Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ongoing consequences of a thumb drive infection


  • This topic is locked This topic is locked
43 replies to this topic

#1 rwilles

rwilles

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 07 August 2012 - 02:39 PM

First, thanks for the brainpower that is on display in you helping folks to fix their computers. I have tried to follow some of the posts to determine what is going wrong with my system. Mine seems complicated. I would just format and start over but my system files are on the same hard drive that seems infected. Need a clean install if it can't be fixed.

Symptoms: After a thumbdrive infection this spring I've tried to moderate the ghosts that seem to have taken over my system. The system will continue to blip the internet connection and awaken itself even if I manually put it to sleep. The only files that are identified as infected are user cache files. Sometimes a run of both Comodo system cleaner and CCleaner will get the system to 'relax' but not always. Two times I have gotten to a system lockdown that has required a previous system restore. It restores my system and connection but continues to blip the internet through my modem router.

This is a desk top system that has a connection through century link (formerly qwest) with a netgear dgnd 3300 modem router. The first "canary in the mine shaft" was when the wireless network was randomly renamed and my individual passwords were reset (have never left the defaults on the modem router). Since that time my network sharing center has renamed my connection "network 3" (I have reset a new router accnt name and password). I power off the router every night. It's happened one time since, A system reboot returned the router to the proper names. There has been a new password protected user listed on the system restore screens.

Second Canary:If i don't boot up the Magic Jack it will get infected later in the day. I've run Panda's usb disinfection program with only instant results. If i boot the MJ to the point of showing the phone number on the desktop interface the MJ has no further problems. The thumb drive I was using could not be removed even after formatting as "files were in use". The thumb-drive is gone now.

Super-anti-spyware seemed to be the program that would get rid of the 'bliping' but that stopped working the first of July. I replaced Avast free with AVG 2012 and it only stopped the bliping for a week. The control panel shows everything working but a scan has dozens of password protected files. It will alert these same user files as SAS for me to delete but an hour later they are back. When i reset the router there are 2 gateways allowed first network, then network 3 through the AVG firewall.

Third Canary: Scan for DNS problems showed 2 boot areas. Used windows restore function to fix but no difference. Have used windows fix 50906 to disable the gadgets. Just like defogger is gone, gadgets are back without any changes from me over the period of a day with the computer on and connected.

4th Canary: windows remote control used for media files, will be disabled if computer is left on overnight and a reboot will be necessary to restore use

5th canary: Google advertisement links wont complete but regular links will. Minitoolbox scan shows 4x as long to ping google as yahoo. ping to bleepingconputer comes back unavailable(are they afraid of you guys?)!? Last night defogger was removed from my computer (i'm the only user)and all that's left is the defogger_disable and _enable logs.

6th Hp printer scanner shows a disabled print head with new cartridges. No printer system resets will restore.

7th i have 2 installed programs that show in mini tools that i can't find in windows or ccleaner to uninstall. Advertising center, vers 0.0.0.1, and Neroxml 1.0.0.0

dds does not produce a log file. I get a ms dos window with # signs progressing, it says it can't read a file, "sed.temp", shows about 60 # signs and dies. There is no doc file created on the desktop. When I try to run a GMER log the first 8 blocks on the root kit scan are grayed out. Do you still want a partial GMER scan? Eset online scanner with all options enabled will just stall out about 30K file into a scan.

Here are the scans I have been able to run.

Avg scan log=
AVG 2012 Anti-Virus command line scanner
Copyright © 1992 - 2012 AVG Technologies
Program version 2012.0.2195, engine 2012.0.2437
Virus Database: Version 2437/5126 2012-07-11

C:\Documents and Settings\ Locked file. Not tested.
C:\hiberfil.sys Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\021dc2a26136afedcce1d010f38a0a6d_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\024d72cf5487ac982c8f20d25c3ee645_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07e4a2bd3fe5940333761a4fed5cf05c_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08a1116461d5e87e2f5c028c1986c846_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0a5505d700083ed3bf9f956a2a7bba85_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0c3a328e0686f9430fed01f58c8611d5_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0ec4017ab4cdf79ded9927b74337afb9_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0ec9a511f9a2231654659015e3396789_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12a5a293713c19af965be23dd1b7fde7_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\182a70737d363e57739b7b7dd32c000e_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\18c03296863356f55f61440bc8b8ae32_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1d472341b4e4d3945964417af23c0ade_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1ecdd06c5593b637dcd073169259b77a_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\26785bfa2dbbf26df5adf89de79f36d1_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\26896d6af2b0cd43c640b29f71ef5a9e_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a2e0596cea9e185746aca6cd23d5888_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a4596d61954f4fb6fdcbf3587d87fd1_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2b5f5fdfb9492f619d5725761ce80b25_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2bac4c59f5e63c9e56444ee6301b53f6_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2c383b05668d55b783bb6888ded0cb14_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2cc0183e51db8337335d15e9b13de9ad_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2f141ef5fd96b743b2f054b675e6bf4c_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2f78eba14254dcc315a48d2526242dee_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3082cdf2cb07ab7aa7c6e39fac1c237a_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\310edd4b00954b73f1de8f7e59e74032_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\32714ad5bcd577e29df7d16c2030c1b6_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\32bdb395c39115af9089092541942812_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\32d7e9fb7e672ccec818aa729edba861_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\32f180bbec14500c4c61cb565380c2f6_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3502757cbb42da9b23446578673a498a_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\367cef69907c083bceb4373390975772_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\36beb5312858c20e39290992861dfff0_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3b4d3d4fe31cf64770ad91acb4eee308_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3dff869184d9429c777e90f89ce2b5e2_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3fb5593c857711e610362912b1255108_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\406a53c2cf900576849c06eb7f1de739_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4135a26f872c75588d8fa1a00fd8a2a6_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\48d4e121773d34f4e4af252aecae5e2c_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4ad2cd29a92c93c7ca2bf69c5653c78e_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4c7b2b6371d738a70c4265f3d10258aa_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\53fd934bba952707a22a516715d959e8_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\54fa76a6fbf761dc0af107ebb538caef_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\554e35e50508226155613828ba1b7c76_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\572d363a1d20b9ab8a8d837a422870ae_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\59f6689d9ea7e82600f59646b950833c_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5da1e62c8411bcb925db5256fbd5f15b_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\637b5f3c2c64662dacc7a1bf4784f006_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\63e2d59901267b3b2b761d64a33be2c1_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\673677c3c38c3e6dd61cec10784db3d8_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\67967d7e7ecc95e1a468cf62187ebb6d_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\681971a8428b5481360be4d1a254b177_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\684b7e8acb9e77a06eddec06765a6eb2_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b570c9268661f10fdde1d2769fe8de7_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b65d435a4b3e568f556f4e3a1730391_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6cb2781958b14be51255a6fb3c5bab9c_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\723e91dc25ef7bfdf97e4c933f781b73_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\74578b7e7e5d87d6c9033010164b1ca5_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\78c3fa88bd502bcaa502388357d0e10e_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7e431c30564c4fb973d9d8513b5ca772_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\808671556b94a1ab095bec81ac1057aa_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\81a12a27ec734045e58aa94c59630f96_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8243bf0260bf777a87a964a4879d65ee_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\82f77baa8005d18d421214d2fd05a274_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8859425c22cd3b99a486ba0b5b5a22e5_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\89b18a0a4fbafceefa942a8c83a43cce_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8e23425cbaa77dc48b26d3e4f5f6a53e_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8e4af198a33171834ae56755979fb412_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\921985b78548659d5c41bcee3b55409c_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\927053e582b6618fe78bbe8ecdeecd54_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\93c0545fb17a86753efc9aa338eb96a1_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\94ebb2a447e4ba7bc1c10b6252facc32_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\964b69f1e914584ba7442746226845c9_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\98e909d9a2076fb31d5072596f535d69_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9b6289a5f807c447c8a67ddda49ade9a_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d223a42ae66e39e68899531d0be7809_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a39764d4b20fd69393193e339732820e_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a619cf6fae8cc5aaab6b3146e966e010_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a966430edb55da69cd529fb34365c383_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ac8687e622633e14252864443a750810_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b0307b431de9edbc05e1764a012dbaf2_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b2dcd863fe90ff5de969ee6c55d6d913_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b855898f2679a9a1099e7018320fc710_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\be5e0a5a4b33ec858ac158a2d32f2280_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bfccce50831eb66bbf6cef08ed027e0c_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c044d2597bdc9a30fde84fc05c18dda0_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c090ca3ba55b22fbad2f13c7c4a10969_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c41f6025b12cc7561933af0569a31b12_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7254aaeade59765985794c524ca284c_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7392d0d5b4251f1e005d3316d784d9a_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7f0b1c2368a1cdf1c90f30915e154af_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca94282fed5291407108d53d4b4b60e0_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cbfb77cd18386790f3b49c8eb2d202de_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ceb5694c74f3e0be6672ab7e3c0579d1_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d13dc8b1affd65196e4c5e87f7d8a6c5_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d6185b7599420b57b727b1a1f0a00938_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d7d66ac778d5d285f29d1bbb2729398d_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e03fd77242a280b06f0108b55d22a9bc_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e0754e902d073785d4e56ae95c339751_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e0c0a1cb2535ccba5e9bae8c2fc1e1f5_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e1dffbbc063b9a69d5a69639706f46e2_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e9e524fb197cdcdc663ef28850038b0a_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ea2cf00648f3bac248572d137caaea60_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee24c248d7348ee0be25633173a453ef_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef24916181756844299ebda4b088f9d1_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef880b972065689a38e76a7195ba73e0_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f41d7bd927b638ec1e8dc649c48d65c8_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f6e5ef031aa49b8777c9e827ed250ada_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f97f9251f8cd2b8e39a9d1a66ea56a09_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fcf1313f5a862980082d7818a5538331_14bd788b-ea26-4545-9804-444ba6de3233 Locked file. Not tested.
C:\Qoobox\BackEnv\ Locked file. Not tested.
C:\System Volume Information\WindowsImageBackup\ Locked file. Not tested.
C:\System Volume Information\{080a2dbb-c9f6-11e1-a718-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{1b7a5dc4-ca1d-11e1-9e9f-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{1b7a5dce-ca1d-11e1-9e9f-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{1b7a5dd3-ca1d-11e1-9e9f-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{1b7a5dd7-ca1d-11e1-9e9f-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{1b7a5e8e-ca1d-11e1-9e9f-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{1b7a5e92-ca1d-11e1-9e9f-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{1b7a5e9f-ca1d-11e1-9e9f-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{1b7a5ea3-ca1d-11e1-9e9f-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{1b7a5f46-ca1d-11e1-9e9f-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{1eb483dd-c9fe-11e1-ac2c-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{1eb483e3-c9fe-11e1-ac2c-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{1eb483ea-c9fe-11e1-ac2c-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{6d2d3b05-cb6d-11e1-9f76-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{6d2d3b09-cb6d-11e1-9f76-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{7a15b255-c765-11e1-a71e-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{7a15b3c2-c765-11e1-a71e-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{9da55ac0-c9fa-11e1-bfb8-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{c4caa70f-cb6b-11e1-916b-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{dd040660-c895-11e1-9159-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{dd0407d4-c895-11e1-9159-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\System Volume Information\{dd040883-c895-11e1-9159-b8ac6fd7fb24}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\AppData\Local\Temporary Internet Files\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\Owner\AppData\Local\History\ Locked file. Not tested.
C:\Users\Owner\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\Owner\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\Owner\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\Owner\Documents\My Music\ Locked file. Not tested.
C:\Users\Owner\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Owner\Documents\My Videos\ Locked file. Not tested.
C:\Users\Owner\NetHood\ Locked file. Not tested.
C:\Users\Owner\ntuser.dat Locked file. Not tested.
C:\Users\Owner\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\Owner\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\Owner\PrintHood\ Locked file. Not tested.
C:\Users\Owner\Templates\ Locked file. Not tested.
C:\Users\Public\Documents\My Music\ Locked file. Not tested.
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 Locked file. Not tested.
C:\WINDOWS\System32\catroot2\edb.log Locked file. Not tested.
C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\WINDOWS\System32\config\DEFAULT Locked file. Not tested.
C:\WINDOWS\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\WINDOWS\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\WINDOWS\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\WINDOWS\System32\config\RegBack\SAM Locked file. Not tested.
C:\WINDOWS\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\WINDOWS\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\WINDOWS\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\WINDOWS\System32\config\SAM Locked file. Not tested.
C:\WINDOWS\System32\config\SAM.LOG1 Locked file. Not tested.
C:\WINDOWS\System32\config\SAM.LOG2 Locked file. Not tested.
C:\WINDOWS\System32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\WINDOWS\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\WINDOWS\System32\config\SOFTWARE Locked file. Not tested.
C:\WINDOWS\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\WINDOWS\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\WINDOWS\System32\config\SYSTEM Locked file. Not tested.
C:\WINDOWS\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\WINDOWS\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\WINDOWS\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.

------------------------------------------------------------
Test started: 11.7.2012 21:51:58
Duration of test: 18 minute(s) 42 second(s)
------------------------------------------------------------
Objects scanned : 1243962
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

Mbam shows nothing but won't scan the D drive that has the system files on it, even with the d drive box checked.

Tdsskiller shows= found 1 threat it titles, "a pass through service" c:\program files (x86)\HTC\Internet pass-Through|PassThrusvr.exe
a copy to quarantine does nothing. i don't use my phone for an internet connection.


fsslog ran yesterday, don't understand why date is wrong. system date is 8-7-2012=

Farbar Service Scanner Version: 04-08-2012 01
Ran by Owner (administrator) on 06-08-2012 at 05:00:23
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Minitoolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 06-08-2012 at 05:01:26
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : B8-AC-6F-D7-FB-24
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6999:31f7:56e9:6086%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 05, 2012 3:15:42 PM
Lease Expires . . . . . . . . . . : Tuesday, August 07, 2012 3:15:42 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 246983791
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-2A-BB-89-B8-AC-6F-D7-FB-24
DNS Servers . . . . . . . . . . . : 8.26.56.26
156.154.70.22
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{01A25DFA-BF34-4D15-BE9C-4A843556C8F3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:7b:17fa:b822:858a(Preferred)
Link-local IPv6 Address . . . . . : fe80::7b:17fa:b822:858a%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: google.com
Addresses: 2a00:1450:8005::8b
173.194.69.101
173.194.69.100
173.194.69.138
173.194.69.102
173.194.69.139
173.194.69.113


Pinging google.com [173.194.69.139] with 32 bytes of data:
Reply from 173.194.69.139: bytes=32 time=182ms TTL=46
Reply from 173.194.69.139: bytes=32 time=180ms TTL=46

Ping statistics for 173.194.69.139:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 180ms, Maximum = 182ms, Average = 181ms
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=54ms TTL=55
Reply from 209.191.122.70: bytes=32 time=55ms TTL=55

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 54ms, Maximum = 55ms, Average = 54ms
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...b8 ac 6f d7 fb 24 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.4 276
192.168.0.4 255.255.255.255 On-link 192.168.0.4 276
192.168.0.255 255.255.255.255 On-link 192.168.0.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.4 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:79fd:7b:17fa:b822:858a/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::7b:17fa:b822:858a/128
On-link
10 276 fe80::6999:31f7:56e9:6086/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/05/2012 08:33:29 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2012 08:33:29 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2012 08:33:29 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2012 08:33:29 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (08/05/2012 08:33:25 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2012 08:33:25 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (08/05/2012 08:33:25 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2012 08:33:25 AM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2012 08:33:25 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (08/05/2012 08:33:25 AM) (Source: ESENT) (User: )
Description: Windows (3096) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0012D.log.


System errors:
=============
Error: (08/06/2012 04:56:41 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (08/06/2012 04:56:41 AM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/05/2012 03:06:53 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (08/05/2012 03:06:47 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (08/05/2012 03:06:42 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (08/05/2012 03:06:36 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (08/05/2012 03:06:30 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (08/05/2012 03:06:24 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (08/05/2012 03:06:18 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (08/05/2012 03:06:01 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.


Microsoft Office Sessions:
=========================
Error: (08/05/2012 08:33:29 AM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2012 08:33:29 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2012 08:33:29 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2012 08:33:29 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (08/05/2012 08:33:25 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (08/05/2012 08:33:25 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (08/05/2012 08:33:25 AM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (08/05/2012 08:33:25 AM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (08/05/2012 08:33:25 AM) (Source: Windows Search Service)(User: )
Description: Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (08/05/2012 08:33:25 AM) (Source: ESENT)(User: )
Description: Windows3096Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0012D.log-1811


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.3.300.257)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Advertising Center (Version: 0.0.0.1)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
Bonjour (Version: 2.0.4.0)
Bullzip PDF Printer 8.2.0.1394 (Version: 8.2.0.1394)
CCleaner (Version: 3.21)
COMODO System-Cleaner (Version: 3.0.172695.53)
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.40)
Dell Edoc Viewer (Version: 1.0.0)
Dell Support Center (Version: 3.1.5907.39)
DolbyFiles (Version: 0.1)
EnergyPlus Version 7.0 (Version: 7.0.0.036)
ESET Online Scanner v3
Google Chrome (Version: 21.0.1180.60)
Google SketchUp 8 (Version: 3.0.11752)
Google SketchUp Pro 7 (Version: 2.1.6860)
Google Update Helper (Version: 1.3.21.115)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Home Designer Pro 10 (Version: 10.4.3.0)
HTC Driver Installer (Version: 3.0.0.007)
Hulu Desktop (Version: 0.9.14)
ImagXpress (Version: 7.0.74.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
Internet TV for Windows Media Center (Version: 4.2.2.0)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Last.fm 1.5.4.27091
magicJack (Version: 2.0.6073.4413)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Menu Templates - Starter Kit (Version: 9.4.2.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero Express Help (Version: 9.6.2.101)
Nero InfoTool (Version: 6.4.11.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.12.100)
Nero StartSmart Help (Version: 9.4.12.100)
NeroExpress (Version: 9.4.17.100)
neroxml (Version: 1.0.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
OpenStudio 0.7.0 (Version: 0.7.0)
Panda USB Vaccine 1.0.1.16
PlayReady PC Runtime amd64 (Version: 1.3.0)
Rainmeter (Version: 2.3.3 r1522)
Realtek Ethernet Controller Driver (Version: 1.00.0008)
Sandboxie 3.72 (64-bit) (Version: 3.72)
SnapIt 3.7 (Version: 3.7)
SUPERAntiSpyware (Version: 5.5.1012)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
WinDirStat 1.1.2
Windows Media Center Add-in for Flash (Version: 4.1.2.0)
Windows Media Center Add-in for Silverlight (Version: 4.7.3.0)

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 4060.98 MB
Available physical RAM: 2166.88 MB
Total Pagefile: 10149.18 MB
Available Pagefile: 7652.19 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.85 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:453.69 GB) (Free:241.39 GB) NTFS
2 Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Guest Owner

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

23-07-2012 16:52:55 Windows Backup
24-07-2012 16:07:10 Removed service pack backup files
30-07-2012 01:00:07 Windows Backup
04-08-2012 23:00:12 Installed Microsoft Fix it 50906
04-08-2012 23:32:15 Revo Uninstaller Pro's restore point - Panda USB Vaccine 1.0.1.16
06-08-2012 01:00:10 Windows Backup

**** End of log ****

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 PM

Posted 12 August 2012 - 02:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464272 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 rwilles

rwilles
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 13 August 2012 - 12:23 PM

Do have a dell drivers and utility disk that allows me to boot in dos from the F: drive.

In safe networking mode, able to run a dds and gmer scan, limited to: Services, Registery, Files for the c:drive (no other blocks are available to check in GMER).

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Owner at 11:01:24 on 2012-08-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.3540 [GMT -6:00]
.
AV: AVG Anti-Virus Business Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Anti-Virus Business Edition 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [cdloader] "C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [CSC] C:\Program Files\COMODO\COMODO System-Cleaner\CSC.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{01A25DFA-BF34-4D15-BE9C-4A843556C8F3} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{01A25DFA-BF34-4D15-BE9C-4A843556C8F3} : DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c75z2bt9.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Owner\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S1 CFRMD;CFRMD;C:\Windows\system32\DRIVERS\CFRMD.sys --> C:\Windows\system32\DRIVERS\CFRMD.sys [?]
S1 CFRPD;CFRPD;C:\Windows\system32\DRIVERS\CFRPD.sys --> C:\Windows\system32\DRIVERS\CFRPD.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 Cleaner_Validator;COMODO System - Cleaner Service;C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-9 371648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14 136176]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-21 13336]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-23 655944]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-21 673088]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-11 935008]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14 136176]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-10 113120]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-6-17 166576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-11 05:01:08 -------- d-----w- C:\Program Files\Sandboxie
2012-08-10 18:05:19 -------- d-sh--w- C:\found.000
2012-08-10 15:49:50 -------- d-----w- C:\Users\Owner\AppData\Roaming\Simply Super Software
2012-08-10 15:49:26 -------- d-----w- C:\ProgramData\Simply Super Software
2012-08-10 15:49:26 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2012-08-04 23:26:11 -------- d-----w- C:\Users\Owner\AppData\Local\VS Revo Group
2012-08-04 23:26:06 -------- d-----w- C:\Program Files\VS Revo Group
2012-08-04 03:59:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-24 15:29:34 -------- d-----w- C:\Program Files (x86)\WinDirStat
2012-07-23 18:44:33 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-23 18:44:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-23 18:22:26 -------- dc----w- C:\Users\Owner\AppData\Local\MigWiz
2012-07-23 15:33:23 -------- d-s---w- C:\ComboFix
2012-07-23 13:33:27 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-07-23 13:33:21 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
.
==================== Find3M ====================
.
2012-08-13 16:38:54 13819 ----a-w- C:\Windows\cscmondump.bin
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-10 19:01:24 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-10 19:01:24 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-05 07:37:22 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 21:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 21:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 18:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 11:01:53.24 ===============

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:07 PM

Posted 15 August 2012 - 12:57 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

If unable to run these tools in Normal mode use Safe mode and let me know.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#5 rwilles

rwilles
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 15 August 2012 - 04:32 PM

I've been eagerly looking for a responder/ director, Thanks Nasdaq for picking up this thread. So in real life are a Canadian small cap trader? Anyhoos...

My system has been squirrely over the last few days and I have been trying to stay ahead of whatever it was that's causing all this. I had to restore to past good version when it locked up at the boot screen, 2 days ago. Found that network sharing had been enabled in Windows (just this system, I have no network). I turned all that off and it got rid of the password protected extra user that showed in the system restore screens. This system has a 5oo GBhd drive, a dvd burner, a Majac jack and card reader. I ran rkill64 and tdsskiller and it found 1 threat titled, "a pass through service" c:\program files (x86)\HTC\Internet pass-Through|PassThrusvr.exe

The file was dated June but the folder showed a current date. I uninstalled the HTC interface from the programs control panel (required forced uninstall as program was in use) and ran Tdsskiller again and it gave the same alert on the windows android driver. I deleted the file. Both these files had full administrator privileges. Once this was done, I have been able to run and finish almost any scan and sleep the system.

The weirdest thing is that the searches for tdsskiller and other programs have taken me to spoofing sites. When I ran TDSSkiller before there was no "loaded modules" box (that requires a reboot to use), am I using the real program? Here is the results of the scan.

14:37:54.0702 0448 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
14:37:55.0297 0448 ============================================================
14:37:55.0297 0448 Current date / time: 2012/08/15 14:37:55.0297
14:37:55.0297 0448 SystemInfo:
14:37:55.0297 0448
14:37:55.0297 0448 OS Version: 6.1.7601 ServicePack: 1.0
14:37:55.0297 0448 Product type: Workstation
14:37:55.0297 0448 ComputerName: OWNER-PC
14:37:55.0297 0448 UserName: Owner
14:37:55.0297 0448 Windows directory: C:\Windows
14:37:55.0297 0448 System windows directory: C:\Windows
14:37:55.0298 0448 Running under WOW64
14:37:55.0298 0448 Processor architecture: Intel x64
14:37:55.0298 0448 Number of processors: 2
14:37:55.0298 0448 Page size: 0x1000
14:37:55.0298 0448 Boot type: Normal boot
14:37:55.0298 0448 ============================================================
14:37:55.0480 0448 BG loaded
14:37:55.0708 0448 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:37:55.0724 0448 ============================================================
14:37:55.0724 0448 \Device\Harddisk0\DR0:
14:37:55.0724 0448 MBR partitions:
14:37:55.0724 0448 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x180F000
14:37:55.0724 0448 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1823000, BlocksNum 0x38B62800
14:37:55.0724 0448 ============================================================
14:37:55.0753 0448 C: <-> \Device\Harddisk0\DR0\Partition2
14:37:55.0753 0448 ============================================================
14:37:55.0753 0448 Initialize success
14:37:55.0753 0448 ============================================================
14:38:05.0217 8948 ============================================================
14:38:05.0217 8948 Scan started
14:38:05.0217 8948 Mode: Manual; SigCheck; TDLFS;
14:38:05.0217 8948 ============================================================
14:38:05.0436 8948 ================ Scan services =============================
14:38:05.0493 8948 [ 7d9d615201a483d6fa99491c2e655a5a ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:38:05.0568 8948 !SASCORE - ok
14:38:05.0656 8948 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:38:05.0687 8948 1394ohci - ok
14:38:05.0714 8948 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:38:05.0735 8948 ACPI - ok
14:38:05.0749 8948 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:38:05.0768 8948 AcpiPmi - ok
14:38:05.0819 8948 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:38:05.0836 8948 AdobeARMservice - ok
14:38:05.0870 8948 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:38:05.0898 8948 adp94xx - ok
14:38:05.0927 8948 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:38:05.0944 8948 adpahci - ok
14:38:05.0956 8948 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:38:05.0972 8948 adpu320 - ok
14:38:05.0993 8948 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:38:06.0028 8948 AeLookupSvc - ok
14:38:06.0072 8948 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:38:06.0105 8948 AFD - ok
14:38:06.0128 8948 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:38:06.0142 8948 agp440 - ok
14:38:06.0156 8948 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
14:38:06.0174 8948 ALG - ok
14:38:06.0198 8948 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:38:06.0211 8948 aliide - ok
14:38:06.0226 8948 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
14:38:06.0239 8948 amdide - ok
14:38:06.0256 8948 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:38:06.0272 8948 AmdK8 - ok
14:38:06.0286 8948 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:38:06.0302 8948 AmdPPM - ok
14:38:06.0325 8948 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:38:06.0340 8948 amdsata - ok
14:38:06.0351 8948 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:38:06.0367 8948 amdsbs - ok
14:38:06.0378 8948 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:38:06.0394 8948 amdxata - ok
14:38:06.0422 8948 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
14:38:06.0455 8948 AppID - ok
14:38:06.0478 8948 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:38:06.0514 8948 AppIDSvc - ok
14:38:06.0534 8948 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:38:06.0567 8948 Appinfo - ok
14:38:06.0609 8948 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
14:38:06.0639 8948 arc - ok
14:38:06.0645 8948 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:38:06.0659 8948 arcsas - ok
14:38:06.0679 8948 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:38:06.0714 8948 AsyncMac - ok
14:38:06.0753 8948 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
14:38:06.0779 8948 atapi - ok
14:38:06.0814 8948 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:38:06.0853 8948 AudioEndpointBuilder - ok
14:38:06.0863 8948 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:38:06.0902 8948 AudioSrv - ok
14:38:06.0935 8948 [ 96b4456f1dca4eda506ed31c7d2d6b05 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
14:38:06.0960 8948 Avgfwfd - ok
14:38:07.0035 8948 [ bd5d11cedbcde4fa97d2387e7069b1ff ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
14:38:07.0085 8948 avgfws - ok
14:38:07.0170 8948 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
14:38:07.0287 8948 AVGIDSAgent - ok
14:38:07.0310 8948 [ 1b2e9fcdc26dc7c81d4131430e2dc936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:38:07.0325 8948 AVGIDSDriver - ok
14:38:07.0337 8948 [ 0f293406f64b48d5d2f0d3a1117f3a83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:38:07.0348 8948 AVGIDSFilter - ok
14:38:07.0361 8948 [ cffc3a4a638f462e0561cb368b9a7a3a ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
14:38:07.0375 8948 AVGIDSHA - ok
14:38:07.0394 8948 [ 59955b4c288dd2a8b9fd2cd5158355c5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
14:38:07.0410 8948 Avgldx64 - ok
14:38:07.0424 8948 [ a6aec362aae5e2dda7445e7690cb0f33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
14:38:07.0437 8948 Avgmfx64 - ok
14:38:07.0450 8948 [ 645c7f0a0e39758a0024a9b1748273c0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
14:38:07.0464 8948 Avgrkx64 - ok
14:38:07.0478 8948 [ 1bee674ad792b1c63bb0dac5fa724b23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
14:38:07.0495 8948 Avgtdia - ok
14:38:07.0512 8948 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:38:07.0529 8948 avgwd - ok
14:38:07.0563 8948 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:38:07.0587 8948 AxInstSV - ok
14:38:07.0612 8948 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:38:07.0634 8948 b06bdrv - ok
14:38:07.0670 8948 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:38:07.0691 8948 b57nd60a - ok
14:38:07.0722 8948 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:38:07.0744 8948 BDESVC - ok
14:38:07.0764 8948 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:38:07.0802 8948 Beep - ok
14:38:07.0857 8948 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
14:38:07.0901 8948 BFE - ok
14:38:07.0931 8948 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\system32\qmgr.dll
14:38:07.0995 8948 BITS - ok
14:38:08.0010 8948 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:38:08.0027 8948 blbdrive - ok
14:38:08.0072 8948 [ f832f1505ad8b83474bd9a5b1b985e01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:38:08.0088 8948 Bonjour Service - ok
14:38:08.0106 8948 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:38:08.0126 8948 bowser - ok
14:38:08.0136 8948 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:38:08.0156 8948 BrFiltLo - ok
14:38:08.0170 8948 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:38:08.0189 8948 BrFiltUp - ok
14:38:08.0202 8948 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:38:08.0240 8948 BridgeMP - ok
14:38:08.0261 8948 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll
14:38:08.0284 8948 Browser - ok
14:38:08.0295 8948 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:38:08.0320 8948 Brserid - ok
14:38:08.0337 8948 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:38:08.0359 8948 BrSerWdm - ok
14:38:08.0380 8948 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:38:08.0402 8948 BrUsbMdm - ok
14:38:08.0418 8948 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:38:08.0462 8948 BrUsbSer - ok
14:38:08.0471 8948 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:38:08.0507 8948 BTHMODEM - ok
14:38:08.0538 8948 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
14:38:08.0580 8948 bthserv - ok
14:38:08.0714 8948 catchme - ok
14:38:08.0726 8948 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:38:08.0771 8948 cdfs - ok
14:38:08.0807 8948 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:38:08.0842 8948 cdrom - ok
14:38:08.0868 8948 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
14:38:08.0908 8948 CertPropSvc - ok
14:38:08.0942 8948 [ 8b54463c0c86dd2347e1816469939fc9 ] CFRMD C:\Windows\system32\DRIVERS\CFRMD.sys
14:38:08.0958 8948 CFRMD - ok
14:38:08.0976 8948 [ 5fc31ee43330956c1db01984057c3dcc ] CFRPD C:\Windows\system32\DRIVERS\CFRPD.sys
14:38:08.0992 8948 CFRPD - ok
14:38:09.0024 8948 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:38:09.0044 8948 circlass - ok
14:38:09.0093 8948 [ b3643a715609b2e66740a015a724a7f9 ] Cleaner_Validator C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
14:38:09.0109 8948 Cleaner_Validator - ok
14:38:09.0132 8948 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
14:38:09.0153 8948 CLFS - ok
14:38:09.0197 8948 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:38:09.0212 8948 clr_optimization_v2.0.50727_32 - ok
14:38:09.0244 8948 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:38:09.0259 8948 clr_optimization_v2.0.50727_64 - ok
14:38:09.0307 8948 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:38:09.0322 8948 clr_optimization_v4.0.30319_32 - ok
14:38:09.0340 8948 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:38:09.0354 8948 clr_optimization_v4.0.30319_64 - ok
14:38:09.0374 8948 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:38:09.0395 8948 CmBatt - ok
14:38:09.0406 8948 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:38:09.0420 8948 cmdide - ok
14:38:09.0457 8948 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
14:38:09.0482 8948 CNG - ok
14:38:09.0507 8948 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:38:09.0522 8948 Compbatt - ok
14:38:09.0547 8948 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:38:09.0568 8948 CompositeBus - ok
14:38:09.0578 8948 COMSysApp - ok
14:38:09.0593 8948 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:38:09.0609 8948 crcdisk - ok
14:38:09.0649 8948 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:38:09.0671 8948 CryptSvc - ok
14:38:09.0714 8948 [ 1ca90212a99db6975c344826d11055c9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
14:38:09.0727 8948 dc3d - ok
14:38:09.0754 8948 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:38:09.0809 8948 DcomLaunch - ok
14:38:09.0835 8948 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
14:38:09.0880 8948 defragsvc - ok
14:38:09.0899 8948 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:38:09.0937 8948 DfsC - ok
14:38:09.0954 8948 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
14:38:09.0998 8948 Dhcp - ok
14:38:10.0019 8948 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
14:38:10.0057 8948 discache - ok
14:38:10.0074 8948 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:38:10.0090 8948 Disk - ok
14:38:10.0118 8948 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:38:10.0143 8948 Dnscache - ok
14:38:10.0171 8948 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:38:10.0220 8948 dot3svc - ok
14:38:10.0243 8948 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
14:38:10.0287 8948 DPS - ok
14:38:10.0307 8948 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:38:10.0330 8948 drmkaud - ok
14:38:10.0353 8948 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:38:10.0395 8948 DXGKrnl - ok
14:38:10.0415 8948 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:38:10.0473 8948 EapHost - ok
14:38:10.0535 8948 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:38:10.0617 8948 ebdrv - ok
14:38:10.0652 8948 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
14:38:10.0682 8948 EFS - ok
14:38:10.0726 8948 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:38:10.0756 8948 ehRecvr - ok
14:38:10.0778 8948 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
14:38:10.0799 8948 ehSched - ok
14:38:10.0830 8948 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:38:10.0851 8948 elxstor - ok
14:38:10.0872 8948 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:38:10.0890 8948 ErrDev - ok
14:38:10.0924 8948 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
14:38:10.0970 8948 EventSystem - ok
14:38:10.0977 8948 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
14:38:11.0019 8948 exfat - ok
14:38:11.0042 8948 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:38:11.0106 8948 fastfat - ok
14:38:11.0140 8948 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
14:38:11.0171 8948 Fax - ok
14:38:11.0184 8948 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:38:11.0204 8948 fdc - ok
14:38:11.0212 8948 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:38:11.0266 8948 fdPHost - ok
14:38:11.0278 8948 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:38:11.0320 8948 FDResPub - ok
14:38:11.0331 8948 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:38:11.0348 8948 FileInfo - ok
14:38:11.0356 8948 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:38:11.0396 8948 Filetrace - ok
14:38:11.0422 8948 [ abedfd48ac042c6aaad32452e77217a1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:38:11.0445 8948 FLEXnet Licensing Service - ok
14:38:11.0450 8948 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:38:11.0504 8948 flpydisk - ok
14:38:11.0530 8948 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:38:11.0549 8948 FltMgr - ok
14:38:11.0584 8948 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
14:38:11.0632 8948 FontCache - ok
14:38:11.0671 8948 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:38:11.0683 8948 FontCache3.0.0.0 - ok
14:38:11.0701 8948 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:38:11.0717 8948 FsDepends - ok
14:38:11.0733 8948 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:38:11.0750 8948 Fs_Rec - ok
14:38:11.0775 8948 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:38:11.0797 8948 fvevol - ok
14:38:11.0812 8948 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:38:11.0829 8948 gagp30kx - ok
14:38:11.0855 8948 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
14:38:11.0905 8948 gpsvc - ok
14:38:11.0935 8948 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:38:11.0948 8948 gupdate - ok
14:38:11.0958 8948 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:38:11.0971 8948 gupdatem - ok
14:38:12.0054 8948 [ 98405343d7dcd330fe1b08c8f4c3900c ] HCW85BDA C:\Windows\system32\drivers\HCW85BDA.sys
14:38:12.0106 8948 HCW85BDA - ok
14:38:12.0126 8948 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:38:12.0145 8948 hcw85cir - ok
14:38:12.0177 8948 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:38:12.0212 8948 HdAudAddService - ok
14:38:12.0224 8948 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:38:12.0245 8948 HDAudBus - ok
14:38:12.0252 8948 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:38:12.0272 8948 HidBatt - ok
14:38:12.0289 8948 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:38:12.0310 8948 HidBth - ok
14:38:12.0330 8948 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:38:12.0350 8948 HidIr - ok
14:38:12.0367 8948 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
14:38:12.0412 8948 hidserv - ok
14:38:12.0429 8948 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:38:12.0449 8948 HidUsb - ok
14:38:12.0468 8948 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:38:12.0521 8948 hkmsvc - ok
14:38:12.0544 8948 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:38:12.0573 8948 HomeGroupListener - ok
14:38:12.0593 8948 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:38:12.0628 8948 HomeGroupProvider - ok
14:38:12.0636 8948 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:38:12.0651 8948 HpSAMD - ok
14:38:12.0672 8948 HTCAND64 - ok
14:38:12.0706 8948 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:38:12.0750 8948 HTTP - ok
14:38:12.0774 8948 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:38:12.0789 8948 hwpolicy - ok
14:38:12.0817 8948 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:38:12.0838 8948 i8042prt - ok
14:38:12.0891 8948 [ 7548066df68a8a1a56b043359f915f37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:38:12.0910 8948 IAANTMON - ok
14:38:12.0935 8948 [ 1d004cb1da6323b1f55caef7f94b61d9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:38:12.0955 8948 iaStor - ok
14:38:13.0017 8948 [ 31a0e93cdf29007d6c6fffb632f375ed ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:38:13.0029 8948 IAStorDataMgrSvc - ok
14:38:13.0054 8948 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:38:13.0074 8948 iaStorV - ok
14:38:13.0151 8948 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:38:13.0187 8948 idsvc - ok
14:38:13.0352 8948 [ c6238c6abd6ac99f5d152da4e9439a3d ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:38:13.0579 8948 igfx - ok
14:38:13.0607 8948 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:38:13.0623 8948 iirsp - ok
14:38:13.0673 8948 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
14:38:13.0719 8948 IKEEXT - ok
14:38:13.0741 8948 IntcAzAudAddService - ok
14:38:13.0756 8948 [ d485d3bd3e2179aa86853a182f70699f ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
14:38:13.0773 8948 IntcHdmiAddService - ok
14:38:13.0790 8948 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
14:38:13.0804 8948 intelide - ok
14:38:13.0823 8948 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:38:13.0841 8948 intelppm - ok
14:38:13.0873 8948 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:38:13.0934 8948 IPBusEnum - ok
14:38:13.0955 8948 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:38:13.0996 8948 IpFilterDriver - ok
14:38:14.0037 8948 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:38:14.0080 8948 iphlpsvc - ok
14:38:14.0100 8948 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:38:14.0118 8948 IPMIDRV - ok
14:38:14.0146 8948 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:38:14.0180 8948 IPNAT - ok
14:38:14.0216 8948 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:38:14.0236 8948 IRENUM - ok
14:38:14.0270 8948 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:38:14.0285 8948 isapnp - ok
14:38:14.0297 8948 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:38:14.0314 8948 iScsiPrt - ok
14:38:14.0332 8948 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:38:14.0347 8948 kbdclass - ok
14:38:14.0364 8948 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:38:14.0383 8948 kbdhid - ok
14:38:14.0391 8948 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
14:38:14.0424 8948 KeyIso - ok
14:38:14.0450 8948 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:38:14.0466 8948 KSecDD - ok
14:38:14.0485 8948 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:38:14.0501 8948 KSecPkg - ok
14:38:14.0519 8948 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:38:14.0553 8948 ksthunk - ok
14:38:14.0576 8948 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
14:38:14.0622 8948 KtmRm - ok
14:38:14.0652 8948 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:38:14.0701 8948 LanmanServer - ok
14:38:14.0723 8948 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:38:14.0775 8948 LanmanWorkstation - ok
14:38:14.0802 8948 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:38:14.0837 8948 lltdio - ok
14:38:14.0863 8948 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:38:14.0908 8948 lltdsvc - ok
14:38:14.0922 8948 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:38:14.0966 8948 lmhosts - ok
14:38:14.0994 8948 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:38:15.0010 8948 LSI_FC - ok
14:38:15.0023 8948 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:38:15.0039 8948 LSI_SAS - ok
14:38:15.0054 8948 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:38:15.0068 8948 LSI_SAS2 - ok
14:38:15.0079 8948 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:38:15.0095 8948 LSI_SCSI - ok
14:38:15.0131 8948 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
14:38:15.0180 8948 luafv - ok
14:38:15.0198 8948 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:38:15.0224 8948 Mcx2Svc - ok
14:38:15.0236 8948 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:38:15.0251 8948 megasas - ok
14:38:15.0268 8948 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:38:15.0286 8948 MegaSR - ok
14:38:15.0302 8948 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
14:38:15.0346 8948 MMCSS - ok
14:38:15.0360 8948 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:38:15.0395 8948 Modem - ok
14:38:15.0423 8948 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:38:15.0460 8948 monitor - ok
14:38:15.0481 8948 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:38:15.0505 8948 mouclass - ok
14:38:15.0525 8948 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:38:15.0550 8948 mouhid - ok
14:38:15.0576 8948 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:38:15.0592 8948 mountmgr - ok
14:38:15.0633 8948 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:38:15.0658 8948 MozillaMaintenance - ok
14:38:15.0679 8948 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:38:15.0696 8948 mpio - ok
14:38:15.0709 8948 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:38:15.0747 8948 mpsdrv - ok
14:38:15.0785 8948 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:38:15.0851 8948 MpsSvc - ok
14:38:15.0878 8948 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:38:15.0915 8948 MRxDAV - ok
14:38:15.0930 8948 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:38:15.0947 8948 mrxsmb - ok
14:38:15.0966 8948 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:38:15.0985 8948 mrxsmb10 - ok
14:38:15.0999 8948 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:38:16.0017 8948 mrxsmb20 - ok
14:38:16.0031 8948 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:38:16.0046 8948 msahci - ok
14:38:16.0058 8948 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:38:16.0075 8948 msdsm - ok
14:38:16.0088 8948 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
14:38:16.0117 8948 MSDTC - ok
14:38:16.0141 8948 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:38:16.0174 8948 Msfs - ok
14:38:16.0182 8948 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:38:16.0216 8948 mshidkmdf - ok
14:38:16.0243 8948 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:38:16.0257 8948 msisadrv - ok
14:38:16.0286 8948 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:38:16.0328 8948 MSiSCSI - ok
14:38:16.0332 8948 msiserver - ok
14:38:16.0355 8948 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:38:16.0390 8948 MSKSSRV - ok
14:38:16.0394 8948 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:38:16.0428 8948 MSPCLOCK - ok
14:38:16.0436 8948 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:38:16.0471 8948 MSPQM - ok
14:38:16.0495 8948 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:38:16.0514 8948 MsRPC - ok
14:38:16.0526 8948 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:38:16.0541 8948 mssmbios - ok
14:38:16.0550 8948 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:38:16.0585 8948 MSTEE - ok
14:38:16.0595 8948 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:38:16.0613 8948 MTConfig - ok
14:38:16.0623 8948 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:38:16.0639 8948 Mup - ok
14:38:16.0661 8948 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
14:38:16.0710 8948 napagent - ok
14:38:16.0731 8948 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:38:16.0755 8948 NativeWifiP - ok
14:38:16.0788 8948 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
14:38:16.0818 8948 NDIS - ok
14:38:16.0830 8948 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:38:16.0866 8948 NdisCap - ok
14:38:16.0888 8948 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:38:16.0922 8948 NdisTapi - ok
14:38:16.0935 8948 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:38:16.0968 8948 Ndisuio - ok
14:38:16.0978 8948 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:38:17.0013 8948 NdisWan - ok
14:38:17.0033 8948 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:38:17.0074 8948 NDProxy - ok
14:38:17.0135 8948 [ b90e093e7a7250906f1054418b5339c0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:38:17.0173 8948 Nero BackItUp Scheduler 4.0 - ok
14:38:17.0184 8948 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:38:17.0218 8948 NetBIOS - ok
14:38:17.0235 8948 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:38:17.0271 8948 NetBT - ok
14:38:17.0279 8948 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
14:38:17.0304 8948 Netlogon - ok
14:38:17.0325 8948 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
14:38:17.0372 8948 Netman - ok
14:38:17.0389 8948 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
14:38:17.0437 8948 netprofm - ok
14:38:17.0455 8948 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:38:17.0467 8948 NetTcpPortSharing - ok
14:38:17.0486 8948 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:38:17.0502 8948 nfrd960 - ok
14:38:17.0528 8948 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:38:17.0574 8948 NlaSvc - ok
14:38:17.0588 8948 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:38:17.0623 8948 Npfs - ok
14:38:17.0650 8948 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:38:17.0695 8948 nsi - ok
14:38:17.0703 8948 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:38:17.0738 8948 nsiproxy - ok
14:38:17.0777 8948 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:38:17.0814 8948 Ntfs - ok
14:38:17.0826 8948 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
14:38:17.0861 8948 Null - ok
14:38:17.0885 8948 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:38:17.0919 8948 nvraid - ok
14:38:17.0941 8948 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:38:17.0958 8948 nvstor - ok
14:38:17.0978 8948 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:38:17.0994 8948 nv_agp - ok
14:38:18.0004 8948 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:38:18.0023 8948 ohci1394 - ok
14:38:18.0048 8948 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:38:18.0079 8948 p2pimsvc - ok
14:38:18.0104 8948 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:38:18.0136 8948 p2psvc - ok
14:38:18.0161 8948 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:38:18.0180 8948 Parport - ok
14:38:18.0206 8948 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:38:18.0221 8948 partmgr - ok
14:38:18.0231 8948 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:38:18.0266 8948 PcaSvc - ok
14:38:18.0296 8948 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
14:38:18.0314 8948 pci - ok
14:38:18.0329 8948 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
14:38:18.0352 8948 pciide - ok
14:38:18.0364 8948 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:38:18.0384 8948 pcmcia - ok
14:38:18.0404 8948 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:38:18.0428 8948 pcw - ok
14:38:18.0438 8948 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:38:18.0491 8948 PEAUTH - ok
14:38:18.0549 8948 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:38:18.0601 8948 PerfHost - ok
14:38:18.0650 8948 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
14:38:18.0737 8948 pla - ok
14:38:18.0763 8948 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:38:18.0801 8948 PlugPlay - ok
14:38:18.0812 8948 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:38:18.0842 8948 PNRPAutoReg - ok
14:38:18.0855 8948 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:38:18.0887 8948 PNRPsvc - ok
14:38:18.0916 8948 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:38:18.0959 8948 PolicyAgent - ok
14:38:18.0982 8948 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
14:38:19.0034 8948 Power - ok
14:38:19.0060 8948 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:38:19.0094 8948 PptpMiniport - ok
14:38:19.0115 8948 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:38:19.0132 8948 Processor - ok
14:38:19.0164 8948 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:38:19.0194 8948 ProfSvc - ok
14:38:19.0199 8948 Prot6Flt - ok
14:38:19.0210 8948 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:38:19.0235 8948 ProtectedStorage - ok
14:38:19.0245 8948 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:38:19.0280 8948 Psched - ok
14:38:19.0314 8948 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:38:19.0349 8948 ql2300 - ok
14:38:19.0361 8948 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:38:19.0377 8948 ql40xx - ok
14:38:19.0400 8948 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
14:38:19.0435 8948 QWAVE - ok
14:38:19.0445 8948 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:38:19.0466 8948 QWAVEdrv - ok
14:38:19.0481 8948 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:38:19.0515 8948 RasAcd - ok
14:38:19.0535 8948 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:38:19.0569 8948 RasAgileVpn - ok
14:38:19.0574 8948 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
14:38:19.0623 8948 RasAuto - ok
14:38:19.0644 8948 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:38:19.0679 8948 Rasl2tp - ok
14:38:19.0689 8948 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
14:38:19.0739 8948 RasMan - ok
14:38:19.0751 8948 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:38:19.0787 8948 RasPppoe - ok
14:38:19.0797 8948 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:38:19.0842 8948 RasSstp - ok
14:38:19.0853 8948 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:38:19.0899 8948 rdbss - ok
14:38:19.0909 8948 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:38:19.0929 8948 rdpbus - ok
14:38:19.0941 8948 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:38:19.0976 8948 RDPCDD - ok
14:38:19.0990 8948 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:38:20.0025 8948 RDPENCDD - ok
14:38:20.0031 8948 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:38:20.0067 8948 RDPREFMP - ok
14:38:20.0089 8948 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:38:20.0116 8948 RDPWD - ok
14:38:20.0135 8948 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:38:20.0163 8948 rdyboost - ok
14:38:20.0190 8948 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:38:20.0257 8948 RemoteAccess - ok
14:38:20.0278 8948 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:38:20.0326 8948 RemoteRegistry - ok
14:38:20.0342 8948 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:38:20.0391 8948 RpcEptMapper - ok
14:38:20.0418 8948 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
14:38:20.0443 8948 RpcLocator - ok
14:38:20.0468 8948 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
14:38:20.0519 8948 RpcSs - ok
14:38:20.0552 8948 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:38:20.0588 8948 rspndr - ok
14:38:20.0624 8948 [ ee082e06a82ff630351d1e0ebbd3d8d0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:38:20.0646 8948 RTL8167 - ok
14:38:20.0659 8948 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
14:38:20.0684 8948 SamSs - ok
14:38:20.0745 8948 [ 3289766038db2cb14d07dc84392138d5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:38:20.0768 8948 SASDIFSV - ok
14:38:20.0781 8948 [ 58a38e75f3316a83c23df6173d41f2b5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:38:20.0792 8948 SASKUTIL - ok
14:38:20.0830 8948 [ 495588414f5c62c333f1a69e17e5fb9f ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
14:38:20.0861 8948 SbieDrv - ok
14:38:20.0895 8948 [ 099007b7a80e1917ffa110ce7785a3c9 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
14:38:20.0920 8948 SbieSvc - ok
14:38:20.0945 8948 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:38:20.0979 8948 sbp2port - ok
14:38:21.0003 8948 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:38:21.0054 8948 SCardSvr - ok
14:38:21.0072 8948 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:38:21.0105 8948 scfilter - ok
14:38:21.0144 8948 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
14:38:21.0203 8948 Schedule - ok
14:38:21.0222 8948 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
14:38:21.0256 8948 SCPolicySvc - ok
14:38:21.0276 8948 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:38:21.0308 8948 SDRSVC - ok
14:38:21.0334 8948 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:38:21.0369 8948 secdrv - ok
14:38:21.0383 8948 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
14:38:21.0430 8948 seclogon - ok
14:38:21.0447 8948 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
14:38:21.0496 8948 SENS - ok
14:38:21.0520 8948 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:38:21.0551 8948 SensrSvc - ok
14:38:21.0564 8948 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:38:21.0581 8948 Serenum - ok
14:38:21.0603 8948 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:38:21.0622 8948 Serial - ok
14:38:21.0643 8948 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:38:21.0661 8948 sermouse - ok
14:38:21.0689 8948 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:38:21.0737 8948 SessionEnv - ok
14:38:21.0754 8948 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:38:21.0775 8948 sffdisk - ok
14:38:21.0784 8948 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:38:21.0811 8948 sffp_mmc - ok
14:38:21.0816 8948 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:38:21.0848 8948 sffp_sd - ok
14:38:21.0866 8948 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:38:21.0885 8948 sfloppy - ok
14:38:21.0931 8948 [ cf53dcce55e500f51089774e851e7363 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
14:38:21.0967 8948 SftService - ok
14:38:21.0992 8948 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:38:22.0037 8948 SharedAccess - ok
14:38:22.0066 8948 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:38:22.0116 8948 ShellHWDetection - ok
14:38:22.0134 8948 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:38:22.0150 8948 SiSRaid2 - ok
14:38:22.0172 8948 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:38:22.0188 8948 SiSRaid4 - ok
14:38:22.0201 8948 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:38:22.0236 8948 Smb - ok
14:38:22.0276 8948 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:38:22.0308 8948 SNMPTRAP - ok
14:38:22.0323 8948 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:38:22.0338 8948 spldr - ok
14:38:22.0358 8948 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:38:22.0395 8948 Spooler - ok
14:38:22.0478 8948 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
14:38:22.0575 8948 sppsvc - ok
14:38:22.0585 8948 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:38:22.0635 8948 sppuinotify - ok
14:38:22.0655 8948 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
14:38:22.0676 8948 srv - ok
14:38:22.0705 8948 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:38:22.0725 8948 srv2 - ok
14:38:22.0744 8948 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:38:22.0762 8948 srvnet - ok
14:38:22.0785 8948 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:38:22.0836 8948 SSDPSRV - ok
14:38:22.0843 8948 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:38:22.0893 8948 SstpSvc - ok
14:38:22.0910 8948 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:38:22.0926 8948 stexstor - ok
14:38:22.0953 8948 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
14:38:22.0995 8948 stisvc - ok
14:38:23.0016 8948 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:38:23.0032 8948 swenum - ok
14:38:23.0061 8948 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
14:38:23.0115 8948 swprv - ok
14:38:23.0160 8948 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
14:38:23.0227 8948 SysMain - ok
14:38:23.0243 8948 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:38:23.0280 8948 TabletInputService - ok
14:38:23.0293 8948 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:38:23.0345 8948 TapiSrv - ok
14:38:23.0367 8948 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
14:38:23.0419 8948 TBS - ok
14:38:23.0471 8948 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:38:23.0522 8948 Tcpip - ok
14:38:23.0565 8948 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:38:23.0615 8948 TCPIP6 - ok
14:38:23.0634 8948 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:38:23.0668 8948 tcpipreg - ok
14:38:23.0681 8948 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:38:23.0699 8948 TDPIPE - ok
14:38:23.0723 8948 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:38:23.0740 8948 TDTCP - ok
14:38:23.0763 8948 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:38:23.0799 8948 tdx - ok
14:38:23.0810 8948 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:38:23.0826 8948 TermDD - ok
14:38:23.0855 8948 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
14:38:23.0909 8948 TermService - ok
14:38:23.0928 8948 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
14:38:23.0964 8948 Themes - ok
14:38:23.0976 8948 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
14:38:24.0019 8948 THREADORDER - ok
14:38:24.0032 8948 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
14:38:24.0083 8948 TrkWks - ok
14:38:24.0122 8948 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:38:24.0172 8948 TrustedInstaller - ok
14:38:24.0195 8948 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:38:24.0231 8948 tssecsrv - ok
14:38:24.0260 8948 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:38:24.0288 8948 TsUsbFlt - ok
14:38:24.0309 8948 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:38:24.0345 8948 tunnel - ok
14:38:24.0360 8948 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:38:24.0378 8948 uagp35 - ok
14:38:24.0395 8948 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:38:24.0442 8948 udfs - ok
14:38:24.0468 8948 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:38:24.0511 8948 UI0Detect - ok
14:38:24.0521 8948 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:38:24.0537 8948 uliagpkx - ok
14:38:24.0573 8948 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:38:24.0599 8948 umbus - ok
14:38:24.0608 8948 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:38:24.0626 8948 UmPass - ok
14:38:24.0640 8948 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
14:38:24.0694 8948 upnphost - ok
14:38:24.0717 8948 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:38:24.0747 8948 usbaudio - ok
14:38:24.0767 8948 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:38:24.0795 8948 usbccgp - ok
14:38:24.0825 8948 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
14:38:24.0847 8948 usbcir - ok
14:38:24.0867 8948 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:38:24.0893 8948 usbehci - ok
14:38:24.0914 8948 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:38:24.0945 8948 usbhub - ok
14:38:24.0956 8948 [ 58e546bbaf87664fc57e0f6081e4f609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:38:24.0974 8948 usbohci - ok
14:38:24.0988 8948 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:38:25.0015 8948 usbprint - ok
14:38:25.0029 8948 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:38:25.0050 8948 usbscan - ok
14:38:25.0071 8948 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:38:25.0089 8948 USBSTOR - ok
14:38:25.0108 8948 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:38:25.0127 8948 usbuhci - ok
14:38:25.0151 8948 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
14:38:25.0202 8948 UxSms - ok
14:38:25.0220 8948 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
14:38:25.0254 8948 VaultSvc - ok
14:38:25.0269 8948 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:38:25.0286 8948 vdrvroot - ok
14:38:25.0312 8948 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
14:38:25.0369 8948 vds - ok
14:38:25.0390 8948 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:38:25.0418 8948 vga - ok
14:38:25.0433 8948 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
14:38:25.0469 8948 VgaSave - ok
14:38:25.0501 8948 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:38:25.0536 8948 vhdmp - ok
14:38:25.0546 8948 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:38:25.0561 8948 viaide - ok
14:38:25.0574 8948 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:38:25.0591 8948 volmgr - ok
14:38:25.0608 8948 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:38:25.0628 8948 volmgrx - ok
14:38:25.0642 8948 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:38:25.0661 8948 volsnap - ok
14:38:25.0674 8948 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:38:25.0692 8948 vsmraid - ok
14:38:25.0732 8948 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
14:38:25.0796 8948 VSS - ok
14:38:25.0845 8948 [ 8ed347bad8d1fb7c40b593bfb01786d2 ] vToolbarUpdater11.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
14:38:25.0879 8948 vToolbarUpdater11.2.0 - ok
14:38:25.0893 8948 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:38:25.0914 8948 vwifibus - ok
14:38:25.0932 8948 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
14:38:25.0986 8948 W32Time - ok
14:38:26.0005 8948 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:38:26.0024 8948 WacomPen - ok
14:38:26.0053 8948 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:38:26.0088 8948 WANARP - ok
14:38:26.0092 8948 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:38:26.0128 8948 Wanarpv6 - ok
14:38:26.0177 8948 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:38:26.0239 8948 WatAdminSvc - ok
14:38:26.0280 8948 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
14:38:26.0340 8948 wbengine - ok
14:38:26.0354 8948 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:38:26.0396 8948 WbioSrvc - ok
14:38:26.0416 8948 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:38:26.0464 8948 wcncsvc - ok
14:38:26.0476 8948 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:38:26.0518 8948 WcsPlugInService - ok
14:38:26.0545 8948 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:38:26.0561 8948 Wd - ok
14:38:26.0576 8948 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:38:26.0613 8948 Wdf01000 - ok
14:38:26.0622 8948 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:38:26.0663 8948 WdiServiceHost - ok
14:38:26.0667 8948 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:38:26.0705 8948 WdiSystemHost - ok
14:38:26.0717 8948 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:38:26.0757 8948 WebClient - ok
14:38:26.0772 8948 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:38:26.0826 8948 Wecsvc - ok
14:38:26.0841 8948 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:38:26.0894 8948 wercplsupport - ok
14:38:26.0917 8948 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:38:26.0968 8948 WerSvc - ok
14:38:26.0983 8948 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:38:27.0018 8948 WfpLwf - ok
14:38:27.0038 8948 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
14:38:27.0055 8948 WimFltr - ok
14:38:27.0067 8948 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:38:27.0083 8948 WIMMount - ok
14:38:27.0112 8948 WinDefend - ok
14:38:27.0118 8948 WinHttpAutoProxySvc - ok
14:38:27.0162 8948 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:38:27.0212 8948 Winmgmt - ok
14:38:27.0260 8948 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
14:38:27.0339 8948 WinRM - ok
14:38:27.0391 8948 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:38:27.0428 8948 WinUsb - ok
14:38:27.0456 8948 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
14:38:27.0502 8948 Wlansvc - ok
14:38:27.0516 8948 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:38:27.0534 8948 WmiAcpi - ok
14:38:27.0552 8948 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:38:27.0573 8948 wmiApSrv - ok
14:38:27.0590 8948 WMPNetworkSvc - ok
14:38:27.0605 8948 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:38:27.0641 8948 WPCSvc - ok
14:38:27.0663 8948 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:38:27.0700 8948 WPDBusEnum - ok
14:38:27.0725 8948 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:38:27.0760 8948 ws2ifsl - ok
14:38:27.0774 8948 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
14:38:27.0814 8948 wscsvc - ok
14:38:27.0818 8948 WSearch - ok
14:38:27.0867 8948 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:38:27.0928 8948 wuauserv - ok
14:38:27.0952 8948 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:38:27.0988 8948 WudfPf - ok
14:38:28.0009 8948 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:38:28.0045 8948 WUDFRd - ok
14:38:28.0058 8948 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:38:28.0110 8948 wudfsvc - ok
14:38:28.0125 8948 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
14:38:28.0166 8948 WwanSvc - ok
14:38:28.0184 8948 ================ Scan global ===============================
14:38:28.0206 8948 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
14:38:28.0237 8948 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
14:38:28.0279 8948 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
14:38:28.0321 8948 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
14:38:28.0355 8948 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
14:38:28.0373 8948 [Global] - ok
14:38:28.0373 8948 ================ Scan MBR ==================================
14:38:28.0381 8948 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:38:28.0586 8948 \Device\Harddisk0\DR0 - ok
14:38:28.0587 8948 ================ Scan VBR ==================================
14:38:28.0591 8948 Boot (0x1200) (5d9e70c49f989f888c10242511bd0997) \Device\Harddisk0\DR0\Partition1
14:38:28.0593 8948 \Device\Harddisk0\DR0\Partition1 - ok
14:38:28.0624 8948 Boot (0x1200) (c14c242f9bfb8202e8196e3fac176021) \Device\Harddisk0\DR0\Partition2
14:38:28.0626 8948 \Device\Harddisk0\DR0\Partition2 - ok
14:38:28.0627 8948 ================ Scan active images ========================
14:38:28.0631 8948 [ 3E588B60EC061686BA05D33574A344C6 ] C:\WINDOWS\System32\drivers\crashdmp.sys
14:38:28.0631 8948 C:\WINDOWS\System32\drivers\crashdmp.sys - ok
14:38:28.0638 8948 [ 814DB88F2641691575A455CF25354098 ] C:\WINDOWS\System32\drivers\dumpfve.sys
14:38:28.0638 8948 C:\WINDOWS\System32\drivers\dumpfve.sys - ok
14:38:28.0646 8948 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] C:\WINDOWS\System32\drivers\iaStor.sys
14:38:28.0646 8948 C:\WINDOWS\System32\drivers\iaStor.sys - ok
14:38:28.0652 8948 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] C:\WINDOWS\System32\drivers\avgmfx64.sys
14:38:28.0652 8948 C:\WINDOWS\System32\drivers\avgmfx64.sys - ok
14:38:28.0658 8948 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\WINDOWS\System32\drivers\cdrom.sys
14:38:28.0658 8948 C:\WINDOWS\System32\drivers\cdrom.sys - ok
14:38:28.0663 8948 [ 8B54463C0C86DD2347E1816469939FC9 ] C:\WINDOWS\System32\drivers\CFRMD.sys
14:38:28.0663 8948 C:\WINDOWS\System32\drivers\CFRMD.sys - ok
14:38:28.0668 8948 [ 16A47CE2DECC9B099349A5F840654746 ] C:\WINDOWS\System32\drivers\beep.sys
14:38:28.0668 8948 C:\WINDOWS\System32\drivers\beep.sys - ok
14:38:28.0673 8948 [ 5FC31EE43330956C1DB01984057C3DCC ] C:\WINDOWS\System32\drivers\CFRPD.sys
14:38:28.0673 8948 C:\WINDOWS\System32\drivers\CFRPD.sys - ok
14:38:28.0678 8948 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\WINDOWS\System32\drivers\null.sys
14:38:28.0678 8948 C:\WINDOWS\System32\drivers\null.sys - ok
14:38:28.0683 8948 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\WINDOWS\System32\drivers\RDPCDD.sys
14:38:28.0683 8948 C:\WINDOWS\System32\drivers\RDPCDD.sys - ok
14:38:28.0687 8948 [ BB5971A4F00659529A5C44831AF22365 ] C:\WINDOWS\System32\drivers\RDPENCDD.sys
14:38:28.0687 8948 C:\WINDOWS\System32\drivers\RDPENCDD.sys - ok
14:38:28.0693 8948 [ 216F3FA57533D98E1F74DED70113177A ] C:\WINDOWS\System32\drivers\RDPREFMP.sys
14:38:28.0693 8948 C:\WINDOWS\System32\drivers\RDPREFMP.sys - ok
14:38:28.0698 8948 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\WINDOWS\System32\drivers\vga.sys
14:38:28.0698 8948 C:\WINDOWS\System32\drivers\vga.sys - ok
14:38:28.0702 8948 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\WINDOWS\System32\drivers\videoprt.sys
14:38:28.0702 8948 C:\WINDOWS\System32\drivers\videoprt.sys - ok
14:38:28.0707 8948 [ FC438D1430B28618E2D0C7C332A710AD ] C:\WINDOWS\System32\drivers\watchdog.sys
14:38:28.0707 8948 C:\WINDOWS\System32\drivers\watchdog.sys - ok
14:38:28.0713 8948 [ 96B4456F1DCA4EDA506ED31C7D2D6B05 ] C:\WINDOWS\System32\drivers\avgfwd6a.sys
14:38:28.0713 8948 C:\WINDOWS\System32\drivers\avgfwd6a.sys - ok
14:38:28.0717 8948 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] C:\WINDOWS\System32\drivers\avgtdia.sys
14:38:28.0717 8948 C:\WINDOWS\System32\drivers\avgtdia.sys - ok
14:38:28.0722 8948 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\WINDOWS\System32\drivers\msfs.sys
14:38:28.0722 8948 C:\WINDOWS\System32\drivers\msfs.sys - ok
14:38:28.0727 8948 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\WINDOWS\System32\drivers\npfs.sys
14:38:28.0727 8948 C:\WINDOWS\System32\drivers\npfs.sys - ok
14:38:28.0732 8948 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\WINDOWS\System32\drivers\tdi.sys
14:38:28.0732 8948 C:\WINDOWS\System32\drivers\tdi.sys - ok
14:38:28.0736 8948 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\WINDOWS\System32\drivers\tdx.sys
14:38:28.0737 8948 C:\WINDOWS\System32\drivers\tdx.sys - ok
14:38:28.0743 8948 [ 09594D1089C523423B32A4229263F068 ] C:\WINDOWS\System32\drivers\netbt.sys
14:38:28.0743 8948 C:\WINDOWS\System32\drivers\netbt.sys - ok
14:38:28.0747 8948 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\WINDOWS\System32\drivers\afd.sys
14:38:28.0748 8948 C:\WINDOWS\System32\drivers\afd.sys - ok
14:38:28.0752 8948 [ 0557CF5A2556BD58E26384169D72438D ] C:\WINDOWS\System32\drivers\pacer.sys
14:38:28.0752 8948 C:\WINDOWS\System32\drivers\pacer.sys - ok
14:38:28.0756 8948 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\WINDOWS\System32\drivers\wfplwf.sys
14:38:28.0757 8948 C:\WINDOWS\System32\drivers\wfplwf.sys - ok
14:38:28.0763 8948 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:38:28.0763 8948 C:\WINDOWS\System32\drivers\ws2ifsl.sys - ok
14:38:28.0767 8948 [ 3289766038DB2CB14D07DC84392138D5 ] C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys
14:38:28.0767 8948 C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys - ok
14:38:28.0772 8948 [ 58A38E75F3316A83C23DF6173D41F2B5 ] C:\Program Files\SUPERAntiSpyware\saskutil64.sys
14:38:28.0772 8948 C:\Program Files\SUPERAntiSpyware\saskutil64.sys - ok
14:38:28.0778 8948 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\WINDOWS\System32\drivers\netbios.sys
14:38:28.0778 8948 C:\WINDOWS\System32\drivers\netbios.sys - ok
14:38:28.0782 8948 [ 77F665941019A1594D887A74F301FA2F ] C:\WINDOWS\System32\drivers\rdbss.sys
14:38:28.0782 8948 C:\WINDOWS\System32\drivers\rdbss.sys - ok
14:38:28.0787 8948 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\WINDOWS\System32\drivers\termdd.sys
14:38:28.0787 8948 C:\WINDOWS\System32\drivers\termdd.sys - ok
14:38:28.0790 8948 [ 356AFD78A6ED4457169241AC3965230C ] C:\WINDOWS\System32\drivers\wanarp.sys
14:38:28.0790 8948 C:\WINDOWS\System32\drivers\wanarp.sys - ok
14:38:28.0796 8948 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] C:\WINDOWS\System32\drivers\avgldx64.sys
14:38:28.0796 8948 C:\WINDOWS\System32\drivers\avgldx64.sys - ok
14:38:28.0800 8948 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\WINDOWS\System32\drivers\blbdrive.sys
14:38:28.0801 8948 C:\WINDOWS\System32\drivers\blbdrive.sys - ok
14:38:28.0805 8948 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\WINDOWS\System32\drivers\dfsc.sys
14:38:28.0805 8948 C:\WINDOWS\System32\drivers\dfsc.sys - ok
14:38:28.0811 8948 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\WINDOWS\System32\drivers\discache.sys
14:38:28.0811 8948 C:\WINDOWS\System32\drivers\discache.sys - ok
14:38:28.0815 8948 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\WINDOWS\System32\drivers\mssmbios.sys
14:38:28.0815 8948 C:\WINDOWS\System32\drivers\mssmbios.sys - ok
14:38:28.0820 8948 [ E7F5AE18AF4168178A642A9247C63001 ] C:\WINDOWS\System32\drivers\nsiproxy.sys
14:38:28.0820 8948 C:\WINDOWS\System32\drivers\nsiproxy.sys - ok
14:38:28.0825 8948 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\WINDOWS\System32\drivers\tunnel.sys
14:38:28.0825 8948 C:\WINDOWS\System32\drivers\tunnel.sys - ok
14:38:28.0830 8948 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\WINDOWS\System32\ntdll.dll
14:38:28.0830 8948 C:\WINDOWS\System32\ntdll.dll - ok
14:38:28.0834 8948 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\WINDOWS\System32\smss.exe
14:38:28.0834 8948 C:\WINDOWS\System32\smss.exe - ok
14:38:28.0839 8948 [ ADA036632C664CAA754079041CF1F8C1 ] C:\WINDOWS\System32\drivers\intelppm.sys
14:38:28.0839 8948 C:\WINDOWS\System32\drivers\intelppm.sys - ok
14:38:28.0845 8948 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] C:\WINDOWS\System32\drivers\igdkmd64.sys
14:38:28.0845 8948 C:\WINDOWS\System32\drivers\igdkmd64.sys - ok
14:38:28.0849 8948 [ F5BEE30450E18E6B83A5012C100616FD ] C:\WINDOWS\System32\drivers\dxgkrnl.sys
14:38:28.0849 8948 C:\WINDOWS\System32\drivers\dxgkrnl.sys - ok
14:38:28.0854 8948 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\WINDOWS\System32\drivers\dxgmms1.sys
14:38:28.0854 8948 C:\WINDOWS\System32\drivers\dxgmms1.sys - ok
14:38:28.0859 8948 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\WINDOWS\System32\drivers\usbport.sys
14:38:28.0860 8948 C:\WINDOWS\System32\drivers\usbport.sys - ok
14:38:28.0864 8948 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] C:\WINDOWS\System32\drivers\usbuhci.sys
14:38:28.0864 8948 C:\WINDOWS\System32\drivers\usbuhci.sys - ok
14:38:28.0869 8948 [ C025055FE7B87701EB042095DF1A2D7B ] C:\WINDOWS\System32\drivers\usbehci.sys
14:38:28.0869 8948 C:\WINDOWS\System32\drivers\usbehci.sys - ok
14:38:28.0873 8948 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\WINDOWS\System32\drivers\hdaudbus.sys
14:38:28.0873 8948 C:\WINDOWS\System32\drivers\hdaudbus.sys - ok
14:38:28.0879 8948 [ D1CA0BE94F247D05F30F5F98AE29D4E4 ] C:\WINDOWS\System32\drivers\BdaSup.sys
14:38:28.0879 8948 C:\WINDOWS\System32\drivers\BdaSup.sys - ok
14:38:28.0884 8948 [ 98405343D7DCD330FE1B08C8F4C3900C ] C:\WINDOWS\System32\drivers\HCW85BDA.sys
14:38:28.0884 8948 C:\WINDOWS\System32\drivers\HCW85BDA.sys - ok
14:38:28.0889 8948 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\WINDOWS\System32\drivers\ks.sys
14:38:28.0889 8948 C:\WINDOWS\System32\drivers\ks.sys - ok
14:38:28.0894 8948 [ 6869281E78CB31A43E969F06B57347C4 ] C:\WINDOWS\System32\drivers\ksthunk.sys
14:38:28.0894 8948 C:\WINDOWS\System32\drivers\ksthunk.sys - ok
14:38:28.0899 8948 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] C:\WINDOWS\System32\drivers\Rt64win7.sys
14:38:28.0899 8948 C:\WINDOWS\System32\drivers\Rt64win7.sys - ok
14:38:28.0903 8948 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\WINDOWS\System32\drivers\CompositeBus.sys
14:38:28.0904 8948 C:\WINDOWS\System32\drivers\CompositeBus.sys - ok
14:38:28.0909 8948 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\WINDOWS\System32\drivers\agilevpn.sys
14:38:28.0909 8948 C:\WINDOWS\System32\drivers\agilevpn.sys - ok
14:38:28.0914 8948 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\WINDOWS\System32\drivers\rasl2tp.sys
14:38:28.0914 8948 C:\WINDOWS\System32\drivers\rasl2tp.sys - ok
14:38:28.0919 8948 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\WINDOWS\System32\drivers\ndistapi.sys
14:38:28.0919 8948 C:\WINDOWS\System32\drivers\ndistapi.sys - ok
14:38:28.0923 8948 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\WINDOWS\System32\drivers\ndiswan.sys
14:38:28.0923 8948 C:\WINDOWS\System32\drivers\ndiswan.sys - ok
14:38:28.0929 8948 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\WINDOWS\System32\drivers\raspppoe.sys
14:38:28.0929 8948 C:\WINDOWS\System32\drivers\raspppoe.sys - ok
14:38:28.0933 8948 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\WINDOWS\System32\drivers\raspptp.sys
14:38:28.0933 8948 C:\WINDOWS\System32\drivers\raspptp.sys - ok
14:38:28.0938 8948 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\WINDOWS\System32\drivers\kbdclass.sys
14:38:28.0938 8948 C:\WINDOWS\System32\drivers\kbdclass.sys - ok
14:38:28.0944 8948 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\WINDOWS\System32\drivers\rassstp.sys
14:38:28.0944 8948 C:\WINDOWS\System32\drivers\rassstp.sys - ok
14:38:28.0948 8948 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\WINDOWS\System32\drivers\mouclass.sys
14:38:28.0948 8948 C:\WINDOWS\System32\drivers\mouclass.sys - ok
14:38:28.0953 8948 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\WINDOWS\System32\drivers\swenum.sys
14:38:28.0953 8948 C:\WINDOWS\System32\drivers\swenum.sys - ok
14:38:28.0958 8948 [ D7CD5C4E1B71FA62050515314CFB52CF ] C:\WINDOWS\System32\drivers\circlass.sys
14:38:28.0958 8948 C:\WINDOWS\System32\drivers\circlass.sys - ok
14:38:28.0963 8948 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\WINDOWS\System32\drivers\umbus.sys
14:38:28.0963 8948 C:\WINDOWS\System32\drivers\umbus.sys - ok
14:38:28.0968 8948 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\WINDOWS\System32\drivers\usbhub.sys
14:38:28.0968 8948 C:\WINDOWS\System32\drivers\usbhub.sys - ok
14:38:28.0972 8948 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\WINDOWS\System32\drivers\ndproxy.sys
14:38:28.0972 8948 C:\WINDOWS\System32\drivers\ndproxy.sys - ok
14:38:28.0978 8948 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\WINDOWS\System32\drivers\drmk.sys
14:38:28.0979 8948 C:\WINDOWS\System32\drivers\drmk.sys - ok
14:38:28.0984 8948 [ 975761C778E33CD22498059B91E7373A ] C:\WINDOWS\System32\drivers\HdAudio.sys
14:38:28.0984 8948 C:\WINDOWS\System32\drivers\HdAudio.sys - ok
14:38:28.0990 8948 [ D485D3BD3E2179AA86853A182F70699F ] C:\WINDOWS\System32\drivers\IntcHdmi.sys
14:38:28.0990 8948 C:\WINDOWS\System32\drivers\IntcHdmi.sys - ok
14:38:28.0994 8948 [ 32E11315B5126921FFD9074840EF13D3 ] C:\WINDOWS\System32\drivers\portcls.sys
14:38:28.0994 8948 C:\WINDOWS\System32\drivers\portcls.sys - ok
14:38:29.0001 8948 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\WINDOWS\System32\autochk.exe
14:38:29.0001 8948 C:\WINDOWS\System32\autochk.exe - ok
14:38:29.0006 8948 [ E1C16905C3885989B4AEDBFFE1A98ED9 ] C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
14:38:29.0006 8948 C:\PROGRA~2\AVG\AVG2012\avgrsa.exe - ok
14:38:29.0013 8948 [ F108BD69365EFC749C7E5F8BBEB51E3B ] C:\Program Files (x86)\AVG\AVG2012\avgsysa.dll
14:38:29.0013 8948 C:\Program Files (x86)\AVG\AVG2012\avgsysa.dll - ok
14:38:29.0019 8948 [ 863D56F63D254EBE27589893688CA8B3 ] C:\Program Files (x86)\AVG\AVG2012\avgntopenssla.dll
14:38:29.0019 8948 C:\Program Files (x86)\AVG\AVG2012\avgntopenssla.dll - ok
14:38:29.0025 8948 [ 67165D5818A872A7F01047771AA81FC9 ] C:\Program Files (x86)\AVG\AVG2012\avgloga.dll
14:38:29.0025 8948 C:\Program Files (x86)\AVG\AVG2012\avgloga.dll - ok
14:38:29.0031 8948 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\WINDOWS\System32\drivers\usbccgp.sys
14:38:29.0031 8948 C:\WINDOWS\System32\drivers\usbccgp.sys - ok
14:38:29.0037 8948 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\WINDOWS\System32\drivers\usbd.sys
14:38:29.0037 8948 C:\WINDOWS\System32\drivers\usbd.sys - ok
14:38:29.0044 8948 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\WINDOWS\System32\drivers\hidclass.sys
14:38:29.0044 8948 C:\WINDOWS\System32\drivers\hidclass.sys - ok
14:38:29.0048 8948 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\WINDOWS\System32\drivers\hidparse.sys
14:38:29.0048 8948 C:\WINDOWS\System32\drivers\hidparse.sys - ok
14:38:29.0053 8948 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\WINDOWS\System32\drivers\hidusb.sys
14:38:29.0053 8948 C:\WINDOWS\System32\drivers\hidusb.sys - ok
14:38:29.0058 8948 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\WINDOWS\System32\drivers\kbdhid.sys
14:38:29.0058 8948 C:\WINDOWS\System32\drivers\kbdhid.sys - ok
14:38:29.0063 8948 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\WINDOWS\System32\drivers\mouhid.sys
14:38:29.0063 8948 C:\WINDOWS\System32\drivers\mouhid.sys - ok
14:38:29.0068 8948 [ 51560829ABF9312BF2A09442DB36448C ] C:\PROGRA~2\AVG\AVG2012\avgchjwa.dll
14:38:29.0068 8948 C:\PROGRA~2\AVG\AVG2012\avgchjwa.dll - ok
14:38:29.0073 8948 [ 80DDC9151BFDF260AC4441A2F3943A04 ] C:\PROGRA~2\AVG\AVG2012\avgcclia.dll
14:38:29.0073 8948 C:\PROGRA~2\AVG\AVG2012\avgcclia.dll - ok
14:38:29.0078 8948 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\WINDOWS\System32\drivers\USBSTOR.SYS
14:38:29.0078 8948 C:\WINDOWS\System32\drivers\USBSTOR.SYS - ok
14:38:29.0083 8948 [ B96E3E543675039FC93D14EDF627231A ] C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
14:38:29.0083 8948 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe - ok
14:38:29.0087 8948 [ C2C0459AE453B839C7726DFBBEC84B8E ] C:\Program Files (x86)\AVG\AVG2012\avgcorea.dll
14:38:29.0087 8948 C:\Program Files (x86)\AVG\AVG2012\avgcorea.dll - ok
14:38:29.0093 8948 [ 57171BBB033293A2797E386EF3E482A6 ] C:\Program Files (x86)\AVG\AVG2012\avgcerta.dll
14:38:29.0093 8948 C:\Program Files (x86)\AVG\AVG2012\avgcerta.dll - ok
14:38:29.0098 8948 [ D64B112ECC7230808829A7BE86DCE8E3 ] C:\Program Files (x86)\AVG\AVG2012\avgchcla.dll
14:38:29.0098 8948 C:\Program Files (x86)\AVG\AVG2012\avgchcla.dll - ok
14:38:29.0102 8948 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] C:\WINDOWS\System32\drivers\USBAUDIO.sys
14:38:29.0103 8948 C:\WINDOWS\System32\drivers\USBAUDIO.sys - ok


*****DLL portion of scan has been deleted as my post was to long*****
14:38:38.0586 8948 ============================================================
14:38:38.0586 8948 Scan finished
14:38:38.0586 8948 ============================================================
14:38:38.0599 6880 Detected object count: 0
14:38:38.0599 6880 Actual detected object count: 0

new rkill64 shows no issues except:

* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!

I was beginning to wonder if there would be help and broke down and ran combofix as things started to get better. Hope i haven't ruined everything for your trying to help.

I have the aswmbr.txt from last week, if it's important here is the one from today:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-15 15:01:26
-----------------------------
15:01:26.397 OS Version: Windows x64 6.1.7601 Service Pack 1
15:01:26.397 Number of processors: 2 586 0x170A
15:01:26.398 ComputerName: OWNER-PC UserName: Owner
15:01:27.800 Initialize success
15:03:51.949 AVAST engine defs: 12081503
15:04:43.356 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:04:43.358 Disk 0 Vendor: ST350041 CC46 Size: 476940MB BusType: 3
15:04:43.371 Disk 0 MBR read successfully
15:04:43.372 Disk 0 MBR scan
15:04:43.379 Disk 0 Windows 7 default MBR code
15:04:43.381 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:04:43.404 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12318 MB offset 81920
15:04:43.422 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464581 MB offset 25309184
15:04:43.454 Disk 0 scanning C:\Windows\system32\drivers
15:04:54.675 Service scanning
15:05:13.787 Modules scanning
15:05:13.799 Disk 0 trace - called modules:
15:05:13.820 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:05:13.824 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800491e060]
15:05:13.827 3 CLASSPNP.SYS[fffff88001b5b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80043eb050]
15:05:26.416 AVAST engine scan C:\Windows
15:05:29.582 AVAST engine scan C:\Windows\system32
15:09:00.319 AVAST engine scan C:\Windows\system32\drivers
15:09:15.730 AVAST engine scan C:\Users\Owner
15:16:06.218 File: C:\Users\Owner\AppData\Local\Temp\ComboFix.exe **HIDDEN**
15:16:18.331 AVAST engine scan C:\ProgramData
15:17:59.811 Scan finished successfully
15:21:36.922 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
15:21:36.926 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


Thanks and looking forward to you reply...

Attached Files

  • Attached File  MBR.zip   571bytes   0 downloads


#6 rwilles

rwilles
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 16 August 2012 - 05:44 AM

Minitoolbox seems to show that I have 3 successive tunnel adapters running. Is this normal? I have tried to set the security zone in IE to maximum levels and it is continually reset to a custom setting. Don't use IE but when I run CCleaner there are almost 600 IE temp files that are 160 MB. Had router off most of the night and the system finally went to sleep after 3 hours without internet but woke itself an hour later.

MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 10-08-2012 at 08:27:31
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : B8-AC-6F-D7-FB-24
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6999:31f7:56e9:6086%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, August 10, 2012 7:39:20 AM
Lease Expires . . . . . . . . . . : Saturday, August 11, 2012 7:39:20 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 246983791
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-2A-BB-89-B8-AC-6F-D7-FB-24
DNS Servers . . . . . . . . . . . : 8.26.56.26
156.154.70.22
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{01A25DFA-BF34-4D15-BE9C-4A843556C8F3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:30fe:27e:3f57:fffd(Preferred)
Link-local IPv6 Address . . . . . : fe80::30fe:27e:3f57:fffd%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: google.com
Addresses: 2a00:1450:8005::8a
173.194.69.113
173.194.69.100
173.194.69.102
173.194.69.139
173.194.69.138
173.194.69.101


Pinging google.com [173.194.69.139] with 32 bytes of data:
Reply from 173.194.69.139: bytes=32 time=178ms TTL=46
Reply from 173.194.69.139: bytes=32 time=179ms TTL=46

Ping statistics for 173.194.69.139:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 178ms, Maximum = 179ms, Average = 178ms
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=54ms TTL=55
Reply from 209.191.122.70: bytes=32 time=55ms TTL=55

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 54ms, Maximum = 55ms, Average = 54ms
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...b8 ac 6f d7 fb 24 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 276
192.168.0.2 255.255.255.255 On-link 192.168.0.2 276
192.168.0.255 255.255.255.255 On-link 192.168.0.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:30fe:27e:3f57:fffd/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::30fe:27e:3f57:fffd/128
On-link
10 276 fe80::6999:31f7:56e9:6086/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/10/2012 08:14:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: Cleaner_Validator.exe, version: 0.0.0.0, time stamp: 0x4d00beda
Faulting module name: CSCDll.dll, version: 0.0.0.0, time stamp: 0x4d00be92
Exception code: 0xc0000005
Fault offset: 0x000000000002db82
Faulting process id: 0x1158
Faulting application start time: 0xCleaner_Validator.exe0
Faulting application path: Cleaner_Validator.exe1
Faulting module path: Cleaner_Validator.exe2
Report Id: Cleaner_Validator.exe3

Error: (08/10/2012 08:12:40 AM) (Source: Application Error) (User: )
Description: Faulting application name: Updater.exe, version: 1.0.0.1, time stamp: 0x4d00bee0
Faulting module name: CSCDll.dll, version: 0.0.0.0, time stamp: 0x4d00be92
Exception code: 0xc0000005
Fault offset: 0x000000000000e773
Faulting process id: 0x124c
Faulting application start time: 0xUpdater.exe0
Faulting application path: Updater.exe1
Faulting module path: Updater.exe2
Report Id: Updater.exe3

Error: (08/10/2012 08:12:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: Cleaner_Validator.exe, version: 0.0.0.0, time stamp: 0x4d00beda
Faulting module name: CSCDll.dll, version: 0.0.0.0, time stamp: 0x4d00be92
Exception code: 0xc0000005
Fault offset: 0x000000000002db82
Faulting process id: 0x1144
Faulting application start time: 0xCleaner_Validator.exe0
Faulting application path: Cleaner_Validator.exe1
Faulting module path: Cleaner_Validator.exe2
Report Id: Cleaner_Validator.exe3

Error: (08/10/2012 08:11:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: Updater.exe, version: 1.0.0.1, time stamp: 0x4d00bee0
Faulting module name: CSCDll.dll, version: 0.0.0.0, time stamp: 0x4d00be92
Exception code: 0xc0000005
Fault offset: 0x000000000000e773
Faulting process id: 0x4a0
Faulting application start time: 0xUpdater.exe0
Faulting application path: Updater.exe1
Faulting module path: Updater.exe2
Report Id: Updater.exe3

Error: (08/10/2012 08:01:27 AM) (Source: Application Error) (User: )
Description: Faulting application name: Cleaner_Validator.exe, version: 0.0.0.0, time stamp: 0x4d00beda
Faulting module name: CSCDll.dll, version: 0.0.0.0, time stamp: 0x4d00be92
Exception code: 0xc0000005
Fault offset: 0x000000000002db82
Faulting process id: 0x6b0
Faulting application start time: 0xCleaner_Validator.exe0
Faulting application path: Cleaner_Validator.exe1
Faulting module path: Cleaner_Validator.exe2
Report Id: Cleaner_Validator.exe3

Error: (08/10/2012 02:10:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7160

Error: (08/10/2012 02:10:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7160

Error: (08/10/2012 02:10:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2012 02:09:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6162

Error: (08/10/2012 02:09:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6162


System errors:
=============
Error: (08/10/2012 08:14:21 AM) (Source: Service Control Manager) (User: )
Description: The COMODO System - Cleaner Service service terminated unexpectedly. It has done this 3 time(s).

Error: (08/10/2012 08:12:18 AM) (Source: Service Control Manager) (User: )
Description: The COMODO System - Cleaner Service service terminated unexpectedly. It has done this 2 time(s).

Error: (08/10/2012 08:01:31 AM) (Source: Service Control Manager) (User: )
Description: The COMODO System - Cleaner Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/10/2012 07:37:16 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (08/10/2012 07:37:16 AM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/10/2012 07:34:54 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/10/2012 07:15:54 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (08/10/2012 07:15:54 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (08/10/2012 07:01:47 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:59:54 AM on ?8/?10/?2012 was unexpected.

Error: (08/10/2012 05:58:27 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004


Microsoft Office Sessions:
=========================
Error: (08/10/2012 08:14:21 AM) (Source: Application Error)(User: )
Description: Cleaner_Validator.exe0.0.0.04d00bedaCSCDll.dll0.0.0.04d00be92c0000005000000000002db82115801cd770232a7c0e8C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exeC:\Program Files\COMODO\COMODO System-Cleaner\CSCDll.dllad62395e-e2f5-11e1-ab47-b8ac6fd7fb24

Error: (08/10/2012 08:12:40 AM) (Source: Application Error)(User: )
Description: Updater.exe1.0.0.14d00bee0CSCDll.dll0.0.0.04d00be92c0000005000000000000e773124c01cd7702338181c6C:\Program Files\COMODO\COMODO System-Cleaner\Updater.exeC:\Program Files\COMODO\COMODO System-Cleaner\CSCDll.dll7169edb0-e2f5-11e1-ab47-b8ac6fd7fb24

Error: (08/10/2012 08:12:17 AM) (Source: Application Error)(User: )
Description: Cleaner_Validator.exe0.0.0.04d00bedaCSCDll.dll0.0.0.04d00be92c0000005000000000002db82114401cd77020859710fC:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exeC:\Program Files\COMODO\COMODO System-Cleaner\CSCDll.dll63ba654b-e2f5-11e1-ab47-b8ac6fd7fb24

Error: (08/10/2012 08:11:35 AM) (Source: Application Error)(User: )
Description: Updater.exe1.0.0.14d00bee0CSCDll.dll0.0.0.04d00be92c0000005000000000000e7734a001cd770209fd8183C:\Program Files\COMODO\COMODO System-Cleaner\Updater.exeC:\Program Files\COMODO\COMODO System-Cleaner\CSCDll.dll4ab65cef-e2f5-11e1-ab47-b8ac6fd7fb24

Error: (08/10/2012 08:01:27 AM) (Source: Application Error)(User: )
Description: Cleaner_Validator.exe0.0.0.04d00bedaCSCDll.dll0.0.0.04d00be92c0000005000000000002db826b001cd76fce7ac1be7C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exeC:\Program Files\COMODO\COMODO System-Cleaner\CSCDll.dlle04bd58b-e2f3-11e1-ab47-b8ac6fd7fb24

Error: (08/10/2012 02:10:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7160

Error: (08/10/2012 02:10:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7160

Error: (08/10/2012 02:10:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2012 02:09:59 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6162

Error: (08/10/2012 02:09:59 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6162


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.3.300.257)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Advertising Center (Version: 0.0.0.1)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
Bonjour (Version: 2.0.4.0)
Bullzip PDF Printer 8.2.0.1394 (Version: 8.2.0.1394)
CCleaner (Version: 3.21)
COMODO System-Cleaner (Version: 3.0.172695.53)
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.40)
Dell Edoc Viewer (Version: 1.0.0)
Dell Support Center (Version: 3.1.5907.39)
DolbyFiles (Version: 0.1)
EnergyPlus Version 7.0 (Version: 7.0.0.036)
ESET Online Scanner v3
Google Chrome (Version: 21.0.1180.60)
Google SketchUp 8 (Version: 3.0.11752)
Google SketchUp Pro 7 (Version: 2.1.6860)
Google Update Helper (Version: 1.3.21.115)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Home Designer Pro 10 (Version: 10.4.3.0)
HTC Driver Installer (Version: 3.0.0.007)
Hulu Desktop (Version: 0.9.14)
ImagXpress (Version: 7.0.74.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
Internet TV for Windows Media Center (Version: 4.2.2.0)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Last.fm 1.5.4.27091
magicJack (Version: 2.0.6073.4413)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Menu Templates - Starter Kit (Version: 9.4.2.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero Express Help (Version: 9.6.2.101)
Nero InfoTool (Version: 6.4.11.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.12.100)
Nero StartSmart Help (Version: 9.4.12.100)
NeroExpress (Version: 9.4.17.100)
neroxml (Version: 1.0.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
OpenStudio 0.7.0 (Version: 0.7.0)
Panda USB Vaccine 1.0.1.16
PlayReady PC Runtime amd64 (Version: 1.3.0)
Realtek Ethernet Controller Driver (Version: 1.00.0008)
Sandboxie 3.72 (64-bit) (Version: 3.72)
SnapIt 3.7 (Version: 3.7)
SUPERAntiSpyware (Version: 5.5.1012)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
WinDirStat 1.1.2
Windows Media Center Add-in for Flash (Version: 4.1.2.0)
Windows Media Center Add-in for Silverlight (Version: 4.7.3.0)

========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 4060.98 MB
Available physical RAM: 1587.48 MB
Total Pagefile: 10149.18 MB
Available Pagefile: 7787.89 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.36 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:453.69 GB) (Free:249.39 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Guest Owner

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

30-07-2012 01:00:07 Windows Backup
04-08-2012 23:00:12 Installed Microsoft Fix it 50906
04-08-2012 23:32:15 Revo Uninstaller Pro's restore point - Panda USB Vaccine 1.0.1.16
06-08-2012 01:00:10 Windows Backup
08-08-2012 05:43:00 Installed Microsoft Fix it 50906
10-08-2012 13:22:22 Installed Microsoft Fix it 50906

**** End of log ****

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:07 PM

Posted 16 August 2012 - 01:10 PM

Unhide your files and folders.
Windows 7
http://www.bleepingcomputer.com/tutorials/tutorial151.html
*/*

Delete this file in bold.

C:\Users\Owner\AppData\Local\Temp\ComboFix.exe **HIDDEN**

===
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#8 rwilles

rwilles
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 16 August 2012 - 05:41 PM

Have already had hidden files and folders showing, for months now. The file does not show in the sub-directory. Can't delete. I tried to delete the whole local\temp folder (getting tired of fighting a nothing) and the only file still showing is "fxsapiDebugLogFile.txt", modified now, 0 bytes. When I try to delete it says I can't because it's 'open in Windows Explorer'. Tried to search the for file and got a Comodo titled page, not Google, with 2007 posts. Weird

I can report that the 30 second pause at the Dell loading screen is about 3 seconds now, so some progress is being made.

Do you still want me to run combo fix? I said above that I ran it on Monday after the last system restore. Could that be where the file came from?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:07 PM

Posted 17 August 2012 - 07:16 AM

the only file still showing is "fxsapiDebugLogFile.txt", modified now, 0 bytes. When I try to delete it says I can't because it's 'open in Windows Explorer'.


Nothing to worry about.
http://answers.microsoft.com/en-us/windows/forum/windows_7-files/fxsapidebuglogfile-have-no-clue-to-get-rid-of-it/a5e508dd-7e0e-47f3-80af-0fee50bf0fd4

===

Yes please run ComboFix and post the log for my review.

#10 rwilles

rwilles
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 17 August 2012 - 02:00 PM

ComboFix 12-08-15.01 - Owner 08/17/2012 7:55.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.3179 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Business Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Anti-Virus Business Edition 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Anti-Virus Business Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\cscmondump.bin
.
---- Previous Run -------
.
c:\windows\cscmondump.bin
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 14:00 . 2012-08-17 14:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-17 14:00 . 2012-08-17 14:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 10:12 . 2012-08-16 10:12 16200 ----a-w- c:\windows\stinger.sys
2012-08-16 10:12 . 2012-08-16 10:15 -------- d-----w- c:\program files (x86)\stinger
2012-08-15 19:47 . 2012-08-15 19:47 -------- d-----w- c:\program files\CCleaner
2012-08-15 15:45 . 2012-08-15 15:45 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2012-08-14 23:14 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-14 23:14 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-14 23:14 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-14 23:14 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-14 23:14 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-14 23:14 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-14 23:14 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-14 23:14 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-14 23:14 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-14 23:14 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-14 23:14 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 23:14 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 20:00 . 2012-08-14 20:00 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-08-13 19:52 . 2012-08-13 19:52 -------- d-----w- c:\programdata\Sophos
2012-08-13 19:52 . 2012-08-13 19:52 73728 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-13 19:52 . 2012-08-13 19:52 73728 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-13 19:52 . 2012-08-13 19:52 73728 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-13 19:52 . 2012-08-13 19:52 -------- d-----w- c:\program files (x86)\Sophos
2012-08-11 05:01 . 2012-08-11 05:01 -------- d-----w- c:\program files\Sandboxie
2012-08-10 18:05 . 2012-08-10 18:05 -------- d-----w- C:\found.000
2012-08-10 15:49 . 2012-08-10 15:49 -------- d-----w- c:\users\Owner\AppData\Roaming\Simply Super Software
2012-08-10 15:49 . 2012-08-10 19:34 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-08-10 15:49 . 2012-08-10 15:49 -------- d-----w- c:\programdata\Simply Super Software
2012-08-08 19:00 . 2012-08-10 11:13 -------- d-----w- c:\users\Owner\AppData\Roaming\Nero
2012-08-04 23:26 . 2012-08-04 23:26 -------- d-----w- c:\users\Owner\AppData\Local\VS Revo Group
2012-08-04 23:26 . 2012-08-10 19:27 -------- d-----w- c:\program files\VS Revo Group
2012-08-04 03:59 . 2012-08-14 18:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-23 18:44 . 2012-08-15 15:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-23 18:22 . 2012-07-24 15:22 -------- dc----w- c:\users\Owner\AppData\Local\MigWiz
2012-07-23 13:33 . 2012-07-23 13:33 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-07-23 13:33 . 2012-07-23 13:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 05:03 . 2011-11-15 16:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-08-17 05:02 . 2011-11-15 20:25 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-17 05:02 . 2011-11-15 20:24 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-17 05:02 . 2011-11-15 16:14 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-15 10:57 . 2012-01-04 00:49 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-08-15 10:57 . 2011-11-15 16:15 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-08-15 10:57 . 2011-11-15 16:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-08-15 09:00 . 2011-10-31 16:44 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-07 15:03 . 2012-07-07 12:35 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5256593-30A1-4B88-B3F3-00BEB1894952}\offreg.dll
2012-06-28 12:51 . 2011-11-15 04:32 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-18 09:12 . 2012-07-07 05:36 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5256593-30A1-4B88-B3F3-00BEB1894952}\mpengine.dll
2012-06-10 19:01 . 2012-04-10 03:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-10 19:01 . 2011-10-31 17:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-11 11:08 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 11:08 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:08 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:07 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:08 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:08 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:07 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-06 01:23 . 2012-06-06 01:19 242036 ----a-w- C:\MGlogs.zip
2012-06-05 07:37 . 2012-07-04 15:15 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-06-02 22:19 . 2012-06-24 19:06 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 19:06 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 19:06 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 19:06 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 19:06 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 19:06 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 19:06 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-24 19:06 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:15 . 2012-06-24 19:06 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 11:07 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:07 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 11:07 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 11:07 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:07 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:07 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:07 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:07 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:07 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 18:25 . 2011-10-31 15:31 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-15_19.33.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-15 09:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-16 11:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-16 11:06 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 09:17 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 11:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 09:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-21 17:39 . 2012-08-16 22:16 69812 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-16 22:16 45764 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-31 15:15 . 2012-08-16 22:16 18132 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2486535178-4280501390-890005082-1000_UserData.bin
- 2011-10-31 14:03 . 2012-08-10 17:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-31 14:03 . 2012-08-15 23:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-31 14:03 . 2012-08-15 23:13 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-31 14:03 . 2012-08-10 17:44 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-10 17:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 23:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-10 19:18 . 2012-08-16 22:13 24118 c:\windows\CSC_ServiceDump.dat
- 2012-08-15 15:37 . 2012-08-15 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-16 22:14 . 2012-08-16 22:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 15:37 . 2012-08-15 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-16 22:14 . 2012-08-16 22:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-15 10:00 . 2012-08-17 13:47 329630 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2011-11-15 10:00 . 2012-08-15 14:56 329630 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2012-08-10 17:55 . 2012-08-16 22:13 282956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-08-10 17:55 . 2012-08-15 15:36 282956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-06 18:55 . 2011-06-06 18:55 686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JP2KLib.dll
+ 2012-08-10 19:07 . 2012-08-16 22:13 3538168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2486535178-4280501390-890005082-1000-8192.dat
+ 2012-08-10 19:07 . 2012-08-16 22:13 1526316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2486535178-4280501390-890005082-1000-12288.dat
+ 2011-06-06 18:55 . 2011-06-06 18:55 5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AGM.dll
+ 2012-06-10 19:18 . 2012-08-16 22:13 5609862 c:\windows\CSC_ActiveCleanLog.dat
+ 2012-07-28 01:47 . 2012-07-28 01:47 13123584 c:\windows\Installer\5f573.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-11 15:52 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-11 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CSC"="c:\program files\COMODO\COMODO System-Cleaner\CSC.exe" [2010-12-09 7160768]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 694032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-11 1107552]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-15 136176]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-15 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-31 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2010-12-09 79552]
S1 CFRPD;CFRPD;c:\windows\system32\DRIVERS\CFRPD.sys [2010-12-09 41472]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-09 371648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-11 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-15 1708800]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-15 04:32]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-15 04:32]
.
2012-07-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
2012-07-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{01A25DFA-BF34-4D15-BE9C-4A843556C8F3}: NameServer = 8.26.56.26,156.154.70.22
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c75z2bt9.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c7,dc,5b,4e,71,5b,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,2f,99,4a,d4,71,e4,41,87,a2,ac,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,2f,99,4a,d4,71,e4,41,87,a2,ac,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-17 08:01:54
ComboFix-quarantined-files.txt 2012-08-17 14:01
ComboFix2.txt 2012-08-14 21:47
ComboFix3.txt 2012-08-14 19:11
ComboFix4.txt 2012-07-23 15:14
ComboFix5.txt 2012-08-15 19:27
.
Pre-Run: 257,316,450,304 bytes free
Post-Run: 257,240,735,744 bytes free
.
- - End Of File - - BE6F819FCACFE91086C43E92DB05B633

#11 rwilles

rwilles
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 17 August 2012 - 02:15 PM

Additional info: as Combofix was running the AVG firewall indicated that there was no connection, as the 'report was being run', the firewall said I had a connection directly to the internet, then went to network 3, then went to a brand new message: "office network" the firewall has blocked over 300 attempts for an outside connection, most from pid 4120, (USB Flash Drive Speed Tests - VID = 41e (Creative Technology, Ltd), PID = 4120... Is this the program?) file search for above terms yields nothing on the machine.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:07 PM

Posted 18 August 2012 - 07:22 AM

The ComboFix log is clean.

"office network" the firewall has blocked over 300 attempts for an outside connection, most from pid 4120, (USB Flash Drive Speed Tests - VID = 41e (Creative Technology, Ltd), PID = 4120... Is this the program?)

I'm not sure if this will tell you anything but the VID and PID are not listed on this page.
http://usbspeed.nirsoft.net/

I have no idea as to what this might be. If interested in finding more about it I suggest you start a new topic in the External Hardware forum.
http://www.bleepingcomputer.com/forums/forum138.html

Any other issues with this computer?

#13 rwilles

rwilles
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 19 August 2012 - 09:24 AM

I let the computer run for 24 hours and it never went to sleep. I have reinstalled the Magic Jack software and uninstalled all the Nero programs and replaced them with cdburnerxp. This got rid of the programs that weren't on windows programs uninstall screen.

Dell data safe program won't run past splash screen. It seems to be one of the partitions (33mb) but there is no access. Seems I have 3 partitions, one is the main c: drive, second is MS system files, never set up datasafe (i have burned DVD's for backup) what is this third partition? On some scans it shows I have an optical drive "L" in addition to my dvd burner. There are no additional drives on this computer.

I don't use IE for the internet but IE internet security options have been reset repeatedly to custom security levels. It happens as computer is sitting not at startup. I have reset again with the enable protected mode checked. Closing and opening firefox, it will alert that it is no longer the preferred browser.

ComodoSystemCleaner is continually finding new registry errors. Started logging the deletions list below:

[ 18.08.2012 08:20:40 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{2991F100-D9C3-4243-82A2-A718747FC0CF}\1.0\HELPDIR => OK
[ 18.08.2012 08:20:40 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{41738EEA-442F-477F-92CF-2889BD6CD7E7}\1.0\HELPDIR => OK
[ 18.08.2012 08:20:40 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\TypeLib\{2991F100-D9C3-4243-82A2-A718747FC0CF}\1.0\HELPDIR => OK
[ 18.08.2012 08:20:40 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\TypeLib\{41738EEA-442F-477F-92CF-2889BD6CD7E7}\1.0\HELPDIR => OK
[ 18.08.2012 08:20:40 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\TypeLib => OK
[ 18.08.2012 08:20:40 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535} : AppID => OK
[ 18.08.2012 08:20:40 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 => OK
[ 18.08.2012 08:20:40 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\TypeLib => OK
[ 18.08.2012 08:20:40 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\Interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}\TypeLib => OK
[ 19.08.2012 07:15:46 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{AE827ABA-9A56-40FF-8F45-B7DE58CD9BDB}\1.0\HELPDIR => OK
[ 19.08.2012 07:15:46 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{BED1A006-EAD2-4E92-AED1-1B1DB679F7F1}\1.0\HELPDIR => OK
[ 19.08.2012 07:15:46 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{F514CE29-986D-46E2-AACD-CFCA4D351362}\4.0\0\win32 => OK
[ 19.08.2012 07:15:46 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{FA9DF45C-1CD3-4197-A066-CAB0078BB55B}\TypeLib => OK
[ 19.08.2012 07:15:46 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\TypeLib\{93CBA48A-1C58-4648-B22D-8F3588CB8D95}\c.0\HELPDIR => OK
[ 19.08.2012 07:15:46 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\TypeLib\{AE827ABA-9A56-40FF-8F45-B7DE58CD9BDB}\1.0\HELPDIR => OK
[ 19.08.2012 07:15:46 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\TypeLib\{BED1A006-EAD2-4E92-AED1-1B1DB679F7F1}\1.0\HELPDIR => OK
[ 19.08.2012 07:15:46 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\TypeLib\{F514CE29-986D-46E2-AACD-CFCA4D351362}\4.0\0\win32 => OK
[ 19.08.2012 07:15:46 ] CRC: Cleaning HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{93CBA48A-1C58-4648-B22D-8F3588CB8D95}\c.0\HELPDIR => OK
[ 19.08.2012 07:17:37 ] CRC: Cleaning HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache : C:\Users\Owner\AppData\Local\Temp\RarSFX1\CleanTool.exe => OK
[ 19.08.2012 07:22:30 ] CRC: Cleaning HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU : 0 => OK
[ 19.08.2012 07:22:30 ] CRC: Cleaning HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\* : 0 => OK
[ 19.08.2012 07:22:30 ] CRC: Cleaning HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\* : MRUListEx => OK
[ 19.08.2012 07:22:30 ] CRC: Cleaning HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\reg : 0 => OK
[ 19.08.2012 07:22:30 ] CRC: Cleaning HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\reg : MRUListEx => OK
[ 19.08.2012 07:22:30 ] CRC: Cleaning HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU : MRUListEx => OK

rkill shows changes to .exe, .com, .bat files:

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Seem to have some kind of redirect going on as I get to strange pages when i do a google search. Is there possibly a battle going on in the hosts list with all the security software I've downloaded and run? seems I have 3 tunnel adapters loading, are they each trying to control the connection ending in a fight between them or do they pass off from one to the other? A search with Google may stall and have to be run on a second window. When bleepingcomputer is pinged the connection comes back unreachable but no loss of packets, how can both be true?

Minitoolbox results.txt:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 19-08-2012 at 07:59:37
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : B8-AC-6F-D7-FB-24
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6999:31f7:56e9:6086%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 19, 2012 7:21:12 AM
Lease Expires . . . . . . . . . . : Monday, August 20, 2012 7:21:11 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 246983791
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-2A-BB-89-B8-AC-6F-D7-FB-24
DNS Servers . . . . . . . . . . . : 8.26.56.26
156.154.70.22
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{01A25DFA-BF34-4D15-BE9C-4A843556C8F3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:14:2019:51e7:a5ea(Preferred)
Link-local IPv6 Address . . . . . : fe80::14:2019:51e7:a5ea%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: google.com
Addresses: 2a00:1450:8005::64
173.194.69.100
173.194.69.102
173.194.69.138
173.194.69.139
173.194.69.113
173.194.69.101


Pinging google.com [173.194.69.102] with 32 bytes of data:
Reply from 173.194.69.102: bytes=32 time=182ms TTL=46
Reply from 173.194.69.102: bytes=32 time=181ms TTL=46

Ping statistics for 173.194.69.102:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 181ms, Maximum = 182ms, Average = 181ms
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=138ms TTL=53
Reply from 98.139.183.24: bytes=32 time=145ms TTL=53

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 138ms, Maximum = 145ms, Average = 141ms
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...b8 ac 6f d7 fb 24 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.5 276
192.168.0.5 255.255.255.255 On-link 192.168.0.5 276
192.168.0.255 255.255.255.255 On-link 192.168.0.5 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.5 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.5 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:79fb:14:2019:51e7:a5ea/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::14:2019:51e7:a5ea/128
On-link
10 276 fe80::6999:31f7:56e9:6086/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/19/2012 07:27:49 AM) (Source: DataSafe.exe) (User: )
Description: Config file invalid, check app.config file

Error: (08/19/2012 07:03:54 AM) (Source: DataSafe.exe) (User: )
Description: Config file invalid, check app.config file

Error: (08/19/2012 07:01:40 AM) (Source: MsiInstaller) (User: Owner-PC)Owner-PC
Description: Product: Nero InfoTool Help -- This .msi file cannot be executed. Please start Setup.exe to install this application

Error: (08/19/2012 07:01:23 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Nero BackItUp Scheduler 4.0 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/19/2012 07:01:07 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Nero BackItUp Scheduler 4.0 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/19/2012 07:00:24 AM) (Source: MsiInstaller) (User: Owner-PC)Owner-PC
Description: Product: Nero StartSmart Help -- This .msi file cannot be executed. Please start Setup.exe to install this application

Error: (08/19/2012 07:00:13 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Nero BackItUp Scheduler 4.0 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/19/2012 06:59:59 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Nero BackItUp Scheduler 4.0 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/19/2012 06:59:06 AM) (Source: MsiInstaller) (User: Owner-PC)Owner-PC
Description: Product: Nero Online Upgrade -- This .msi file cannot be executed. Please start Setup.exe to install this application

Error: (08/19/2012 06:58:55 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Nero BackItUp Scheduler 4.0 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (08/19/2012 07:21:20 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (08/19/2012 07:05:33 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (08/19/2012 07:05:32 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (08/19/2012 06:10:56 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (08/19/2012 06:10:56 AM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/19/2012 06:07:50 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (08/19/2012 06:07:50 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (08/19/2012 06:05:21 AM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.0.2 with the system
having network hardware address 1C-B0-94-42-5F-CC. Network operations on this system may
be disrupted as a result.

Error: (08/18/2012 10:19:03 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/18/2012 06:16:29 PM) (Source: Service Control Manager) (User: )
Description: The COMODO System - Cleaner Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (08/19/2012 07:27:49 AM) (Source: DataSafe.exe)(User: )
Description: Config file invalid, check app.config file

Error: (08/19/2012 07:03:54 AM) (Source: DataSafe.exe)(User: )
Description: Config file invalid, check app.config file

Error: (08/19/2012 07:01:40 AM) (Source: MsiInstaller)(User: Owner-PC)Owner-PC
Description: Product: Nero InfoTool Help -- This .msi file cannot be executed. Please start Setup.exe to install this application(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/19/2012 07:01:23 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service Nero BackItUp Scheduler 4.0 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/19/2012 07:01:07 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service Nero BackItUp Scheduler 4.0 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/19/2012 07:00:24 AM) (Source: MsiInstaller)(User: Owner-PC)Owner-PC
Description: Product: Nero StartSmart Help -- This .msi file cannot be executed. Please start Setup.exe to install this application(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/19/2012 07:00:13 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service Nero BackItUp Scheduler 4.0 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/19/2012 06:59:59 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service Nero BackItUp Scheduler 4.0 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/19/2012 06:59:06 AM) (Source: MsiInstaller)(User: Owner-PC)Owner-PC
Description: Product: Nero Online Upgrade -- This .msi file cannot be executed. Please start Setup.exe to install this application(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/19/2012 06:58:55 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service Nero BackItUp Scheduler 4.0 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.


=========================== Installed Programs ============================

127.0.0.1 localhost
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
Bonjour (Version: 2.0.4.0)
Bullzip PDF Printer 8.2.0.1394 (Version: 8.2.0.1394)
CCleaner (Version: 3.21)
CDBurnerXP (Version: 4.4.1.3341)
COMODO System-Cleaner (Version: 3.0.172695.53)
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.40)
Dell Edoc Viewer (Version: 1.0.0)
Dell Support Center (Version: 3.1.5907.39)
DolbyFiles (Version: 0.1)
EnergyPlus Version 7.0 (Version: 7.0.0.036)
Google Chrome (Version: 21.0.1180.79)
Google SketchUp 8 (Version: 3.0.11752)
Google SketchUp Pro 7 (Version: 2.1.6860)
Google Update Helper (Version: 1.3.21.115)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Home Designer Pro 10 (Version: 10.4.3.0)
Hulu Desktop (Version: 0.9.14)
ImagXpress (Version: 7.0.74.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
Internet TV for Windows Media Center (Version: 4.2.2.0)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Last.fm 1.5.4.27091
magicJack (Version: 2.0.6073.4413)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero ControlCenter (Version: 9.0.0.1)
OpenOffice.org 3.3 (Version: 3.3.9567)
OpenStudio 0.7.0 (Version: 0.7.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Realtek Ethernet Controller Driver (Version: 1.00.0008)
Revo Uninstaller 1.94 (Version: 1.94)
Sandboxie 3.72 (64-bit) (Version: 3.72)
SnapIt 3.7 (Version: 3.7)
SUPERAntiSpyware (Version: 5.5.1012)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Media Center Add-in for Flash (Version: 4.1.2.0)
Windows Media Center Add-in for Silverlight (Version: 4.7.3.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 4060.98 MB
Available physical RAM: 2661.75 MB
Total Pagefile: 10149.18 MB
Available Pagefile: 8107.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.1 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:453.69 GB) (Free:246.8 GB) NTFS
8 Drive y: (RECOVERY) (Fixed) (Total:12.03 GB) (Free:5.37 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Guest Owner

========================= Minidump Files ==================================

========================= Restore Points ==================================

13-08-2012 01:00:08 Windows Backup
13-08-2012 19:51:54 Installed Sophos Virus Removal Tool.
14-08-2012 18:22:25 Installed Microsoft Fix it 50906
14-08-2012 18:51:01 Removed HTC Driver Installer.
15-08-2012 09:00:12 Windows Update
17-08-2012 13:54:07 ComboFix created restore point
19-08-2012 12:23:53 Removed Sophos Virus Removal Tool.
19-08-2012 12:48:59 Revo Uninstaller's restore point - Advertising Center
19-08-2012 12:49:10 Removed Advertising Center
19-08-2012 12:51:37 Revo Uninstaller's restore point - Nero Express Help
19-08-2012 12:51:48 Removed Nero Express Help
19-08-2012 12:53:29 Revo Uninstaller's restore point - Nero StartSmart
19-08-2012 12:53:40 Removed Nero StartSmart
19-08-2012 12:54:52 Revo Uninstaller's restore point - NeroExpress
19-08-2012 12:55:06 Removed NeroExpress
19-08-2012 12:56:24 Revo Uninstaller's restore point - Nero InfoTool
19-08-2012 12:56:35 Removed Nero InfoTool
19-08-2012 12:57:28 Revo Uninstaller's restore point - neroxml
19-08-2012 12:57:48 Removed neroxml
19-08-2012 12:58:41 Revo Uninstaller's restore point - Nero Online Upgrade
19-08-2012 12:58:52 Removed Nero Online Upgrade
19-08-2012 12:59:58 Revo Uninstaller's restore point - Nero StartSmart Help
19-08-2012 13:00:13 Removed Nero StartSmart Help
19-08-2012 13:01:07 Revo Uninstaller's restore point - Nero InfoTool Help
19-08-2012 13:01:19 Removed Nero InfoTool Help

**** End of log ****
Thanks for the help on this, things are getting better. Have a great day!

#14 rwilles

rwilles
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 19 August 2012 - 10:31 AM

In trying to reinstall delldatasafe, I tried to go to the downloadpage in both chrome and firefox. Both programs gave the message, "This webpage is not available. The connection to www.delldatasafe.com was interrupted."

What's going on!

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:07 PM

Posted 19 August 2012 - 10:51 AM

I have reset again with the enable protected mode checked. Closing and opening firefox, it will alert that it is no longer the preferred browser.

On the Firefox menu > tools > internet options > Advanced tab
Under System Default is the box "Always check to see if Firefox ... set?

In Internet Explorer it's undert Tool > Internet Options > Program tab.

Select the setting you want on both browsers.

===


I have no knowledge on the ComodoRegistry cleaner.
Never used a Registry cleaner and never will.

===

Dell data safe program won't run past splash screen


Run this Google search. Again not a hardware person but it could be tied to it.
https://www.google.ca/search?q=Dell+data+safe+program+won't+run+past+splash+screen&sugexp=chrome,mod=18&sourceid=chrome&ie=UTF-8

If nothing found on Google I suggest you start a new topic in the Internal hardware forum
http://www.bleepingcomputer.com/forums/forum7.html

And define this problem.
===

As for your continued redirection lets have a look at some of the adware that may be causing this.
Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users