Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef and combofix-did I screw up?


  • This topic is locked This topic is locked
28 replies to this topic

#1 captainmoonlite

captainmoonlite

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 22 August 2012 - 08:41 PM

Running win 7 pro 64 bit

several days ago my desktop started a "reboot after a minute" message loop. I rebooted in safe mode and ran ms essentials and I think that's how I stopped the reboot problem. I don't remember which sirefefs, but there were several on my machine. I then tried a number of other fixes because windows update and windows firewall wouldn't work. So I installed zone alarm while I was working to fix the other issues. After using all kinds of microsoft fixits and tools like tdskiller, msert, 3 ESET tools, etc., I managed to get update and and firewall to work and a ms essentials finally showed a clean list. But I was so spooked by the whole process that I ran Combofix. I don't think I had seen the instruction not to do so without an expert saying so, I can't remember. so I've removed zone alarm. However, combofix log seemed to show that it had found some things. So, I don't know how to remove them. Maybe I still have sirefef?

Now that I screwed up and ran combofix, how should I proceed? I didn't attach logs because I don't know at this point which ones I should send. I'm hoping and praying someone has the kindness in their heart to help an old guy out.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:45 PM

Posted 23 August 2012 - 12:16 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 captainmoonlite

captainmoonlite
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 23 August 2012 - 07:48 PM

Chico, thank you so much for your kind assistance! You are a saint!

I made backups of my drives before a few days ago (before I ran combofix) and they are on an external drive.

Strange behavior: I did a bing search in google chrome for "does security essentials block script" and when I clicked on the first two results (the two links said answers.microsoft.com...) I was redirected to norton utilities. Don't know if thats a worry or not. I tried again and was taken to the proper sites.

and I turned ms security essentials back on after running DDS.scr

defogger done.

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Duplicate Cleaner 1.3
Java™ 6 Update 18
Java™ 6 Update 29
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````

The only software I know of that might block scripts is Microsoft Security Essentials so I disabled it while running dds.scr. I hope its the only one, this is beyond my expertise.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Glen at 19:20:09 on 2012-08-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.1381 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Glary Utilities\memdefrag.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\Glen\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Users\Glen\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\itunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Users\Glen\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Glen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Glen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Glen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Glen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Glen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rr.com/division/247
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Glary Memory Optimizer] "C:\Program Files (x86)\Glary Utilities\memdefrag.exe" /autostart
uRun: [Akamai NetSession Interface] "C:\Users\Glen\AppData\Local\Akamai\netsession_win.exe"
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Glen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: northtexas.org\mail
Trusted Zone: rr.com\mail.tx
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{77A0D852-929C-411F-AF4D-C0F9FB353FFB} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
mRun-x64: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun-x64: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\xpg19jbf.default\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
FF - plugin: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Glen\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN114380463853508-1002&toolbarId=base&affiliateId=1002&Lan={dfltLng}&utid=80d578070000000000000026f2478bff&q=
FF - user.js: extensions.zonealarm.id - 80d578070000000000000026f2478bff
FF - user.js: extensions.zonealarm.instlDay - 15574
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.420:26:49
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1002
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN114380463853508-1002
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 mrdd;Marvell Removable Disk Control Driver;C:\Windows\system32\DRIVERS\mrdd.sys --> C:\Windows\system32\DRIVERS\mrdd.sys [?]
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-9 493248]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-1-21 130048]
R2 WSWNA1100;WSWNA1100;C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2012-8-20 266240]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\google\Update\GoogleUpdate.exe [2010-5-30 136176]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250056]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\google\Update\GoogleUpdate.exe [2010-5-30 136176]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2012-8-20 960992]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-23 01:55:48 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{169B8C24-1409-4D8F-9F77-4C3EA22CE85A}\offreg.dll
2012-08-23 01:49:02 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{169B8C24-1409-4D8F-9F77-4C3EA22CE85A}\mpengine.dll
2012-08-22 02:41:48 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-22 02:17:50 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-22 01:47:57 98816 ----a-w- C:\Windows\sed.exe
2012-08-22 01:47:57 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-22 01:47:57 256000 ----a-w- C:\Windows\PEV.exe
2012-08-22 01:47:57 208896 ----a-w- C:\Windows\MBR.exe
2012-08-21 23:51:24 -------- d-----w- C:\RegBackup
2012-08-21 23:50:06 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-08-21 23:48:32 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-08-21 03:26:49 25312 ----a-w- C:\Windows\System32\drivers\SCMNdisP.sys
2012-08-21 03:26:49 1924096 ----a-w- C:\Windows\System32\drivers\athurx.sys
2012-08-21 03:26:43 -------- d-----w- C:\Program Files (x86)\NETGEAR
2012-08-20 23:46:22 -------- d-----w- C:\Program Files (x86)\Runtime Software
2012-08-19 19:30:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-19 19:30:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-19 03:42:15 -------- d-----w- C:\Users\Glen\AppData\Roaming\CheckPoint
2012-08-19 03:19:18 -------- d-----w- C:\ProgramData\CheckPoint
2012-08-19 02:35:22 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-19 02:35:22 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-19 02:35:22 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-19 02:35:20 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-19 02:35:20 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-19 02:35:19 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-19 02:35:17 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-19 02:35:13 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-19 02:35:13 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-19 02:35:13 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-19 02:35:13 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-19 02:19:31 381816 ----a-w- C:\Windows\System32\PsExec.exe
2012-08-19 02:10:56 -------- d-----w- C:\Windows\System32\catroot2
2012-08-19 02:05:30 -------- d-----w- C:\Windows\SysWow64\catroot2.bak
2012-08-19 01:34:31 -------- d-----w- C:\Program Files\Enigma Software Group
2012-08-19 01:33:39 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-19 01:33:37 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-19 01:31:01 -------- d-----w- C:\Users\Glen\AppData\Roaming\SpeedyPC Software
2012-08-19 01:31:01 -------- d-----w- C:\Users\Glen\AppData\Roaming\DriverCure
2012-08-19 01:30:46 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-08-19 01:00:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-18 22:54:59 328704 ----a-w- C:\Windows\System32\services.exe.0FB1739F04D53C32
2012-08-18 22:50:08 328704 ----a-w- C:\Windows\System32\services.exe.B8B1489A8B595A8C
2012-08-18 22:42:03 328704 ----a-w- C:\Windows\System32\services.exe.7AA7A229EB0E44A0
2012-08-18 22:34:49 328704 ----a-w- C:\Windows\System32\services.exe.C65B9C6D3214B256
2012-08-18 22:26:40 328704 ----a-w- C:\Windows\System32\services.exe.CB7498A74347BB5D
2012-08-18 22:21:09 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{02E6068C-B374-4EB1-A10F-AE1489D6D0B7}\gapaengine.dll
2012-08-18 22:18:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-18 22:18:34 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-08-12 21:32:59 -------- d-----w- C:\Users\Glen\AppData\Local\{BEEF80BE-E43D-11E1-8270-B8AC6F996F26}
2012-08-12 05:28:15 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-12 05:23:25 -------- d-----w- C:\Users\Glen\AppData\Local\{BEEF4E7D-E43D-11E1-8270-B8AC6F996F26}
.
==================== Find3M ====================
.
2012-08-18 00:10:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-18 00:10:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-07 01:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 19:21:01.81 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 4/9/2010 8:40:17 PM
System Uptime: 8/21/2012 9:16:30 PM (46 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5E3-WS-Pro
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz | LGA775 | 2997/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 54.383 GiB free.
D: is FIXED (NTFS) - 931 GiB total, 334.653 GiB free.
E: is FIXED (NTFS) - 245 GiB total, 43.502 GiB free.
F: is FIXED (NTFS) - 214 GiB total, 84.361 GiB free.
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&23F9C1E3&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP722: 8/19/2012 2:26:13 PM - Removed SpyHunter
RP723: 8/19/2012 6:54:25 PM - Installed Microsoft Fix it 50884
RP724: 8/20/2012 10:07:10 PM - Installed NETGEAR WNA1100 N150 Wireless USB Adapter
RP725: 8/20/2012 10:19:22 PM - Removed NETGEAR WNA1100 N150 Wireless USB Adapter
RP726: 8/20/2012 10:21:16 PM - Installed NETGEAR WNA1100 N150 Wireless USB Adapter
RP727: 8/20/2012 10:24:31 PM - Removed NETGEAR WNA1100 N150 Wireless USB Adapter
RP728: 8/20/2012 10:26:14 PM - Installed NETGEAR WNA1100 N150 Wireless USB Adapter
RP729: 8/21/2012 6:50:48 PM - Tweaking.com - Windows Repair
RP730: 8/21/2012 7:21:01 PM - Tweaking.com - Windows Repair
RP731: 8/21/2012 7:59:26 PM - Installed Microsoft Fix it 50884
RP732: 8/22/2012 8:48:48 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
A Ruler for Windows
Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Creative Suite 3 Master Collection
Adobe Creative Suite 5 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe kuler
Adobe Linguistics CS3
Adobe Media Player
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Reader 9.4.6
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AI Suite
Akamai NetSession Interface
Akeeba Remote Control 2.5
Allway Sync version 10.3.25
Amazon Kindle
Amazon Kindle For PC v1.1
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Auslogics Disk Defrag
CameraHelperMsi
CCleaner
Cfont Pro v3.1
Cisco AnyConnect VPN Client
Corel Graphics - Windows Shell Extension
CuteFTP 8 Professional
D3DX10
DriveImage XML (Private Edition)
Dropbox
Duplicate Cleaner 1.3
DVD Shrink 3.2
erLT
Free Easy Burner V 4.1
Glary Utilities 2.35.0.1216
Google Chrome
Google Update Helper
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java™ 6 Update 18
Java™ 6 Update 29
KML Editor
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
marvell 61xx
MediaCoder iPod Edition x64
MediaCoder x64 0.7.3.4640
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MiniTool Partition Wizard Home Edition 7.1
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WNA1100 N150 Wireless USB Adapter
PC Probe II
PDF Settings
PDF Settings CS5
Pixie 3.1 (remove only)
PxMergeModule
Quicken 2005
Quicken 2008
Quicken 2011
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 4.2
Spelling Dictionaries Support For Adobe Reader 9
System Requirements Lab
Tweaking.com - Windows Repair (All in One)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoLAN VLC media player 0.8.6f
Vizros Plug-ins 4.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
YouSendIt Express
.
==== Event Viewer Messages From Past Week ========
.
8/21/2012 9:18:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD SmartWare Background Service service to connect.
8/21/2012 9:04:28 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
8/21/2012 9:01:48 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/21/2012 9:00:37 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/21/2012 8:28:00 PM, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/21/2012 8:06:45 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
8/21/2012 8:05:23 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
8/21/2012 8:05:23 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
8/21/2012 8:03:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service.
8/21/2012 8:03:30 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
8/21/2012 7:44:06 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
8/21/2012 7:04:35 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
8/21/2012 6:02:52 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/21/2012 6:02:52 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/20/2012 9:03:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2343.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/20/2012 9:03:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2343.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/20/2012 10:27:43 PM, Error: Service Control Manager [7030] - The WSWNA1100 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/20/2012 10:07:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2343.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/19/2012 1:54:34 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/19/2012 1:49:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
8/19/2012 1:46:28 PM, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 1 The details view of this entry contains further information.
8/19/2012 1:46:28 PM, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 0 The details view of this entry contains further information.
8/19/2012 1:43:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa800576e038, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\081912-101525-01.dmp. Report Id: 081912-101525-01.
8/18/2012 9:25:12 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/18/2012 8:26:44 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win64/Sirefef.B&threatid=2147657891 Name: Virus:Win64/Sirefef.B ID: 2147657891 Severity: Severe Category: Virus Path: file:_C:\TDSSKiller_Quarantine\18.08.2012_19.58.34\zasubsys0000\file0000\tsk0000.dta Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\SearchProtocolHost.exe Action: Clean Action Status: No additional actions required Error Code: 0x8007007f Error description: The specified procedure could not be found. Signature Version: AV: 1.131.2330.0, AS: 1.131.2330.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/18/2012 8:05:19 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 8:05:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/18/2012 8:05:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/18/2012 8:05:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/18/2012 8:05:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/18/2012 8:05:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/18/2012 8:05:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/18/2012 8:02:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
8/18/2012 8:02:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 8:02:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2012 8:02:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2012 8:02:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 8:02:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 8:02:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2012 8:02:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 8:02:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2012 8:02:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2012 7:56:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/18/2012 5:45:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002ee2474, 0xfffff88007da0ac0, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\081812-33103-01.dmp. Report Id: 081812-33103-01.
8/18/2012 5:39:42 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
8/18/2012 5:19:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/18/2012 5:19:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/18/2012 5:19:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/18/2012 5:19:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/18/2012 10:28:48 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
8/17/2012 5:51:31 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007051b'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:45 PM

Posted 23 August 2012 - 07:53 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 captainmoonlite

captainmoonlite
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 23 August 2012 - 09:59 PM

ComboFix 12-08-20.02 - Glen 08/21/2012 20:50:12.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.1977 [GMT -5:00]
Running from: h:\fixes\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Fonts\usps4cb.TTF
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-22 02:01 . 2012-08-22 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-22 01:26 . 2012-08-22 01:26 126 ----a-w- C:\user.js
2012-08-22 01:25 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6623B53D-914A-43CF-A7E0-7C9E276047A0}\mpengine.dll
2012-08-21 23:51 . 2012-08-21 23:51 -------- d-----w- C:\RegBackup
2012-08-21 23:50 . 2012-08-21 23:53 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-08-21 23:48 . 2012-08-21 23:48 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-08-21 03:31 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-21 03:26 . 2010-10-11 06:11 1924096 ----a-w- c:\windows\system32\drivers\athurx.sys
2012-08-21 03:26 . 2007-01-19 23:24 25312 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2012-08-21 03:26 . 2012-08-21 03:26 -------- d-----w- c:\program files (x86)\NETGEAR
2012-08-20 23:46 . 2012-08-20 23:46 -------- d-----w- c:\program files (x86)\Runtime Software
2012-08-19 19:30 . 2012-08-22 01:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-19 19:30 . 2012-08-22 01:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-19 03:42 . 2012-08-19 03:42 -------- d-----w- c:\users\Glen\AppData\Roaming\CheckPoint
2012-08-19 03:19 . 2012-08-19 03:19 -------- d-----w- c:\programdata\CheckPoint
2012-08-19 02:35 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-19 02:35 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-19 02:35 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-19 02:35 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-19 02:35 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-19 02:35 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-19 02:35 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-19 02:35 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-19 02:35 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-19 02:35 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-19 02:35 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-19 02:35 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-19 02:20 . 2012-08-22 00:22 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-08-19 02:19 . 2012-08-19 02:13 381816 ----a-w- c:\windows\system32\PsExec.exe
2012-08-19 02:10 . 2012-08-20 01:53 -------- d-----w- c:\windows\system32\catroot2
2012-08-19 02:05 . 2012-08-19 02:10 -------- d-----w- c:\windows\SysWow64\catroot2.bak
2012-08-19 01:34 . 2012-08-19 01:34 -------- d-----w- c:\program files\Enigma Software Group
2012-08-19 01:33 . 2012-08-19 20:00 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-19 01:33 . 2012-08-19 01:33 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-19 01:31 . 2012-08-19 01:31 -------- d-----w- c:\users\Glen\AppData\Roaming\SpeedyPC Software
2012-08-19 01:31 . 2012-08-19 01:31 -------- d-----w- c:\users\Glen\AppData\Roaming\DriverCure
2012-08-19 01:30 . 2012-08-19 17:33 -------- d-----w- c:\programdata\SpeedyPC Software
2012-08-19 01:00 . 2012-08-19 01:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-18 22:54 . 2012-08-18 22:54 328704 ----a-w- c:\windows\system32\services.exe.0FB1739F04D53C32
2012-08-18 22:50 . 2012-08-18 22:50 328704 ----a-w- c:\windows\system32\services.exe.B8B1489A8B595A8C
2012-08-18 22:42 . 2012-08-18 22:42 328704 ----a-w- c:\windows\system32\services.exe.7AA7A229EB0E44A0
2012-08-18 22:34 . 2012-08-18 22:34 328704 ----a-w- c:\windows\system32\services.exe.C65B9C6D3214B256
2012-08-18 22:26 . 2012-08-18 22:26 328704 ----a-w- c:\windows\system32\services.exe.CB7498A74347BB5D
2012-08-18 22:21 . 2012-02-09 19:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02E6068C-B374-4EB1-A10F-AE1489D6D0B7}\gapaengine.dll
2012-08-18 22:18 . 2012-08-18 22:18 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-18 22:18 . 2012-08-18 22:18 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-12 21:32 . 2012-08-12 21:32 -------- d-----w- c:\users\Glen\AppData\Local\{BEEF80BE-E43D-11E1-8270-B8AC6F996F26}
2012-08-12 05:28 . 2012-08-12 05:28 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-12 05:23 . 2012-08-12 05:23 -------- d-----w- c:\users\Glen\AppData\Local\{BEEF4E7D-E43D-11E1-8270-B8AC6F996F26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-19 02:35 . 2010-04-10 02:29 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-18 00:10 . 2012-04-11 03:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-18 00:10 . 2011-05-13 22:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-13 03:08 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-13 03:08 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-13 03:08 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-13 03:06 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-13 03:08 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-13 03:08 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-13 03:06 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-19 00:51 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 00:51 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 00:51 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 00:51 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 00:51 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 00:51 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 00:51 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 00:50 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-19 00:50 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-13 03:08 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-13 03:08 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-13 03:08 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-13 03:08 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-13 03:08 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-13 03:08 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-13 03:08 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-13 03:08 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-13 03:08 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Glen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Glen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Glen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"Glary Memory Optimizer"="c:\program files (x86)\Glary Utilities\memdefrag.exe" [2011-07-01 108344]
"Akamai NetSession Interface"="c:\users\Glen\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-08-21 1427968]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-08-19 603136]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-08-21 887936]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Fotki Desktop.lnk - c:\program files (x86)\Fotki Desktop\fotki.exe [2011-6-21 2001920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2012-8-20 4545024]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 250056]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-10-11 1924096]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-05-04 35840]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 136176]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-23 960992]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-19 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 13280]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 w4shwdrv;w4shwdrv;c:\users\Glen\AppData\Local\Temp\w4sE9EF.tmp [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S0 mrdd;Marvell Removable Disk Control Driver;c:\windows\system32\DRIVERS\mrdd.sys [2009-01-21 22568]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-02-09 176680]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]
S3 ALSysIO;ALSysIO;c:\users\Glen\AppData\Local\Temp\ALSysIO64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 00:10]
.
2012-08-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-08-05 13:26]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 21:39]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 21:39]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559719344-1154641583-2535817487-1001Core.job
- c:\users\Glen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-11 02:12]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559719344-1154641583-2535817487-1001UA.job
- c:\users\Glen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-11 02:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Glen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Glen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Glen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Glen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.rr.com/division/247
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: northtexas.org\mail
Trusted Zone: rr.com\mail.tx
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\xpg19jbf.default\
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN114380463853508-1002&toolbarId=base&affiliateId=1002&Lan={dfltLng}&utid=80d578070000000000000026f2478bff&q=
FF - user.js: extensions.zonealarm.id - 80d578070000000000000026f2478bff
FF - user.js: extensions.zonealarm.instlDay - 15574
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.420:26
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1002
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN114380463853508-1002
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-eyeBeam SIP Client - (no file)
Wow6432Node-HKCU-Run-BestSync 2010 - c:\program files\RiseFly\BestSync\BestSyncApp.exe
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WNA1100\jswtrayutil.exe
SafeBoot-40152078.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w4shwdrv]
"ImagePath"="\??\c:\users\Glen\AppData\Local\Temp\w4sE9EF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:91,d8,a9,d7,a7,3a,d3,47,85,7f,46,aa,e6,77,6a,21,64,1c,f9,b7,e4,
48,56,fb,50,f6,31,64,bd,f4,70,de,07,95,49,67,6b,1d,1c,7c,72,06,50,96,e0,92,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:20,55,ea,90,bc,f0,15,e9,fa,1d,3b,6e,38,75,0a,d3,15,03,c9,da,8c,
6b,03,e5,de,1f,e1,82,a0,e3,2b,ff,30,ee,12,80,2f,54,df,86,3b,eb,53,ab,85,c6,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:91,d8,a9,d7,a7,3a,d3,47,85,7f,46,aa,e6,77,6a,21,64,1c,f9,b7,e4,
48,56,fb,50,f6,31,64,bd,f4,70,de,07,95,49,67,6b,1d,1c,7c,72,06,50,96,e0,92,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:20,55,ea,90,bc,f0,15,e9,fa,1d,3b,6e,38,75,0a,d3,15,03,c9,da,8c,
6b,03,e5,de,1f,e1,82,a0,e3,2b,ff,30,ee,12,80,2f,54,df,86,3b,eb,53,ab,85,c6,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-21 21:11:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-22 02:11
.
Pre-Run: 58,052,771,840 bytes free
Post-Run: 59,293,782,016 bytes free
.
- - End Of File - - 4D3FCDC23DEB9C6DEFEBCCDBD19ABBD1

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:45 PM

Posted 23 August 2012 - 10:18 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 captainmoonlite

captainmoonlite
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 23 August 2012 - 11:32 PM

Gringo, I ran tdsskiller twice on 8/18/12 before I found bleeping computer forums and you responded. I'll paste in the two log texts. It also created a TDSSKiller_Quarantine folder.

Let me know if you want me to run TDSKiller again. I will wait to run aswMBR till I hear back from you.

Thank you!

19:58:34.0181 0352 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
19:58:34.0290 0352 ============================================================
19:58:34.0290 0352 Current date / time: 2012/08/18 19:58:34.0290
19:58:34.0290 0352 SystemInfo:
19:58:34.0290 0352
19:58:34.0290 0352 OS Version: 6.1.7601 ServicePack: 1.0
19:58:34.0290 0352 Product type: Workstation
19:58:34.0290 0352 ComputerName: GLEN-PC
19:58:34.0290 0352 UserName: Glen
19:58:34.0290 0352 Windows directory: C:\Windows
19:58:34.0290 0352 System windows directory: C:\Windows
19:58:34.0290 0352 Running under WOW64
19:58:34.0290 0352 Processor architecture: Intel x64
19:58:34.0290 0352 Number of processors: 2
19:58:34.0290 0352 Page size: 0x1000
19:58:34.0290 0352 Boot type: Safe boot
19:58:34.0290 0352 ============================================================
19:58:35.0897 0352 Drive \Device\Harddisk2\DR2 - Size: 0x3A70C70000 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
19:58:35.0897 0352 Drive \Device\Harddisk0\DR0 - Size: 0x5D26E00000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:58:35.0928 0352 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0000000 (931.50 Gb), SectorSize: 0x200, Cylinders: 0x1DAFF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:58:35.0928 0352 Drive \Device\Harddisk3\DR3 - Size: 0x7A7D1C00 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:58:35.0944 0352 Drive \Device\Harddisk4\DR4 - Size: 0x3B9A48000 (14.90 Gb), SectorSize: 0x200, Cylinders: 0x799, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:58:35.0944 0352 ============================================================
19:58:35.0944 0352 \Device\Harddisk2\DR2:
19:58:35.0944 0352 MBR partitions:
19:58:35.0944 0352 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1AC75000
19:58:35.0944 0352 \Device\Harddisk0\DR0:
19:58:35.0944 0352 MBR partitions:
19:58:35.0944 0352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
19:58:35.0944 0352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFFFB000, BlocksNum 0x1E93B000
19:58:35.0944 0352 \Device\Harddisk1\DR1:
19:58:35.0944 0352 MBR partitions:
19:58:35.0944 0352 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746FF000
19:58:35.0944 0352 \Device\Harddisk3\DR3:
19:58:35.0944 0352 MBR partitions:
19:58:35.0944 0352 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3D3E4F
19:58:35.0944 0352 \Device\Harddisk4\DR4:
19:58:35.0944 0352 MBR partitions:
19:58:35.0944 0352 \Device\Harddisk4\DR4\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DCB2C0
19:58:35.0944 0352 ============================================================
19:58:35.0975 0352 C: <-> \Device\Harddisk0\DR0\Partition1
19:58:36.0038 0352 E: <-> \Device\Harddisk0\DR0\Partition2
19:58:36.0053 0352 F: <-> \Device\Harddisk2\DR2\Partition1
19:58:36.0084 0352 D: <-> \Device\Harddisk1\DR1\Partition1
19:58:36.0084 0352 ============================================================
19:58:36.0084 0352 Initialize success
19:58:36.0084 0352 ============================================================
19:59:01.0856 1164 ============================================================
19:59:01.0856 1164 Scan started
19:59:01.0856 1164 Mode: Manual;
19:59:01.0856 1164 ============================================================
19:59:04.0274 1164 ================ Scan services =============================
19:59:04.0414 1164 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:59:04.0414 1164 1394ohci - ok
19:59:04.0461 1164 [ e0a8525a951addb4655bc2068566407d ] 61883 C:\Windows\system32\DRIVERS\61883.sys
19:59:04.0476 1164 61883 - ok
19:59:04.0523 1164 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:59:04.0523 1164 ACPI - ok
19:59:04.0554 1164 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:59:04.0570 1164 AcpiPmi - ok
19:59:04.0617 1164 [ d44bcaf639e4e45307c2bc80715273d5 ] adfs C:\Windows\system32\drivers\adfs.sys
19:59:04.0632 1164 adfs - ok
19:59:04.0726 1164 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:59:04.0757 1164 AdobeFlashPlayerUpdateSvc - ok
19:59:04.0804 1164 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:59:04.0820 1164 adp94xx - ok
19:59:04.0851 1164 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:59:04.0851 1164 adpahci - ok
19:59:04.0882 1164 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:59:04.0882 1164 adpu320 - ok
19:59:04.0913 1164 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:59:04.0929 1164 AeLookupSvc - ok
19:59:04.0976 1164 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:59:04.0991 1164 AFD - ok
19:59:05.0022 1164 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:59:05.0038 1164 agp440 - ok
19:59:05.0069 1164 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
19:59:05.0069 1164 ALG - ok
19:59:05.0085 1164 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:59:05.0116 1164 aliide - ok
19:59:05.0241 1164 ALSysIO - ok
19:59:05.0303 1164 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
19:59:05.0303 1164 amdide - ok
19:59:05.0334 1164 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:59:05.0366 1164 AmdK8 - ok
19:59:05.0397 1164 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:59:05.0412 1164 AmdPPM - ok
19:59:05.0428 1164 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:59:05.0444 1164 amdsata - ok
19:59:05.0459 1164 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:59:05.0459 1164 amdsbs - ok
19:59:05.0475 1164 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:59:05.0490 1164 amdxata - ok
19:59:05.0522 1164 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
19:59:05.0537 1164 AppID - ok
19:59:05.0568 1164 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:59:05.0568 1164 AppIDSvc - ok
19:59:05.0600 1164 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:59:05.0600 1164 Appinfo - ok
19:59:05.0693 1164 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:59:05.0724 1164 Apple Mobile Device - ok
19:59:05.0756 1164 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:59:05.0756 1164 AppMgmt - ok
19:59:05.0771 1164 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
19:59:05.0787 1164 arc - ok
19:59:05.0802 1164 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:59:05.0818 1164 arcsas - ok
19:59:05.0880 1164 [ a82c01606dc27d05d9d3bfb6bb807e32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
19:59:05.0896 1164 AsIO - ok
19:59:05.0912 1164 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:59:05.0927 1164 AsyncMac - ok
19:59:05.0974 1164 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
19:59:05.0974 1164 atapi - ok
19:59:06.0036 1164 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:59:06.0052 1164 AudioEndpointBuilder - ok
19:59:06.0052 1164 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:59:06.0052 1164 AudioSrv - ok
19:59:06.0083 1164 [ 16fabe84916623d0607e4a975544032c ] Avc C:\Windows\system32\DRIVERS\avc.sys
19:59:06.0099 1164 Avc - ok
19:59:06.0146 1164 [ 155f536d6181508929f4fe177f4167ce ] AVCSTRM C:\Windows\system32\DRIVERS\avcstrm.sys
19:59:06.0146 1164 AVCSTRM - ok
19:59:06.0192 1164 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:59:06.0208 1164 AxInstSV - ok
19:59:06.0255 1164 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:59:06.0270 1164 b06bdrv - ok
19:59:06.0302 1164 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:59:06.0302 1164 b57nd60a - ok
19:59:06.0333 1164 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:59:06.0348 1164 BDESVC - ok
19:59:06.0364 1164 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:59:06.0364 1164 Beep - ok
19:59:06.0380 1164 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:59:06.0395 1164 blbdrive - ok
19:59:06.0458 1164 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:59:06.0473 1164 Bonjour Service - ok
19:59:06.0489 1164 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:59:06.0504 1164 bowser - ok
19:59:06.0520 1164 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:59:06.0536 1164 BrFiltLo - ok
19:59:06.0551 1164 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:59:06.0567 1164 BrFiltUp - ok
19:59:06.0582 1164 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
19:59:06.0598 1164 Browser - ok
19:59:06.0614 1164 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:59:06.0614 1164 Brserid - ok
19:59:06.0614 1164 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:59:06.0629 1164 BrSerWdm - ok
19:59:06.0645 1164 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:59:06.0645 1164 BrUsbMdm - ok
19:59:06.0645 1164 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:59:06.0660 1164 BrUsbSer - ok
19:59:06.0676 1164 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:59:06.0692 1164 BTHMODEM - ok
19:59:06.0723 1164 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
19:59:06.0738 1164 bthserv - ok
19:59:06.0770 1164 [ 9887ca12f407d7fbc7f48f3678f5f0b6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
19:59:06.0785 1164 BVRPMPR5a64 - ok
19:59:06.0801 1164 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:59:06.0832 1164 cdfs - ok
19:59:06.0879 1164 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:59:06.0879 1164 cdrom - ok
19:59:06.0926 1164 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
19:59:06.0941 1164 CertPropSvc - ok
19:59:06.0957 1164 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:59:06.0957 1164 circlass - ok
19:59:07.0004 1164 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
19:59:07.0004 1164 CLFS - ok
19:59:07.0066 1164 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:59:07.0097 1164 clr_optimization_v2.0.50727_32 - ok
19:59:07.0128 1164 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:59:07.0144 1164 clr_optimization_v2.0.50727_64 - ok
19:59:07.0206 1164 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:59:07.0238 1164 clr_optimization_v4.0.30319_32 - ok
19:59:07.0269 1164 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:59:07.0284 1164 clr_optimization_v4.0.30319_64 - ok
19:59:07.0284 1164 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:59:07.0300 1164 CmBatt - ok
19:59:07.0331 1164 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:59:07.0347 1164 cmdide - ok
19:59:07.0394 1164 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
19:59:07.0394 1164 CNG - ok
19:59:07.0425 1164 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:59:07.0440 1164 Compbatt - ok
19:59:07.0472 1164 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:59:07.0487 1164 CompositeBus - ok
19:59:07.0487 1164 COMSysApp - ok
19:59:07.0503 1164 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:59:07.0503 1164 crcdisk - ok
19:59:07.0534 1164 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:59:07.0550 1164 CryptSvc - ok
19:59:07.0628 1164 [ 5228b7a738dc90a06ae4f4a7412cb1e9 ] CrystalSysInfo C:\Program Files\MediaCoder iPod Edition x64\SysInfoX64.sys
19:59:07.0643 1164 CrystalSysInfo - ok
19:59:07.0706 1164 [ 54da3dfd29ed9f1619b6f53f3ce55e49 ] CSC C:\Windows\system32\drivers\csc.sys
19:59:07.0721 1164 CSC - ok
19:59:07.0752 1164 [ 3ab183ab4d2c79dcf459cd2c1266b043 ] CscService C:\Windows\System32\cscsvc.dll
19:59:07.0768 1164 CscService - ok
19:59:07.0799 1164 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:59:07.0830 1164 DcomLaunch - ok
19:59:07.0862 1164 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
19:59:07.0877 1164 defragsvc - ok
19:59:07.0893 1164 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:59:07.0908 1164 DfsC - ok
19:59:07.0971 1164 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
19:59:07.0971 1164 Dhcp - ok
19:59:07.0986 1164 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
19:59:08.0002 1164 discache - ok
19:59:08.0018 1164 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:59:08.0018 1164 Disk - ok
19:59:08.0049 1164 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:59:08.0064 1164 Dnscache - ok
19:59:08.0096 1164 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:59:08.0111 1164 dot3svc - ok
19:59:08.0127 1164 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
19:59:08.0142 1164 DPS - ok
19:59:08.0174 1164 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:59:08.0174 1164 drmkaud - ok
19:59:08.0236 1164 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:59:08.0252 1164 DXGKrnl - ok
19:59:08.0267 1164 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:59:08.0283 1164 EapHost - ok
19:59:08.0439 1164 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:59:08.0501 1164 ebdrv - ok
19:59:08.0532 1164 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
19:59:08.0532 1164 EFS - ok
19:59:08.0610 1164 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:59:08.0626 1164 ehRecvr - ok
19:59:08.0642 1164 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
19:59:08.0657 1164 ehSched - ok
19:59:08.0688 1164 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:59:08.0688 1164 elxstor - ok
19:59:08.0704 1164 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:59:08.0720 1164 ErrDev - ok
19:59:08.0782 1164 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
19:59:08.0782 1164 EventSystem - ok
19:59:08.0782 1164 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
19:59:08.0798 1164 exfat - ok
19:59:08.0829 1164 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:59:08.0829 1164 fastfat - ok
19:59:08.0876 1164 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
19:59:08.0891 1164 Fax - ok
19:59:08.0907 1164 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:59:08.0922 1164 fdc - ok
19:59:08.0938 1164 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:59:08.0938 1164 fdPHost - ok
19:59:08.0954 1164 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:59:08.0954 1164 FDResPub - ok
19:59:08.0969 1164 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:59:08.0969 1164 FileInfo - ok
19:59:08.0985 1164 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:59:09.0000 1164 Filetrace - ok
19:59:09.0032 1164 [ f76d04f7413b07daa029f6520b64b4e8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:59:09.0063 1164 FLEXnet Licensing Service - ok
19:59:09.0078 1164 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:59:09.0078 1164 flpydisk - ok
19:59:09.0125 1164 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:59:09.0125 1164 FltMgr - ok
19:59:09.0188 1164 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
19:59:09.0203 1164 FontCache - ok
19:59:09.0250 1164 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:59:09.0297 1164 FontCache3.0.0.0 - ok
19:59:09.0312 1164 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:59:09.0328 1164 FsDepends - ok
19:59:09.0344 1164 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:59:09.0359 1164 Fs_Rec - ok
19:59:09.0406 1164 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:59:09.0406 1164 fvevol - ok
19:59:09.0437 1164 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:59:09.0437 1164 gagp30kx - ok
19:59:09.0453 1164 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:59:09.0453 1164 GEARAspiWDM - ok
19:59:09.0500 1164 [ fa1dabdba6721f4fe345413b3a189ead ] ggoyvutc C:\Windows\system32\drivers\ggoyvutc.sys
19:59:09.0500 1164 ggoyvutc - ok
19:59:09.0546 1164 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
19:59:09.0546 1164 gpsvc - ok
19:59:09.0640 1164 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:59:09.0687 1164 gupdate - ok
19:59:09.0718 1164 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:59:09.0718 1164 gupdatem - ok
19:59:09.0734 1164 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:59:09.0749 1164 hcw85cir - ok
19:59:09.0796 1164 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:59:09.0827 1164 HdAudAddService - ok
19:59:09.0843 1164 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:59:09.0858 1164 HDAudBus - ok
19:59:09.0874 1164 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:59:09.0874 1164 HidBatt - ok
19:59:09.0905 1164 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:59:09.0921 1164 HidBth - ok
19:59:09.0936 1164 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:59:09.0952 1164 HidIr - ok
19:59:09.0968 1164 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
19:59:09.0983 1164 hidserv - ok
19:59:10.0014 1164 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:59:10.0030 1164 HidUsb - ok
19:59:10.0061 1164 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:59:10.0061 1164 hkmsvc - ok
19:59:10.0092 1164 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:59:10.0108 1164 HomeGroupListener - ok
19:59:10.0139 1164 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:59:10.0139 1164 HomeGroupProvider - ok
19:59:10.0170 1164 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:59:10.0186 1164 HpSAMD - ok
19:59:10.0248 1164 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:59:10.0264 1164 HTTP - ok
19:59:10.0280 1164 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:59:10.0295 1164 hwpolicy - ok
19:59:10.0311 1164 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:59:10.0311 1164 i8042prt - ok
19:59:10.0342 1164 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:59:10.0358 1164 iaStorV - ok
19:59:10.0420 1164 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:59:10.0436 1164 idsvc - ok
19:59:10.0482 1164 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:59:10.0498 1164 iirsp - ok
19:59:10.0545 1164 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
19:59:10.0560 1164 IKEEXT - ok
19:59:10.0592 1164 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
19:59:10.0607 1164 intelide - ok
19:59:10.0623 1164 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:59:10.0638 1164 intelppm - ok
19:59:10.0670 1164 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:59:10.0670 1164 IPBusEnum - ok
19:59:10.0701 1164 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:59:10.0716 1164 IpFilterDriver - ok
19:59:10.0748 1164 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:59:10.0779 1164 IPMIDRV - ok
19:59:10.0810 1164 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:59:10.0826 1164 IPNAT - ok
19:59:10.0904 1164 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:59:10.0919 1164 iPod Service - ok
19:59:10.0935 1164 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:59:10.0966 1164 IRENUM - ok
19:59:11.0013 1164 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:59:11.0028 1164 isapnp - ok
19:59:11.0091 1164 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:59:11.0106 1164 iScsiPrt - ok
19:59:11.0153 1164 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:59:11.0153 1164 kbdclass - ok
19:59:11.0169 1164 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:59:11.0184 1164 kbdhid - ok
19:59:11.0200 1164 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
19:59:11.0200 1164 KeyIso - ok
19:59:11.0216 1164 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:59:11.0231 1164 KSecDD - ok
19:59:11.0262 1164 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:59:11.0262 1164 KSecPkg - ok
19:59:11.0294 1164 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:59:11.0294 1164 ksthunk - ok
19:59:11.0340 1164 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
19:59:11.0372 1164 KtmRm - ok
19:59:11.0418 1164 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:59:11.0450 1164 LanmanServer - ok
19:59:11.0481 1164 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:59:11.0496 1164 LanmanWorkstation - ok
19:59:11.0528 1164 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:59:11.0543 1164 lltdio - ok
19:59:11.0574 1164 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:59:11.0574 1164 lltdsvc - ok
19:59:11.0590 1164 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:59:11.0606 1164 lmhosts - ok
19:59:11.0621 1164 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:59:11.0637 1164 LSI_FC - ok
19:59:11.0652 1164 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:59:11.0668 1164 LSI_SAS - ok
19:59:11.0699 1164 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:59:11.0715 1164 LSI_SAS2 - ok
19:59:11.0730 1164 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:59:11.0746 1164 LSI_SCSI - ok
19:59:11.0762 1164 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
19:59:11.0777 1164 luafv - ok
19:59:11.0808 1164 [ b3944d06eb4b64d57bd7e5fe89415f58 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:59:11.0808 1164 LVPr2M64 - ok
19:59:11.0840 1164 [ b3944d06eb4b64d57bd7e5fe89415f58 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:59:11.0840 1164 LVPr2Mon - ok
19:59:11.0886 1164 [ ef2be2f45d4f06410a3bd2a3467325b0 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
19:59:11.0918 1164 LVRS64 - ok
19:59:12.0089 1164 [ ac22f92c6078640fe8a70d662a2f3ad5 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
19:59:12.0167 1164 LVUVC64 - ok
19:59:12.0183 1164 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:59:12.0214 1164 Mcx2Svc - ok
19:59:12.0230 1164 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:59:12.0230 1164 megasas - ok
19:59:12.0292 1164 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:59:12.0292 1164 MegaSR - ok
19:59:12.0308 1164 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
19:59:12.0323 1164 MMCSS - ok
19:59:12.0339 1164 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:59:12.0354 1164 Modem - ok
19:59:12.0417 1164 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:59:12.0432 1164 monitor - ok
19:59:12.0464 1164 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:59:12.0464 1164 mouclass - ok
19:59:12.0479 1164 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:59:12.0479 1164 mouhid - ok
19:59:12.0510 1164 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:59:12.0526 1164 mountmgr - ok
19:59:12.0620 1164 [ 15d5398eed42c2504bb3d4fc875c15d1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:59:12.0651 1164 MozillaMaintenance - ok
19:59:12.0713 1164 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:59:12.0713 1164 MpFilter - ok
19:59:12.0776 1164 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:59:12.0822 1164 mpio - ok
19:59:12.0838 1164 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:59:12.0854 1164 mpsdrv - ok
19:59:12.0900 1164 [ e47e2a49320a5560b034f6f1b6021c55 ] mrdd C:\Windows\system32\DRIVERS\mrdd.sys
19:59:12.0916 1164 mrdd - ok
19:59:12.0947 1164 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:59:12.0963 1164 MRxDAV - ok
19:59:12.0994 1164 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:59:13.0010 1164 mrxsmb - ok
19:59:13.0025 1164 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:59:13.0041 1164 mrxsmb10 - ok
19:59:13.0056 1164 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:59:13.0056 1164 mrxsmb20 - ok
19:59:13.0088 1164 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:59:13.0088 1164 msahci - ok
19:59:13.0119 1164 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:59:13.0134 1164 msdsm - ok
19:59:13.0181 1164 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
19:59:13.0197 1164 MSDTC - ok
19:59:13.0244 1164 [ 72949a24d37a20a54b3d4d3dadbb55e9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
19:59:13.0259 1164 MSDV - ok
19:59:13.0290 1164 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:59:13.0306 1164 Msfs - ok
19:59:13.0322 1164 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:59:13.0322 1164 mshidkmdf - ok
19:59:13.0353 1164 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:59:13.0353 1164 msisadrv - ok
19:59:13.0400 1164 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:59:13.0415 1164 MSiSCSI - ok
19:59:13.0415 1164 msiserver - ok
19:59:13.0446 1164 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:59:13.0446 1164 MSKSSRV - ok
19:59:13.0524 1164 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:59:13.0524 1164 MsMpSvc - ok
19:59:13.0556 1164 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:59:13.0556 1164 MSPCLOCK - ok
19:59:13.0571 1164 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:59:13.0587 1164 MSPQM - ok
19:59:13.0618 1164 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:59:13.0618 1164 MsRPC - ok
19:59:13.0649 1164 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:59:13.0649 1164 mssmbios - ok
19:59:13.0665 1164 [ 966ec55988d580b9823c453781309450 ] MSTAPE C:\Windows\system32\DRIVERS\mstape.sys
19:59:13.0665 1164 MSTAPE - ok
19:59:13.0696 1164 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:59:13.0727 1164 MSTEE - ok
19:59:13.0774 1164 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:59:13.0790 1164 MTConfig - ok
19:59:13.0805 1164 [ 19b006b181e3875fd254f7b67acf1e7c ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:59:13.0805 1164 MTsensor - ok
19:59:13.0836 1164 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:59:13.0836 1164 Mup - ok
19:59:13.0899 1164 [ 5938eff29dd00621bd9c97af4f5f3d46 ] mv61xx C:\Windows\system32\DRIVERS\mv61xx.sys
19:59:13.0899 1164 mv61xx - ok
19:59:13.0930 1164 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
19:59:13.0946 1164 napagent - ok
19:59:13.0977 1164 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:59:13.0992 1164 NativeWifiP - ok
19:59:14.0024 1164 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
19:59:14.0039 1164 NDIS - ok
19:59:14.0070 1164 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:59:14.0086 1164 NdisCap - ok
19:59:14.0102 1164 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:59:14.0133 1164 NdisTapi - ok
19:59:14.0164 1164 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:59:14.0180 1164 Ndisuio - ok
19:59:14.0226 1164 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:59:14.0242 1164 NdisWan - ok
19:59:14.0273 1164 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:59:14.0273 1164 NDProxy - ok
19:59:14.0289 1164 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:59:14.0304 1164 NetBIOS - ok
19:59:14.0351 1164 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:59:14.0351 1164 NetBT - ok
19:59:14.0367 1164 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
19:59:14.0367 1164 Netlogon - ok
19:59:14.0429 1164 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
19:59:14.0460 1164 Netman - ok
19:59:14.0492 1164 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
19:59:14.0523 1164 netprofm - ok
19:59:14.0554 1164 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:59:14.0570 1164 NetTcpPortSharing - ok
19:59:14.0632 1164 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:59:14.0648 1164 nfrd960 - ok
19:59:14.0694 1164 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:59:14.0710 1164 NisDrv - ok
19:59:14.0757 1164 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:59:14.0757 1164 NisSrv - ok
19:59:14.0788 1164 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:59:14.0804 1164 NlaSvc - ok
19:59:14.0804 1164 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:59:14.0804 1164 Npfs - ok
19:59:14.0835 1164 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:59:14.0835 1164 nsi - ok
19:59:14.0850 1164 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:59:14.0850 1164 nsiproxy - ok
19:59:14.0944 1164 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:59:14.0975 1164 Ntfs - ok
19:59:14.0975 1164 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
19:59:15.0006 1164 Null - ok
19:59:15.0350 1164 [ ac8cbe9a0663e88f6429ee5530d5e32b ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:59:15.0568 1164 nvlddmkm - ok
19:59:15.0599 1164 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:59:15.0615 1164 nvraid - ok
19:59:15.0662 1164 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:59:15.0662 1164 nvstor - ok
19:59:15.0740 1164 [ b9cf28813a6f19da9776a7e49c61cd6e ] nvsvc C:\Windows\system32\nvvsvc.exe
19:59:15.0740 1164 nvsvc - ok
19:59:15.0771 1164 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:59:15.0802 1164 nv_agp - ok
19:59:15.0911 1164 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:59:15.0911 1164 odserv - ok
19:59:15.0942 1164 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:59:15.0958 1164 ohci1394 - ok
19:59:16.0005 1164 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:59:16.0020 1164 ose - ok
19:59:16.0052 1164 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:59:16.0052 1164 p2pimsvc - ok
19:59:16.0083 1164 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:59:16.0098 1164 p2psvc - ok
19:59:16.0130 1164 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:59:16.0145 1164 Parport - ok
19:59:16.0176 1164 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:59:16.0192 1164 partmgr - ok
19:59:16.0223 1164 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:59:16.0223 1164 PcaSvc - ok
19:59:16.0254 1164 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
19:59:16.0270 1164 pci - ok
19:59:16.0301 1164 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
19:59:16.0317 1164 pciide - ok
19:59:16.0332 1164 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:59:16.0332 1164 pcmcia - ok
19:59:16.0348 1164 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:59:16.0364 1164 pcw - ok
19:59:16.0395 1164 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:59:16.0426 1164 PEAUTH - ok
19:59:16.0473 1164 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:59:16.0488 1164 PeerDistSvc - ok
19:59:16.0535 1164 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:59:16.0551 1164 PerfHost - ok
19:59:16.0598 1164 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
19:59:16.0644 1164 pla - ok
19:59:16.0691 1164 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:59:16.0707 1164 PlugPlay - ok
19:59:16.0722 1164 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:59:16.0738 1164 PNRPAutoReg - ok
19:59:16.0754 1164 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:59:16.0754 1164 PNRPsvc - ok
19:59:16.0785 1164 [ 4f0878fd62d5f7444c5f1c4c66d9d293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
19:59:16.0785 1164 Point64 - ok
19:59:16.0847 1164 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:59:16.0863 1164 PolicyAgent - ok
19:59:16.0878 1164 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
19:59:16.0878 1164 Power - ok
19:59:16.0910 1164 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:59:16.0925 1164 PptpMiniport - ok
19:59:16.0956 1164 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:59:16.0972 1164 Processor - ok
19:59:17.0034 1164 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:59:17.0034 1164 ProfSvc - ok
19:59:17.0050 1164 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:59:17.0050 1164 ProtectedStorage - ok
19:59:17.0097 1164 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:59:17.0097 1164 Psched - ok
19:59:17.0128 1164 [ ff40216a382b30cc39372b889ae1f785 ] pwdrvio C:\Windows\system32\pwdrvio.sys
19:59:17.0144 1164 pwdrvio - ok
19:59:17.0190 1164 [ bd08a9cdf23502b1c141d52d9d6a6648 ] pwdspio C:\Windows\system32\pwdspio.sys
19:59:17.0206 1164 pwdspio - ok
19:59:17.0222 1164 [ 4712cc14e720ecccc0aa16949d18aaf1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:59:17.0237 1164 PxHlpa64 - ok
19:59:17.0284 1164 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:59:17.0300 1164 ql2300 - ok
19:59:17.0315 1164 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:59:17.0331 1164 ql40xx - ok
19:59:17.0378 1164 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
19:59:17.0393 1164 QWAVE - ok
19:59:17.0393 1164 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:59:17.0409 1164 QWAVEdrv - ok
19:59:17.0440 1164 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:59:17.0471 1164 RasAcd - ok
19:59:17.0502 1164 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:59:17.0518 1164 RasAgileVpn - ok
19:59:17.0534 1164 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
19:59:17.0549 1164 RasAuto - ok
19:59:17.0580 1164 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:59:17.0612 1164 Rasl2tp - ok
19:59:17.0643 1164 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
19:59:17.0658 1164 RasMan - ok
19:59:17.0658 1164 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:59:17.0674 1164 RasPppoe - ok
19:59:17.0705 1164 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:59:17.0721 1164 RasSstp - ok
19:59:17.0752 1164 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:59:17.0752 1164 rdbss - ok
19:59:17.0768 1164 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:59:17.0783 1164 rdpbus - ok
19:59:17.0799 1164 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:59:17.0799 1164 RDPCDD - ok
19:59:17.0830 1164 [ 1b6163c503398b23ff8b939c67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:59:17.0846 1164 RDPDR - ok
19:59:17.0861 1164 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:59:17.0861 1164 RDPENCDD - ok
19:59:17.0861 1164 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:59:17.0861 1164 RDPREFMP - ok
19:59:17.0908 1164 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:59:17.0924 1164 RDPWD - ok
19:59:17.0939 1164 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:59:17.0955 1164 rdyboost - ok
19:59:17.0986 1164 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:59:18.0002 1164 RemoteAccess - ok
19:59:18.0017 1164 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:59:18.0017 1164 RemoteRegistry - ok
19:59:18.0064 1164 [ 7b04c9843921ab1f695fb395422c5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:59:18.0064 1164 RimUsb - ok
19:59:18.0080 1164 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:59:18.0111 1164 RpcEptMapper - ok
19:59:18.0126 1164 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
19:59:18.0126 1164 RpcLocator - ok
19:59:18.0173 1164 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
19:59:18.0173 1164 RpcSs - ok
19:59:18.0204 1164 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:59:18.0204 1164 rspndr - ok
19:59:18.0220 1164 [ e60c0a09f997826c7627b244195ab581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:59:18.0251 1164 s3cap - ok
19:59:18.0267 1164 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
19:59:18.0267 1164 SamSs - ok
19:59:18.0267 1164 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:59:18.0282 1164 sbp2port - ok
19:59:18.0298 1164 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:59:18.0314 1164 SCardSvr - ok
19:59:18.0329 1164 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:59:18.0345 1164 scfilter - ok
19:59:18.0454 1164 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
19:59:18.0470 1164 Schedule - ok
19:59:18.0501 1164 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
19:59:18.0501 1164 SCPolicySvc - ok
19:59:18.0516 1164 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:59:18.0516 1164 SDRSVC - ok
19:59:18.0532 1164 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:59:18.0548 1164 secdrv - ok
19:59:18.0563 1164 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
19:59:18.0563 1164 seclogon - ok
19:59:18.0579 1164 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
19:59:18.0610 1164 SENS - ok
19:59:18.0626 1164 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:59:18.0641 1164 SensrSvc - ok
19:59:18.0657 1164 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:59:18.0657 1164 Serenum - ok
19:59:18.0672 1164 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:59:18.0704 1164 Serial - ok
19:59:18.0704 1164 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:59:18.0719 1164 sermouse - ok
19:59:18.0750 1164 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:59:18.0766 1164 SessionEnv - ok
19:59:18.0828 1164 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:59:18.0844 1164 sffdisk - ok
19:59:18.0844 1164 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:59:18.0860 1164 sffp_mmc - ok
19:59:18.0860 1164 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:59:18.0875 1164 sffp_sd - ok
19:59:18.0891 1164 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:59:18.0906 1164 sfloppy - ok
19:59:18.0938 1164 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:59:18.0953 1164 ShellHWDetection - ok
19:59:18.0969 1164 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:59:18.0969 1164 SiSRaid2 - ok
19:59:18.0984 1164 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:59:19.0000 1164 SiSRaid4 - ok
19:59:19.0031 1164 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:59:19.0047 1164 Smb - ok
19:59:19.0078 1164 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:59:19.0078 1164 SNMPTRAP - ok
19:59:19.0094 1164 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:59:19.0094 1164 spldr - ok
19:59:19.0156 1164 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
19:59:19.0203 1164 Spooler - ok
19:59:19.0437 1164 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
19:59:19.0468 1164 sppsvc - ok
19:59:19.0515 1164 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:59:19.0515 1164 sppuinotify - ok
19:59:19.0562 1164 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
19:59:19.0577 1164 srv - ok
19:59:19.0608 1164 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:59:19.0624 1164 srv2 - ok
19:59:19.0640 1164 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:59:19.0655 1164 srvnet - ok
19:59:19.0702 1164 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:59:19.0702 1164 SSDPSRV - ok
19:59:19.0718 1164 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:59:19.0733 1164 SstpSvc - ok
19:59:19.0764 1164 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:59:19.0780 1164 stexstor - ok
19:59:19.0827 1164 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
19:59:19.0827 1164 stisvc - ok
19:59:19.0858 1164 [ 7785dc213270d2fc066538daf94087e7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:59:19.0858 1164 storflt - ok
19:59:19.0874 1164 [ c40841817ef57d491f22eb103da587cc ] StorSvc C:\Windows\system32\storsvc.dll
19:59:19.0889 1164 StorSvc - ok
19:59:19.0905 1164 [ d34e4943d5ac096c8edeebfd80d76e23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:59:19.0920 1164 storvsc - ok
19:59:20.0014 1164 [ 2e5586392cdfbd1d73badb20e9ed6386 ] SupportSoft RemoteAssist C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
19:59:20.0061 1164 SupportSoft RemoteAssist - ok
19:59:20.0076 1164 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:59:20.0076 1164 swenum - ok
19:59:20.0154 1164 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:59:20.0170 1164 SwitchBoard - ok
19:59:20.0201 1164 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
19:59:20.0217 1164 swprv - ok
19:59:20.0295 1164 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
19:59:20.0295 1164 SysMain - ok
19:59:20.0326 1164 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:59:20.0326 1164 TabletInputService - ok
19:59:20.0373 1164 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:59:20.0388 1164 TapiSrv - ok
19:59:20.0404 1164 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
19:59:20.0420 1164 TBS - ok
19:59:20.0654 1164 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:59:20.0669 1164 Tcpip - ok
19:59:20.0700 1164 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:59:20.0700 1164 TCPIP6 - ok
19:59:20.0732 1164 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:59:20.0747 1164 tcpipreg - ok
19:59:20.0763 1164 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:59:20.0794 1164 TDPIPE - ok
19:59:20.0825 1164 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:59:20.0856 1164 TDTCP - ok
19:59:20.0872 1164 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:59:20.0888 1164 tdx - ok
19:59:20.0919 1164 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:59:20.0919 1164 TermDD - ok
19:59:20.0950 1164 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
19:59:20.0981 1164 TermService - ok
19:59:20.0997 1164 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
19:59:20.0997 1164 Themes - ok
19:59:21.0012 1164 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
19:59:21.0012 1164 THREADORDER - ok
19:59:21.0028 1164 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
19:59:21.0044 1164 TrkWks - ok
19:59:21.0106 1164 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:59:21.0106 1164 TrustedInstaller - ok
19:59:21.0122 1164 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:59:21.0137 1164 tssecsrv - ok
19:59:21.0153 1164 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:59:21.0184 1164 TsUsbFlt - ok
19:59:21.0231 1164 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:59:21.0246 1164 tunnel - ok
19:59:21.0262 1164 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:59:21.0278 1164 uagp35 - ok
19:59:21.0324 1164 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:59:21.0324 1164 udfs - ok
19:59:21.0356 1164 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:59:21.0356 1164 UI0Detect - ok
19:59:21.0387 1164 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:59:21.0418 1164 uliagpkx - ok
19:59:21.0449 1164 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:59:21.0465 1164 umbus - ok
19:59:21.0496 1164 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:59:21.0496 1164 UmPass - ok
19:59:21.0527 1164 [ a293dcd756d04d8492a750d03b9a297c ] UmRdpService C:\Windows\System32\umrdp.dll
19:59:21.0527 1164 UmRdpService - ok
19:59:21.0621 1164 [ 927754abf077aeb5504be4e0f2c60c1b ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
19:59:21.0652 1164 UMVPFSrv - ok
19:59:21.0683 1164 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
19:59:21.0699 1164 upnphost - ok
19:59:21.0714 1164 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:59:21.0730 1164 USBAAPL64 - ok
19:59:21.0761 1164 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:59:21.0761 1164 usbaudio - ok
19:59:21.0792 1164 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:59:21.0792 1164 usbccgp - ok
19:59:21.0824 1164 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:59:21.0870 1164 usbcir - ok
19:59:21.0886 1164 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:59:21.0902 1164 usbehci - ok
19:59:21.0933 1164 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:59:21.0948 1164 usbhub - ok
19:59:21.0964 1164 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:59:21.0980 1164 usbohci - ok
19:59:21.0995 1164 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:59:22.0011 1164 usbprint - ok
19:59:22.0058 1164 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:59:22.0089 1164 usbscan - ok
19:59:22.0104 1164 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:59:22.0104 1164 USBSTOR - ok
19:59:22.0104 1164 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:59:22.0120 1164 usbuhci - ok
19:59:22.0151 1164 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
19:59:22.0151 1164 UxSms - ok
19:59:22.0167 1164 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
19:59:22.0167 1164 VaultSvc - ok
19:59:22.0182 1164 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:59:22.0182 1164 vdrvroot - ok
19:59:22.0229 1164 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
19:59:22.0229 1164 vds - ok
19:59:22.0260 1164 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:59:22.0276 1164 vga - ok
19:59:22.0292 1164 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
19:59:22.0292 1164 VgaSave - ok
19:59:22.0323 1164 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:59:22.0354 1164 vhdmp - ok
19:59:22.0385 1164 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:59:22.0385 1164 viaide - ok
19:59:22.0510 1164 [ 86ea3e79ae350fea5331a1303054005f ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:59:22.0526 1164 vmbus - ok
19:59:22.0541 1164 [ 7de90b48f210d29649380545db45a187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:59:22.0557 1164 VMBusHID - ok
19:59:22.0572 1164 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:59:22.0588 1164 volmgr - ok
19:59:22.0619 1164 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:59:22.0635 1164 volmgrx - ok
19:59:22.0650 1164 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:59:22.0650 1164 volsnap - ok
19:59:22.0744 1164 [ e4d2305ebb9de0871a1e13294d0f349b ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
19:59:22.0760 1164 vpnagent - ok
19:59:22.0775 1164 [ 0e4df91e83da5739ffb18535d4db10aa ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
19:59:22.0791 1164 vpnva - ok
19:59:22.0822 1164 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:59:22.0822 1164 vsmraid - ok
19:59:22.0884 1164 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
19:59:22.0916 1164 VSS - ok
19:59:22.0916 1164 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:59:22.0916 1164 vwifibus - ok
19:59:22.0947 1164 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
19:59:22.0978 1164 W32Time - ok
19:59:23.0118 1164 w4shwdrv - ok
19:59:23.0243 1164 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:59:23.0259 1164 WacomPen - ok
19:59:23.0306 1164 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:59:23.0321 1164 WANARP - ok
19:59:23.0321 1164 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:59:23.0321 1164 Wanarpv6 - ok
19:59:23.0399 1164 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:59:23.0415 1164 WatAdminSvc - ok
19:59:23.0462 1164 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
19:59:23.0493 1164 wbengine - ok
19:59:23.0524 1164 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:59:23.0540 1164 WbioSrvc - ok
19:59:23.0571 1164 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:59:23.0586 1164 wcncsvc - ok
19:59:23.0602 1164 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:59:23.0618 1164 WcsPlugInService - ok
19:59:23.0618 1164 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:59:23.0633 1164 Wd - ok
19:59:23.0664 1164 [ a3d04ebf5227886029b4532f20d026f7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
19:59:23.0680 1164 WDC_SAM - ok
19:59:23.0774 1164 [ 2ed495fb03c177a7f51416c2be253363 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
19:59:23.0820 1164 WDDMService - ok
19:59:23.0852 1164 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:59:23.0867 1164 Wdf01000 - ok
19:59:23.0867 1164 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:59:23.0883 1164 WdiServiceHost - ok
19:59:23.0883 1164 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:59:23.0883 1164 WdiSystemHost - ok
19:59:23.0961 1164 [ 138ab06adbbf300aa804d7974a5aec82 ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
19:59:23.0961 1164 WDSmartWareBackgroundService - ok
19:59:23.0992 1164 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:59:24.0008 1164 WebClient - ok
19:59:24.0039 1164 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:59:24.0039 1164 Wecsvc - ok
19:59:24.0070 1164 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:59:24.0070 1164 wercplsupport - ok
19:59:24.0101 1164 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:59:24.0117 1164 WerSvc - ok
19:59:24.0132 1164 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:59:24.0148 1164 WfpLwf - ok
19:59:24.0164 1164 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:59:24.0179 1164 WIMMount - ok
19:59:24.0179 1164 WinHttpAutoProxySvc - ok
19:59:24.0242 1164 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:59:24.0242 1164 Winmgmt - ok
19:59:24.0320 1164 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
19:59:24.0351 1164 WinRM - ok
19:59:24.0382 1164 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:59:24.0398 1164 WinUsb - ok
19:59:24.0444 1164 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
19:59:24.0460 1164 Wlansvc - ok
19:59:24.0710 1164 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:59:24.0741 1164 wlidsvc - ok
19:59:24.0788 1164 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:59:24.0819 1164 WmiAcpi - ok
19:59:24.0881 1164 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:59:24.0897 1164 wmiApSrv - ok
19:59:24.0912 1164 WMPNetworkSvc - ok
19:59:24.0944 1164 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:59:24.0959 1164 WPCSvc - ok
19:59:24.0975 1164 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:59:24.0990 1164 WPDBusEnum - ok
19:59:25.0006 1164 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:59:25.0022 1164 ws2ifsl - ok
19:59:25.0022 1164 WSearch - ok
19:59:25.0209 1164 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:59:25.0240 1164 wuauserv - ok
19:59:25.0256 1164 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:59:25.0271 1164 WudfPf - ok
19:59:25.0302 1164 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:59:25.0318 1164 WUDFRd - ok
19:59:25.0334 1164 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:59:25.0349 1164 wudfsvc - ok
19:59:25.0380 1164 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
19:59:25.0380 1164 WwanSvc - ok
19:59:25.0427 1164 [ 64f88af327aa74e03658ae32b48ccb8b ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:59:25.0427 1164 yukonw7 - ok
19:59:25.0474 1164 ================ Scan global ===============================
19:59:25.0505 1164 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
19:59:25.0536 1164 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
19:59:25.0552 1164 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
19:59:25.0583 1164 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
19:59:25.0614 1164 (014a9cb92514e27c0107614df764bc06) C:\Windows\system32\services.exe
19:59:25.0630 1164 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
19:59:25.0630 1164 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
19:59:25.0630 1164 ================ Scan MBR ==================================
19:59:25.0646 1164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
19:59:27.0596 1164 \Device\Harddisk2\DR2 - ok
19:59:27.0596 1164 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:59:27.0705 1164 \Device\Harddisk0\DR0 - ok
19:59:27.0720 1164 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
19:59:27.0720 1164 \Device\Harddisk1\DR1 - ok
19:59:27.0720 1164 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk3\DR3
19:59:36.0519 1164 \Device\Harddisk3\DR3 - ok
19:59:36.0519 1164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
19:59:36.0535 1164 \Device\Harddisk4\DR4 - ok
19:59:36.0535 1164 ================ Scan VBR ==================================
19:59:36.0535 1164 Boot (0x1200) (acfb69701854b821be28676381511de8) \Device\Harddisk2\DR2\Partition1
19:59:36.0535 1164 \Device\Harddisk2\DR2\Partition1 - ok
19:59:36.0535 1164 Boot (0x1200) (c1085973bee54b5537becc5e97806ed4) \Device\Harddisk0\DR0\Partition1
19:59:36.0535 1164 \Device\Harddisk0\DR0\Partition1 - ok
19:59:36.0566 1164 Boot (0x1200) (354959dd47a3d526e251fe3957aa88ca) \Device\Harddisk0\DR0\Partition2
19:59:36.0581 1164 \Device\Harddisk0\DR0\Partition2 - ok
19:59:36.0581 1164 Boot (0x1200) (2d4547f3a1d4b0dc85f4718214b76b54) \Device\Harddisk1\DR1\Partition1
19:59:36.0597 1164 \Device\Harddisk1\DR1\Partition1 - ok
19:59:36.0597 1164 Boot (0x1200) (81e3508786d43d65fb7a103f5038ed24) \Device\Harddisk3\DR3\Partition1
19:59:36.0613 1164 \Device\Harddisk3\DR3\Partition1 - ok
19:59:36.0613 1164 Boot (0x1200) (1360ccc9743b49263b1d6ea27ab995a7) \Device\Harddisk4\DR4\Partition1
19:59:36.0613 1164 \Device\Harddisk4\DR4\Partition1 - ok
19:59:36.0613 1164 ============================================================
19:59:36.0613 1164 Scan finished
19:59:36.0613 1164 ============================================================
19:59:36.0613 1128 Detected object count: 1
19:59:36.0613 1128 Actual detected object count: 1
20:00:28.0093 1128 C:\Windows\system32\services.exe - copied to quarantine
20:00:29.0512 1128 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
20:00:29.0528 1128 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
20:00:29.0933 1128 C:\Windows\installer\{a7b0c155-693f-c0f8-e14a-0528d454e239}\@ - copied to quarantine
20:00:29.0949 1128 C:\Windows\installer\{a7b0c155-693f-c0f8-e14a-0528d454e239}\L\00000004.@ - copied to quarantine
20:00:29.0965 1128 C:\Windows\installer\{a7b0c155-693f-c0f8-e14a-0528d454e239}\L\201d3dde - copied to quarantine
20:00:29.0980 1128 C:\Windows\installer\{a7b0c155-693f-c0f8-e14a-0528d454e239}\n - copied to quarantine
20:00:29.0980 1128 C:\Windows\installer\{a7b0c155-693f-c0f8-e14a-0528d454e239}\U\00000008.@ - copied to quarantine
20:00:30.0167 1128 C:\Users\Glen\AppData\Local\{a7b0c155-693f-c0f8-e14a-0528d454e239}\@ - copied to quarantine
20:00:56.0469 1128 Backup copy found, using it..
20:00:56.0500 1128 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
20:00:56.0500 1128 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
20:00:56.0500 1128 C:\Windows\installer\{a7b0c155-693f-c0f8-e14a-0528d454e239}\@ - will be deleted on reboot
20:00:56.0531 1128 C:\Windows\installer\{a7b0c155-693f-c0f8-e14a-0528d454e239}\n - will be deleted on reboot
20:00:56.0531 1128 C:\Windows\installer\{a7b0c155-693f-c0f8-e14a-0528d454e239}\U\00000008.@ - will be deleted on reboot
20:00:56.0531 1128 C:\Users\Glen\AppData\Local\{a7b0c155-693f-c0f8-e14a-0528d454e239}\@ - will be deleted on reboot
20:00:56.0531 1128 C:\Windows\system32\services.exe - will be cured on reboot
20:00:56.0531 1128 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure
20:01:00.0759 0468 Deinitialize success



20:20:50.0430 2944 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
20:20:51.0132 2944 ============================================================
20:20:51.0132 2944 Current date / time: 2012/08/18 20:20:51.0132
20:20:51.0132 2944 SystemInfo:
20:20:51.0132 2944
20:20:51.0132 2944 OS Version: 6.1.7601 ServicePack: 1.0
20:20:51.0132 2944 Product type: Workstation
20:20:51.0132 2944 ComputerName: GLEN-PC
20:20:51.0132 2944 UserName: Glen
20:20:51.0132 2944 Windows directory: C:\Windows
20:20:51.0132 2944 System windows directory: C:\Windows
20:20:51.0132 2944 Running under WOW64
20:20:51.0132 2944 Processor architecture: Intel x64
20:20:51.0132 2944 Number of processors: 2
20:20:51.0132 2944 Page size: 0x1000
20:20:51.0132 2944 Boot type: Normal boot
20:20:51.0132 2944 ============================================================
20:20:53.0223 2944 Drive \Device\Harddisk2\DR2 - Size: 0x3A70C70000 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
20:20:53.0255 2944 Drive \Device\Harddisk0\DR0 - Size: 0x5D26E00000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:20:53.0270 2944 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0000000 (931.50 Gb), SectorSize: 0x200, Cylinders: 0x1DAFF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:20:53.0379 2944 Drive \Device\Harddisk3\DR3 - Size: 0x7A7D1C00 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:20:53.0379 2944 ============================================================
20:20:53.0379 2944 \Device\Harddisk2\DR2:
20:20:53.0379 2944 MBR partitions:
20:20:53.0379 2944 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1AC75000
20:20:53.0379 2944 \Device\Harddisk0\DR0:
20:20:53.0379 2944 MBR partitions:
20:20:53.0379 2944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
20:20:53.0379 2944 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFFFB000, BlocksNum 0x1E93B000
20:20:53.0379 2944 \Device\Harddisk1\DR1:
20:20:53.0379 2944 MBR partitions:
20:20:53.0379 2944 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746FF000
20:20:53.0379 2944 \Device\Harddisk3\DR3:
20:20:53.0379 2944 MBR partitions:
20:20:53.0379 2944 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3D3E4F
20:20:53.0379 2944 ============================================================
20:20:53.0426 2944 C: <-> \Device\Harddisk0\DR0\Partition1
20:20:53.0567 2944 E: <-> \Device\Harddisk0\DR0\Partition2
20:20:53.0598 2944 F: <-> \Device\Harddisk2\DR2\Partition1
20:20:53.0629 2944 D: <-> \Device\Harddisk1\DR1\Partition1
20:20:53.0629 2944 ============================================================
20:20:53.0629 2944 Initialize success
20:20:53.0629 2944 ============================================================
20:21:11.0415 2892 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:45 PM

Posted 23 August 2012 - 11:52 PM

Greetings

how are things running at this time?

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 captainmoonlite

captainmoonlite
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 24 August 2012 - 12:05 AM

Just to be clear, you want me to skip running aswMBR and go ahead with running the CFScript process?

Thanks

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:45 PM

Posted 24 August 2012 - 12:18 AM

sorry I missed that go ahead and let me have that report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 captainmoonlite

captainmoonlite
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 24 August 2012 - 01:04 PM

OK. thanks. here's the log from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-24 11:13:52
-----------------------------
11:13:52.487 OS Version: Windows x64 6.1.7601 Service Pack 1
11:13:52.487 Number of processors: 2 586 0x1706
11:13:52.487 ComputerName: GLEN-PC UserName: Glen
11:13:53.142 Initialize success
11:16:53.345 AVAST engine defs: 12082401
11:17:23.923 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:17:23.923 Disk 0 Vendor: Intel___ 1.0. Size: 381550MB BusType: 8
11:17:23.923 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
11:17:23.923 Disk 1 Vendor: Intel___ 1.0. Size: 953856MB BusType: 8
11:17:23.938 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\mv61xx1Port1Path0Target1Lun0
11:17:23.938 Disk 2 Vendor: Maxtor_6 Size: 239372MB BusType: 8
11:17:23.938 Disk 0 MBR read successfully
11:17:23.938 Disk 0 MBR scan
11:17:23.954 Disk 0 Windows 7 default MBR code
11:17:23.954 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
11:17:24.001 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 250486 MB offset 268414976
11:17:24.079 Disk 0 scanning C:\Windows\system32\drivers
11:17:40.508 Service scanning
11:18:08.242 Modules scanning
11:18:08.242 Disk 0 trace - called modules:
11:18:08.257 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
11:18:08.257 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005588120]
11:18:08.257 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80044d9050]
11:18:09.396 AVAST engine scan C:\Windows
11:18:13.515 AVAST engine scan C:\Windows\system32
11:22:54.051 AVAST engine scan C:\Windows\system32\drivers
11:23:13.889 AVAST engine scan C:\Users\Glen
11:54:07.063 AVAST engine scan C:\ProgramData
12:00:17.818 Scan finished successfully
13:01:29.000 Disk 0 MBR has been saved successfully to "C:\Users\Glen\Desktop\MBR.dat"
13:01:29.062 The log file has been saved successfully to "C:\Users\Glen\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:45 PM

Posted 24 August 2012 - 04:16 PM

That looks good so there is nothing i want you to change go ahead and do post 8 as is


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 captainmoonlite

captainmoonlite
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 24 August 2012 - 06:06 PM

Ok. that was interesting. Did Post 8

Worrisome behavior: I note that after running post 8 I'm still being redirected in Google Chrome. For instance I searched for "Microsoft" and clicked on an ad that said windows.microsoft.com. If I use the back arrow and click on the same url it will go to windows.microsoft.com

I've copied that section of history for you to view:


Compare Windows 7 editions
windows.microsoft.com

6:02 PM
http://eastsideblog.net/index.php?search=microsoft
eastsideblog.net

6:02 PM
http://eastsideblog.net/?id=8XF73l11RLy2ISnkHMIGZyd0JiKJAsWv4GrJY_YFPKJZdgDBTCIUI92wkoQrhDvYOElXM71xc5JKCSh9ecP1Oo1QJFs%2C
eastsideblog.net

5:55 PM
http://currencysearching.com/index.php?search=microsoft
currencysearching.com

5:55 PM
http://currencysearching.com/?id=8hJjVCbitxCDhHNmiDELtQ83DuPxmiCRyhw-hvzd-TZ8VLwBUpN3kuXGZ_pFx-IB3NOmDrVxntQRzCtmdSVHbJEosYU%2C
currencysearching.com

5:52 PM
http://search-blog.in/index.php?search=microsoft
search-blog.in

5:52 PM
http://search-blog.in/?id=9bAQVprJ3NF2Yk64fgUUiwLYk3uqa8hE5fHO_Dg59GWiQyW_6b0M2yJO2qi7jZPoxzvLbOdJZ2DYVWMMGrMf_lR0JYU%2C
search-blog.in

5:52 PM
Compare Windows 7 editions
windows.microsoft.com

5:51 PM
http://currencysearching.com/?id=pEKD8z0eNfg7bW0taDAyxUxMLz02gLT1eQ8vJ8mFruOgQ1hFXkOlQehEe8mNjajPzeXonjL3OaUXRhxKa7_FFxXueWQ%2C
currencysearching.com

5:51 PM
Microsoft Fix it Solution Center: troubleshooting software issues
www.google.com

5:51 PM
Microsoft Fix it Solution Center: troubleshooting software issues
support.microsoft.com

5:51 PM
PC Utility Kit
fix-kit.com

5:51 PM
http://search-blog.in/index.php?search=microsoft%20fix
search-blog.in

5:51 PM
http://search-blog.in/?id=8kdOKTnXjS3JdWs0DEWndo6oBT3k0BUl_S9ZW3_JJualDcPDHopFg_BkcevdIC6FA7dnacWgqRYwq1GuZbC1StwoUYWCVbjn
search-blog.in

5:51 PM
500 Internal Server Error
205.252.166.30

-----------------------------------------

Now back to post 8:

I created and dropped the cfscript.txt onto combofix.

Combofix said there was an updated version did I want it? I said yes. It downloaded and started to run and told me to turn of MS Security Essentials. So i unplugged my network cable and turned off MS Security Essentials.

Combofix ran and rebooted and created the log. I tried to turn on security esssentials and got the error you mentioned "Illegal operation attempted on a registery key that has been marked for deletion." regarding msseces.

So I rebooted and was able to restart security essentials and plugged my network cable back in.

Here's the log it created:

ComboFix 12-08-24.02 - Glen 08/24/2012 17:15:58.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2219 [GMT -5:00]
Running from: c:\users\Glen\Desktop\ComboFix.exe
Command switches used :: c:\users\Glen\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Glen\AppData\Local\Temp\{AC4550E8-F0FE-46D4-9848-91C709D9B266}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-24 to 2012-08-24 )))))))))))))))))))))))))))))))
.
.
2012-08-24 22:23 . 2012-08-24 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-24 21:58 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E471908-5EF5-42B5-9E15-A342CC242CD5}\mpengine.dll
2012-08-24 02:27 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-22 01:26 . 2012-08-22 01:26 126 ----a-w- C:\user.js
2012-08-21 23:51 . 2012-08-21 23:51 -------- d-----w- C:\RegBackup
2012-08-21 23:50 . 2012-08-21 23:53 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-08-21 23:48 . 2012-08-21 23:48 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-08-21 03:26 . 2010-10-11 06:11 1924096 ----a-w- c:\windows\system32\drivers\athurx.sys
2012-08-21 03:26 . 2007-01-19 23:24 25312 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2012-08-21 03:26 . 2012-08-21 03:26 -------- d-----w- c:\program files (x86)\NETGEAR
2012-08-20 23:46 . 2012-08-20 23:46 -------- d-----w- c:\program files (x86)\Runtime Software
2012-08-19 19:30 . 2012-08-22 01:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-19 19:30 . 2012-08-22 01:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-19 03:42 . 2012-08-19 03:42 -------- d-----w- c:\users\Glen\AppData\Roaming\CheckPoint
2012-08-19 03:19 . 2012-08-19 03:19 -------- d-----w- c:\programdata\CheckPoint
2012-08-19 02:35 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-19 02:35 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-19 02:35 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-19 02:35 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-19 02:35 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-19 02:35 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-19 02:35 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-19 02:35 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-19 02:35 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-19 02:35 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-19 02:35 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-19 02:35 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-19 02:20 . 2012-08-22 00:22 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-08-19 02:19 . 2012-08-19 02:13 381816 ----a-w- c:\windows\system32\PsExec.exe
2012-08-19 02:10 . 2012-08-20 01:53 -------- d-----w- c:\windows\system32\catroot2
2012-08-19 02:05 . 2012-08-19 02:10 -------- d-----w- c:\windows\SysWow64\catroot2.bak
2012-08-19 01:34 . 2012-08-19 01:34 -------- d-----w- c:\program files\Enigma Software Group
2012-08-19 01:33 . 2012-08-19 20:00 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-19 01:33 . 2012-08-19 01:33 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-19 01:31 . 2012-08-19 01:31 -------- d-----w- c:\users\Glen\AppData\Roaming\SpeedyPC Software
2012-08-19 01:31 . 2012-08-19 01:31 -------- d-----w- c:\users\Glen\AppData\Roaming\DriverCure
2012-08-19 01:30 . 2012-08-19 17:33 -------- d-----w- c:\programdata\SpeedyPC Software
2012-08-19 01:00 . 2012-08-19 01:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-18 22:54 . 2012-08-18 22:54 328704 ----a-w- c:\windows\system32\services.exe.0FB1739F04D53C32
2012-08-18 22:50 . 2012-08-18 22:50 328704 ----a-w- c:\windows\system32\services.exe.B8B1489A8B595A8C
2012-08-18 22:42 . 2012-08-18 22:42 328704 ----a-w- c:\windows\system32\services.exe.7AA7A229EB0E44A0
2012-08-18 22:34 . 2012-08-18 22:34 328704 ----a-w- c:\windows\system32\services.exe.C65B9C6D3214B256
2012-08-18 22:26 . 2012-08-18 22:26 328704 ----a-w- c:\windows\system32\services.exe.CB7498A74347BB5D
2012-08-18 22:21 . 2012-02-09 19:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02E6068C-B374-4EB1-A10F-AE1489D6D0B7}\gapaengine.dll
2012-08-18 22:18 . 2012-08-18 22:18 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-18 22:18 . 2012-08-18 22:18 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-12 21:32 . 2012-08-12 21:32 -------- d-----w- c:\users\Glen\AppData\Local\{BEEF80BE-E43D-11E1-8270-B8AC6F996F26}
2012-08-12 05:28 . 2012-08-12 05:28 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-12 05:23 . 2012-08-12 05:23 -------- d-----w- c:\users\Glen\AppData\Local\{BEEF4E7D-E43D-11E1-8270-B8AC6F996F26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-19 02:35 . 2010-04-10 02:29 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-18 00:10 . 2012-04-11 03:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-18 00:10 . 2011-05-13 22:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-13 03:08 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-13 03:08 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-13 03:08 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-13 03:06 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-13 03:08 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-13 03:08 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-13 03:06 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-19 00:51 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 00:51 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 00:51 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 00:51 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 00:51 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 00:51 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 00:51 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 00:50 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-19 00:50 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-13 03:08 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-13 03:08 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-13 03:08 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-13 03:08 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-13 03:08 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-13 03:08 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-13 03:08 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-13 03:08 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-13 03:08 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-22_02.04.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-10 02:37 . 2012-08-24 21:54 87622 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-24 21:54 51564 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-10 02:27 . 2012-08-24 21:54 20136 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-559719344-1154641583-2535817487-1001_UserData.bin
- 2010-04-10 03:38 . 2012-08-19 02:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-10 03:38 . 2012-08-22 02:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-10 03:38 . 2012-08-19 02:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-10 03:38 . 2012-08-22 02:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-19 02:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-22 02:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-22 02:03 . 2012-08-22 02:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-24 22:25 . 2012-08-24 22:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-24 22:25 . 2012-08-24 22:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-22 02:03 . 2012-08-22 02:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-08-24 22:01 629194 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-22 01:12 629194 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-24 22:01 108410 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-22 01:12 108410 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-08-23 01:40 110600 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-08-22 02:01 976614 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-24 22:23 976614 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-03 02:24 . 2012-08-24 22:23 1740460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-559719344-1154641583-2535817487-1001-8192.dat
+ 2011-06-16 13:54 . 2012-08-24 22:23 6031362 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-559719344-1154641583-2535817487-1001-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Glen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Glen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Glen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"Glary Memory Optimizer"="c:\program files (x86)\Glary Utilities\memdefrag.exe" [2011-07-01 108344]
"Akamai NetSession Interface"="c:\users\Glen\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-08-21 1427968]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-08-19 603136]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-08-21 887936]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2012-8-20 4545024]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 250056]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-10-11 1924096]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-05-04 35840]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 136176]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-23 960992]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-19 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 13280]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 w4shwdrv;w4shwdrv;c:\users\Glen\AppData\Local\Temp\w4sE9EF.tmp [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S0 mrdd;Marvell Removable Disk Control Driver;c:\windows\system32\DRIVERS\mrdd.sys [2009-01-21 22568]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-02-09 176680]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]
S3 ALSysIO;ALSysIO;c:\users\Glen\AppData\Local\Temp\ALSysIO64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 00:10]
.
2012-08-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-08-05 13:26]
.
2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 21:39]
.
2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 21:39]
.
2012-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559719344-1154641583-2535817487-1001Core.job
- c:\users\Glen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-11 02:12]
.
2012-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559719344-1154641583-2535817487-1001UA.job
- c:\users\Glen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-11 02:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Glen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Glen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Glen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Glen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.rr.com/division/247
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: northtexas.org\mail
Trusted Zone: rr.com\mail.tx
TCP: DhcpNameServer = 192.168.0.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\xpg19jbf.default\
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN114380463853508-1002&toolbarId=base&affiliateId=1002&Lan={dfltLng}&utid=80d578070000000000000026f2478bff&q=
FF - user.js: extensions.zonealarm.id - 80d578070000000000000026f2478bff
FF - user.js: extensions.zonealarm.instlDay - 15574
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.420:26
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1002
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN114380463853508-1002
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w4shwdrv]
"ImagePath"="\??\c:\users\Glen\AppData\Local\Temp\w4sE9EF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:91,d8,a9,d7,a7,3a,d3,47,85,7f,46,aa,e6,77,6a,21,64,1c,f9,b7,e4,
48,56,fb,50,f6,31,64,bd,f4,70,de,07,95,49,67,6b,1d,1c,7c,72,06,50,96,e0,92,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:20,55,ea,90,bc,f0,15,e9,fa,1d,3b,6e,38,75,0a,d3,15,03,c9,da,8c,
6b,03,e5,de,1f,e1,82,a0,e3,2b,ff,30,ee,12,80,2f,54,df,86,3b,eb,53,ab,85,c6,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:91,d8,a9,d7,a7,3a,d3,47,85,7f,46,aa,e6,77,6a,21,64,1c,f9,b7,e4,
48,56,fb,50,f6,31,64,bd,f4,70,de,07,95,49,67,6b,1d,1c,7c,72,06,50,96,e0,92,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:20,55,ea,90,bc,f0,15,e9,fa,1d,3b,6e,38,75,0a,d3,15,03,c9,da,8c,
6b,03,e5,de,1f,e1,82,a0,e3,2b,ff,30,ee,12,80,2f,54,df,86,3b,eb,53,ab,85,c6,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-24 17:31:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-24 22:31
ComboFix2.txt 2012-08-22 02:11
.
Pre-Run: 58,929,668,096 bytes free
Post-Run: 58,996,244,480 bytes free
.
- - End Of File - - EC95B1FBC71A8EB04681473E94AEE775

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:45 PM

Posted 24 August 2012 - 06:28 PM

Greetings


If this only happens in chrome IO want you to uninstall chrome and if asked about user data or settings then remove that also

Restart the computer and reinstall chrome and check it out



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 captainmoonlite

captainmoonlite
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 24 August 2012 - 07:11 PM

Its also happening in firefox, but doesn't seem to in explorer.

Should I uninstall both chrome and firefox and reinstall?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users