Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirected to Happili.com


  • This topic is locked This topic is locked
33 replies to this topic

#1 c0lossus

c0lossus

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 26 April 2012 - 02:22 AM

When i try to search something using internet explorer, I will get the search results and then when i click on a specific website it would constantly direct me to happili.com. Please help me make it stop.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Colossus at 0:17:48 on 2012-04-26
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2014.849 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\sppsvc.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.139\deploy\LolClient.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Colossus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Adobe] rundll32.exe "C:\Users\Colossus\AppData\Local\Apple Computer\Adobe\ihkpbqo.dll",DllRegisterServer
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{FEFD4EC3-0BF2-4AB5-870B-0D8B9978DD0B} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
.
=============== Created Last 30 ================
.
2012-04-23 10:31:47 20480 ----a-w- C:\Windows\svchost.exe
2012-04-23 10:29:53 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\7FEF.tmp
2012-04-23 10:29:53 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\7FDF.tmp
.
==================== Find3M ====================
.
.
============= FINISH: 0:18:23.81 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:59 AM

Posted 26 April 2012 - 03:11 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 c0lossus

c0lossus
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 26 April 2012 - 05:17 AM

Ok so during the process I had to run combo fix multiple times because I would get a blue screen which I could hardly see for one second and it would say "Collecting data from crash dump". By the third time I ran combofix it finished without interruptions. Next, combofix restarted my computer and right after it was preparing the log I got a msg about a certain .dll file not starting properly. That message was gone as well before I could get the file name.

Here is my log from Security Check:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Java version out of date!
Adobe Reader X 10.1.0 Adobe Reader out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

Here is my log from ComboFix


ComboFix 12-04-25.02 - Colossus 04/26/2012 3:00.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2014.1212 [GMT -7:00]
Running from: c:\users\Colossus\Desktop\Security\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Colossus\AppData\Local\Apple Computer\Adobe\ihkpbqo.dll
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-26 10:04 . 2012-04-26 10:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-23 10:29 . 2012-04-23 10:29 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\7FEF.tmp
2012-04-23 10:29 . 2012-04-23 10:29 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\7FDF.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-20 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-680097895-1281761434-3568893497-1000Core.job
- c:\users\Colossus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04 02:57]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-680097895-1281761434-3568893497-1000UA.job
- c:\users\Colossus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04 02:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Adobe - c:\users\Colossus\AppData\Local\Apple Computer\Adobe\ihkpbqo.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-04-26 03:09:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-26 10:09
.
Pre-Run: 130,681,118,720 bytes free
Post-Run: 130,637,721,600 bytes free
.
- - End Of File - - B91F8C30EA32EF3C2F6FB6B6C82E59AB

Edited by c0lossus, 26 April 2012 - 05:18 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:59 AM

Posted 26 April 2012 - 06:43 AM

Greetings

Let me know which browsers are redirecting - check all that are installed on the computer

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 c0lossus

c0lossus
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 26 April 2012 - 08:55 PM

I havent had the problem for a couple of hours now. I only use IE and dont have any other browser.

TDSSKiller

18:41:58.0045 2804 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:41:58.0404 2804 ============================================================
18:41:58.0404 2804 Current date / time: 2012/04/26 18:41:58.0404
18:41:58.0404 2804 SystemInfo:
18:41:58.0404 2804
18:41:58.0404 2804 OS Version: 6.1.7600 ServicePack: 0.0
18:41:58.0404 2804 Product type: Workstation
18:41:58.0404 2804 ComputerName: COLOSSUS-PC
18:41:58.0404 2804 UserName: Colossus
18:41:58.0404 2804 Windows directory: C:\Windows
18:41:58.0404 2804 System windows directory: C:\Windows
18:41:58.0404 2804 Running under WOW64
18:41:58.0404 2804 Processor architecture: Intel x64
18:41:58.0404 2804 Number of processors: 2
18:41:58.0404 2804 Page size: 0x1000
18:41:58.0404 2804 Boot type: Normal boot
18:41:58.0404 2804 ============================================================
18:41:59.0527 2804 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:41:59.0543 2804 ============================================================
18:41:59.0543 2804 \Device\Harddisk0\DR0:
18:41:59.0543 2804 MBR partitions:
18:41:59.0543 2804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:41:59.0543 2804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129D2800
18:41:59.0543 2804 ============================================================
18:41:59.0558 2804 C: <-> \Device\Harddisk0\DR0\Partition1
18:41:59.0558 2804 ============================================================
18:41:59.0558 2804 Initialize success
18:41:59.0558 2804 ============================================================
18:42:01.0695 2704 ============================================================
18:42:01.0695 2704 Scan started
18:42:01.0695 2704 Mode: Manual;
18:42:01.0695 2704 ============================================================
18:42:02.0600 2704 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:42:02.0616 2704 1394ohci - ok
18:42:02.0663 2704 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:42:02.0678 2704 ACPI - ok
18:42:02.0694 2704 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:42:02.0694 2704 AcpiPmi - ok
18:42:02.0772 2704 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:42:02.0787 2704 AdobeARMservice - ok
18:42:02.0819 2704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:42:02.0834 2704 adp94xx - ok
18:42:02.0881 2704 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:42:02.0897 2704 adpahci - ok
18:42:02.0912 2704 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:42:02.0912 2704 adpu320 - ok
18:42:02.0943 2704 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:42:02.0943 2704 AeLookupSvc - ok
18:42:02.0975 2704 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
18:42:02.0990 2704 AFD - ok
18:42:03.0021 2704 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:42:03.0021 2704 agp440 - ok
18:42:03.0053 2704 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:42:03.0053 2704 ALG - ok
18:42:03.0084 2704 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:42:03.0084 2704 aliide - ok
18:42:03.0115 2704 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:42:03.0115 2704 amdide - ok
18:42:03.0131 2704 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:42:03.0131 2704 AmdK8 - ok
18:42:03.0131 2704 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:42:03.0131 2704 AmdPPM - ok
18:42:03.0177 2704 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
18:42:03.0177 2704 amdsata - ok
18:42:03.0224 2704 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:42:03.0224 2704 amdsbs - ok
18:42:03.0255 2704 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
18:42:03.0255 2704 amdxata - ok
18:42:03.0287 2704 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:42:03.0287 2704 AppID - ok
18:42:03.0302 2704 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:42:03.0318 2704 AppIDSvc - ok
18:42:03.0318 2704 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:42:03.0318 2704 Appinfo - ok
18:42:03.0365 2704 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:42:03.0365 2704 AppMgmt - ok
18:42:03.0396 2704 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:42:03.0396 2704 arc - ok
18:42:03.0411 2704 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:42:03.0427 2704 arcsas - ok
18:42:03.0443 2704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:42:03.0443 2704 AsyncMac - ok
18:42:03.0458 2704 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:42:03.0458 2704 atapi - ok
18:42:03.0645 2704 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
18:42:03.0770 2704 atikmdag - ok
18:42:03.0895 2704 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:42:03.0911 2704 AudioEndpointBuilder - ok
18:42:03.0911 2704 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:42:03.0926 2704 AudioSrv - ok
18:42:03.0957 2704 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:42:03.0957 2704 AxInstSV - ok
18:42:04.0035 2704 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:42:04.0035 2704 b06bdrv - ok
18:42:04.0082 2704 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:42:04.0098 2704 b57nd60a - ok
18:42:04.0113 2704 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:42:04.0113 2704 BDESVC - ok
18:42:04.0129 2704 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:42:04.0129 2704 Beep - ok
18:42:04.0176 2704 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:42:04.0191 2704 BFE - ok
18:42:04.0238 2704 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
18:42:04.0269 2704 BITS - ok
18:42:04.0316 2704 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:42:04.0316 2704 blbdrive - ok
18:42:04.0347 2704 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
18:42:04.0347 2704 bowser - ok
18:42:04.0363 2704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:42:04.0363 2704 BrFiltLo - ok
18:42:04.0363 2704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:42:04.0363 2704 BrFiltUp - ok
18:42:04.0394 2704 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:42:04.0394 2704 BridgeMP - ok
18:42:04.0410 2704 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:42:04.0410 2704 Browser - ok
18:42:04.0441 2704 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:42:04.0441 2704 Brserid - ok
18:42:04.0457 2704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:42:04.0457 2704 BrSerWdm - ok
18:42:04.0457 2704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:42:04.0457 2704 BrUsbMdm - ok
18:42:04.0457 2704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:42:04.0457 2704 BrUsbSer - ok
18:42:04.0472 2704 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:42:04.0472 2704 BTHMODEM - ok
18:42:04.0488 2704 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:42:04.0488 2704 bthserv - ok
18:42:04.0519 2704 catchme - ok
18:42:04.0535 2704 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:42:04.0550 2704 cdfs - ok
18:42:04.0581 2704 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:42:04.0581 2704 cdrom - ok
18:42:04.0597 2704 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:42:04.0597 2704 CertPropSvc - ok
18:42:04.0628 2704 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:42:04.0628 2704 circlass - ok
18:42:04.0644 2704 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:42:04.0659 2704 CLFS - ok
18:42:04.0862 2704 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:42:04.0862 2704 clr_optimization_v2.0.50727_32 - ok
18:42:04.0893 2704 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:42:04.0909 2704 clr_optimization_v2.0.50727_64 - ok
18:42:04.0940 2704 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:42:04.0940 2704 CmBatt - ok
18:42:04.0956 2704 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:42:04.0956 2704 cmdide - ok
18:42:04.0987 2704 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
18:42:05.0003 2704 CNG - ok
18:42:05.0018 2704 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:42:05.0018 2704 Compbatt - ok
18:42:05.0034 2704 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:42:05.0034 2704 CompositeBus - ok
18:42:05.0049 2704 COMSysApp - ok
18:42:05.0065 2704 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:42:05.0065 2704 crcdisk - ok
18:42:05.0112 2704 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
18:42:05.0112 2704 CryptSvc - ok
18:42:05.0143 2704 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
18:42:05.0174 2704 CSC - ok
18:42:05.0205 2704 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
18:42:05.0221 2704 CscService - ok
18:42:05.0252 2704 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:42:05.0283 2704 DcomLaunch - ok
18:42:05.0315 2704 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:42:05.0330 2704 defragsvc - ok
18:42:05.0377 2704 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
18:42:05.0377 2704 DfsC - ok
18:42:05.0408 2704 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:42:05.0408 2704 Dhcp - ok
18:42:05.0424 2704 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:42:05.0424 2704 discache - ok
18:42:05.0439 2704 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:42:05.0439 2704 Disk - ok
18:42:05.0471 2704 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
18:42:05.0486 2704 Dnscache - ok
18:42:05.0517 2704 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:42:05.0533 2704 dot3svc - ok
18:42:05.0549 2704 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:42:05.0549 2704 DPS - ok
18:42:05.0580 2704 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:42:05.0595 2704 drmkaud - ok
18:42:05.0627 2704 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
18:42:05.0658 2704 DXGKrnl - ok
18:42:05.0689 2704 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
18:42:05.0705 2704 e1express - ok
18:42:05.0751 2704 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:42:05.0767 2704 EapHost - ok
18:42:05.0876 2704 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:42:05.0954 2704 ebdrv - ok
18:42:06.0048 2704 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
18:42:06.0048 2704 EFS - ok
18:42:06.0095 2704 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
18:42:06.0126 2704 ehRecvr - ok
18:42:06.0173 2704 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:42:06.0188 2704 ehSched - ok
18:42:06.0251 2704 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:42:06.0266 2704 elxstor - ok
18:42:06.0282 2704 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:42:06.0282 2704 ErrDev - ok
18:42:06.0329 2704 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:42:06.0344 2704 EventSystem - ok
18:42:06.0360 2704 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:42:06.0360 2704 exfat - ok
18:42:06.0375 2704 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:42:06.0391 2704 fastfat - ok
18:42:06.0438 2704 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:42:06.0453 2704 Fax - ok
18:42:06.0469 2704 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:42:06.0469 2704 fdc - ok
18:42:06.0485 2704 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:42:06.0485 2704 fdPHost - ok
18:42:06.0485 2704 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:42:06.0485 2704 FDResPub - ok
18:42:06.0500 2704 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:42:06.0500 2704 FileInfo - ok
18:42:06.0516 2704 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:42:06.0516 2704 Filetrace - ok
18:42:06.0516 2704 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:42:06.0516 2704 flpydisk - ok
18:42:06.0547 2704 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:42:06.0563 2704 FltMgr - ok
18:42:06.0609 2704 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
18:42:06.0641 2704 FontCache - ok
18:42:06.0703 2704 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:42:06.0703 2704 FontCache3.0.0.0 - ok
18:42:06.0734 2704 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:42:06.0734 2704 FsDepends - ok
18:42:06.0750 2704 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:42:06.0750 2704 Fs_Rec - ok
18:42:06.0781 2704 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
18:42:06.0781 2704 fvevol - ok
18:42:06.0797 2704 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:42:06.0797 2704 gagp30kx - ok
18:42:06.0859 2704 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:42:06.0875 2704 gpsvc - ok
18:42:06.0921 2704 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:42:06.0921 2704 hcw85cir - ok
18:42:06.0953 2704 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:42:06.0968 2704 HdAudAddService - ok
18:42:06.0984 2704 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:42:06.0999 2704 HDAudBus - ok
18:42:07.0015 2704 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:42:07.0015 2704 HidBatt - ok
18:42:07.0015 2704 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:42:07.0015 2704 HidBth - ok
18:42:07.0031 2704 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:42:07.0046 2704 HidIr - ok
18:42:07.0062 2704 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:42:07.0062 2704 hidserv - ok
18:42:07.0093 2704 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:42:07.0093 2704 HidUsb - ok
18:42:07.0109 2704 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:42:07.0124 2704 hkmsvc - ok
18:42:07.0140 2704 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:42:07.0155 2704 HomeGroupListener - ok
18:42:07.0171 2704 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:42:07.0187 2704 HomeGroupProvider - ok
18:42:07.0202 2704 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:42:07.0202 2704 HpSAMD - ok
18:42:07.0249 2704 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:42:07.0265 2704 HTTP - ok
18:42:07.0280 2704 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:42:07.0280 2704 hwpolicy - ok
18:42:07.0311 2704 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:42:07.0311 2704 i8042prt - ok
18:42:07.0343 2704 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
18:42:07.0358 2704 iaStorV - ok
18:42:07.0452 2704 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:42:07.0499 2704 idsvc - ok
18:42:07.0530 2704 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:42:07.0530 2704 iirsp - ok
18:42:07.0561 2704 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:42:07.0592 2704 IKEEXT - ok
18:42:07.0608 2704 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:42:07.0608 2704 intelide - ok
18:42:07.0639 2704 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:42:07.0639 2704 intelppm - ok
18:42:07.0655 2704 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:42:07.0670 2704 IPBusEnum - ok
18:42:07.0686 2704 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:42:07.0686 2704 IpFilterDriver - ok
18:42:07.0717 2704 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:42:07.0748 2704 iphlpsvc - ok
18:42:07.0748 2704 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:42:07.0748 2704 IPMIDRV - ok
18:42:07.0748 2704 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:42:07.0764 2704 IPNAT - ok
18:42:07.0779 2704 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:42:07.0779 2704 IRENUM - ok
18:42:07.0795 2704 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:42:07.0795 2704 isapnp - ok
18:42:07.0826 2704 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:42:07.0842 2704 iScsiPrt - ok
18:42:07.0857 2704 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:42:07.0857 2704 kbdclass - ok
18:42:07.0873 2704 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:42:07.0873 2704 kbdhid - ok
18:42:07.0889 2704 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:42:07.0889 2704 KeyIso - ok
18:42:07.0904 2704 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
18:42:07.0904 2704 KSecDD - ok
18:42:07.0935 2704 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
18:42:07.0935 2704 KSecPkg - ok
18:42:07.0951 2704 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:42:07.0951 2704 ksthunk - ok
18:42:07.0982 2704 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:42:07.0982 2704 KtmRm - ok
18:42:08.0029 2704 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll
18:42:08.0045 2704 LanmanServer - ok
18:42:08.0076 2704 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:42:08.0076 2704 LanmanWorkstation - ok
18:42:08.0107 2704 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:42:08.0107 2704 lltdio - ok
18:42:08.0138 2704 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:42:08.0154 2704 lltdsvc - ok
18:42:08.0185 2704 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:42:08.0185 2704 lmhosts - ok
18:42:08.0216 2704 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:42:08.0216 2704 LSI_FC - ok
18:42:08.0232 2704 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:42:08.0247 2704 LSI_SAS - ok
18:42:08.0247 2704 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:42:08.0263 2704 LSI_SAS2 - ok
18:42:08.0279 2704 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:42:08.0279 2704 LSI_SCSI - ok
18:42:08.0310 2704 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:42:08.0325 2704 luafv - ok
18:42:08.0341 2704 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:42:08.0341 2704 Mcx2Svc - ok
18:42:08.0357 2704 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:42:08.0357 2704 megasas - ok
18:42:08.0372 2704 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:42:08.0388 2704 MegaSR - ok
18:42:08.0419 2704 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:42:08.0419 2704 MMCSS - ok
18:42:08.0435 2704 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:42:08.0435 2704 Modem - ok
18:42:08.0435 2704 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:42:08.0450 2704 monitor - ok
18:42:08.0466 2704 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:42:08.0466 2704 mouclass - ok
18:42:08.0481 2704 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:42:08.0481 2704 mouhid - ok
18:42:08.0497 2704 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:42:08.0497 2704 mountmgr - ok
18:42:08.0513 2704 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:42:08.0528 2704 mpio - ok
18:42:08.0528 2704 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:42:08.0528 2704 mpsdrv - ok
18:42:08.0575 2704 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:42:08.0606 2704 MpsSvc - ok
18:42:08.0669 2704 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:42:08.0669 2704 MRxDAV - ok
18:42:08.0684 2704 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:42:08.0700 2704 mrxsmb - ok
18:42:08.0715 2704 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:42:08.0731 2704 mrxsmb10 - ok
18:42:08.0778 2704 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:42:08.0793 2704 mrxsmb20 - ok
18:42:08.0809 2704 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:42:08.0809 2704 msahci - ok
18:42:08.0825 2704 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:42:08.0825 2704 msdsm - ok
18:42:08.0856 2704 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:42:08.0856 2704 MSDTC - ok
18:42:08.0871 2704 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:42:08.0871 2704 Msfs - ok
18:42:08.0887 2704 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:42:08.0887 2704 mshidkmdf - ok
18:42:08.0903 2704 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:42:08.0903 2704 msisadrv - ok
18:42:08.0934 2704 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:42:08.0949 2704 MSiSCSI - ok
18:42:08.0949 2704 msiserver - ok
18:42:08.0965 2704 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:42:08.0965 2704 MSKSSRV - ok
18:42:08.0981 2704 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:42:08.0981 2704 MSPCLOCK - ok
18:42:08.0996 2704 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:42:08.0996 2704 MSPQM - ok
18:42:09.0012 2704 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:42:09.0027 2704 MsRPC - ok
18:42:09.0043 2704 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:42:09.0043 2704 mssmbios - ok
18:42:09.0074 2704 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:42:09.0074 2704 MSTEE - ok
18:42:09.0090 2704 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:42:09.0090 2704 MTConfig - ok
18:42:09.0121 2704 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:42:09.0121 2704 Mup - ok
18:42:09.0199 2704 MySQL - ok
18:42:09.0230 2704 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:42:09.0246 2704 napagent - ok
18:42:09.0277 2704 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:42:09.0293 2704 NativeWifiP - ok
18:42:09.0339 2704 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:42:09.0371 2704 NDIS - ok
18:42:09.0386 2704 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:42:09.0386 2704 NdisCap - ok
18:42:09.0417 2704 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:42:09.0417 2704 NdisTapi - ok
18:42:09.0433 2704 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:42:09.0433 2704 Ndisuio - ok
18:42:09.0449 2704 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:42:09.0464 2704 NdisWan - ok
18:42:09.0464 2704 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:42:09.0464 2704 NDProxy - ok
18:42:09.0480 2704 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:42:09.0480 2704 NetBIOS - ok
18:42:09.0495 2704 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:42:09.0511 2704 NetBT - ok
18:42:09.0511 2704 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:42:09.0527 2704 Netlogon - ok
18:42:09.0558 2704 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:42:09.0573 2704 Netman - ok
18:42:09.0605 2704 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:42:09.0620 2704 netprofm - ok
18:42:09.0698 2704 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:42:09.0698 2704 NetTcpPortSharing - ok
18:42:09.0729 2704 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:42:09.0729 2704 nfrd960 - ok
18:42:09.0761 2704 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:42:09.0776 2704 NlaSvc - ok
18:42:09.0776 2704 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:42:09.0792 2704 Npfs - ok
18:42:09.0807 2704 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:42:09.0807 2704 nsi - ok
18:42:09.0823 2704 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:42:09.0823 2704 nsiproxy - ok
18:42:09.0885 2704 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
18:42:09.0948 2704 Ntfs - ok
18:42:10.0041 2704 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:42:10.0041 2704 Null - ok
18:42:10.0385 2704 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:42:10.0447 2704 nvlddmkm - ok
18:42:10.0572 2704 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
18:42:10.0572 2704 nvraid - ok
18:42:10.0587 2704 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
18:42:10.0603 2704 nvstor - ok
18:42:10.0619 2704 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:42:10.0619 2704 nv_agp - ok
18:42:10.0634 2704 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:42:10.0634 2704 ohci1394 - ok
18:42:10.0712 2704 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:42:10.0728 2704 ose - ok
18:42:10.0759 2704 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:42:10.0775 2704 p2pimsvc - ok
18:42:10.0821 2704 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:42:10.0837 2704 p2psvc - ok
18:42:10.0868 2704 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:42:10.0868 2704 Parport - ok
18:42:10.0884 2704 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:42:10.0884 2704 partmgr - ok
18:42:10.0915 2704 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:42:10.0915 2704 PcaSvc - ok
18:42:10.0931 2704 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:42:10.0931 2704 pci - ok
18:42:10.0946 2704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:42:10.0946 2704 pciide - ok
18:42:10.0962 2704 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:42:10.0977 2704 pcmcia - ok
18:42:10.0977 2704 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:42:10.0977 2704 pcw - ok
18:42:11.0009 2704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:42:11.0024 2704 PEAUTH - ok
18:42:11.0087 2704 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:42:11.0118 2704 PeerDistSvc - ok
18:42:11.0165 2704 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:42:11.0165 2704 PerfHost - ok
18:42:11.0258 2704 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:42:11.0305 2704 pla - ok
18:42:11.0336 2704 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
18:42:11.0352 2704 PlugPlay - ok
18:42:11.0367 2704 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:42:11.0367 2704 PNRPAutoReg - ok
18:42:11.0383 2704 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:42:11.0383 2704 PNRPsvc - ok
18:42:11.0445 2704 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:42:11.0461 2704 PolicyAgent - ok
18:42:11.0477 2704 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:42:11.0477 2704 Power - ok
18:42:11.0539 2704 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:42:11.0539 2704 PptpMiniport - ok
18:42:11.0555 2704 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:42:11.0555 2704 Processor - ok
18:42:11.0601 2704 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
18:42:11.0617 2704 ProfSvc - ok
18:42:11.0633 2704 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:42:11.0633 2704 ProtectedStorage - ok
18:42:11.0711 2704 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:42:11.0711 2704 Psched - ok
18:42:11.0773 2704 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:42:11.0835 2704 ql2300 - ok
18:42:11.0929 2704 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:42:11.0945 2704 ql40xx - ok
18:42:11.0960 2704 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:42:11.0976 2704 QWAVE - ok
18:42:11.0991 2704 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:42:11.0991 2704 QWAVEdrv - ok
18:42:12.0007 2704 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:42:12.0007 2704 RasAcd - ok
18:42:12.0038 2704 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:42:12.0038 2704 RasAgileVpn - ok
18:42:12.0054 2704 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:42:12.0069 2704 RasAuto - ok
18:42:12.0069 2704 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:42:12.0085 2704 Rasl2tp - ok
18:42:12.0101 2704 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:42:12.0116 2704 RasMan - ok
18:42:12.0132 2704 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:42:12.0147 2704 RasPppoe - ok
18:42:12.0163 2704 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:42:12.0179 2704 RasSstp - ok
18:42:12.0194 2704 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:42:12.0210 2704 rdbss - ok
18:42:12.0210 2704 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:42:12.0210 2704 rdpbus - ok
18:42:12.0225 2704 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:42:12.0225 2704 RDPCDD - ok
18:42:12.0257 2704 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
18:42:12.0257 2704 RDPDR - ok
18:42:12.0272 2704 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:42:12.0272 2704 RDPENCDD - ok
18:42:12.0288 2704 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:42:12.0288 2704 RDPREFMP - ok
18:42:12.0303 2704 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
18:42:12.0303 2704 RDPWD - ok
18:42:12.0335 2704 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:42:12.0335 2704 rdyboost - ok
18:42:12.0366 2704 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:42:12.0381 2704 RemoteAccess - ok
18:42:12.0397 2704 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:42:12.0397 2704 RemoteRegistry - ok
18:42:12.0428 2704 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:42:12.0428 2704 RpcEptMapper - ok
18:42:12.0428 2704 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:42:12.0428 2704 RpcLocator - ok
18:42:12.0459 2704 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:42:12.0459 2704 RpcSs - ok
18:42:12.0491 2704 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:42:12.0491 2704 rspndr - ok
18:42:12.0522 2704 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
18:42:12.0522 2704 s3cap - ok
18:42:12.0537 2704 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:42:12.0537 2704 SamSs - ok
18:42:12.0553 2704 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:42:12.0553 2704 sbp2port - ok
18:42:12.0584 2704 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:42:12.0600 2704 SCardSvr - ok
18:42:12.0600 2704 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:42:12.0600 2704 scfilter - ok
18:42:12.0647 2704 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
18:42:12.0678 2704 Schedule - ok
18:42:12.0740 2704 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:42:12.0740 2704 SCPolicySvc - ok
18:42:12.0756 2704 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:42:12.0771 2704 SDRSVC - ok
18:42:12.0803 2704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:42:12.0803 2704 secdrv - ok
18:42:12.0818 2704 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:42:12.0818 2704 seclogon - ok
18:42:12.0834 2704 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:42:12.0834 2704 SENS - ok
18:42:12.0849 2704 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:42:12.0849 2704 SensrSvc - ok
18:42:12.0881 2704 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:42:12.0881 2704 Serenum - ok
18:42:12.0896 2704 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:42:12.0896 2704 Serial - ok
18:42:12.0912 2704 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:42:12.0912 2704 sermouse - ok
18:42:12.0927 2704 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:42:12.0943 2704 SessionEnv - ok
18:42:12.0943 2704 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:42:12.0943 2704 sffdisk - ok
18:42:12.0943 2704 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:42:12.0943 2704 sffp_mmc - ok
18:42:12.0959 2704 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:42:12.0959 2704 sffp_sd - ok
18:42:12.0959 2704 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:42:12.0959 2704 sfloppy - ok
18:42:13.0005 2704 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:42:13.0021 2704 SharedAccess - ok
18:42:13.0052 2704 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:42:13.0068 2704 ShellHWDetection - ok
18:42:13.0083 2704 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:42:13.0083 2704 SiSRaid2 - ok
18:42:13.0099 2704 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:42:13.0099 2704 SiSRaid4 - ok
18:42:13.0161 2704 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:42:13.0161 2704 SkypeUpdate - ok
18:42:13.0193 2704 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:42:13.0193 2704 Smb - ok
18:42:13.0224 2704 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:42:13.0224 2704 SNMPTRAP - ok
18:42:13.0239 2704 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:42:13.0239 2704 spldr - ok
18:42:13.0271 2704 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
18:42:13.0286 2704 Spooler - ok
18:42:13.0395 2704 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:42:13.0473 2704 sppsvc - ok
18:42:13.0551 2704 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:42:13.0551 2704 sppuinotify - ok
18:42:13.0598 2704 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
18:42:13.0614 2704 srv - ok
18:42:13.0629 2704 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
18:42:13.0645 2704 srv2 - ok
18:42:13.0661 2704 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
18:42:13.0676 2704 srvnet - ok
18:42:13.0707 2704 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:42:13.0723 2704 SSDPSRV - ok
18:42:13.0739 2704 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:42:13.0739 2704 SstpSvc - ok
18:42:13.0770 2704 Steam Client Service - ok
18:42:13.0801 2704 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:42:13.0801 2704 stexstor - ok
18:42:13.0848 2704 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:42:13.0910 2704 stisvc - ok
18:42:13.0941 2704 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
18:42:13.0941 2704 storflt - ok
18:42:13.0957 2704 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
18:42:13.0957 2704 storvsc - ok
18:42:13.0973 2704 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:42:13.0973 2704 swenum - ok
18:42:14.0004 2704 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:42:14.0019 2704 swprv - ok
18:42:14.0097 2704 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:42:14.0129 2704 SysMain - ok
18:42:14.0191 2704 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:42:14.0207 2704 TabletInputService - ok
18:42:14.0222 2704 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:42:14.0238 2704 TapiSrv - ok
18:42:14.0253 2704 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:42:14.0253 2704 TBS - ok
18:42:14.0331 2704 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
18:42:14.0378 2704 Tcpip - ok
18:42:14.0487 2704 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
18:42:14.0503 2704 TCPIP6 - ok
18:42:14.0534 2704 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:42:14.0534 2704 tcpipreg - ok
18:42:14.0550 2704 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:42:14.0550 2704 TDPIPE - ok
18:42:14.0565 2704 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:42:14.0565 2704 TDTCP - ok
18:42:14.0581 2704 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:42:14.0597 2704 tdx - ok
18:42:14.0597 2704 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:42:14.0597 2704 TermDD - ok
18:42:14.0628 2704 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:42:14.0643 2704 TermService - ok
18:42:14.0675 2704 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:42:14.0675 2704 Themes - ok
18:42:14.0690 2704 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:42:14.0690 2704 THREADORDER - ok
18:42:14.0690 2704 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:42:14.0706 2704 TrkWks - ok
18:42:14.0753 2704 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:42:14.0753 2704 TrustedInstaller - ok
18:42:14.0815 2704 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:42:14.0815 2704 tssecsrv - ok
18:42:14.0846 2704 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:42:14.0846 2704 tunnel - ok
18:42:14.0862 2704 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:42:14.0862 2704 uagp35 - ok
18:42:14.0893 2704 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:42:14.0909 2704 udfs - ok
18:42:14.0924 2704 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:42:14.0924 2704 UI0Detect - ok
18:42:14.0955 2704 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:42:14.0955 2704 uliagpkx - ok
18:42:14.0971 2704 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:42:14.0971 2704 umbus - ok
18:42:14.0971 2704 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:42:14.0971 2704 UmPass - ok
18:42:15.0002 2704 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
18:42:15.0002 2704 UmRdpService - ok
18:42:15.0018 2704 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:42:15.0033 2704 upnphost - ok
18:42:15.0065 2704 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
18:42:15.0080 2704 usbaudio - ok
18:42:15.0096 2704 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
18:42:15.0096 2704 usbccgp - ok
18:42:15.0127 2704 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:42:15.0127 2704 usbcir - ok
18:42:15.0143 2704 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
18:42:15.0143 2704 usbehci - ok
18:42:15.0174 2704 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
18:42:15.0189 2704 usbhub - ok
18:42:15.0205 2704 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
18:42:15.0205 2704 usbohci - ok
18:42:15.0221 2704 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:42:15.0221 2704 usbprint - ok
18:42:15.0236 2704 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:42:15.0236 2704 USBSTOR - ok
18:42:15.0252 2704 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:42:15.0252 2704 usbuhci - ok
18:42:15.0283 2704 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:42:15.0283 2704 UxSms - ok
18:42:15.0299 2704 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:42:15.0299 2704 VaultSvc - ok
18:42:15.0330 2704 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:42:15.0330 2704 vdrvroot - ok
18:42:15.0345 2704 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:42:15.0361 2704 vds - ok
18:42:15.0392 2704 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:42:15.0392 2704 vga - ok
18:42:15.0408 2704 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:42:15.0408 2704 VgaSave - ok
18:42:15.0408 2704 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:42:15.0423 2704 vhdmp - ok
18:42:15.0439 2704 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:42:15.0439 2704 viaide - ok
18:42:15.0470 2704 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
18:42:15.0470 2704 vmbus - ok
18:42:15.0486 2704 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
18:42:15.0486 2704 VMBusHID - ok
18:42:15.0501 2704 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:42:15.0501 2704 volmgr - ok
18:42:15.0548 2704 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:42:15.0564 2704 volmgrx - ok
18:42:15.0579 2704 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:42:15.0595 2704 volsnap - ok
18:42:15.0611 2704 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:42:15.0626 2704 vsmraid - ok
18:42:15.0704 2704 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:42:15.0767 2704 VSS - ok
18:42:15.0860 2704 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:42:15.0860 2704 vwifibus - ok
18:42:15.0876 2704 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:42:15.0891 2704 W32Time - ok
18:42:15.0907 2704 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:42:15.0907 2704 WacomPen - ok
18:42:15.0938 2704 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:15.0938 2704 WANARP - ok
18:42:15.0954 2704 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:15.0954 2704 Wanarpv6 - ok
18:42:16.0016 2704 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:42:16.0047 2704 wbengine - ok
18:42:16.0125 2704 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:42:16.0141 2704 WbioSrvc - ok
18:42:16.0157 2704 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
18:42:16.0172 2704 wcncsvc - ok
18:42:16.0188 2704 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:42:16.0188 2704 WcsPlugInService - ok
18:42:16.0235 2704 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:42:16.0235 2704 Wd - ok
18:42:16.0281 2704 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:42:16.0297 2704 Wdf01000 - ok
18:42:16.0313 2704 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:42:16.0313 2704 WdiServiceHost - ok
18:42:16.0313 2704 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:42:16.0313 2704 WdiSystemHost - ok
18:42:16.0344 2704 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
18:42:16.0359 2704 WebClient - ok
18:42:16.0375 2704 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:42:16.0391 2704 Wecsvc - ok
18:42:16.0391 2704 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:42:16.0406 2704 wercplsupport - ok
18:42:16.0422 2704 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:42:16.0422 2704 WerSvc - ok
18:42:16.0484 2704 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:42:16.0484 2704 WfpLwf - ok
18:42:16.0484 2704 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:42:16.0500 2704 WIMMount - ok
18:42:16.0515 2704 WinDefend - ok
18:42:16.0531 2704 WinHttpAutoProxySvc - ok
18:42:16.0765 2704 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:42:16.0765 2704 Winmgmt - ok
18:42:17.0202 2704 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:42:17.0249 2704 WinRM - ok
18:42:17.0514 2704 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:42:17.0561 2704 Wlansvc - ok
18:42:17.0607 2704 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:42:17.0607 2704 WmiAcpi - ok
18:42:17.0685 2704 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:42:17.0685 2704 wmiApSrv - ok
18:42:17.0717 2704 WMPNetworkSvc - ok
18:42:17.0732 2704 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:42:17.0748 2704 WPCSvc - ok
18:42:17.0763 2704 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:42:17.0779 2704 WPDBusEnum - ok
18:42:17.0826 2704 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:42:17.0841 2704 ws2ifsl - ok
18:42:17.0951 2704 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:42:17.0966 2704 wscsvc - ok
18:42:17.0966 2704 WSearch - ok
18:42:18.0107 2704 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
18:42:18.0185 2704 wuauserv - ok
18:42:18.0278 2704 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:42:18.0278 2704 WudfPf - ok
18:42:18.0309 2704 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:42:18.0325 2704 WUDFRd - ok
18:42:18.0341 2704 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:42:18.0341 2704 wudfsvc - ok
18:42:18.0356 2704 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:42:18.0372 2704 WwanSvc - ok
18:42:18.0387 2704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:42:18.0434 2704 \Device\Harddisk0\DR0 - ok
18:42:18.0434 2704 Boot (0x1200) (6eb1e1da06b4c8c3464d991af3e4073d) \Device\Harddisk0\DR0\Partition0
18:42:18.0434 2704 \Device\Harddisk0\DR0\Partition0 - ok
18:42:18.0450 2704 Boot (0x1200) (9afec26f9d4138d293a619714635c010) \Device\Harddisk0\DR0\Partition1
18:42:18.0450 2704 \Device\Harddisk0\DR0\Partition1 - ok
18:42:18.0450 2704 ============================================================
18:42:18.0450 2704 Scan finished
18:42:18.0450 2704 ============================================================
18:42:18.0465 2112 Detected object count: 0
18:42:18.0465 2112 Actual detected object count: 0


ASW Log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 18:44:58
-----------------------------
18:44:58.385 OS Version: Windows x64 6.1.7600
18:44:58.385 Number of processors: 2 586 0xF0B
18:44:58.400 ComputerName: COLOSSUS-PC UserName: Colossus
18:44:58.744 Initialize success
18:45:32.042 AVAST engine defs: 12042601
18:46:45.909 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:46:45.909 Disk 0 Vendor: ST3160815AS 3.ADA Size: 152587MB BusType: 3
18:46:45.924 Disk 0 MBR read successfully
18:46:45.924 Disk 0 MBR scan
18:46:45.924 Disk 0 Windows 7 default MBR code
18:46:45.940 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:46:45.940 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152485 MB offset 206848
18:46:45.971 Disk 0 scanning C:\Windows\system32\drivers
18:46:51.119 Service scanning
18:47:05.331 Modules scanning
18:47:05.331 Disk 0 trace - called modules:
18:47:05.346 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:47:05.346 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024971f0]
18:47:05.346 3 CLASSPNP.SYS[fffff8800188d43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80022dc680]
18:47:05.767 AVAST engine scan C:\Windows
18:47:07.093 AVAST engine scan C:\Windows\system32
18:48:33.143 AVAST engine scan C:\Windows\system32\drivers
18:48:39.648 AVAST engine scan C:\Users\Colossus
18:50:40.767 AVAST engine scan C:\ProgramData
18:51:01.811 Scan finished successfully
18:52:51.807 Disk 0 MBR has been saved successfully to "C:\Users\Colossus\Desktop\Security\MBR.dat"
18:52:51.823 The log file has been saved successfully to "C:\Users\Colossus\Desktop\Security\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:59 AM

Posted 26 April 2012 - 09:03 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\programdata\Microsoft\Windows\DRM

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:59 AM

Posted 28 April 2012 - 11:22 PM

Greetings,



This is just a friendly little bump to remind you that we have not finished this yet,


If you are having problems or you just need more time - just let me know and we will work it out.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 c0lossus

c0lossus
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 30 April 2012 - 05:52 AM

Hello Gringo, I appologize for the late reply. I am usually on top of things however i became a bit busy. Here is my report from combofix. Everything is running fine and my browser has not been redirected for some time now(about 2 days).

ComboFix 12-04-25.02 - Colossus 04/30/2012 2:16.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2014.1438 [GMT -7:00]
Running from: c:\users\Colossus\Desktop\Security\ComboFix.exe
Command switches used :: c:\users\Colossus\Desktop\Security\CFScript.txt.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM
c:\programdata\Microsoft\Windows\DRM\7FDF.tmp
c:\programdata\Microsoft\Windows\DRM\7FEF.tmp
c:\users\Colossus\AppData\Local\Temp\DVP144E.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 09:19 . 2012-04-30 09:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-28 07:03 . 2012-03-14 20:54 571312 ----a-w- c:\windows\SysWow64\Codejock.SkinFramework.Unicode.v13.0.0.ocx
2012-04-28 07:03 . 2012-03-14 20:54 2262960 ----a-w- c:\windows\SysWow64\Codejock.CommandBars.v13.0.0.ocx
2012-04-28 07:03 . 2012-04-28 07:03 -------- d-----w- c:\program files (x86)\DolbyAxon
2012-04-27 01:37 . 2012-04-27 01:37 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-26_10.06.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-04-29 05:43 25774 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-15 04:08 . 2012-04-30 09:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-15 04:08 . 2012-04-26 10:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-15 04:08 . 2012-04-26 10:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-15 04:08 . 2012-04-30 09:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-18 02:07 . 2012-04-26 10:07 7478 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2011-03-15 05:34 . 2012-04-29 05:43 6460 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-680097895-1281761434-3568893497-1000_UserData.bin
+ 2012-04-30 09:20 . 2012-04-30 09:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-26 10:05 . 2012-04-26 10:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-30 09:20 . 2012-04-30 09:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-26 10:05 . 2012-04-26 10:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-15 03:17 . 2012-04-29 08:34 258184 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-04-30 09:24 615122 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-26 10:03 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-30 09:24 103496 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-26 10:03 103496 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-26 10:04 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-30 09:19 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-01 05:18 . 2012-04-30 09:19 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-680097895-1281761434-3568893497-1000-8192.dat
- 2011-12-01 05:18 . 2012-04-26 10:04 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-680097895-1281761434-3568893497-1000-8192.dat
- 2009-07-14 02:34 . 2012-04-18 12:30 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-04-26 11:19 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-20 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-680097895-1281761434-3568893497-1000Core.job
- c:\users\Colossus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04 02:57]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-680097895-1281761434-3568893497-1000UA.job
- c:\users\Colossus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04 02:57]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-04-30 02:44:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-30 09:44
ComboFix2.txt 2012-04-26 10:09
.
Pre-Run: 130,621,661,184 bytes free
Post-Run: 130,477,338,624 bytes free
.
- - End Of File - - B6A844860347BF68E7069729E3A513C1

Edited by c0lossus, 30 April 2012 - 05:53 AM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:59 AM

Posted 30 April 2012 - 07:25 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 c0lossus

c0lossus
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 30 April 2012 - 10:43 AM

Extra Report

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Apple Application Support
Apple Software Update
Compatibility Pack for the 2007 Office system
Counter-Strike
Dolby Axon - 1.4.0.2
Google Chrome
Java Auto Updater
Java™ 6 Update 30
League of Legends
Microsoft Office Word Viewer 2003
Microsoft PowerPoint Viewer
Microsoft Silverlight
NOOK Study
Pando Media Booster
Pass4sure Questions and Answers for Cisco 350-001
QuickTime
Skype™ 5.8
Steam
Ventrilo Client

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:59 AM

Posted 30 April 2012 - 11:14 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 30 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:59 AM

Posted 03 May 2012 - 12:18 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 c0lossus

c0lossus
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 05 May 2012 - 05:06 AM

Hello, I have not been able to reply because im having severe issues with my computer. It shutsdown and restarts. I also get a 1000 of these messages all at once that say "A write command during the test has failed to complete. this may be due to read/write error. The system generates an exception wrror when using a reference to an invalid system memory address. I cannot see my desktop icons and comp is flooded with these messages. Please help.

#14 c0lossus

c0lossus
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 05 May 2012 - 05:07 AM

I also have an icon on my desktop that says "DataRecovery icon". I have never seen it before.

#15 c0lossus

c0lossus
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 05 May 2012 - 06:28 AM

Okay so i searched around the website and found this link www.bleepingcomputer.com/virus-removal/remove-smart-hdd. I have followed all of the steps on that website, however i am still recieving the same messages apart from the fact that I can see my desktop icons.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users