm - ok
16:56:10.0736 4352 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:56:10.0738 4352 BrUsbSer - ok
16:56:10.0791 4352 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
16:56:10.0795 4352 BthEnum - ok
16:56:10.0816 4352 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:56:10.0819 4352 BTHMODEM - ok
16:56:10.0846 4352 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
16:56:10.0849 4352 BthPan - ok
16:56:10.0881 4352 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
16:56:10.0896 4352 BTHPORT - ok
16:56:10.0926 4352 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:56:10.0929 4352 bthserv - ok
16:56:10.0944 4352 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
16:56:10.0947 4352 BTHUSB - ok
16:56:10.0978 4352 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
16:56:10.0981 4352 btusbflt - ok
16:56:11.0053 4352 catchme - ok
16:56:11.0080 4352 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:56:11.0083 4352 cdfs - ok
16:56:11.0140 4352 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
16:56:11.0144 4352 cdrom - ok
16:56:11.0185 4352 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:56:11.0188 4352 CertPropSvc - ok
16:56:11.0210 4352 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:56:11.0212 4352 circlass - ok
16:56:11.0244 4352 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:56:11.0254 4352 CLFS - ok
16:56:11.0300 4352 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:56:11.0303 4352 clr_optimization_v2.0.50727_32 - ok
16:56:11.0420 4352 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) c:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:56:11.0435 4352 clr_optimization_v4.0.30319_32 - ok
16:56:11.0448 4352 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:56:11.0453 4352 CmBatt - ok
16:56:11.0468 4352 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:56:11.0470 4352 cmdide - ok
16:56:11.0526 4352 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
16:56:11.0541 4352 CNG - ok
16:56:11.0568 4352 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:56:11.0568 4352 Compbatt - ok
16:56:11.0579 4352 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:56:11.0581 4352 CompositeBus - ok
16:56:11.0587 4352 COMSysApp - ok
16:56:11.0600 4352 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:56:11.0603 4352 crcdisk - ok
16:56:11.0649 4352 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
16:56:11.0652 4352 CryptSvc - ok
16:56:11.0700 4352 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
16:56:11.0716 4352 CSC - ok
16:56:11.0760 4352 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
16:56:11.0776 4352 CscService - ok
16:56:11.0801 4352 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:56:11.0816 4352 DcomLaunch - ok
16:56:11.0846 4352 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:56:11.0856 4352 defragsvc - ok
16:56:11.0915 4352 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
16:56:11.0917 4352 DfsC - ok
16:56:11.0987 4352 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
16:56:12.0002 4352 Dhcp - ok
16:56:12.0030 4352 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:56:12.0032 4352 discache - ok
16:56:12.0051 4352 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:56:12.0054 4352 Disk - ok
16:56:12.0103 4352 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
16:56:12.0106 4352 Dnscache - ok
16:56:12.0154 4352 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
16:56:12.0165 4352 dot3svc - ok
16:56:12.0212 4352 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
16:56:12.0219 4352 DPS - ok
16:56:12.0242 4352 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:56:12.0244 4352 drmkaud - ok
16:56:12.0311 4352 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:56:12.0342 4352 DXGKrnl - ok
16:56:12.0376 4352 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:56:12.0379 4352 EapHost - ok
16:56:12.0523 4352 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:56:12.0815 4352 ebdrv - ok
16:56:12.0936 4352 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
16:56:12.0939 4352 EFS - ok
16:56:13.0033 4352 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
16:56:13.0064 4352 ehRecvr - ok
16:56:13.0089 4352 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:56:13.0093 4352 ehSched - ok
16:56:13.0140 4352 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:56:13.0156 4352 elxstor - ok
16:56:13.0180 4352 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:56:13.0181 4352 ErrDev - ok
16:56:13.0255 4352 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:56:13.0270 4352 EventSystem - ok
16:56:13.0293 4352 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:56:13.0298 4352 exfat - ok
16:56:13.0321 4352 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:56:13.0325 4352 fastfat - ok
16:56:13.0366 4352 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
16:56:13.0385 4352 Fax - ok
16:56:13.0397 4352 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:56:13.0400 4352 fdc - ok
16:56:13.0417 4352 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:56:13.0419 4352 fdPHost - ok
16:56:13.0426 4352 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:56:13.0428 4352 FDResPub - ok
16:56:13.0447 4352 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:56:13.0450 4352 FileInfo - ok
16:56:13.0459 4352 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:56:13.0461 4352 Filetrace - ok
16:56:13.0582 4352 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:56:13.0790 4352 FLEXnet Licensing Service - ok
16:56:13.0800 4352 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:56:13.0802 4352 flpydisk - ok
16:56:13.0825 4352 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:56:13.0828 4352 FltMgr - ok
16:56:13.0903 4352 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
16:56:13.0925 4352 FontCache - ok
16:56:13.0994 4352 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:56:13.0998 4352 FontCache3.0.0.0 - ok
16:56:14.0076 4352 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:56:14.0079 4352 FsDepends - ok
16:56:14.0122 4352 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
16:56:14.0125 4352 Fs_Rec - ok
16:56:14.0169 4352 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:56:14.0179 4352 fvevol - ok
16:56:14.0199 4352 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:56:14.0202 4352 gagp30kx - ok
16:56:14.0251 4352 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:56:14.0252 4352 GEARAspiWDM - ok
16:56:14.0303 4352 GKUPRO2D (2db6e04b2a005b2206daab92d5cf9c4d) C:\Windows\system32\Drivers\GKUPRO2D.sys
16:56:14.0306 4352 GKUPRO2D - ok
16:56:14.0374 4352 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
16:56:14.0394 4352 gpsvc - ok
16:56:14.0533 4352 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:56:14.0538 4352 gupdate - ok
16:56:14.0573 4352 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:56:14.0576 4352 gupdatem - ok
16:56:14.0599 4352 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:56:14.0599 4352 hcw85cir - ok
16:56:14.0650 4352 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
16:56:14.0664 4352 HdAudAddService - ok
16:56:14.0683 4352 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
16:56:14.0686 4352 HDAudBus - ok
16:56:14.0700 4352 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:56:14.0702 4352 HidBatt - ok
16:56:14.0760 4352 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:56:14.0764 4352 HidBth - ok
16:56:14.0777 4352 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:56:14.0780 4352 HidIr - ok
16:56:14.0801 4352 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
16:56:14.0803 4352 hidserv - ok
16:56:14.0813 4352 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
16:56:14.0815 4352 HidUsb - ok
16:56:14.0860 4352 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
16:56:14.0863 4352 hkmsvc - ok
16:56:14.0907 4352 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
16:56:14.0918 4352 HomeGroupListener - ok
16:56:14.0963 4352 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
16:56:14.0969 4352 HomeGroupProvider - ok
16:56:14.0982 4352 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:56:14.0985 4352 HpSAMD - ok
16:56:15.0042 4352 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:56:15.0059 4352 HTTP - ok
16:56:15.0104 4352 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:56:15.0107 4352 hwpolicy - ok
16:56:15.0126 4352 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
16:56:15.0130 4352 i8042prt - ok
16:56:15.0197 4352 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:56:15.0212 4352 iaStorV - ok
16:56:15.0343 4352 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:56:15.0405 4352 idsvc - ok
16:56:15.0444 4352 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:56:15.0446 4352 iirsp - ok
16:56:15.0488 4352 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
16:56:15.0520 4352 IKEEXT - ok
16:56:15.0537 4352 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:56:15.0539 4352 intelide - ok
16:56:15.0553 4352 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:56:15.0554 4352 intelppm - ok
16:56:15.0580 4352 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:56:15.0584 4352 IPBusEnum - ok
16:56:15.0598 4352 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:56:15.0601 4352 IpFilterDriver - ok
16:56:15.0633 4352 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
16:56:15.0654 4352 iphlpsvc - ok
16:56:15.0674 4352 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:56:15.0677 4352 IPMIDRV - ok
16:56:15.0688 4352 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:56:15.0691 4352 IPNAT - ok
16:56:15.0821 4352 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:56:15.0851 4352 iPod Service - ok
16:56:15.0871 4352 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:56:15.0874 4352 IRENUM - ok
16:56:15.0892 4352 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:56:15.0894 4352 isapnp - ok
16:56:15.0924 4352 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:56:15.0934 4352 iScsiPrt - ok
16:56:15.0952 4352 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:56:15.0955 4352 kbdclass - ok
16:56:15.0966 4352 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
16:56:15.0968 4352 kbdhid - ok
16:56:16.0006 4352 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:56:16.0008 4352 KeyIso - ok
16:56:16.0026 4352 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
16:56:16.0029 4352 KSecDD - ok
16:56:16.0077 4352 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
16:56:16.0081 4352 KSecPkg - ok
16:56:16.0119 4352 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:56:16.0134 4352 KtmRm - ok
16:56:16.0181 4352 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
16:56:16.0193 4352 LanmanServer - ok
16:56:16.0237 4352 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
16:56:16.0243 4352 LanmanWorkstation - ok
16:56:16.0285 4352 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:56:16.0286 4352 lltdio - ok
16:56:16.0310 4352 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:56:16.0321 4352 lltdsvc - ok
16:56:16.0334 4352 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:56:16.0337 4352 lmhosts - ok
16:56:16.0353 4352 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:56:16.0356 4352 LSI_FC - ok
16:56:16.0378 4352 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:56:16.0381 4352 LSI_SAS - ok
16:56:16.0390 4352 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:56:16.0393 4352 LSI_SAS2 - ok
16:56:16.0405 4352 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:56:16.0407 4352 LSI_SCSI - ok
16:56:16.0428 4352 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:56:16.0430 4352 luafv - ok
16:56:16.0519 4352 lxduCATSCustConnectService (4a0b6533f035d74729942ee1d19c35c5) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
16:56:16.0532 4352 lxduCATSCustConnectService - ok
16:56:16.0572 4352 lxdu_device - ok
16:56:16.0628 4352 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
16:56:16.0635 4352 Mcx2Svc - ok
16:56:16.0657 4352 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:56:16.0660 4352 megasas - ok
16:56:16.0682 4352 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:56:16.0686 4352 MegaSR - ok
16:56:16.0707 4352 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:56:16.0712 4352 MMCSS - ok
16:56:16.0722 4352 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:56:16.0722 4352 Modem - ok
16:56:16.0758 4352 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:56:16.0759 4352 monitor - ok
16:56:16.0801 4352 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:56:16.0803 4352 mouclass - ok
16:56:16.0816 4352 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:56:16.0818 4352 mouhid - ok
16:56:16.0860 4352 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:56:16.0863 4352 mountmgr - ok
16:56:16.0939 4352 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
16:56:16.0950 4352 MpFilter - ok
16:56:16.0998 4352 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:56:17.0000 4352 mpio - ok
16:56:17.0149 4352 MpKsl25f687a8 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{732600D3-2C9C-4C3F-B2A4-6164F7CF55B8}\MpKsl25f687a8.sys
16:56:17.0153 4352 MpKsl25f687a8 - ok
16:56:17.0189 4352 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:56:17.0191 4352 mpsdrv - ok
16:56:17.0257 4352 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
16:56:17.0276 4352 MpsSvc - ok
16:56:17.0315 4352 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:56:17.0318 4352 MRxDAV - ok
16:56:17.0365 4352 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:56:17.0368 4352 mrxsmb - ok
16:56:17.0419 4352 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:56:17.0428 4352 mrxsmb10 - ok
16:56:17.0444 4352 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:56:17.0447 4352 mrxsmb20 - ok
16:56:17.0456 4352 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:56:17.0457 4352 msahci - ok
16:56:17.0501 4352 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:56:17.0503 4352 msdsm - ok
16:56:17.0528 4352 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:56:17.0534 4352 MSDTC - ok
16:56:17.0559 4352 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:56:17.0561 4352 Msfs - ok
16:56:17.0574 4352 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:56:17.0577 4352 mshidkmdf - ok
16:56:17.0590 4352 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:56:17.0592 4352 msisadrv - ok
16:56:17.0616 4352 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:56:17.0620 4352 MSiSCSI - ok
16:56:17.0624 4352 msiserver - ok
16:56:17.0641 4352 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:56:17.0642 4352 MSKSSRV - ok
16:56:17.0762 4352 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:56:17.0765 4352 MsMpSvc - ok
16:56:17.0809 4352 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:56:17.0811 4352 MSPCLOCK - ok
16:56:17.0821 4352 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:56:17.0822 4352 MSPQM - ok
16:56:17.0841 4352 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:56:17.0844 4352 MsRPC - ok
16:56:17.0861 4352 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:56:17.0863 4352 mssmbios - ok
16:56:17.0867 4352 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:56:17.0867 4352 MSTEE - ok
16:56:17.0874 4352 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:56:17.0874 4352 MTConfig - ok
16:56:17.0883 4352 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:56:17.0885 4352 Mup - ok
16:56:17.0935 4352 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
16:56:17.0952 4352 napagent - ok
16:56:17.0976 4352 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:56:17.0992 4352 NativeWifiP - ok
16:56:18.0152 4352 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
16:56:18.0200 4352 NBService - ok
16:56:18.0335 4352 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:56:18.0352 4352 NDIS - ok
16:56:18.0377 4352 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:56:18.0379 4352 NdisCap - ok
16:56:18.0399 4352 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:56:18.0401 4352 NdisTapi - ok
16:56:18.0443 4352 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:56:18.0446 4352 Ndisuio - ok
16:56:18.0460 4352 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:56:18.0463 4352 NdisWan - ok
16:56:18.0500 4352 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:56:18.0501 4352 NDProxy - ok
16:56:18.0518 4352 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:56:18.0520 4352 NetBIOS - ok
16:56:18.0560 4352 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
16:56:18.0564 4352 NetBT - ok
16:56:18.0604 4352 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:56:18.0606 4352 Netlogon - ok
16:56:18.0649 4352 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:56:18.0666 4352 Netman - ok
16:56:18.0781 4352 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:56:18.0786 4352 NetMsmqActivator - ok
16:56:18.0791 4352 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:56:18.0796 4352 NetPipeActivator - ok
16:56:18.0836 4352 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:56:18.0851 4352 netprofm - ok
16:56:18.0856 4352 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:56:18.0857 4352 NetTcpActivator - ok
16:56:18.0863 4352 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:56:18.0865 4352 NetTcpPortSharing - ok
16:56:19.0051 4352 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
16:56:19.0149 4352 netw5v32 - ok
16:56:19.0252 4352 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:56:19.0256 4352 nfrd960 - ok
16:56:19.0332 4352 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:56:19.0336 4352 NisDrv - ok
16:56:19.0412 4352 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
16:56:19.0427 4352 NisSrv - ok
16:56:19.0481 4352 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
16:56:19.0497 4352 NlaSvc - ok
16:56:19.0608 4352 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
16:56:19.0624 4352 NMIndexingService - ok
16:56:19.0642 4352 nosGetPlusHelper - ok
16:56:19.0661 4352 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:56:19.0663 4352 Npfs - ok
16:56:19.0681 4352 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:56:19.0685 4352 nsi - ok
16:56:19.0694 4352 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:56:19.0696 4352 nsiproxy - ok
16:56:19.0804 4352 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:56:19.0848 4352 Ntfs - ok
16:56:19.0872 4352 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:56:19.0874 4352 Null - ok
16:56:20.0192 4352 nvlddmkm (39d8f5a92427c57309355199592ead9f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:56:20.0338 4352 nvlddmkm - ok
16:56:20.0460 4352 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:56:20.0463 4352 nvraid - ok
16:56:20.0485 4352 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:56:20.0494 4352 nvstor - ok
16:56:20.0535 4352 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:56:20.0538 4352 nv_agp - ok
16:56:20.0561 4352 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:56:20.0563 4352 ohci1394 - ok
16:56:20.0622 4352 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:56:20.0633 4352 ose - ok
16:56:20.0890 4352 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:56:20.0989 4352 osppsvc - ok
16:56:21.0089 4352 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:56:21.0109 4352 p2pimsvc - ok
16:56:21.0163 4352 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:56:21.0183 4352 p2psvc - ok
16:56:21.0221 4352 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:56:21.0224 4352 Parport - ok
16:56:21.0266 4352 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
16:56:21.0269 4352 partmgr - ok
16:56:21.0285 4352 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:56:21.0287 4352 Parvdm - ok
16:56:21.0307 4352 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:56:21.0313 4352 PcaSvc - ok
16:56:21.0354 4352 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:56:21.0358 4352 pci - ok
16:56:21.0369 4352 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:56:21.0372 4352 pciide - ok
16:56:21.0391 4352 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:56:21.0402 4352 pcmcia - ok
16:56:21.0417 4352 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:56:21.0420 4352 pcw - ok
16:56:21.0459 4352 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:56:21.0478 4352 PEAUTH - ok
16:56:21.0549 4352 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
16:56:21.0582 4352 PeerDistSvc - ok
16:56:21.0705 4352 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
16:56:21.0753 4352 pla - ok
16:56:21.0885 4352 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
16:56:21.0907 4352 PlugPlay - ok
16:56:21.0941 4352 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:56:21.0946 4352 PNRPAutoReg - ok
16:56:21.0967 4352 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:56:21.0972 4352 PNRPsvc - ok
16:56:22.0022 4352 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
16:56:22.0025 4352 Point32 - ok
16:56:22.0061 4352 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
16:56:22.0081 4352 PolicyAgent - ok
16:56:22.0111 4352 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
16:56:22.0121 4352 Power - ok
16:56:22.0141 4352 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:56:22.0141 4352 PptpMiniport - ok
16:56:22.0171 4352 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:56:22.0171 4352 Processor - ok
16:56:22.0191 4352 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
16:56:22.0206 4352 ProfSvc - ok
16:56:22.0241 4352 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:56:22.0241 4352 ProtectedStorage - ok
16:56:22.0256 4352 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:56:22.0256 4352 Psched - ok
16:56:22.0341 4352 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:56:22.0396 4352 ql2300 - ok
16:56:22.0521 4352 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:56:22.0526 4352 ql40xx - ok
16:56:22.0566 4352 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:56:22.0581 4352 QWAVE - ok
16:56:22.0601 4352 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:56:22.0606 4352 QWAVEdrv - ok
16:56:22.0651 4352 R5U870FLx86 (619fee09714903ef72f0fb80882cc946) C:\Windows\system32\Drivers\R5U870FLx86.sys
16:56:22.0651 4352 R5U870FLx86 - ok
16:56:22.0666 4352 R5U870FUx86 (3f75ba4b7e81a42781b725657883a2b4) C:\Windows\system32\Drivers\R5U870FUx86.sys
16:56:22.0666 4352 R5U870FUx86 - ok
16:56:22.0676 4352 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:56:22.0681 4352 RasAcd - ok
16:56:22.0711 4352 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:56:22.0716 4352 RasAgileVpn - ok
16:56:22.0726 4352 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:56:22.0731 4352 RasAuto - ok
16:56:22.0746 4352 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:56:22.0751 4352 Rasl2tp - ok
16:56:22.0796 4352 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
16:56:22.0811 4352 RasMan - ok
16:56:22.0826 4352 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:56:22.0831 4352 RasPppoe - ok
16:56:22.0846 4352 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:56:22.0846 4352 RasSstp - ok
16:56:22.0866 4352 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:56:22.0876 4352 rdbss - ok
16:56:22.0886 4352 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:56:22.0891 4352 rdpbus - ok
16:56:22.0931 4352 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:56:22.0931 4352 RDPCDD - ok
16:56:22.0961 4352 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
16:56:22.0966 4352 RDPDR - ok
16:56:22.0976 4352 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:56:22.0976 4352 RDPENCDD - ok
16:56:22.0991 4352 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:56:22.0991 4352 RDPREFMP - ok
16:56:23.0031 4352 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
16:56:23.0036 4352 RDPWD - ok
16:56:23.0081 4352 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:56:23.0091 4352 rdyboost - ok
16:56:23.0116 4352 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:56:23.0126 4352 RemoteAccess - ok
16:56:23.0151 4352 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:56:23.0166 4352 RemoteRegistry - ok
16:56:23.0191 4352 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
16:56:23.0196 4352 RFCOMM - ok
16:56:23.0211 4352 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:56:23.0216 4352 RpcEptMapper - ok
16:56:23.0231 4352 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:56:23.0231 4352 RpcLocator - ok
16:56:23.0286 4352 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
16:56:23.0296 4352 RpcSs - ok
16:56:23.0326 4352 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:56:23.0326 4352 rspndr - ok
16:56:23.0366 4352 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
16:56:23.0366 4352 s3cap - ok
16:56:23.0406 4352 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:56:23.0406 4352 SamSs - ok
16:56:23.0526 4352 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:56:23.0526 4352 SASDIFSV - ok
16:56:23.0561 4352 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:56:23.0566 4352 SASKUTIL - ok
16:56:23.0586 4352 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:56:23.0591 4352 sbp2port - ok
16:56:23.0621 4352 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:56:23.0626 4352 SCardSvr - ok
16:56:23.0671 4352 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:56:23.0671 4352 scfilter - ok
16:56:23.0741 4352 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
16:56:23.0771 4352 Schedule - ok
16:56:23.0816 4352 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:56:23.0816 4352 SCPolicySvc - ok
16:56:23.0831 4352 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
16:56:23.0841 4352 SDRSVC - ok
16:56:23.0856 4352 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:56:23.0856 4352 secdrv - ok
16:56:23.0876 4352 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:56:23.0881 4352 seclogon - ok
16:56:23.0891 4352 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
16:56:23.0896 4352 SENS - ok
16:56:23.0931 4352 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:56:23.0936 4352 SensrSvc - ok
16:56:23.0946 4352 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:56:23.0951 4352 Serenum - ok
16:56:23.0966 4352 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:56:23.0966 4352 Serial - ok
16:56:24.0006 4352 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:56:24.0010 4352 sermouse - ok
16:56:24.0087 4352 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
16:56:24.0105 4352 SessionEnv - ok
16:56:24.0130 4352 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
16:56:24.0134 4352 SFEP - ok
16:56:24.0179 4352 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:56:24.0183 4352 sffdisk - ok
16:56:24.0202 4352 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:56:24.0206 4352 sffp_mmc - ok
16:56:24.0224 4352 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
16:56:24.0227 4352 sffp_sd - ok
16:56:24.0238 4352 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:56:24.0240 4352 sfloppy - ok
16:56:24.0280 4352 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:56:24.0294 4352 SharedAccess - ok
16:56:24.0347 4352 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
16:56:24.0363 4352 ShellHWDetection - ok
16:56:24.0383 4352 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:56:24.0387 4352 sisagp - ok
16:56:24.0403 4352 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:56:24.0406 4352 SiSRaid2 - ok
16:56:24.0421 4352 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:56:24.0424 4352 SiSRaid4 - ok
16:56:24.0440 4352 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:56:24.0444 4352 Smb - ok
16:56:24.0478 4352 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:56:24.0483 4352 SNMPTRAP - ok
16:56:24.0492 4352 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:56:24.0495 4352 spldr - ok
16:56:24.0517 4352 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
16:56:24.0533 4352 Spooler - ok
16:56:24.0756 4352 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
16:56:24.0823 4352 sppsvc - ok
16:56:24.0939 4352 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
16:56:24.0944 4352 sppuinotify - ok
16:56:25.0010 4352 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:56:25.0025 4352 srv - ok
16:56:25.0058 4352 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:56:25.0072 4352 srv2 - ok
16:56:25.0096 4352 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:56:25.0107 4352 SrvHsfHDA - ok
16:56:25.0188 4352 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:56:25.0223 4352 SrvHsfV92 - ok
16:56:25.0271 4352 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:56:25.0304 4352 SrvHsfWinac - ok
16:56:25.0322 4352 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:56:25.0325 4352 srvnet - ok
16:56:25.0357 4352 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:56:25.0368 4352 SSDPSRV - ok
16:56:25.0386 4352 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:56:25.0391 4352 SstpSvc - ok
16:56:25.0501 4352 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
16:56:25.0522 4352 StarWindServiceAE - ok
16:56:25.0546 4352 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:56:25.0550 4352 stexstor - ok
16:56:25.0624 4352 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
16:56:25.0670 4352 StiSvc - ok
16:56:25.0718 4352 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
16:56:25.0721 4352 storflt - ok
16:56:25.0748 4352 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
16:56:25.0754 4352 StorSvc - ok
16:56:25.0768 4352 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
16:56:25.0771 4352 storvsc - ok
16:56:25.0789 4352 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:56:25.0792 4352 swenum - ok
16:56:25.0941 4352 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:56:26.0051 4352 SwitchBoard - ok
16:56:26.0077 4352 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:56:26.0092 4352 swprv - ok
16:56:26.0138 4352 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
16:56:26.0141 4352 SynTP - ok
16:56:26.0222 4352 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
16:56:26.0249 4352 SysMain - ok
16:56:26.0293 4352 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
16:56:26.0306 4352 TabletInputService - ok
16:56:26.0362 4352 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
16:56:26.0377 4352 TapiSrv - ok
16:56:26.0397 4352 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:56:26.0402 4352 TBS - ok
16:56:26.0517 4352 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
16:56:26.0546 4352 Tcpip - ok
16:56:26.0563 4352 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
16:56:26.0573 4352 TCPIP6 - ok
16:56:26.0624 4352 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:56:26.0628 4352 tcpipreg - ok
16:56:26.0648 4352 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:56:26.0650 4352 TDPIPE - ok
16:56:26.0694 4352 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
16:56:26.0698 4352 TDTCP - ok
16:56:26.0744 4352 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
16:56:26.0747 4352 tdx - ok
16:56:26.0786 4352 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:56:26.0789 4352 TermDD - ok
16:56:26.0855 4352 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
16:56:26.0876 4352 TermService - ok
16:56:26.0895 4352 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:56:26.0901 4352 Themes - ok
16:56:26.0919 4352 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:56:26.0922 4352 THREADORDER - ok
16:56:26.0943 4352 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:56:26.0946 4352 TrkWks - ok
16:56:26.0978 4352 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
16:56:26.0982 4352 TrustedInstaller - ok
16:56:26.0995 4352 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:56:26.0997 4352 tssecsrv - ok
16:56:27.0067 4352 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:56:27.0071 4352 TsUsbFlt - ok
16:56:27.0120 4352 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:56:27.0124 4352 tunnel - ok
16:56:27.0153 4352 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:56:27.0156 4352 uagp35 - ok
16:56:27.0208 4352 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:56:27.0219 4352 udfs - ok
16:56:27.0240 4352 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:56:27.0245 4352 UI0Detect - ok
16:56:27.0291 4352 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:56:27.0294 4352 uliagpkx - ok
16:56:27.0305 4352 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
16:56:27.0308 4352 umbus - ok
16:56:27.0334 4352 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:56:27.0335 4352 UmPass - ok
16:56:27.0353 4352 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
16:56:27.0365 4352 UmRdpService - ok
16:56:27.0392 4352 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:56:27.0410 4352 upnphost - ok
16:56:27.0475 4352 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
16:56:27.0479 4352 USBAAPL - ok
16:56:27.0513 4352 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
16:56:27.0518 4352 usbaudio - ok
16:56:27.0568 4352 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
16:56:27.0573 4352 usbccgp - ok
16:56:27.0620 4352 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:56:27.0625 4352 usbcir - ok
16:56:27.0672 4352 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
16:56:27.0676 4352 usbehci - ok
16:56:27.0734 4352 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:56:27.0751 4352 usbhub - ok
16:56:27.0777 4352 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
16:56:27.0781 4352 usbohci - ok
16:56:27.0798 4352 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:56:27.0800 4352 usbprint - ok
16:56:27.0849 4352 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
16:56:27.0850 4352 usbscan - ok
16:56:27.0897 4352 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:56:27.0900 4352 USBSTOR - ok
16:56:27.0912 4352 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:56:27.0915 4352 usbuhci - ok
16:56:27.0936 4352 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
16:56:27.0939 4352 usbvideo - ok
16:56:27.0966 4352 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:56:27.0971 4352 UxSms - ok
16:56:28.0009 4352 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:56:28.0011 4352 VaultSvc - ok
16:56:28.0022 4352 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:56:28.0024 4352 vdrvroot - ok
16:56:28.0079 4352 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
16:56:28.0098 4352 vds - ok
16:56:28.0112 4352 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:56:28.0115 4352 vga - ok
16:56:28.0133 4352 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:56:28.0135 4352 VgaSave - ok
16:56:28.0157 4352 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:56:28.0162 4352 vhdmp - ok
16:56:28.0174 4352 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:56:28.0176 4352 viaagp - ok
16:56:28.0203 4352 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:56:28.0206 4352 ViaC7 - ok
16:56:28.0212 4352 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:56:28.0214 4352 viaide - ok
16:56:28.0243 4352 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
16:56:28.0256 4352 vmbus - ok
16:56:28.0271 4352 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
16:56:28.0273 4352 VMBusHID - ok
16:56:28.0290 4352 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:56:28.0293 4352 volmgr - ok
16:56:28.0320 4352 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:56:28.0334 4352 volmgrx - ok
16:56:28.0354 4352 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:56:28.0364 4352 volsnap - ok
16:56:28.0379 4352 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:56:28.0382 4352 vsmraid - ok
16:56:28.0431 4352 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
16:56:28.0456 4352 VSS - ok
16:56:28.0585 4352 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
16:56:28.0607 4352 vToolbarUpdater11.0.2 - ok
16:56:28.0681 4352 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:56:28.0683 4352 vwifibus - ok
16:56:28.0741 4352 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:56:28.0758 4352 W32Time - ok
16:56:28.0768 4352 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:56:28.0769 4352 WacomPen - ok
16:56:28.0809 4352 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:56:28.0814 4352 WANARP - ok
16:56:28.0821 4352 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:56:28.0823 4352 Wanarpv6 - ok
16:56:28.0986 4352 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
16:56:29.0018 4352 WatAdminSvc - ok
16:56:29.0121 4352 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
16:56:29.0174 4352 wbengine - ok
16:56:29.0203 4352 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:56:29.0213 4352 WbioSrvc - ok
16:56:29.0264 4352 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
16:56:29.0281 4352 wcncsvc - ok
16:56:29.0295 4352 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:56:29.0298 4352 WcsPlugInService - ok
16:56:29.0341 4352 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:56:29.0342 4352 Wd - ok
16:56:29.0369 4352 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
16:56:29.0372 4352 WDC_SAM - ok
16:56:29.0412 4352 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:56:29.0429 4352 Wdf01000 - ok
16:56:29.0446 4352 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:56:29.0451 4352 WdiServiceHost - ok
16:56:29.0455 4352 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:56:29.0460 4352 WdiSystemHost - ok
16:56:29.0509 4352 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
16:56:29.0526 4352 WebClient - ok
16:56:29.0552 4352 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:56:29.0562 4352 Wecsvc - ok
16:56:29.0581 4352 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:56:29.0586 4352 wercplsupport - ok
16:56:29.0603 4352 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:56:29.0607 4352 WerSvc - ok
16:56:29.0621 4352 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:56:29.0621 4352 WfpLwf - ok
16:56:29.0635 4352 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:56:29.0637 4352 WIMMount - ok
16:56:29.0728 4352 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:56:29.0748 4352 WinDefend - ok
16:56:29.0760 4352 WinHttpAutoProxySvc - ok
16:56:29.0811 4352 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:56:29.0821 4352 Winmgmt - ok
16:56:29.0895 4352 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
16:56:29.0930 4352 WinRM - ok
16:56:30.0025 4352 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
16:56:30.0030 4352 WinUsb - ok
16:56:30.0119 4352 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:56:30.0143 4352 Wlansvc - ok
16:56:30.0157 4352 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
16:56:30.0159 4352 WmiAcpi - ok
16:56:30.0189 4352 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:56:30.0193 4352 wmiApSrv - ok
16:56:30.0287 4352 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:56:30.0312 4352 WMPNetworkSvc - ok
16:56:30.0324 4352 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:56:30.0328 4352 WPCSvc - ok
16:56:30.0381 4352 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
16:56:30.0400 4352 WPDBusEnum - ok
16:56:30.0453 4352 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:56:30.0456 4352 ws2ifsl - ok
16:56:30.0474 4352 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
16:56:30.0481 4352 wscsvc - ok
16:56:30.0485 4352 WSearch - ok
16:56:30.0573 4352 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
16:56:30.0618 4352 wuauserv - ok
16:56:30.0732 4352 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:56:30.0736 4352 WudfPf - ok
16:56:30.0776 4352 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:56:30.0787 4352 WUDFRd - ok
16:56:30.0840 4352 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
16:56:30.0853 4352 wudfsvc - ok
16:56:30.0883 4352 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:56:30.0900 4352 WwanSvc - ok
16:56:30.0932 4352 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
16:56:30.0946 4352 yukonw7 - ok
16:56:30.0964 4352 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:56:31.0033 4352 \Device\Harddisk0\DR0 - ok
16:56:31.0049 4352 Boot (0x1200) (e328a6b90a7055b0205c1fccbffb64bb) \Device\Harddisk0\DR0\Partition0
16:56:31.0052 4352 \Device\Harddisk0\DR0\Partition0 - ok
16:56:31.0061 4352 Boot (0x1200) (95f2d7976ecd784ff03e22c2546ae2e7) \Device\Harddisk0\DR0\Partition1
16:56:31.0065 4352 \Device\Harddisk0\DR0\Partition1 - ok
16:56:31.0066 4352 ============================================================
16:56:31.0066 4352 Scan finished
16:56:31.0066 4352 ============================================================
16:56:31.0084 5064 Detected object count: 0
16:56:31.0084 5064 Actual detected object count: 0






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-03 17:08:25
-----------------------------
17:08:25.564 OS Version: Windows 6.1.7601 Service Pack 1
17:08:25.564 Number of processors: 2 586 0x1706
17:08:25.564 ComputerName: JASON-PC UserName: Jason
17:08:45.750 Initialize success
17:10:06.963 AVAST engine defs: 12050301
17:11:20.950 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
17:11:20.957 Disk 0 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 11
17:11:20.969 Disk 0 MBR read successfully
17:11:20.974 Disk 0 MBR scan
17:11:20.981 Disk 0 Windows 7 default MBR code
17:11:20.994 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:11:21.047 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
17:11:21.088 Disk 0 scanning sectors +976771072
17:11:21.242 Disk 0 scanning C:\Windows\system32\drivers
17:11:46.315 Service scanning
17:12:01.456 Service MpKsl25f687a8 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{732600D3-2C9C-4C3F-B2A4-6164F7CF55B8}\MpKsl25f687a8.sys **LOCKED** 32
17:12:28.777 Modules scanning
17:12:39.442 Disk 0 trace - called modules:
17:12:39.816 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
17:12:39.831 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865a7ac8]
17:12:39.844 3 CLASSPNP.SYS[8bc1c59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x857a9908]
17:12:41.106 AVAST engine scan C:\Windows
17:12:46.007 AVAST engine scan C:\Windows\system32
17:17:27.393 AVAST engine scan C:\Windows\system32\drivers
17:17:56.558 AVAST engine scan C:\Users\Jason
17:27:11.158 AVAST engine scan C:\ProgramData
17:30:58.351 Scan finished successfully
18:14:20.568 Disk 0 MBR has been saved successfully to "C:\Users\Jason\Desktop\MBR.dat"
18:14:20.642 The log file has been saved successfully to "C:\Users\Jason\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 03 May 2012 - 09:59 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 06 May 2012 - 03:58 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 08 May 2012 - 11:22 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jf2oo6

jf2oo6
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 09 May 2012 - 05:46 AM

I apologize for taking so long to respond. Just have been busy the past couple days. I am at work right now, but I will run the script as soon as I get home tonight. Thanks for all your help.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 09 May 2012 - 12:33 PM

no problem and see you then and thank you for responding


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jf2oo6

jf2oo6
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 10 May 2012 - 09:03 PM

ComboFix 12-05-10.04 - Jason 05/10/2012 19:08:46.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.2120 [GMT -4:00]
Running from: c:\users\Jason\Desktop\ComboFix.exe
Command switches used :: c:\users\Jason\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-10 23:16 . 2012-05-10 23:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-10 23:16 . 2012-05-10 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-10 23:16 . 2012-05-10 23:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-10 23:06 . 2012-05-10 23:06 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61BAD98B-34D2-4674-BDCA-AFAA170F2C24}\offreg.dll
2012-05-10 23:06 . 2012-05-10 23:06 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61BAD98B-34D2-4674-BDCA-AFAA170F2C24}\MpKslcdbcec10.sys
2012-05-10 21:31 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61BAD98B-34D2-4674-BDCA-AFAA170F2C24}\mpengine.dll
2012-05-09 19:12 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-03 00:26 . 2012-05-10 23:16 -------- d-----w- c:\users\Jason\AppData\Local\temp
2012-04-29 01:09 . 2012-04-29 01:09 -------- d-----w- c:\users\Jason\AppData\Local\AVG Secure Search
2012-04-29 01:08 . 2012-04-29 01:09 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-29 01:08 . 2012-04-29 01:08 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-04-29 01:08 . 2012-04-29 01:09 -------- d-----w- c:\program files\AVG Secure Search
2012-04-29 01:04 . 2012-04-29 01:04 -------- d--h--w- c:\programdata\Common Files
2012-04-19 16:41 . 2012-04-19 16:41 -------- d-----w- c:\program files\Common Files\Java
2012-04-19 16:41 . 2012-04-19 16:40 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-14 15:11 . 2012-04-14 15:11 -------- d-----w- c:\users\Jason\AppData\Roaming\SUPERAntiSpyware.com
2012-04-14 15:10 . 2012-04-14 15:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-14 15:10 . 2012-04-14 15:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-14 14:57 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 14:37 . 2012-04-14 14:37 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFA55395-3A07-48D6-99D6-8B10BCDEE51E}\gapaengine.dll
2012-04-14 14:10 . 2012-02-28 01:58 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-14 14:10 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-14 14:10 . 2012-02-28 01:18 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-14 14:10 . 2012-02-28 01:08 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-04-14 14:10 . 2012-02-28 01:11 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-04-14 14:09 . 2012-02-28 01:13 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-14 14:09 . 2012-02-28 01:11 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-14 14:08 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-14 14:08 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-14 14:08 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-14 14:08 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-14 14:07 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-14 14:07 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-14 12:37 . 2012-04-14 13:37 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-14 12:37 . 2012-04-14 12:37 -------- d-----w- c:\program files\Kaspersky Lab
2012-04-14 12:34 . 2012-04-14 12:34 -------- d-----w- C:\kleaner.tmp
2012-04-13 17:44 . 2012-04-14 14:15 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 16:40 . 2011-01-12 21:39 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-21 00:44 . 2010-10-25 02:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2010-10-25 02:25 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-14 23:14 . 2011-06-05 23:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-13 19:03 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 19:03 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 19:03 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01 . 2012-02-15 16:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-29 01:08 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-29 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-07-22 122880]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-17 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-17 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-04-04 05:53 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-04-04 05:53 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 08:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 00:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-09-14 20:09 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-28 23:36 136176 ----atw- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5600-6600 Series Fax Server]
2009-05-11 17:02 311976 ----a-w- c:\program files\Lexmark 5600-6600 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxduamon]
2009-05-11 17:02 16040 ----a-w- c:\program files\Lexmark 5600-6600 Series\lxduamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdumon.exe]
2009-05-11 17:02 684712 ----a-w- c:\program files\Lexmark 5600-6600 Series\lxdumon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 19:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-02-17 21:15 8429568 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 22:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-07-13 20:17 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-04-29 01:08 1116544 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 136176]
R3 GKUPRO2D;GKUPRO2D;c:\windows\system32\Drivers\GKUPRO2D.sys [2005-02-18 71168]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-02 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 MpKslcdbcec10;MpKslcdbcec10;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61BAD98B-34D2-4674-BDCA-AFAA170F2C24}\MpKslcdbcec10.sys [2012-05-10 29904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 589824]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2009-10-16 94208]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-04-29 932736]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2008-02-17 75008]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2008-02-17 43904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 61988889
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSLCDBCEC10
*Deregistered* - 61988889
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 23:36]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 23:36]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1286681262-2286595208-2502019248-1001Core.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-28 23:36]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1286681262-2286595208-2502019248-1001UA.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-28 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={756FB66D-04C3-4BE4-9C7B-09768AAED8C8}&mid=9bbdc5cc87aa47d0bd26d1577b6cf7e5-795c93fdb56944ba910d5db7d081e8b00addefe9&lang=en&ds=gm011&pr=sa&d=2012-04-28 21:08&v=11.0.0.9&sap=hp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: navy.mil\bolnkossignon.bol
Trusted Zone: navy.mil\www.bol
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-10 19:17:47
ComboFix-quarantined-files.txt 2012-05-10 23:17
ComboFix2.txt 2012-05-03 00:26
.
Pre-Run: 277,603,328,000 bytes free
Post-Run: 277,650,317,312 bytes free
.
- - End Of File - - 9D9C88147994FCCF98A6B04EF77EBF06

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 10 May 2012 - 09:22 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 12 May 2012 - 11:45 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users