Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect, no GAC_30/Desktop.ini


  • This topic is locked This topic is locked
28 replies to this topic

#1 Karaipantsu

Karaipantsu

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 18 July 2012 - 01:41 PM

This morning, AVG found, quarantined, and deleted some Trojan named IDP.Trojan.25F12AB6 from my work PC, and subsequent scans with AVG and MBAM/Spybot have turned up no infections in both normal and safemode Windows 7. However, since this virus popped up, I've had some kind of Google search redirect, through either 7search, or some unknown redirect that drops me at Searchqandas.com, or scam adverts for Macafee or Norton Antivirus and some obvious malware called Stopzilla. I checked my proxy settings and they seem normal (i.e. none), and other search engines work fine. It's only Google that seems affected. This redirect is present in both IE and Firefox, at present

I searched thru Bleeping Computer's forums with Bing and found some threads on similar issues, so I followed the instructions on those threads to no avail. This included running Combofix in both normal and safemode, with no infections found or cleaned. I have DDS and Combofix logs that I will post in a reply to this thread.

Other symptoms include occasional audio distortion of my music played thru Winamp when I'm browsing the internet. I haven't yet noticed it when working in non-broswer programs, but it might very well exist.

DDS Report:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Employment Options at 14:36:50 on 2012-07-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2013.699 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Users\Employment Options\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Windows\system32\conhost.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\employ~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
StartupFolder: c:\users\employ~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\employment options\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{4B19F898-92EE-43C2-AF46-71CA582BF6BE} : DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{4B19F898-92EE-43C2-AF46-71CA582BF6BE}\34963736F61303639353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4B19F898-92EE-43C2-AF46-71CA582BF6BE}\54F4 : DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{4B19F898-92EE-43C2-AF46-71CA582BF6BE}\56D607C6F697D656E647F6074796F6E637 : DhcpNameServer = 68.94.156.1 68.94.157.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\employment options\appdata\roaming\mozilla\firefox\profiles\cob62g6l.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-8-10 66776]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-11 1153368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 QuickBooksDB21;QuickBooksDB21;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb21 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB21 [?]
R3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-11-5 376832]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-10-13 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-13 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-11 1343400]
.
=============== Created Last 30 ================
.
2012-07-18 17:59:44 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-18 16:15:36 98816 ----a-w- c:\windows\sed.exe
2012-07-18 16:15:36 518144 ----a-w- c:\windows\SWREG.exe
2012-07-18 16:15:36 256000 ----a-w- c:\windows\PEV.exe
2012-07-18 16:15:36 208896 ----a-w- c:\windows\MBR.exe
2012-07-18 15:34:41 388096 ----a-r- c:\users\employment options\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-07-18 15:34:41 -------- d-----w- c:\program files\Trend Micro
2012-07-17 13:10:20 -------- d-----w- c:\users\employment options\appdata\local\Macromedia
2012-07-17 13:09:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 21:00:12 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 17:08:59 -------- d-----w- c:\users\employment options\appdata\local\Apple
2012-06-22 13:14:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:14:37 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:14:18 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 13:14:18 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-17 13:09:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-15 03:03:54 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 04:41:44 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-20 03:16:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 14:37:25.86 ===============

Combofix Report

ComboFix 12-07-18.04 - Employment Options 07/18/2012 13:55:04.2.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2013.1546 [GMT -4:00]
Running from: c:\users\Employment Options\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 17:58 . 2012-07-18 17:58 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp
2012-07-18 17:58 . 2012-07-18 17:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 17:58 . 2012-07-18 17:58 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-18 15:34 . 2012-07-18 15:34 388096 ----a-r- c:\users\Employment Options\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-18 15:34 . 2012-07-18 15:34 -------- d-----w- c:\program files\Trend Micro
2012-07-17 13:10 . 2012-07-17 13:10 -------- d-----w- c:\users\Employment Options\AppData\Local\Macromedia
2012-07-17 13:09 . 2012-07-17 13:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 21:00 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 13:06 . 2012-07-02 13:06 -------- d-----w- c:\users\Employment Options\AppData\Roaming\Apple Computer
2012-06-29 17:09 . 2012-06-29 17:09 -------- d-----w- c:\program files\Common Files\Apple
2012-06-29 17:08 . 2012-06-29 17:08 -------- d-----w- c:\users\Employment Options\AppData\Local\Apple
2012-06-29 17:08 . 2012-06-29 17:08 -------- d-----w- c:\program files\Apple Software Update
2012-06-29 17:08 . 2012-06-29 17:08 -------- d-----w- c:\programdata\Apple
2012-06-22 13:14 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 13:14 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 13:14 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:14 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 13:14 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 13:14 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 13:14 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:14 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 13:14 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 13:09 . 2011-10-11 19:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-10-11 18:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-15 03:03 . 2012-06-13 13:18 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-01 04:44 . 2012-06-13 13:17 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 04:41 . 2012-06-13 13:18 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:17 . 2012-06-13 13:18 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 13:17 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 13:17 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 13:17 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-13 13:17 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 13:17 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 13:17 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-20 03:16 . 2012-06-13 13:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-11 16:18 . 2011-08-11 16:18 128960 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-08-11 03:16 . 2011-08-11 03:16 96192 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-08-11 16:18 . 2011-08-11 16:18 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-08-11 16:18 . 2011-08-11 16:18 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-08-11 16:18 . 2011-08-11 16:18 370624 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-08-11 16:18 . 2011-08-11 16:18 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-08-11 16:18 . 2011-08-11 16:18 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-08-11 03:18 . 2011-08-11 03:18 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-08-11 03:16 . 2011-08-11 03:16 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-05-03 17:54 . 2011-10-11 18:39 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-18_16.22.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-11 17:55 . 2012-07-18 16:30 28198 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-07-18 16:30 38414 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-07-18 13:34 . 2012-07-18 16:02 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-07-18 13:34 . 2012-07-18 16:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-10-11 19:43 . 2012-07-18 17:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-11 19:43 . 2012-07-18 15:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-11 19:43 . 2012-07-18 17:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-11 19:43 . 2012-07-18 15:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-11 19:43 . 2012-07-18 17:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-11 19:43 . 2012-07-18 15:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-11 17:51 . 2012-07-18 16:30 9616 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2798165767-1487742305-4090804416-1000_UserData.bin
- 2012-07-18 15:01 . 2012-07-18 15:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-18 17:04 . 2012-07-18 17:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-18 17:04 . 2012-07-18 17:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-18 15:01 . 2012-07-18 15:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-11 16:47 . 2012-07-18 17:04 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-10-11 16:47 . 2012-07-18 16:02 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-11 16:43 . 2012-07-18 17:04 114688 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-11 16:43 . 2012-07-18 15:01 114688 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:41 . 2012-07-18 17:04 311296 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-11 17:52 . 2012-07-17 20:57 639408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-11 17:52 . 2012-07-18 16:27 639408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 04:47 . 2012-07-18 17:03 323176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-07-18 14:59 323176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-10-11 16:43 . 2012-07-18 15:01 1785856 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-11 16:43 . 2012-07-18 17:04 1785856 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-11 21:23 . 2012-07-18 14:59 33128388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2798165767-1487742305-4090804416-1000-8192.dat
+ 2011-10-11 21:23 . 2012-07-18 17:03 33128388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2798165767-1487742305-4090804416-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Employment Options\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Employment Options\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Employment Options\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Employment Options\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
Dropbox.lnk - c:\users\Employment Options\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-9 5969752]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-5-14 1156968]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2012-5-14 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 QuickBooksDB21;QuickBooksDB21;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
FF - ProfilePath - c:\users\Employment Options\AppData\Roaming\Mozilla\Firefox\Profiles\cob62g6l.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1956)
c:\users\Employment Options\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-07-18 14:00:18
ComboFix-quarantined-files.txt 2012-07-18 18:00
ComboFix2.txt 2012-07-18 16:25
.
Pre-Run: 277,919,465,472 bytes free
Post-Run: 277,857,955,840 bytes free
.
- - End Of File - - B95880846CB1575D8B44CCA02865C96C

Edited by Karaipantsu, 18 July 2012 - 01:42 PM.


BC AdBot (Login to Remove)

 


#2 Karaipantsu

Karaipantsu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 19 July 2012 - 03:30 PM

*UPDATE 7/19*
Heard the audio distortion while working in Excel while Firefox was open in the background, not actively browsing anything. Could be related, could not.

#3 Karaipantsu

Karaipantsu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 22 July 2012 - 10:12 AM

Ker-bump?

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 23 July 2012 - 01:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461266 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Karaipantsu

Karaipantsu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 23 July 2012 - 02:45 PM

GMER Report as requested by helpbot. Report is also attached as .log file.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-23 15:44:02
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort2 SAMSUNG_HD321HJ rev.1AC01116
Running: 9r4sqvop.exe; Driver: C:\Users\EMPLOY~1\AppData\Local\Temp\uwdiyuoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x973D3004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x973D30D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x973D2D76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x973D2E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x973D2EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x973D2F56]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 828833C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828BCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1357 828C400C 8 Bytes [04, 30, 3D, 97, D4, 30, 3D, ...] {ADD AL, 0x30; CMP EAX, 0x3d30d497; XCHG EDI, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 828C4054 4 Bytes [76, 2D, 3D, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 828C4324 8 Bytes [1E, 2E, 3D, 97, BA, 2E, 3D, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 828C4398 4 Bytes [56, 2F, 3D, 97]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtWriteFile 77816A68 5 Bytes JMP 00013E2E
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!SetUnhandledExceptionFilter 756DF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Windows\system32\svchost.exe[1144] USER32.dll!GetCursorPos 76B3A4B3 5 Bytes JMP 0001477D
.text C:\Windows\system32\svchost.exe[1144] USER32.dll!GetForegroundWindow 76B4335D 5 Bytes JMP 0001482C
.text C:\Windows\system32\svchost.exe[1144] USER32.dll!IsWindowVisible 76B44D69 5 Bytes JMP 00014853
.text C:\Windows\system32\svchost.exe[1144] USER32.dll!WindowFromPoint 76B66BE9 5 Bytes JMP 000147CC
.text C:\Windows\system32\svchost.exe[1144] USER32.dll!MessageBoxIndirectW 76B8E963 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\Windows\system32\svchost.exe[1144] WS2_32.dll!GetAddrInfoW 75C04889 5 Bytes JMP 00014719
.text C:\Windows\system32\svchost.exe[1144] ole32.dll!CoGetClassObject 754C54AD 5 Bytes JMP 00014887
.text C:\Windows\system32\svchost.exe[1144] ole32.dll!CoCreateInstance 754D9D0B 5 Bytes JMP 000148B1
.text C:\Program Files\Mozilla Firefox\firefox.exe[1916] ntdll.dll!LdrLoadDll 7783223E 5 Bytes JMP 6278C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1916] kernel32.dll!MapViewOfFile 756D93DB 5 Bytes JMP 629BE083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1916] kernel32.dll!VirtualAlloc 756DC43A 5 Bytes JMP 629BE0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1916] GDI32.dll!CreateDIBSection 75928850 5 Bytes JMP 629BE00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Digsby\lib\digsby-app.exe[3992] USER32.dll!BeginPaint 76B45D14 5 Bytes JMP 02992380 C:\Program Files\Digsby\lib\wxwebkit.dll
.text C:\Program Files\Digsby\lib\digsby-app.exe[3992] USER32.dll!EndPaint 76B45D42 5 Bytes JMP 029923F0 C:\Program Files\Digsby\lib\wxwebkit.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5580] USER32.dll!SetWindowLongA 76B38BA3 5 Bytes JMP 62B15EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5580] USER32.dll!SetWindowLongW 76B44449 5 Bytes JMP 62B15E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5580] USER32.dll!GetWindowInfo 76B44B5E 5 Bytes JMP 62904822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5580] USER32.dll!TrackPopupMenu 76B52228 5 Bytes JMP 62904DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtCreateFile + 6 778155CE 4 Bytes [28, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtCreateFile + B 778155D3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtCreateKey + 6 7781560E 4 Bytes [68, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtCreateKey + B 77815613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtCreateMutant + 6 7781564E 4 Bytes [68, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtCreateMutant + B 77815653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtCreateSection + 6 778156EE 4 Bytes [A8, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtCreateSection + B 778156F3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtMapViewOfSection + 6 77815C2E 4 Bytes CALL 76817337 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtMapViewOfSection + B 77815C33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenFile + 6 77815CDE 4 Bytes [68, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenFile + B 77815CE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenKey + 6 77815D0E 4 Bytes [A8, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenKey + B 77815D13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenKeyEx + 6 77815D1E 4 Bytes CALL 76817424 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenKeyEx + B 77815D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenMutant + 6 77815D5E 4 Bytes [28, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenMutant + B 77815D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenProcess + 6 77815D8E 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenProcess + 6 77815D8E 4 Bytes [68, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenProcess + B 77815D93 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenProcessToken + 6 77815D9E 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenProcessToken + 6 77815D9E 4 Bytes [A8, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenProcessToken + B 77815DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenProcessTokenEx + 6 77815DAE 4 Bytes [68, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenProcessTokenEx + B 77815DB3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenSection + 6 77815DCE 4 Bytes CALL 768174D5 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenSection + B 77815DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenThread + 6 77815E0E 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenThread + 6 77815E0E 4 Bytes [28, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenThread + B 77815E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenThreadToken + 6 77815E1E 4 Bytes [28, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenThreadToken + B 77815E23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenThreadTokenEx + 6 77815E2E 4 Bytes [A8, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtOpenThreadTokenEx + B 77815E33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtQueryAttributesFile + 6 77815F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtQueryAttributesFile + B 77815F43 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtQueryFullAttributesFile + 6 77815FEE 4 Bytes CALL 768176F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtQueryFullAttributesFile + B 77815FF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtSetInformationFile + 6 7781663E 4 Bytes [28, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtSetInformationFile + B 77816643 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtSetInformationThread + 6 7781669E 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtSetInformationThread + 6 7781669E 4 Bytes CALL 76817DA6 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtSetInformationThread + B 778166A3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtUnmapViewOfSection + 6 778169BE 4 Bytes [28, 05, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ntdll.dll!NtUnmapViewOfSection + B 778169C3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] kernel32.dll!CreateProcessW 7569204D 5 Bytes JMP 00180030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] kernel32.dll!CreateProcessA 75692082 5 Bytes JMP 00180070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!DeleteObject 75925F14 5 Bytes JMP 001C01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!SelectObject 75926640 5 Bytes JMP 001C05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!SetTextColor 75926906 5 Bytes JMP 001C09F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!SetBkMode 759269B1 5 Bytes JMP 001C08B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!DeleteDC 75926EAA 5 Bytes JMP 001C0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!GetDeviceCaps 75926F7F 5 Bytes JMP 001C03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!ExtSelectClipRgn 75927114 5 Bytes JMP 001C02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!SelectClipRgn 75927242 5 Bytes JMP 001C05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!SetStretchBltMode 75927705 5 Bytes JMP 001C0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!GetCurrentObject 75927917 5 Bytes JMP 001C0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!GetTextMetricsW 75927B8F 5 Bytes JMP 001C0DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!GetTextAlign 75927DAF 5 Bytes JMP 001C0D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!IntersectClipRect 75927DFE 5 Bytes JMP 001C03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!ExtTextOutW 75928192 5 Bytes JMP 001C0930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!SetTextAlign 7592828E 5 Bytes JMP 001C09B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!GetClipBox 75928525 5 Bytes JMP 001C0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!MoveToEx 75928C21 5 Bytes JMP 001C0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!StretchDIBits 7592A53E 5 Bytes JMP 001C0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!RestoreDC 7592A67B 5 Bytes JMP 001C0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!SaveDC 7592A74B 5 Bytes JMP 001C0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!GetTextExtentPoint32W 7592B4B5 5 Bytes JMP 001C0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!GetTextFaceW 7592B73A 2 Bytes JMP 001C0CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!GetTextFaceW + 3 7592B73D 2 Bytes [89, 8A]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!GetFontData 7592BCC4 5 Bytes JMP 001C0C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!SetWorldTransform 7592C90A 5 Bytes JMP 001C06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!CreateDCA 7592CCA9 5 Bytes JMP 001C00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!CreateDCW 7592CF79 5 Bytes JMP 001C00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!CreateICW 7592CFD0 5 Bytes JMP 001C0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!GetTextMetricsA 7592D0F2 5 Bytes JMP 001C0DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!Rectangle 7592F1FF 5 Bytes JMP 001C0970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!LineTo 7592F59B 5 Bytes JMP 001C0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!SetICMMode 7592FAA4 5 Bytes JMP 001C0D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!ExtTextOutA 759303F9 5 Bytes JMP 001C08F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!ExtEscape 75932949 5 Bytes JMP 001C02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!Escape 75933939 5 Bytes JMP 001C0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!GetTextFaceA 75933E6A 5 Bytes JMP 001C0CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!SetPolyFillMode 7593D851 5 Bytes JMP 001C0AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!SetMiterLimit 7593DA0D 5 Bytes JMP 001C0B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!EndPage 759400D7 5 Bytes JMP 001C0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!ResetDCW 7594050D 5 Bytes JMP 001C0A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!GetGlyphOutlineW 7594C1BA 5 Bytes JMP 001C0C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!CreateScalableFontResourceW 7594E817 5 Bytes JMP 001C0B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!AddFontResourceW 7594EC13 5 Bytes JMP 001C0BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!RemoveFontResourceW 7594F109 5 Bytes JMP 001C0BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!AbortDoc 75954C63 5 Bytes JMP 001C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!EndDoc 759550AA 5 Bytes JMP 001C01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!StartPage 75955195 5 Bytes JMP 001C06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!StartDocW 75955BB0 5 Bytes JMP 001C07B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!BeginPath 7595635D 5 Bytes JMP 001C07F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!SelectClipPath 759563B4 5 Bytes JMP 001C0AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!CloseFigure 7595640F 5 Bytes JMP 001C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!EndPath 75956466 5 Bytes JMP 001C0A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!StrokePath 75956699 5 Bytes JMP 001C0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!FillPath 75956726 5 Bytes JMP 001C0830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!PolylineTo 75956B94 5 Bytes JMP 001C04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!PolyBezierTo 75956C25 5 Bytes JMP 001C04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] GDI32.dll!PolyDraw 75956CD7 5 Bytes JMP 001C0870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!ActivateKeyboardLayout 76B38203 5 Bytes JMP 002804F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!ScreenToClient 76B3A506 7 Bytes JMP 00280670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!RegisterClipboardFormatA 76B3C091 5 Bytes JMP 002802F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!RegisterClipboardFormatW 76B3DF8D 5 Bytes JMP 002802B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!SetCursor 76B43075 5 Bytes JMP 00280530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!MonitorFromWindow 76B43622 7 Bytes JMP 00280630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!PostMessageW 76B4447B 5 Bytes JMP 002805F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!IsWindowVisible 76B44D69 7 Bytes JMP 002806B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!GetClientRect 76B454DD 7 Bytes JMP 002805B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!MapWindowPoints 76B45CAA 5 Bytes JMP 00280570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!GetParent 76B46029 7 Bytes JMP 002806F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!EmptyClipboard 76B5290C 5 Bytes JMP 00280130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!SetClipboardData 76B52962 5 Bytes JMP 00280170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!GetClipboardData 76B52BA7 5 Bytes JMP 00280030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!GetClipboardFormatNameW 76B55FD2 5 Bytes JMP 00280230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!SetClipboardViewer 76B56FF6 5 Bytes JMP 002804B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!GetClipboardFormatNameA 76B5700A 5 Bytes JMP 00280270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!ChangeClipboardChain 76B6147C 5 Bytes JMP 00280430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!GetTopWindow 76B624D9 7 Bytes JMP 00280730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!CloseClipboard 76B6446C 5 Bytes JMP 002800B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!OpenClipboard 76B6447E 5 Bytes JMP 00280070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!IsClipboardFormatAvailable 76B644FF 5 Bytes JMP 002800F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!GetClipboardSequenceNumber 76B64513 5 Bytes JMP 00280330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!GetClipboardOwner 76B64525 5 Bytes JMP 00280370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!CountClipboardFormats 76B6470A 5 Bytes JMP 002801F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!EnumClipboardFormats 76B647EC 5 Bytes JMP 002801B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!GetOpenClipboardWindow 76B6480B 5 Bytes JMP 002803F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!SetCursorPos 76B7C1B0 5 Bytes JMP 00280770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!GetClipboardViewer 76B94AF7 5 Bytes JMP 00280470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] USER32.dll!GetPriorityClipboardFormat 76B94BF9 5 Bytes JMP 002803B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ole32.dll!OleSetClipboard 754F0045 5 Bytes JMP 00290030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ole32.dll!OleIsCurrentClipboard 754F36B2 5 Bytes JMP 00290070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] ole32.dll!OleGetClipboard 7551FDCD 5 Bytes JMP 002900B0

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[3724] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3724] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3724] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3724] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3724] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74FBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3724] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74FBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00180090
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00280790
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 002807D0
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00180090
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[5680] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00180090

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60DK5Q8U\linkfan_info[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZDCPB5IV\al[1].asp 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZDCPB5IV\um[1].ashx 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GXX9GZTT.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XV8OXGVE.txt 405 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\66SI0V3U.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KZLTKYD7.txt 735 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DTT3WLF7.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1I85D15E.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1SBR6XWE.txt 531 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\V2SZKV90.txt 2633 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\V8RK42PV.txt 1091 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RJ0GIV13.txt 991 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\SL99A9OJ.txt 160 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0ZNTI5R3.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2RHSAR19.txt 0 bytes

---- EOF - GMER 1.0.15 ----

#6 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:34 PM

Posted 23 July 2012 - 06:27 PM

Hi Karaipantsu,

I will be handling your logs. Please give me some time to look things over and I will be back to you asap
Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#7 Karaipantsu

Karaipantsu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 24 July 2012 - 11:49 AM

Righto. Thanks for the help.

#8 Karaipantsu

Karaipantsu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 25 July 2012 - 02:10 PM

Observed some new behavior today. When searching with google, the standard "hijacked" search comes up, but when trying to change from there to images or maps, it loads for a split second before returning or refreshing back to the same hijacked search page.

#9 Karaipantsu

Karaipantsu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 26 July 2012 - 10:46 AM

More information. Today, AVG's daily scan found and quarantined a trojan BHO called IDP.Trojan.A3B709D7. Never seen this one before, but the quarantine and deletion didn't affect the google redirect. Annoying.

EDIT: double post.

Edited by Karaipantsu, 26 July 2012 - 10:46 AM.


#10 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:34 PM

Posted 26 July 2012 - 06:10 PM

Hi,

Sorry for the delay

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#11 Karaipantsu

Karaipantsu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 27 July 2012 - 10:51 AM

Damn man, done in one. You guys are a godsend. TDSS found and cured a rootkit that AVG missed, and now the redirect is gone. Ran a virus scan with AVG and saw nothing dangerous. I'll post the log file for you, as well as the CnP of its content.

TDSS Killer Log

11:30:05.0773 5836 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:30:07.0851 5836 ============================================================
11:30:07.0851 5836 Current date / time: 2012/07/27 11:30:07.0851
11:30:07.0851 5836 SystemInfo:
11:30:07.0851 5836
11:30:07.0851 5836 OS Version: 6.1.7601 ServicePack: 1.0
11:30:07.0851 5836 Product type: Workstation
11:30:07.0851 5836 ComputerName: BOOKKEEPER
11:30:07.0851 5836 UserName: Employment Options
11:30:07.0851 5836 Windows directory: C:\Windows
11:30:07.0851 5836 System windows directory: C:\Windows
11:30:07.0851 5836 Processor architecture: Intel x86
11:30:07.0851 5836 Number of processors: 2
11:30:07.0851 5836 Page size: 0x1000
11:30:07.0851 5836 Boot type: Normal boot
11:30:07.0851 5836 ============================================================
11:30:11.0439 5836 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:30:11.0501 5836 ============================================================
11:30:11.0501 5836 \Device\Harddisk0\DR0:
11:30:11.0532 5836 MBR partitions:
11:30:11.0532 5836 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
11:30:11.0532 5836 ============================================================
11:30:11.0563 5836 C: <-> \Device\Harddisk0\DR0\Partition0
11:30:11.0595 5836 ============================================================
11:30:11.0595 5836 Initialize success
11:30:11.0595 5836 ============================================================
11:30:18.0334 5608 ============================================================
11:30:18.0334 5608 Scan started
11:30:18.0334 5608 Mode: Manual;
11:30:18.0334 5608 ============================================================
11:30:22.0749 5608 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:30:22.0749 5608 1394ohci - ok
11:30:22.0780 5608 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:30:22.0795 5608 ACPI - ok
11:30:22.0842 5608 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:30:22.0842 5608 AcpiPmi - ok
11:30:23.0029 5608 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:30:23.0029 5608 AdobeARMservice - ok
11:30:23.0154 5608 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:30:23.0170 5608 adp94xx - ok
11:30:23.0201 5608 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:30:23.0201 5608 adpahci - ok
11:30:23.0217 5608 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:30:23.0217 5608 adpu320 - ok
11:30:23.0248 5608 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:30:23.0248 5608 AeLookupSvc - ok
11:30:23.0295 5608 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:30:23.0310 5608 AFD - ok
11:30:23.0357 5608 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:30:23.0357 5608 agp440 - ok
11:30:23.0451 5608 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:30:23.0451 5608 aic78xx - ok
11:30:23.0482 5608 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:30:23.0482 5608 ALG - ok
11:30:23.0497 5608 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:30:23.0497 5608 aliide - ok
11:30:23.0513 5608 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:30:23.0513 5608 amdagp - ok
11:30:23.0529 5608 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:30:23.0529 5608 amdide - ok
11:30:23.0560 5608 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:30:23.0560 5608 AmdK8 - ok
11:30:23.0575 5608 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:30:23.0575 5608 AmdPPM - ok
11:30:23.0607 5608 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:30:23.0607 5608 amdsata - ok
11:30:23.0622 5608 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:30:23.0638 5608 amdsbs - ok
11:30:23.0638 5608 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:30:23.0638 5608 amdxata - ok
11:30:23.0669 5608 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:30:23.0700 5608 AppID - ok
11:30:23.0747 5608 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:30:23.0747 5608 AppIDSvc - ok
11:30:23.0778 5608 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
11:30:23.0778 5608 Appinfo - ok
11:30:23.0809 5608 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
11:30:23.0825 5608 AppMgmt - ok
11:30:23.0856 5608 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:30:23.0856 5608 arc - ok
11:30:23.0872 5608 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:30:23.0872 5608 arcsas - ok
11:30:23.0887 5608 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:30:23.0887 5608 AsyncMac - ok
11:30:23.0919 5608 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:30:23.0919 5608 atapi - ok
11:30:23.0965 5608 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:30:23.0981 5608 AudioEndpointBuilder - ok
11:30:23.0981 5608 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:30:23.0981 5608 Audiosrv - ok
11:30:24.0402 5608 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
11:30:24.0496 5608 AVGIDSAgent - ok
11:30:24.0792 5608 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
11:30:24.0792 5608 AVGIDSDriver - ok
11:30:24.0808 5608 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
11:30:24.0808 5608 AVGIDSFilter - ok
11:30:24.0855 5608 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
11:30:24.0855 5608 AVGIDSHX - ok
11:30:24.0886 5608 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
11:30:24.0886 5608 AVGIDSShim - ok
11:30:24.0933 5608 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
11:30:24.0933 5608 Avgldx86 - ok
11:30:24.0948 5608 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
11:30:24.0964 5608 Avgmfx86 - ok
11:30:25.0011 5608 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
11:30:25.0011 5608 Avgrkx86 - ok
11:30:25.0026 5608 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
11:30:25.0042 5608 Avgtdix - ok
11:30:25.0104 5608 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
11:30:25.0104 5608 avgwd - ok
11:30:25.0136 5608 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
11:30:25.0136 5608 AxInstSV - ok
11:30:25.0198 5608 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:30:25.0198 5608 b06bdrv - ok
11:30:25.0245 5608 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:30:25.0245 5608 b57nd60x - ok
11:30:25.0292 5608 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:30:25.0292 5608 BDESVC - ok
11:30:25.0307 5608 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:30:25.0307 5608 Beep - ok
11:30:25.0416 5608 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
11:30:25.0416 5608 BFE - ok
11:30:25.0494 5608 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
11:30:25.0510 5608 BITS - ok
11:30:25.0541 5608 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:30:25.0541 5608 blbdrive - ok
11:30:25.0572 5608 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:30:25.0572 5608 bowser - ok
11:30:25.0604 5608 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:30:25.0604 5608 BrFiltLo - ok
11:30:25.0604 5608 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:30:25.0619 5608 BrFiltUp - ok
11:30:25.0650 5608 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
11:30:25.0650 5608 BridgeMP - ok
11:30:25.0682 5608 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
11:30:25.0682 5608 Browser - ok
11:30:25.0713 5608 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:30:25.0713 5608 Brserid - ok
11:30:25.0728 5608 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:30:25.0728 5608 BrSerWdm - ok
11:30:25.0760 5608 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:30:25.0760 5608 BrUsbMdm - ok
11:30:25.0822 5608 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:30:25.0838 5608 BrUsbSer - ok
11:30:25.0869 5608 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:30:25.0869 5608 BTHMODEM - ok
11:30:25.0900 5608 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:30:25.0900 5608 bthserv - ok
11:30:25.0947 5608 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
11:30:25.0947 5608 BVRPMPR5 - ok
11:30:26.0040 5608 catchme - ok
11:30:26.0072 5608 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:30:26.0072 5608 cdfs - ok
11:30:26.0118 5608 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
11:30:26.0134 5608 cdrom - ok
11:30:26.0165 5608 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:30:26.0165 5608 CertPropSvc - ok
11:30:26.0196 5608 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:30:26.0196 5608 circlass - ok
11:30:26.0352 5608 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:30:26.0352 5608 CLFS - ok
11:30:26.0446 5608 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:30:26.0493 5608 clr_optimization_v2.0.50727_32 - ok
11:30:26.0571 5608 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:30:26.0586 5608 clr_optimization_v4.0.30319_32 - ok
11:30:26.0618 5608 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:30:26.0618 5608 CmBatt - ok
11:30:26.0649 5608 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:30:26.0649 5608 cmdide - ok
11:30:26.0696 5608 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
11:30:26.0711 5608 CNG - ok
11:30:26.0727 5608 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:30:26.0727 5608 Compbatt - ok
11:30:26.0789 5608 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:30:26.0789 5608 CompositeBus - ok
11:30:26.0805 5608 COMSysApp - ok
11:30:26.0820 5608 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:30:26.0820 5608 crcdisk - ok
11:30:26.0867 5608 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
11:30:26.0867 5608 CryptSvc - ok
11:30:26.0914 5608 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:30:26.0914 5608 CSC - ok
11:30:26.0961 5608 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
11:30:26.0961 5608 CscService - ok
11:30:27.0008 5608 ctxusbm (4e08a98dba0b1249c2eb4b191978a9a4) C:\Windows\system32\DRIVERS\ctxusbm.sys
11:30:27.0008 5608 ctxusbm - ok
11:30:27.0054 5608 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:30:27.0054 5608 DcomLaunch - ok
11:30:27.0086 5608 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:30:27.0086 5608 defragsvc - ok
11:30:27.0132 5608 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:30:27.0132 5608 DfsC - ok
11:30:27.0195 5608 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
11:30:27.0210 5608 Dhcp - ok
11:30:27.0226 5608 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:30:27.0226 5608 discache - ok
11:30:27.0257 5608 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:30:27.0257 5608 Disk - ok
11:30:27.0288 5608 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
11:30:27.0288 5608 Dnscache - ok
11:30:27.0320 5608 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
11:30:27.0335 5608 dot3svc - ok
11:30:27.0366 5608 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
11:30:27.0366 5608 DPS - ok
11:30:27.0382 5608 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:30:27.0398 5608 drmkaud - ok
11:30:27.0460 5608 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:30:27.0460 5608 DXGKrnl - ok
11:30:27.0507 5608 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:30:27.0522 5608 EapHost - ok
11:30:27.0756 5608 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:30:27.0788 5608 ebdrv - ok
11:30:27.0881 5608 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
11:30:27.0881 5608 EFS - ok
11:30:27.0944 5608 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
11:30:27.0944 5608 ehRecvr - ok
11:30:27.0975 5608 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
11:30:27.0975 5608 ehSched - ok
11:30:28.0053 5608 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:30:28.0053 5608 elxstor - ok
11:30:28.0084 5608 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:30:28.0084 5608 ErrDev - ok
11:30:28.0131 5608 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:30:28.0131 5608 EventSystem - ok
11:30:28.0146 5608 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:30:28.0162 5608 exfat - ok
11:30:28.0178 5608 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:30:28.0178 5608 fastfat - ok
11:30:28.0224 5608 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
11:30:28.0240 5608 Fax - ok
11:30:28.0318 5608 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:30:28.0318 5608 fdc - ok
11:30:28.0334 5608 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:30:28.0334 5608 fdPHost - ok
11:30:28.0365 5608 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:30:28.0365 5608 FDResPub - ok
11:30:28.0380 5608 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:30:28.0396 5608 FileInfo - ok
11:30:28.0412 5608 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:30:28.0412 5608 Filetrace - ok
11:30:28.0427 5608 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:30:28.0427 5608 flpydisk - ok
11:30:28.0458 5608 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:30:28.0458 5608 FltMgr - ok
11:30:28.0536 5608 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
11:30:28.0536 5608 FontCache - ok
11:30:28.0614 5608 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:30:28.0614 5608 FontCache3.0.0.0 - ok
11:30:28.0646 5608 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:30:28.0646 5608 FsDepends - ok
11:30:28.0677 5608 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
11:30:28.0677 5608 Fs_Rec - ok
11:30:28.0724 5608 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:30:28.0724 5608 fvevol - ok
11:30:28.0770 5608 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:30:28.0770 5608 gagp30kx - ok
11:30:28.0817 5608 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
11:30:28.0817 5608 gpsvc - ok
11:30:28.0833 5608 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:30:28.0833 5608 hcw85cir - ok
11:30:28.0895 5608 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
11:30:28.0895 5608 HdAudAddService - ok
11:30:28.0958 5608 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:30:28.0958 5608 HDAudBus - ok
11:30:28.0973 5608 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:30:28.0973 5608 HidBatt - ok
11:30:29.0004 5608 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:30:29.0004 5608 HidBth - ok
11:30:29.0145 5608 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:30:29.0145 5608 HidIr - ok
11:30:29.0176 5608 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
11:30:29.0192 5608 hidserv - ok
11:30:29.0238 5608 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
11:30:29.0238 5608 HidUsb - ok
11:30:29.0285 5608 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
11:30:29.0285 5608 hkmsvc - ok
11:30:29.0316 5608 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
11:30:29.0332 5608 HomeGroupListener - ok
11:30:29.0363 5608 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
11:30:29.0363 5608 HomeGroupProvider - ok
11:30:29.0426 5608 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:30:29.0426 5608 HpSAMD - ok
11:30:29.0488 5608 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:30:29.0488 5608 HTTP - ok
11:30:29.0519 5608 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:30:29.0519 5608 hwpolicy - ok
11:30:29.0566 5608 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:30:29.0566 5608 i8042prt - ok
11:30:29.0628 5608 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:30:29.0628 5608 iaStorV - ok
11:30:29.0738 5608 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:30:29.0800 5608 idsvc - ok
11:30:30.0206 5608 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:30:30.0346 5608 igfx - ok
11:30:30.0471 5608 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:30:30.0471 5608 iirsp - ok
11:30:30.0549 5608 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
11:30:30.0549 5608 IKEEXT - ok
11:30:30.0580 5608 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:30:30.0580 5608 intelide - ok
11:30:30.0611 5608 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:30:30.0611 5608 intelppm - ok
11:30:30.0642 5608 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:30:30.0642 5608 IPBusEnum - ok
11:30:30.0658 5608 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:30:30.0658 5608 IpFilterDriver - ok
11:30:30.0720 5608 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
11:30:30.0720 5608 iphlpsvc - ok
11:30:30.0752 5608 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:30:30.0752 5608 IPMIDRV - ok
11:30:30.0783 5608 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:30:30.0783 5608 IPNAT - ok
11:30:30.0814 5608 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:30:30.0814 5608 IRENUM - ok
11:30:30.0845 5608 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:30:30.0845 5608 isapnp - ok
11:30:30.0892 5608 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:30:30.0892 5608 iScsiPrt - ok
11:30:30.0939 5608 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:30:30.0954 5608 kbdclass - ok
11:30:30.0986 5608 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
11:30:30.0986 5608 kbdhid - ok
11:30:31.0017 5608 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:30:31.0017 5608 KeyIso - ok
11:30:31.0048 5608 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
11:30:31.0048 5608 KSecDD - ok
11:30:31.0064 5608 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
11:30:31.0064 5608 KSecPkg - ok
11:30:31.0095 5608 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:30:31.0173 5608 KtmRm - ok
11:30:31.0235 5608 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
11:30:31.0251 5608 LanmanServer - ok
11:30:31.0282 5608 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
11:30:31.0282 5608 LanmanWorkstation - ok
11:30:31.0344 5608 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:30:31.0344 5608 lltdio - ok
11:30:31.0376 5608 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:30:31.0454 5608 lltdsvc - ok
11:30:31.0469 5608 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:30:31.0469 5608 lmhosts - ok
11:30:31.0516 5608 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:30:31.0516 5608 LSI_FC - ok
11:30:31.0532 5608 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:30:31.0532 5608 LSI_SAS - ok
11:30:31.0563 5608 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:30:31.0563 5608 LSI_SAS2 - ok
11:30:31.0578 5608 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:30:31.0578 5608 LSI_SCSI - ok
11:30:31.0594 5608 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:30:31.0594 5608 luafv - ok
11:30:31.0672 5608 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
11:30:31.0688 5608 McciCMService - ok
11:30:31.0719 5608 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
11:30:31.0797 5608 Mcx2Svc - ok
11:30:31.0828 5608 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:30:31.0844 5608 megasas - ok
11:30:31.0890 5608 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:30:31.0890 5608 MegaSR - ok
11:30:31.0953 5608 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:30:31.0968 5608 MMCSS - ok
11:30:32.0000 5608 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:30:32.0000 5608 Modem - ok
11:30:32.0031 5608 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:30:32.0031 5608 monitor - ok
11:30:32.0078 5608 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:30:32.0078 5608 mouclass - ok
11:30:32.0109 5608 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:30:32.0109 5608 mouhid - ok
11:30:32.0171 5608 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:30:32.0171 5608 mountmgr - ok
11:30:32.0218 5608 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:30:32.0218 5608 MozillaMaintenance - ok
11:30:32.0312 5608 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:30:32.0312 5608 mpio - ok
11:30:32.0343 5608 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:30:32.0343 5608 mpsdrv - ok
11:30:32.0405 5608 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
11:30:32.0405 5608 MpsSvc - ok
11:30:32.0483 5608 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
11:30:32.0483 5608 MREMP50 - ok
11:30:32.0483 5608 MREMPR5 - ok
11:30:32.0499 5608 MRENDIS5 - ok
11:30:32.0530 5608 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
11:30:32.0530 5608 MRESP50 - ok
11:30:32.0577 5608 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:30:32.0577 5608 MRxDAV - ok
11:30:32.0639 5608 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:30:32.0639 5608 mrxsmb - ok
11:30:32.0982 5608 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:30:32.0982 5608 mrxsmb10 - ok
11:30:32.0998 5608 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:30:32.0998 5608 mrxsmb20 - ok
11:30:33.0029 5608 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:30:33.0029 5608 msahci - ok
11:30:33.0060 5608 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:30:33.0060 5608 msdsm - ok
11:30:33.0092 5608 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:30:33.0123 5608 MSDTC - ok
11:30:33.0170 5608 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:30:33.0170 5608 Msfs - ok
11:30:33.0170 5608 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:30:33.0170 5608 mshidkmdf - ok
11:30:33.0185 5608 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:30:33.0185 5608 msisadrv - ok
11:30:33.0232 5608 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:30:33.0248 5608 MSiSCSI - ok
11:30:33.0263 5608 msiserver - ok
11:30:33.0279 5608 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:30:33.0294 5608 MSKSSRV - ok
11:30:33.0294 5608 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:30:33.0294 5608 MSPCLOCK - ok
11:30:33.0310 5608 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:30:33.0326 5608 MSPQM - ok
11:30:33.0341 5608 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:30:33.0341 5608 MsRPC - ok
11:30:33.0372 5608 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:30:33.0372 5608 mssmbios - ok
11:30:33.0388 5608 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:30:33.0388 5608 MSTEE - ok
11:30:33.0404 5608 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:30:33.0404 5608 MTConfig - ok
11:30:33.0419 5608 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:30:33.0419 5608 Mup - ok
11:30:33.0466 5608 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
11:30:33.0466 5608 napagent - ok
11:30:33.0513 5608 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:30:33.0528 5608 NativeWifiP - ok
11:30:33.0575 5608 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:30:33.0575 5608 NDIS - ok
11:30:33.0606 5608 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:30:33.0606 5608 NdisCap - ok
11:30:33.0747 5608 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:30:33.0747 5608 NdisTapi - ok
11:30:33.0762 5608 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:30:33.0762 5608 Ndisuio - ok
11:30:33.0809 5608 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:30:33.0809 5608 NdisWan - ok
11:30:33.0840 5608 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:30:33.0840 5608 NDProxy - ok
11:30:33.0856 5608 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:30:33.0856 5608 NetBIOS - ok
11:30:33.0903 5608 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:30:33.0918 5608 NetBT - ok
11:30:33.0965 5608 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:30:33.0965 5608 Netlogon - ok
11:30:34.0012 5608 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:30:34.0012 5608 Netman - ok
11:30:34.0043 5608 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:30:34.0043 5608 netprofm - ok
11:30:34.0121 5608 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:30:34.0184 5608 NetTcpPortSharing - ok
11:30:34.0215 5608 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:30:34.0215 5608 nfrd960 - ok
11:30:34.0355 5608 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
11:30:34.0355 5608 NlaSvc - ok
11:30:34.0371 5608 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:30:34.0371 5608 Npfs - ok
11:30:34.0402 5608 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:30:34.0402 5608 nsi - ok
11:30:34.0433 5608 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:30:34.0433 5608 nsiproxy - ok
11:30:34.0542 5608 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:30:34.0558 5608 Ntfs - ok
11:30:34.0574 5608 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:30:34.0574 5608 Null - ok
11:30:34.0620 5608 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:30:34.0620 5608 nvraid - ok
11:30:34.0652 5608 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:30:34.0652 5608 nvstor - ok
11:30:34.0667 5608 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:30:34.0667 5608 nv_agp - ok
11:30:34.0698 5608 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:30:34.0698 5608 ohci1394 - ok
11:30:34.0761 5608 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:30:34.0761 5608 ose - ok
11:30:34.0995 5608 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:30:35.0088 5608 osppsvc - ok
11:30:35.0229 5608 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:30:35.0244 5608 p2pimsvc - ok
11:30:35.0276 5608 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:30:35.0276 5608 p2psvc - ok
11:30:35.0322 5608 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:30:35.0322 5608 Parport - ok
11:30:35.0369 5608 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
11:30:35.0369 5608 partmgr - ok
11:30:35.0385 5608 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:30:35.0385 5608 Parvdm - ok
11:30:35.0400 5608 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:30:35.0416 5608 PcaSvc - ok
11:30:35.0447 5608 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:30:35.0447 5608 pci - ok
11:30:35.0463 5608 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:30:35.0463 5608 pciide - ok
11:30:35.0478 5608 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:30:35.0478 5608 pcmcia - ok
11:30:35.0494 5608 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:30:35.0494 5608 pcw - ok
11:30:35.0588 5608 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:30:35.0603 5608 PEAUTH - ok
11:30:35.0666 5608 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
11:30:35.0681 5608 PeerDistSvc - ok
11:30:35.0775 5608 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
11:30:35.0790 5608 pla - ok
11:30:35.0884 5608 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
11:30:35.0900 5608 PlugPlay - ok
11:30:35.0946 5608 Pml Driver HPZ12 (379f7a0ec9fbe07629fd3f244d3e3e44) C:\Windows\system32\HPZipm12.dll
11:30:35.0946 5608 Pml Driver HPZ12 - ok
11:30:35.0962 5608 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:30:35.0962 5608 PNRPAutoReg - ok
11:30:35.0993 5608 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:30:35.0993 5608 PNRPsvc - ok
11:30:36.0024 5608 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
11:30:36.0040 5608 PolicyAgent - ok
11:30:36.0087 5608 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
11:30:36.0087 5608 Power - ok
11:30:36.0134 5608 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:30:36.0134 5608 PptpMiniport - ok
11:30:36.0212 5608 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:30:36.0212 5608 Processor - ok
11:30:36.0274 5608 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
11:30:36.0274 5608 ProfSvc - ok
11:30:36.0305 5608 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:30:36.0305 5608 ProtectedStorage - ok
11:30:36.0321 5608 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:30:36.0321 5608 Psched - ok
11:30:36.0430 5608 QBCFMonitorService (27e26a7dbc17860630ce5065019c348f) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
11:30:36.0430 5608 QBCFMonitorService - ok
11:30:36.0461 5608 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
11:30:37.0054 5608 QBFCService - ok
11:30:37.0163 5608 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
11:30:37.0179 5608 QBVSS - ok
11:30:37.0350 5608 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:30:37.0366 5608 ql2300 - ok
11:30:37.0475 5608 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:30:37.0475 5608 ql40xx - ok
11:30:37.0538 5608 QuickBooksDB21 - ok
11:30:37.0569 5608 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:30:37.0569 5608 QWAVE - ok
11:30:37.0584 5608 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:30:37.0584 5608 QWAVEdrv - ok
11:30:37.0616 5608 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:30:37.0616 5608 RasAcd - ok
11:30:37.0647 5608 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:30:37.0647 5608 RasAgileVpn - ok
11:30:37.0662 5608 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:30:37.0662 5608 RasAuto - ok
11:30:37.0694 5608 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:30:37.0694 5608 Rasl2tp - ok
11:30:37.0740 5608 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
11:30:37.0740 5608 RasMan - ok
11:30:37.0756 5608 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:30:37.0756 5608 RasPppoe - ok
11:30:37.0787 5608 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:30:37.0787 5608 RasSstp - ok
11:30:37.0818 5608 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:30:37.0834 5608 rdbss - ok
11:30:37.0834 5608 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:30:37.0834 5608 rdpbus - ok
11:30:37.0865 5608 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:30:37.0865 5608 RDPCDD - ok
11:30:37.0896 5608 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:30:37.0896 5608 RDPDR - ok
11:30:37.0928 5608 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:30:37.0928 5608 RDPENCDD - ok
11:30:37.0928 5608 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:30:37.0928 5608 RDPREFMP - ok
11:30:38.0021 5608 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
11:30:38.0021 5608 RdpVideoMiniport - ok
11:30:38.0052 5608 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
11:30:38.0052 5608 RDPWD - ok
11:30:38.0099 5608 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:30:38.0099 5608 rdyboost - ok
11:30:38.0130 5608 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:30:38.0146 5608 RemoteAccess - ok
11:30:38.0177 5608 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:30:38.0177 5608 RemoteRegistry - ok
11:30:38.0193 5608 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:30:38.0193 5608 RpcEptMapper - ok
11:30:38.0193 5608 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:30:38.0193 5608 RpcLocator - ok
11:30:38.0255 5608 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:30:38.0255 5608 RpcSs - ok
11:30:38.0318 5608 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:30:38.0318 5608 rspndr - ok
11:30:38.0380 5608 RTL8187B (8e7d6dbba555c5d5a02decc79fe9c638) C:\Windows\system32\DRIVERS\rtl8187B.sys
11:30:38.0380 5608 RTL8187B - ok
11:30:38.0396 5608 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:30:38.0396 5608 s3cap - ok
11:30:38.0489 5608 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:30:38.0489 5608 SamSs - ok
11:30:38.0536 5608 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:30:38.0536 5608 sbp2port - ok
11:30:38.0630 5608 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
11:30:38.0645 5608 SBSDWSCService - ok
11:30:38.0676 5608 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:30:38.0692 5608 SCardSvr - ok
11:30:38.0739 5608 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:30:38.0739 5608 scfilter - ok
11:30:38.0801 5608 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
11:30:38.0801 5608 Schedule - ok
11:30:38.0832 5608 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:30:38.0832 5608 SCPolicySvc - ok
11:30:38.0864 5608 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
11:30:38.0864 5608 SDRSVC - ok
11:30:38.0895 5608 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:30:38.0895 5608 secdrv - ok
11:30:38.0926 5608 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:30:38.0926 5608 seclogon - ok
11:30:38.0942 5608 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
11:30:38.0942 5608 SENS - ok
11:30:38.0973 5608 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
11:30:38.0973 5608 SensrSvc - ok
11:30:39.0035 5608 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:30:39.0035 5608 Serenum - ok
11:30:39.0051 5608 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:30:39.0051 5608 Serial - ok
11:30:39.0082 5608 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:30:39.0082 5608 sermouse - ok
11:30:39.0129 5608 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
11:30:39.0129 5608 SessionEnv - ok
11:30:39.0160 5608 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:30:39.0160 5608 sffdisk - ok
11:30:39.0176 5608 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:30:39.0176 5608 sffp_mmc - ok
11:30:39.0191 5608 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:30:39.0191 5608 sffp_sd - ok
11:30:39.0207 5608 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:30:39.0207 5608 sfloppy - ok
11:30:39.0254 5608 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:30:39.0254 5608 SharedAccess - ok
11:30:39.0300 5608 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
11:30:39.0300 5608 ShellHWDetection - ok
11:30:39.0363 5608 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:30:39.0363 5608 sisagp - ok
11:30:39.0378 5608 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:30:39.0394 5608 SiSRaid2 - ok
11:30:39.0394 5608 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:30:39.0394 5608 SiSRaid4 - ok
11:30:39.0425 5608 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:30:39.0425 5608 Smb - ok
11:30:39.0456 5608 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:30:39.0472 5608 SNMPTRAP - ok
11:30:39.0472 5608 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:30:39.0472 5608 spldr - ok
11:30:39.0534 5608 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
11:30:39.0534 5608 Spooler - ok
11:30:39.0706 5608 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
11:30:39.0737 5608 sppsvc - ok
11:30:39.0831 5608 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
11:30:39.0831 5608 sppuinotify - ok
11:30:39.0878 5608 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:30:39.0878 5608 srv - ok
11:30:39.0909 5608 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:30:39.0909 5608 srv2 - ok
11:30:39.0924 5608 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:30:39.0924 5608 srvnet - ok
11:30:39.0956 5608 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:30:39.0971 5608 SSDPSRV - ok
11:30:39.0987 5608 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:30:39.0987 5608 SstpSvc - ok
11:30:40.0002 5608 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:30:40.0018 5608 stexstor - ok
11:30:40.0065 5608 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
11:30:40.0065 5608 StiSvc - ok
11:30:40.0096 5608 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:30:40.0096 5608 storflt - ok
11:30:40.0112 5608 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:30:40.0127 5608 storvsc - ok
11:30:40.0143 5608 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:30:40.0143 5608 swenum - ok
11:30:40.0174 5608 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:30:40.0190 5608 swprv - ok
11:30:40.0190 5608 Synth3dVsc - ok
11:30:40.0314 5608 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
11:30:40.0330 5608 SysMain - ok
11:30:40.0361 5608 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
11:30:40.0361 5608 TabletInputService - ok
11:30:40.0408 5608 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
11:30:40.0408 5608 TapiSrv - ok
11:30:40.0424 5608 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:30:40.0439 5608 TBS - ok
11:30:40.0533 5608 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
11:30:40.0548 5608 Tcpip - ok
11:30:40.0564 5608 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
11:30:40.0580 5608 TCPIP6 - ok
11:30:40.0595 5608 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:30:40.0595 5608 tcpipreg - ok
11:30:40.0611 5608 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:30:40.0626 5608 TDPIPE - ok
11:30:40.0658 5608 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
11:30:40.0658 5608 TDTCP - ok
11:30:40.0689 5608 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:30:40.0689 5608 tdx - ok
11:30:40.0720 5608 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:30:40.0720 5608 TermDD - ok
11:30:40.0767 5608 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
11:30:40.0767 5608 TermService - ok
11:30:40.0798 5608 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:30:40.0798 5608 Themes - ok
11:30:40.0829 5608 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:30:40.0829 5608 THREADORDER - ok
11:30:40.0860 5608 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:30:40.0860 5608 TrkWks - ok
11:30:40.0907 5608 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
11:30:40.0907 5608 TrustedInstaller - ok
11:30:40.0954 5608 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:30:40.0954 5608 tssecsrv - ok
11:30:41.0001 5608 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:30:41.0001 5608 TsUsbFlt - ok
11:30:41.0001 5608 tsusbhub - ok
11:30:41.0063 5608 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:30:41.0079 5608 tunnel - ok
11:30:41.0094 5608 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:30:41.0094 5608 uagp35 - ok
11:30:41.0141 5608 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:30:41.0141 5608 udfs - ok
11:30:41.0172 5608 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:30:41.0188 5608 UI0Detect - ok
11:30:41.0204 5608 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:30:41.0204 5608 uliagpkx - ok
11:30:41.0235 5608 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
11:30:41.0235 5608 umbus - ok
11:30:41.0250 5608 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:30:41.0250 5608 UmPass - ok
11:30:41.0297 5608 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
11:30:41.0297 5608 UmRdpService - ok
11:30:41.0328 5608 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:30:41.0328 5608 upnphost - ok
11:30:41.0344 5608 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:30:41.0344 5608 usbccgp - ok
11:30:41.0391 5608 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:30:41.0391 5608 usbcir - ok
11:30:41.0406 5608 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:30:41.0406 5608 usbehci - ok
11:30:41.0438 5608 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:30:41.0453 5608 usbhub - ok
11:30:41.0500 5608 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
11:30:41.0500 5608 usbohci - ok
11:30:41.0531 5608 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:30:41.0531 5608 usbprint - ok
11:30:41.0547 5608 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:30:41.0547 5608 USBSTOR - ok
11:30:41.0562 5608 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:30:41.0562 5608 usbuhci - ok
11:30:41.0578 5608 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:30:41.0594 5608 UxSms - ok
11:30:41.0609 5608 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:30:41.0609 5608 VaultSvc - ok
11:30:41.0656 5608 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:30:41.0656 5608 vdrvroot - ok
11:30:41.0703 5608 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
11:30:41.0718 5608 vds - ok
11:30:41.0750 5608 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:30:41.0750 5608 vga - ok
11:30:41.0765 5608 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:30:41.0765 5608 VgaSave - ok
11:30:41.0765 5608 VGPU - ok
11:30:41.0812 5608 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:30:41.0812 5608 vhdmp - ok
11:30:41.0843 5608 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:30:41.0843 5608 viaagp - ok
11:30:41.0859 5608 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:30:41.0859 5608 ViaC7 - ok
11:30:41.0874 5608 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:30:41.0874 5608 viaide - ok
11:30:41.0890 5608 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:30:41.0906 5608 vmbus - ok
11:30:41.0921 5608 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:30:41.0921 5608 VMBusHID - ok
11:30:41.0937 5608 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:30:41.0937 5608 volmgr - ok
11:30:41.0968 5608 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:30:41.0968 5608 volmgrx - ok
11:30:41.0984 5608 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:30:41.0999 5608 volsnap - ok
11:30:42.0030 5608 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:30:42.0030 5608 vsmraid - ok
11:30:42.0108 5608 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
11:30:42.0124 5608 VSS - ok
11:30:42.0124 5608 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
11:30:42.0124 5608 vwifibus - ok
11:30:42.0140 5608 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
11:30:42.0155 5608 vwififlt - ok
11:30:42.0186 5608 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
11:30:42.0186 5608 vwifimp - ok
11:30:42.0218 5608 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:30:42.0218 5608 W32Time - ok
11:30:42.0233 5608 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:30:42.0249 5608 WacomPen - ok
11:30:42.0311 5608 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:30:42.0311 5608 WANARP - ok
11:30:42.0311 5608 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:30:42.0327 5608 Wanarpv6 - ok
11:30:42.0420 5608 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
11:30:43.0559 5608 WatAdminSvc - ok
11:30:43.0637 5608 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
11:30:43.0637 5608 wbengine - ok
11:30:43.0668 5608 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:30:43.0684 5608 WbioSrvc - ok
11:30:43.0746 5608 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
11:30:43.0746 5608 wcncsvc - ok
11:30:43.0762 5608 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:30:43.0762 5608 WcsPlugInService - ok
11:30:43.0793 5608 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:30:43.0793 5608 Wd - ok
11:30:43.0824 5608 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:30:43.0824 5608 Wdf01000 - ok
11:30:43.0840 5608 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:30:43.0840 5608 WdiServiceHost - ok
11:30:43.0840 5608 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:30:43.0840 5608 WdiSystemHost - ok
11:30:43.0887 5608 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
11:30:43.0887 5608 WebClient - ok
11:30:43.0918 5608 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:30:43.0918 5608 Wecsvc - ok
11:30:43.0949 5608 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:30:43.0949 5608 wercplsupport - ok
11:30:43.0965 5608 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:30:43.0965 5608 WerSvc - ok
11:30:43.0980 5608 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:30:43.0996 5608 WfpLwf - ok
11:30:43.0996 5608 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:30:44.0012 5608 WIMMount - ok
11:30:44.0090 5608 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
11:30:44.0136 5608 WinDefend - ok
11:30:44.0136 5608 WinHttpAutoProxySvc - ok
11:30:44.0199 5608 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:30:44.0199 5608 Winmgmt - ok
11:30:44.0277 5608 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
11:30:44.0292 5608 WinRM - ok
11:30:44.0339 5608 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:30:44.0355 5608 Wlansvc - ok
11:30:44.0402 5608 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:30:44.0402 5608 WmiAcpi - ok
11:30:44.0480 5608 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:30:44.0480 5608 wmiApSrv - ok
11:30:44.0589 5608 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:30:44.0589 5608 WMPNetworkSvc - ok
11:30:44.0620 5608 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:30:44.0636 5608 WPCSvc - ok
11:30:44.0667 5608 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
11:30:44.0667 5608 WPDBusEnum - ok
11:30:44.0714 5608 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:30:44.0714 5608 ws2ifsl - ok
11:30:44.0760 5608 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
11:30:44.0760 5608 wscsvc - ok
11:30:44.0760 5608 WSearch - ok
11:30:44.0870 5608 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
11:30:44.0885 5608 wuauserv - ok
11:30:44.0994 5608 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:30:44.0994 5608 WudfPf - ok
11:30:45.0072 5608 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:30:45.0072 5608 WUDFRd - ok
11:30:45.0119 5608 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
11:30:45.0119 5608 wudfsvc - ok
11:30:45.0135 5608 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:30:45.0150 5608 WwanSvc - ok
11:30:45.0182 5608 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
11:30:45.0197 5608 yukonw7 - ok
11:30:45.0228 5608 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:30:45.0260 5608 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:30:45.0260 5608 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:30:45.0275 5608 Boot (0x1200) (74f47d746e7413fadac870d20f9816b5) \Device\Harddisk0\DR0\Partition0
11:30:45.0291 5608 \Device\Harddisk0\DR0\Partition0 - ok
11:30:45.0291 5608 ============================================================
11:30:45.0291 5608 Scan finished
11:30:45.0291 5608 ============================================================
11:30:45.0306 2988 Detected object count: 1
11:30:45.0306 2988 Actual detected object count: 1
11:31:00.0329 2988 \Device\Harddisk0\DR0\# - copied to quarantine
11:31:00.0329 2988 \Device\Harddisk0\DR0 - copied to quarantine
11:31:00.0345 2988 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:31:00.0360 2988 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:31:00.0376 2988 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:31:00.0376 2988 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:31:00.0376 2988 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:31:00.0407 2988 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:31:00.0407 2988 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:31:00.0407 2988 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:31:00.0423 2988 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:31:00.0423 2988 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:31:00.0423 2988 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:31:00.0423 2988 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:31:00.0423 2988 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:31:00.0423 2988 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:31:00.0438 2988 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:31:00.0470 2988 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:31:00.0470 2988 \Device\Harddisk0\DR0 - ok
11:31:00.0563 2988 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:31:06.0632 5784 Deinitialize success

Attached Files



#12 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:34 PM

Posted 30 July 2012 - 04:52 PM

Hi,

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

Most importantly, in your next post please let me know how things are running
Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#13 Karaipantsu

Karaipantsu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 31 July 2012 - 11:16 AM

I haven't noticed any of the audio distortions or redirect behavior since running TDSS. I've been monitoring my internet traffic, and nothing unusual has been seen, i.e. no traffic when I'm not actively browsing.

#14 Karaipantsu

Karaipantsu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 31 July 2012 - 11:23 AM

Would you like a new set of normal/safemode logs now that the behavior is gone?

#15 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:34 PM

Posted 31 July 2012 - 04:36 PM

Yes please
Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users