Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.R, Sirefef.AH, computer shuts down after 1 minute


  • This topic is locked This topic is locked
23 replies to this topic

#1 ballen622

ballen622

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 06 September 2012 - 10:17 AM

Problem started as Live Platinum fake anti-virus. I thought I successfully removed this with MBAM, etc. But shortly thereafter MSE alerted that it detected Sirefef.R & Sirefef.AH. Now everytime I reboot I get a message the Windows has encountered a critical problem and the computer shuts down after 1 minute. I followed the steps on the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help, but I am not able to run DDS or GMER scans because the system reboots before they finish. I am stuck!
OS is Windows 7, 32-bit.
Thanks in advance.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 06 September 2012 - 01:02 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ballen622

ballen622
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 06 September 2012 - 01:24 PM

Thanks for the prompt reply. Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 05-09-2012
Ran by SYSTEM at 06-09-2012 14:15:56
Running from E:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install [1657376 2009-07-08] ()
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1778064 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1797488 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1 [954368 2007-04-25] ()
HKLM\...\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [241789 2009-04-09] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-03-26] (Adobe Systems Inc.)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe [167584 2012-02-10] (Bluebeam Software, Inc.)
HKLM\...\Run: [BbInstallUser] C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe [48216 2012-03-23] (Bluebeam Software, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Brian\...\Run: [WLSync] "C:\Program Files\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation)
HKU\Brian\...\Run: [AdobeBridge] [x]
HKU\Brian\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4777856 2012-07-09] (SUPERAntiSpyware.com)
HKU\Brian\...\Run: [sapisn] "C:\Windows\System32\rundll32.exe" "C:\Users\Brian\AppData\Roaming\sapisn.dll",Int_FromLong [460800 2012-08-23] (Aladdin Systems, Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: acaptuser32.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

==================== Services ================================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com)
2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 DeviceMonitorService; "C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe" [87368 2011-06-16] (Nero AG)
2 FileOpenManagerSvc; C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe [212352 2011-03-09] (FileOpen Systems Inc.)
2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
2 NVIDIA Performance Driver Service; "C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe" [4440064 2009-05-14] ()
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

==================== Drivers =================================

1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-17] (Elaborate Bytes AG)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
1 MpKsl17d22c39; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B1A77A6-59C1-4FE2-8476-7E2335262A51}\MpKsl17d22c39.sys [29904 2012-09-06] (Microsoft Corporation)
1 MpKsl47ce3be0; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B1A77A6-59C1-4FE2-8476-7E2335262A51}\MpKsl47ce3be0.sys [29904 2012-08-27] ()
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21520 2010-07-21] (Microsoft Corporation)
3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-10] (OLYMPUS IMAGING CORP.)
3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [15488 2010-09-22] (Microsoft Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [14592 2010-01-06] (Silicon Laboratories)

==================== NetSvcs (Whitelisted) =================


============ One Month Created Files and Folders ==============

2012-09-06 14:15 - 2012-09-06 14:15 - 00000000 ____D C:\FRST
2012-09-06 07:14 - 2012-09-06 07:14 - 00000000 ____D C:\Users\Brian\AppData\Local\{7884DA00-7B10-48D6-91B8-DAC0E4F72021}
2012-09-06 07:02 - 2012-09-06 07:02 - 00000000 ____D C:\Users\Brian\Desktop\gmer
2012-09-06 07:00 - 2012-09-06 06:57 - 00294216 ____A C:\Users\Brian\Desktop\gmer.zip
2012-09-06 06:56 - 2012-09-06 06:56 - 00000472 ____A C:\Users\Brian\Desktop\defogger_disable.log
2012-09-06 06:56 - 2012-09-06 06:56 - 00000000 ____A C:\Users\Brian\defogger_reenable
2012-09-06 06:53 - 2012-09-06 06:53 - 00607260 ____R (Swearware) C:\Users\Brian\Desktop\dds.com
2012-09-06 06:52 - 2012-09-06 06:48 - 00050477 ____A C:\Users\Brian\Desktop\Defogger.exe
2012-08-30 07:29 - 2012-08-30 07:29 - 00000000 ____D C:\Users\Brian\AppData\Local\{0EC11363-7A93-4727-AA22-41A2E16B3A4F}
2012-08-30 07:26 - 2012-09-06 07:15 - 00006404 ____A C:\Users\Brian\Desktop\Rkill.txt
2012-08-30 07:26 - 2012-08-30 07:18 - 01614752 ____A (Bleeping Computer, LLC) C:\Users\Brian\Desktop\iExplore.exe
2012-08-30 07:26 - 2012-08-30 07:17 - 01614752 ____A (Bleeping Computer, LLC) C:\Users\Brian\Desktop\rkill.exe
2012-08-27 04:14 - 2012-08-27 04:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-27 04:09 - 2012-08-27 04:09 - 00000000 ____D C:\Users\Brian\AppData\Local\{294C43A4-EB15-447D-8875-FB33335A1660}
2012-08-24 09:00 - 2012-08-24 09:00 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-24 08:59 - 2012-08-24 08:59 - 00001240 ____A C:\Users\Brian\Desktop\FixExec.txt
2012-08-24 08:58 - 2012-08-24 08:59 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\Brian\Downloads\FixExec.exe
2012-08-23 09:07 - 2012-08-23 09:08 - 00000000 ____D C:\Users\All Users\036DFF5B00482ED415B2FFE4F875EF7E
2012-08-23 09:06 - 2012-08-23 09:06 - 00460800 ____A (Aladdin Systems, Inc.) C:\Users\Brian\AppData\Roaming\sapisn.dll
2012-08-18 08:35 - 2012-08-18 08:35 - 00000000 ____D C:\Users\Brian\AppData\Local\{1B598964-E613-4748-A1BA-AC63B1FC5E56}
2012-08-17 20:35 - 2012-08-17 20:35 - 00000000 ____D C:\Users\Brian\AppData\Local\{7461928A-6925-404A-91E7-26582AC3A342}
2012-08-17 08:34 - 2012-08-17 08:35 - 00000000 ____D C:\Users\Brian\AppData\Local\{97664A6C-69A8-4E6D-9EB3-5C0543937910}
2012-08-16 20:34 - 2012-08-16 20:34 - 00000000 ____D C:\Users\Brian\AppData\Local\{B6D4625C-FEB5-44E4-B6DF-ED46AEB44CC8}
2012-08-16 08:34 - 2012-08-16 08:34 - 00000000 ____D C:\Users\Brian\AppData\Local\{0D7A6A9E-6827-4E16-A5D7-D867828FAE21}
2012-08-15 20:33 - 2012-08-15 20:33 - 00000000 ____D C:\Users\Brian\AppData\Local\{7AFEF1F7-E3CA-4CDD-B583-2ADD232FE7CA}
2012-08-15 08:33 - 2012-08-15 08:33 - 00000000 ____D C:\Users\Brian\AppData\Local\{1E83650D-D543-4C2E-8D1F-5E4BC00C4A39}
2012-08-15 08:32 - 2012-08-23 08:37 - 00000000 ____D C:\Users\Brian\AppData\Local\{3BDCD79A-04FE-4553-A835-84E78A142129}
2012-08-14 23:01 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-14 23:01 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-14 23:01 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-14 23:01 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-14 23:01 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-14 23:01 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-14 23:01 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-14 23:01 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-14 23:01 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-14 23:01 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-14 23:01 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-14 23:01 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-14 23:01 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-14 23:01 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-14 21:39 - 2012-07-18 09:47 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-14 21:39 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-14 21:39 - 2012-07-04 13:14 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-14 21:39 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-14 21:39 - 2012-05-13 20:33 - 00769024 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-14 21:39 - 2012-05-04 23:46 - 00400896 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-14 21:39 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-14 21:39 - 2012-02-10 21:37 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-14 16:27 - 2012-08-14 16:28 - 00000000 ____D C:\Users\Brian\AppData\Local\{9802A68C-09FB-4C1C-B204-CCC1BE4D387B}
2012-08-14 04:27 - 2012-08-14 04:27 - 00000000 ____D C:\Users\Brian\AppData\Local\{F6F4D4C7-12C4-4241-8415-5CFE701287B1}
2012-08-13 16:27 - 2012-08-13 16:27 - 00000000 ____D C:\Users\Brian\AppData\Local\{650B24D0-3EF4-4851-8B7C-001FECDC9D62}
2012-08-13 04:26 - 2012-08-13 04:26 - 00000000 ____D C:\Users\Brian\AppData\Local\{236C66F3-FD4E-444B-8E32-F80B9DDCA8D5}
2012-08-12 16:26 - 2012-08-12 16:26 - 00000000 ____D C:\Users\Brian\AppData\Local\{343CC619-F626-45FE-BD25-5F9A0853E7EE}
2012-08-12 04:26 - 2012-08-12 04:26 - 00000000 ____D C:\Users\Brian\AppData\Local\{2B5BD0DA-6AD8-4440-8341-6237EC3E2EB3}
2012-08-11 16:25 - 2012-08-11 16:25 - 00000000 ____D C:\Users\Brian\AppData\Local\{34CFB320-3E71-499C-BA8E-5E1B186B2709}
2012-08-11 04:25 - 2012-08-11 04:25 - 00000000 ____D C:\Users\Brian\AppData\Local\{08434C46-6701-456F-84F9-5DC7C1A27A6A}
2012-08-10 16:25 - 2012-08-10 16:25 - 00000000 ____D C:\Users\Brian\AppData\Local\{94517EE1-F9DA-4FD0-B563-892B25DCED03}
2012-08-10 04:24 - 2012-08-10 04:24 - 00000000 ____D C:\Users\Brian\AppData\Local\{D6EA5EEB-0CB2-4420-A6C7-6E345DD26EBB}
2012-08-09 16:24 - 2012-08-09 16:24 - 00000000 ____D C:\Users\Brian\AppData\Local\{B940A308-A4A9-4ABD-9511-49E8C4278838}
2012-08-09 04:23 - 2012-08-09 04:24 - 00000000 ____D C:\Users\Brian\AppData\Local\{077A0D20-7F0A-4CD1-ADD7-81063E024B20}
2012-08-08 16:23 - 2012-08-08 16:23 - 00000000 ____D C:\Users\Brian\AppData\Local\{EFFF586E-7340-4A3E-BC56-A922C009B86F}
2012-08-08 04:23 - 2012-08-08 04:23 - 00000000 ____D C:\Users\Brian\AppData\Local\{7296A0B7-2D0C-49FB-81D8-5955EE22736B}
2012-08-07 09:43 - 2012-08-14 16:27 - 00000000 ____D C:\Users\Brian\AppData\Local\{D8C95A52-24D8-4E98-BFCA-EB78DFD69C29}
2012-08-07 09:43 - 2012-08-07 09:43 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Skinux
2012-08-07 09:43 - 2012-08-07 09:43 - 00000000 ____D C:\Users\Brian\AppData\Local\{8D9CF5FA-4F0C-40A6-904B-461DE4DB597D}
2012-08-07 06:16 - 2012-08-07 06:16 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

============ 3 Months Modified Files ========================

2012-09-06 07:15 - 2012-08-30 07:26 - 00006404 ____A C:\Users\Brian\Desktop\Rkill.txt
2012-09-06 07:13 - 2011-03-03 07:47 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-06 07:13 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-06 07:13 - 2009-07-13 20:39 - 00044747 ____A C:\Windows\setupact.log
2012-09-06 06:57 - 2012-09-06 07:00 - 00294216 ____A C:\Users\Brian\Desktop\gmer.zip
2012-09-06 06:56 - 2012-09-06 06:56 - 00000472 ____A C:\Users\Brian\Desktop\defogger_disable.log
2012-09-06 06:56 - 2012-09-06 06:56 - 00000000 ____A C:\Users\Brian\defogger_reenable
2012-09-06 06:53 - 2012-09-06 06:53 - 00607260 ____R (Swearware) C:\Users\Brian\Desktop\dds.com
2012-09-06 06:48 - 2012-09-06 06:52 - 00050477 ____A C:\Users\Brian\Desktop\Defogger.exe
2012-08-30 07:18 - 2012-08-30 07:26 - 01614752 ____A (Bleeping Computer, LLC) C:\Users\Brian\Desktop\iExplore.exe
2012-08-30 07:17 - 2012-08-30 07:26 - 01614752 ____A (Bleeping Computer, LLC) C:\Users\Brian\Desktop\rkill.exe
2012-08-27 04:18 - 2011-03-03 07:47 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-27 04:15 - 2011-02-28 07:39 - 02017964 ____A C:\Windows\WindowsUpdate.log
2012-08-27 04:15 - 2011-02-28 05:48 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-27 04:14 - 2011-02-28 04:55 - 00813260 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-27 04:14 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-27 04:14 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-27 04:06 - 2011-02-28 05:23 - 00028500 ____A C:\Windows\PFRO.log
2012-08-24 08:59 - 2012-08-24 08:59 - 00001240 ____A C:\Users\Brian\Desktop\FixExec.txt
2012-08-24 08:59 - 2012-08-24 08:58 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\Brian\Downloads\FixExec.exe
2012-08-23 09:06 - 2012-08-23 09:06 - 00460800 ____A (Aladdin Systems, Inc.) C:\Users\Brian\AppData\Roaming\sapisn.dll
2012-08-21 07:33 - 2011-03-25 08:31 - 00058284 ____A C:\Users\Brian\Documents\plot.log
2012-08-14 23:25 - 2009-07-13 20:33 - 03837616 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-14 23:03 - 2011-02-28 05:03 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-07 06:16 - 2012-08-07 06:16 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-06 13:35 - 2012-08-02 13:59 - 04503728 ___AT C:\Users\All Users\ras_0oed.pad
2012-08-06 08:04 - 2012-08-06 08:04 - 00001967 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-07-18 09:47 - 2012-08-14 21:39 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 23:05 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
2012-07-04 13:16 - 2012-08-14 21:39 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 13:14 - 2012-08-14 21:39 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 13:14 - 2012-08-14 21:39 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-03 09:46 - 2012-08-06 09:35 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-28 16:52 - 2012-08-14 23:01 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 16:27 - 2012-08-14 23:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 16:16 - 2012-08-14 23:01 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 16:09 - 2012-08-14 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 16:09 - 2012-08-14 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 16:08 - 2012-08-14 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 16:07 - 2012-08-14 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 16:06 - 2012-08-14 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 16:04 - 2012-08-14 23:01 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 16:04 - 2012-08-14 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 16:01 - 2012-08-14 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 16:01 - 2012-08-14 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 16:00 - 2012-08-14 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 15:57 - 2012-08-14 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

ZeroAccess:
C:\Windows\Installer\{61439026-2dbf-d030-8a0e-721817d2fe2e}
C:\Windows\Installer\{61439026-2dbf-d030-8a0e-721817d2fe2e}\@
C:\Windows\Installer\{61439026-2dbf-d030-8a0e-721817d2fe2e}\L
C:\Windows\Installer\{61439026-2dbf-d030-8a0e-721817d2fe2e}\U

ZeroAccess:
C:\Users\Brian\AppData\Local\{61439026-2dbf-d030-8a0e-721817d2fe2e}
C:\Users\Brian\AppData\Local\{61439026-2dbf-d030-8a0e-721817d2fe2e}\@
C:\Users\Brian\AppData\Local\{61439026-2dbf-d030-8a0e-721817d2fe2e}\L
C:\Users\Brian\AppData\Local\{61439026-2dbf-d030-8a0e-721817d2fe2e}\U
C:\Users\Brian\AppData\Local\{61439026-2dbf-d030-8a0e-721817d2fe2e}\U\00000001.@

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 4093.55 MB
Available physical RAM: 3597.92 MB
Total Pagefile: 4091.83 MB
Available Pagefile: 3604.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:298.01 GB) (Free:228.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (VICTORINOX) (Removable) (Total:0.94 GB) (Free:0.83 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 964 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 78 MB 31 KB
Partition 2 Primary 298 GB 78 MB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 FAT Partition 78 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 298 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 964 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

Last Boot: 2012-08-16 20:22

==================== End Of Log =============================


Farbar Recovery Scan Tool (x86) Version: 05-09-2012
Ran by SYSTEM at 2012-09-06 14:17:36
Running from E:\

================== Search: "services.exe" ===================

C:\Windows.old\Windows\system32\services.exe
[2008-04-25 08:16] - [2009-02-06 03:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

C:\Windows.old\Windows\system32\dllcache\services.exe
[2008-04-25 08:16] - [2009-02-06 03:11] - 0110592 ___AC (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

C:\Windows.old\Windows\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-11-03 14:32] - [2009-02-06 03:06] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 06 September 2012 - 02:50 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC\Desktop.ini 
C:\Windows\Installer\{61439026-2dbf-d030-8a0e-721817d2fe2e}
C:\Users\Brian\AppData\Local\{61439026-2dbf-d030-8a0e-721817d2fe2e}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ballen622

ballen622
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 06 September 2012 - 03:09 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-09-2012
Ran by SYSTEM at 2012-09-06 16:08:06 Run:2
Running from E:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Windows\assembly\GAC\Desktop.ini not found.
C:\Windows\Installer\{61439026-2dbf-d030-8a0e-721817d2fe2e} not found.
C:\Users\Brian\AppData\Local\{61439026-2dbf-d030-8a0e-721817d2fe2e} not found.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 07 September 2012 - 12:19 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 10 September 2012 - 08:30 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ballen622

ballen622
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 10 September 2012 - 11:58 AM

Sorry, you are helping with my office computer, so I did not have access to it over the weekend.
Here is the combofix log. Before running combofix I disabled MSE as instructed, but when combofix initialized it told me that MSE was still active. There was no MSE icon in the taskbar and nothing in Task Manager, so I let combofix continue to run.
As CF was running a message came up about a rootkit infection and that it may be particularly difficult to remove. Another message came up: "Combofix has detected the presence of rootkit activity and needs to reboot the machine"
I clicked OK and rebooted into Safe Mode and CF resumed its scan.
As least the computer no longer reboots after 1 minute and is working well enough to do this debugging. I am using another computer for this communication & internet access.

ComboFix 12-09-10.03 - Brian 09/10/2012 12:44:25.1.2 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3006.2088 [GMT -4:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\programdata\ras_0oed.pad
c:\users\Brian\AppData\Roaming\sapisn.dll
c:\windows\$NtUninstallKB59131$
c:\windows\$NtUninstallKB59131$\1576336476
c:\windows\Installer\$PatchCache$\Managed\6D79387323DF29048A45A657BCE7AD64\1.5.2060\pst.ini2
c:\windows\system32\~GLH001c.TMP
c:\windows\system32\~GLH001d.TMP
c:\windows\system32\SETD6C8.tmp
c:\windows\system32\SETEEEE.tmp
c:\windows\system32\SETEF3D.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-06 22:15 . 2012-09-06 22:15 -------- d-----w- C:\FRST
2012-08-27 12:17 . 2012-02-09 18:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03D886A4-AE73-465C-966C-4A5EC13EB695}\gapaengine.dll
2012-08-27 12:17 . 2012-08-20 05:53 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B1A77A6-59C1-4FE2-8476-7E2335262A51}\mpengine.dll
2012-08-27 12:14 . 2012-08-27 12:14 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-24 17:00 . 2012-08-24 17:00 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-23 17:07 . 2012-08-23 17:08 -------- d-----w- c:\programdata\036DFF5B00482ED415B2FFE4F875EF7E
2012-08-15 05:39 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 05:39 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 05:39 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 05:39 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 05:39 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 05:39 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 05:39 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2012-08-06 17:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 20:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-11-29 20:26 3908192 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-04-09 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-07-14 24576]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe" [2012-02-10 167584]
"BbInstallUser"="c:\program files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe" [2012-03-23 48216]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTxfiReg.exe" [2009-07-14 47104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl47ce3be0;MpKsl47ce3be0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B1A77A6-59C1-4FE2-8476-7E2335262A51}\MpKsl47ce3be0.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [x]
R2 FileOpenManagerSvc;FileOpenManagerSvc;c:\programdata\FileOpen\Services\FileOpenManagerSvc32.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [x]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [x]
R2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\DRIVERS\OlyCamComm.sys [x]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 15:47]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 15:47]
.
2012-09-10 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 19:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\program files\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-sapisn - c:\users\Brian\AppData\Roaming\sapisn.dll
AddRemove-EL-USB&10C4&0002 - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\EL-USB&10C4&0002
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"=hex:51,66,7a,6c,4c,1d,38,12,60,59,f4,
a5,a5,0d,c6,0e,c4,46,a2,df,b3,36,d4,e0
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d0,68,eb,f5,2c,84,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-10 12:53:50
ComboFix-quarantined-files.txt 2012-09-10 16:53
.
Pre-Run: 246,944,571,392 bytes free
Post-Run: 249,819,222,016 bytes free
.
- - End Of File - - 31271B503366CA404423721E6EBFC3F4

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 10 September 2012 - 12:06 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ballen622

ballen622
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 10 September 2012 - 12:48 PM

TDSSKiller found one suspicious file.
13:12:05.0021 2020 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:12:05.0037 2020 ============================================================
13:12:05.0037 2020 Current date / time: 2012/09/10 13:12:05.0037
13:12:05.0037 2020 SystemInfo:
13:12:05.0037 2020
13:12:05.0037 2020 OS Version: 6.1.7601 ServicePack: 1.0
13:12:05.0037 2020 Product type: Workstation
13:12:05.0037 2020 ComputerName: BRIAN-PC
13:12:05.0037 2020 UserName: Brian
13:12:05.0037 2020 Windows directory: C:\Windows
13:12:05.0037 2020 System windows directory: C:\Windows
13:12:05.0037 2020 Processor architecture: Intel x86
13:12:05.0037 2020 Number of processors: 2
13:12:05.0037 2020 Page size: 0x1000
13:12:05.0037 2020 Boot type: Safe boot
13:12:05.0037 2020 ============================================================
13:12:05.0833 2020 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:12:05.0833 2020 Drive \Device\Harddisk1\DR2 - Size: 0x3C400000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:12:05.0833 2020 ============================================================
13:12:05.0833 2020 \Device\Harddisk0\DR0:
13:12:05.0833 2020 MBR partitions:
13:12:05.0833 2020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x25406337
13:12:05.0833 2020 \Device\Harddisk1\DR2:
13:12:05.0833 2020 MBR partitions:
13:12:05.0833 2020 ============================================================
13:12:05.0848 2020 C: <-> \Device\Harddisk0\DR0\Partition1
13:12:05.0848 2020 ============================================================
13:12:05.0848 2020 Initialize success
13:12:05.0848 2020 ============================================================
13:12:10.0809 1980 ============================================================
13:12:10.0809 1980 Scan started
13:12:10.0809 1980 Mode: Manual;
13:12:10.0809 1980 ============================================================
13:12:11.0308 1980 ================ Scan system memory ========================
13:12:11.0308 1980 System memory - ok
13:12:11.0308 1980 ================ Scan services =============================
13:12:11.0433 1980 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:12:11.0433 1980 !SASCORE - ok
13:12:11.0651 1980 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:12:11.0651 1980 1394ohci - ok
13:12:11.0745 1980 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:12:11.0745 1980 ACDaemon - ok
13:12:11.0792 1980 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:12:11.0792 1980 ACPI - ok
13:12:11.0854 1980 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:12:11.0854 1980 AcpiPmi - ok
13:12:11.0917 1980 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:12:11.0917 1980 AdobeARMservice - ok
13:12:11.0963 1980 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:12:11.0963 1980 adp94xx - ok
13:12:11.0995 1980 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:12:11.0995 1980 adpahci - ok
13:12:12.0041 1980 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:12:12.0041 1980 adpu320 - ok
13:12:12.0073 1980 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:12:12.0073 1980 AeLookupSvc - ok
13:12:12.0151 1980 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
13:12:12.0151 1980 AFD - ok
13:12:12.0182 1980 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
13:12:12.0182 1980 agp440 - ok
13:12:12.0229 1980 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:12:12.0229 1980 aic78xx - ok
13:12:12.0244 1980 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
13:12:12.0244 1980 ALG - ok
13:12:12.0260 1980 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
13:12:12.0260 1980 aliide - ok
13:12:12.0260 1980 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:12:12.0260 1980 amdagp - ok
13:12:12.0322 1980 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
13:12:12.0322 1980 amdide - ok
13:12:12.0338 1980 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:12:12.0338 1980 AmdK8 - ok
13:12:12.0338 1980 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:12:12.0338 1980 AmdPPM - ok
13:12:12.0369 1980 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:12:12.0369 1980 amdsata - ok
13:12:12.0447 1980 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:12:12.0447 1980 amdsbs - ok
13:12:12.0509 1980 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:12:12.0509 1980 amdxata - ok
13:12:12.0525 1980 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
13:12:12.0541 1980 AppID - ok
13:12:12.0587 1980 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:12:12.0587 1980 AppIDSvc - ok
13:12:12.0650 1980 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
13:12:12.0650 1980 Appinfo - ok
13:12:12.0681 1980 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
13:12:12.0681 1980 AppMgmt - ok
13:12:12.0759 1980 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:12:12.0759 1980 arc - ok
13:12:12.0775 1980 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:12:12.0775 1980 arcsas - ok
13:12:12.0821 1980 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:12:12.0821 1980 AsyncMac - ok
13:12:12.0837 1980 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
13:12:12.0837 1980 atapi - ok
13:12:12.0868 1980 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:12:12.0884 1980 AudioEndpointBuilder - ok
13:12:12.0899 1980 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:12:12.0915 1980 Audiosrv - ok
13:12:12.0977 1980 [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
13:12:12.0977 1980 Autodesk Licensing Service - ok
13:12:13.0024 1980 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:12:13.0024 1980 AxInstSV - ok
13:12:13.0040 1980 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:12:13.0055 1980 b06bdrv - ok
13:12:13.0071 1980 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:12:13.0071 1980 b57nd60x - ok
13:12:13.0149 1980 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
13:12:13.0149 1980 BDESVC - ok
13:12:13.0196 1980 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
13:12:13.0196 1980 Beep - ok
13:12:13.0305 1980 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
13:12:13.0321 1980 BFE - ok
13:12:13.0352 1980 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
13:12:13.0352 1980 BITS - ok
13:12:13.0399 1980 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:12:13.0399 1980 blbdrive - ok
13:12:13.0414 1980 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:12:13.0414 1980 bowser - ok
13:12:13.0461 1980 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:12:13.0461 1980 BrFiltLo - ok
13:12:13.0477 1980 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:12:13.0477 1980 BrFiltUp - ok
13:12:13.0492 1980 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:12:13.0492 1980 BridgeMP - ok
13:12:13.0523 1980 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
13:12:13.0523 1980 Browser - ok
13:12:13.0570 1980 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:12:13.0570 1980 Brserid - ok
13:12:13.0586 1980 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:12:13.0586 1980 BrSerWdm - ok
13:12:13.0601 1980 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:12:13.0601 1980 BrUsbMdm - ok
13:12:13.0601 1980 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:12:13.0601 1980 BrUsbSer - ok
13:12:13.0664 1980 [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
13:12:13.0664 1980 BTCFilterService - ok
13:12:13.0679 1980 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:12:13.0679 1980 BTHMODEM - ok
13:12:13.0695 1980 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
13:12:13.0695 1980 bthserv - ok
13:12:13.0773 1980 catchme - ok
13:12:13.0789 1980 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:12:13.0804 1980 cdfs - ok
13:12:13.0867 1980 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:12:13.0867 1980 cdrom - ok
13:12:13.0929 1980 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
13:12:13.0929 1980 CertPropSvc - ok
13:12:13.0960 1980 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:12:13.0960 1980 circlass - ok
13:12:13.0976 1980 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
13:12:13.0976 1980 CLFS - ok
13:12:14.0054 1980 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:12:14.0054 1980 clr_optimization_v2.0.50727_32 - ok
13:12:14.0085 1980 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:12:14.0085 1980 clr_optimization_v4.0.30319_32 - ok
13:12:14.0116 1980 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:12:14.0116 1980 CmBatt - ok
13:12:14.0132 1980 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:12:14.0132 1980 cmdide - ok
13:12:14.0179 1980 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
13:12:14.0179 1980 CNG - ok
13:12:14.0210 1980 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:12:14.0210 1980 Compbatt - ok
13:12:14.0225 1980 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:12:14.0225 1980 CompositeBus - ok
13:12:14.0225 1980 COMSysApp - ok
13:12:14.0288 1980 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:12:14.0288 1980 crcdisk - ok
13:12:14.0381 1980 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
13:12:14.0381 1980 Creative Audio Engine Licensing Service - ok
13:12:14.0397 1980 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:12:14.0413 1980 CryptSvc - ok
13:12:14.0506 1980 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
13:12:14.0506 1980 CSC - ok
13:12:14.0584 1980 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
13:12:14.0584 1980 CscService - ok
13:12:14.0678 1980 [ 0AA5F55FCB9715D51FFC159144688D53 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
13:12:14.0678 1980 CT20XUT - ok
13:12:14.0693 1980 [ 0AA5F55FCB9715D51FFC159144688D53 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
13:12:14.0693 1980 CT20XUT.SYS - ok
13:12:14.0725 1980 [ FBB6A0DCB1F38151413DD73DEFD67CBD ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
13:12:14.0725 1980 ctac32k - ok
13:12:14.0787 1980 [ B339607424CF471B29AB4DFD569E4AAB ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
13:12:14.0787 1980 ctaud2k - ok
13:12:14.0849 1980 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
13:12:14.0849 1980 CTAudSvcService - ok
13:12:14.0881 1980 [ DF6A0454F5F571370FA84A923289C064 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
13:12:14.0896 1980 CTEXFIFX - ok
13:12:14.0959 1980 [ DF6A0454F5F571370FA84A923289C064 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
13:12:14.0959 1980 CTEXFIFX.SYS - ok
13:12:14.0974 1980 [ 99CE3B38677F1A9EC2505E3390B08B37 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
13:12:14.0974 1980 CTHWIUT - ok
13:12:15.0021 1980 [ 99CE3B38677F1A9EC2505E3390B08B37 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
13:12:15.0021 1980 CTHWIUT.SYS - ok
13:12:15.0037 1980 [ 1B70F20962249C83A1306EDD3AC5441C ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
13:12:15.0037 1980 ctprxy2k - ok
13:12:15.0037 1980 [ B8FCBCE5552C606A3587028DB88A7C9D ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
13:12:15.0037 1980 ctsfm2k - ok
13:12:15.0068 1980 [ 90F8539FA0DE4AAFE4FDBE7F95D6A512 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
13:12:15.0068 1980 dc3d - ok
13:12:15.0146 1980 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:12:15.0146 1980 DcomLaunch - ok
13:12:15.0208 1980 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
13:12:15.0208 1980 defragsvc - ok
13:12:15.0271 1980 [ 0259948FFE5F7E69CD1D8A8E74E0547C ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
13:12:15.0286 1980 DeviceMonitorService - ok
13:12:15.0333 1980 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:12:15.0333 1980 DfsC - ok
13:12:15.0349 1980 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:12:15.0349 1980 Dhcp - ok
13:12:15.0395 1980 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
13:12:15.0395 1980 discache - ok
13:12:15.0411 1980 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:12:15.0411 1980 Disk - ok
13:12:15.0427 1980 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:12:15.0442 1980 Dnscache - ok
13:12:15.0505 1980 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
13:12:15.0505 1980 dot3svc - ok
13:12:15.0536 1980 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
13:12:15.0536 1980 DPS - ok
13:12:15.0583 1980 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:12:15.0583 1980 drmkaud - ok
13:12:15.0676 1980 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:12:15.0676 1980 DXGKrnl - ok
13:12:15.0707 1980 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
13:12:15.0707 1980 EapHost - ok
13:12:15.0801 1980 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:12:15.0817 1980 ebdrv - ok
13:12:15.0832 1980 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
13:12:15.0832 1980 EFS - ok
13:12:15.0910 1980 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:12:15.0910 1980 ehRecvr - ok
13:12:15.0988 1980 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
13:12:15.0988 1980 ehSched - ok
13:12:16.0066 1980 [ 44996A2ADDD2DB7454F2CA40B67D8941 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
13:12:16.0066 1980 ElbyCDIO - ok
13:12:16.0097 1980 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:12:16.0097 1980 elxstor - ok
13:12:16.0144 1980 [ 9A99662DB494255896272F503CAD55B2 ] emupia C:\Windows\system32\drivers\emupia2k.sys
13:12:16.0144 1980 emupia - ok
13:12:16.0160 1980 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:12:16.0160 1980 ErrDev - ok
13:12:16.0191 1980 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
13:12:16.0191 1980 EventSystem - ok
13:12:16.0238 1980 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
13:12:16.0238 1980 exfat - ok
13:12:16.0253 1980 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:12:16.0253 1980 fastfat - ok
13:12:16.0285 1980 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
13:12:16.0300 1980 Fax - ok
13:12:16.0331 1980 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:12:16.0331 1980 fdc - ok
13:12:16.0347 1980 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
13:12:16.0347 1980 fdPHost - ok
13:12:16.0363 1980 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
13:12:16.0363 1980 FDResPub - ok
13:12:16.0409 1980 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:12:16.0409 1980 FileInfo - ok
13:12:16.0487 1980 [ ACEDB7769F9043E869E252153487CC5C ] FileOpenManagerSvc C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe
13:12:16.0487 1980 FileOpenManagerSvc - ok
13:12:16.0550 1980 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:12:16.0550 1980 Filetrace - ok
13:12:16.0628 1980 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:12:16.0628 1980 FLEXnet Licensing Service - ok
13:12:16.0643 1980 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:12:16.0643 1980 flpydisk - ok
13:12:16.0690 1980 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:12:16.0706 1980 FltMgr - ok
13:12:16.0737 1980 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
13:12:16.0753 1980 FontCache - ok
13:12:16.0862 1980 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:12:16.0862 1980 FontCache3.0.0.0 - ok
13:12:16.0893 1980 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:12:16.0893 1980 FsDepends - ok
13:12:16.0924 1980 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:12:16.0924 1980 Fs_Rec - ok
13:12:16.0987 1980 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:12:16.0987 1980 fvevol - ok
13:12:17.0002 1980 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:12:17.0002 1980 gagp30kx - ok
13:12:17.0033 1980 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
13:12:17.0049 1980 gpsvc - ok
13:12:17.0143 1980 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:12:17.0143 1980 gupdate - ok
13:12:17.0158 1980 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:12:17.0158 1980 gupdatem - ok
13:12:17.0205 1980 [ DC7047D12446D0059EA8A4D8B645FA5A ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys
13:12:17.0221 1980 ha20x22k - ok
13:12:17.0283 1980 [ AF8BD14FAD9D8D3D01483618BACE70B2 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
13:12:17.0299 1980 ha20x2k - ok
13:12:17.0345 1980 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:12:17.0345 1980 hcw85cir - ok
13:12:17.0408 1980 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:12:17.0408 1980 HdAudAddService - ok
13:12:17.0439 1980 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:12:17.0439 1980 HDAudBus - ok
13:12:17.0455 1980 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:12:17.0455 1980 HidBatt - ok
13:12:17.0470 1980 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:12:17.0470 1980 HidBth - ok
13:12:17.0486 1980 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:12:17.0486 1980 HidIr - ok
13:12:17.0533 1980 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
13:12:17.0533 1980 hidserv - ok
13:12:17.0548 1980 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:12:17.0548 1980 HidUsb - ok
13:12:17.0579 1980 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:12:17.0579 1980 hkmsvc - ok
13:12:17.0626 1980 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:12:17.0626 1980 HomeGroupListener - ok
13:12:17.0689 1980 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:12:17.0689 1980 HomeGroupProvider - ok
13:12:17.0735 1980 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:12:17.0735 1980 HpSAMD - ok
13:12:17.0767 1980 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:12:17.0767 1980 HTTP - ok
13:12:17.0813 1980 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:12:17.0813 1980 hwpolicy - ok
13:12:17.0829 1980 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:12:17.0829 1980 i8042prt - ok
13:12:17.0845 1980 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:12:17.0845 1980 iaStorV - ok
13:12:17.0907 1980 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:12:17.0907 1980 idsvc - ok
13:12:17.0938 1980 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:12:17.0938 1980 iirsp - ok
13:12:18.0032 1980 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
13:12:18.0032 1980 IKEEXT - ok
13:12:18.0047 1980 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
13:12:18.0047 1980 intelide - ok
13:12:18.0063 1980 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:12:18.0063 1980 intelppm - ok
13:12:18.0079 1980 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:12:18.0079 1980 IPBusEnum - ok
13:12:18.0125 1980 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:12:18.0125 1980 IpFilterDriver - ok
13:12:18.0141 1980 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:12:18.0141 1980 iphlpsvc - ok
13:12:18.0157 1980 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:12:18.0157 1980 IPMIDRV - ok
13:12:18.0203 1980 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:12:18.0203 1980 IPNAT - ok
13:12:18.0250 1980 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:12:18.0250 1980 IRENUM - ok
13:12:18.0297 1980 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:12:18.0297 1980 isapnp - ok
13:12:18.0313 1980 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:12:18.0313 1980 iScsiPrt - ok
13:12:18.0328 1980 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:12:18.0328 1980 kbdclass - ok
13:12:18.0375 1980 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:12:18.0375 1980 kbdhid - ok
13:12:18.0437 1980 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
13:12:18.0437 1980 KeyIso - ok
13:12:18.0500 1980 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:12:18.0500 1980 KSecDD - ok
13:12:18.0578 1980 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:12:18.0578 1980 KSecPkg - ok
13:12:18.0609 1980 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
13:12:18.0609 1980 KtmRm - ok
13:12:18.0656 1980 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
13:12:18.0656 1980 LanmanServer - ok
13:12:18.0734 1980 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:12:18.0734 1980 LanmanWorkstation - ok
13:12:18.0796 1980 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:12:18.0812 1980 lltdio - ok
13:12:18.0812 1980 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:12:18.0827 1980 lltdsvc - ok
13:12:18.0874 1980 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
13:12:18.0874 1980 lmhosts - ok
13:12:18.0968 1980 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:12:18.0968 1980 LSI_FC - ok
13:12:19.0015 1980 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:12:19.0015 1980 LSI_SAS - ok
13:12:19.0030 1980 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:12:19.0030 1980 LSI_SAS2 - ok
13:12:19.0030 1980 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:12:19.0030 1980 LSI_SCSI - ok
13:12:19.0061 1980 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
13:12:19.0061 1980 luafv - ok
13:12:19.0124 1980 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:12:19.0124 1980 Mcx2Svc - ok
13:12:19.0139 1980 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:12:19.0139 1980 megasas - ok
13:12:19.0186 1980 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:12:19.0186 1980 MegaSR - ok
13:12:19.0249 1980 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:12:19.0249 1980 Microsoft Office Groove Audit Service - ok
13:12:19.0295 1980 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
13:12:19.0295 1980 MMCSS - ok
13:12:19.0295 1980 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
13:12:19.0295 1980 Modem - ok
13:12:19.0358 1980 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:12:19.0358 1980 monitor - ok
13:12:19.0389 1980 [ F4EA1193A52C8FE4B8A135E210ABE546 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
13:12:19.0389 1980 motccgp - ok
13:12:19.0420 1980 [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
13:12:19.0420 1980 motccgpfl - ok
13:12:19.0529 1980 [ 69814ACD50A9D6D28296050EF6215D46 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
13:12:19.0529 1980 motmodem - ok
13:12:19.0576 1980 [ 3BBC6C2402242401F791548AAEBF3D39 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
13:12:19.0576 1980 MotoHelper - ok
13:12:19.0623 1980 [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
13:12:19.0623 1980 MotoSwitchService - ok
13:12:19.0623 1980 [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
13:12:19.0623 1980 Motousbnet - ok
13:12:19.0654 1980 [ 2136CCA3D1BF7C0248E5366B1A6C24E3 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
13:12:19.0654 1980 motusbdevice - ok
13:12:19.0732 1980 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:12:19.0732 1980 mouclass - ok
13:12:19.0748 1980 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:12:19.0748 1980 mouhid - ok
13:12:19.0810 1980 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:12:19.0810 1980 mountmgr - ok
13:12:19.0888 1980 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
13:12:19.0888 1980 MpFilter - ok
13:12:19.0966 1980 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
13:12:19.0966 1980 mpio - ok
13:12:20.0060 1980 [ A69630D039C38018689190234F866D77 ] MpKsl47ce3be0 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B1A77A6-59C1-4FE2-8476-7E2335262A51}\MpKsl47ce3be0.sys
13:12:20.0060 1980 Suspicious file (Forged): c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B1A77A6-59C1-4FE2-8476-7E2335262A51}\MpKsl47ce3be0.sys. Real md5: A69630D039C38018689190234F866D77, Fake md5: 4137EE420481D10734DA3018D0325582
13:12:20.0060 1980 MpKsl47ce3be0 ( ForgedFile.Multi.Generic ) - warning
13:12:20.0060 1980 MpKsl47ce3be0 - detected ForgedFile.Multi.Generic (1)
13:12:20.0075 1980 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:12:20.0075 1980 mpsdrv - ok
13:12:20.0138 1980 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:12:20.0138 1980 MRxDAV - ok
13:12:20.0169 1980 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:12:20.0185 1980 mrxsmb - ok
13:12:20.0231 1980 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:12:20.0231 1980 mrxsmb10 - ok
13:12:20.0247 1980 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:12:20.0247 1980 mrxsmb20 - ok
13:12:20.0278 1980 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
13:12:20.0278 1980 msahci - ok
13:12:20.0294 1980 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:12:20.0294 1980 msdsm - ok
13:12:20.0309 1980 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
13:12:20.0309 1980 MSDTC - ok
13:12:20.0372 1980 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:12:20.0372 1980 Msfs - ok
13:12:20.0372 1980 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:12:20.0387 1980 mshidkmdf - ok
13:12:20.0387 1980 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:12:20.0387 1980 msisadrv - ok
13:12:20.0403 1980 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:12:20.0419 1980 MSiSCSI - ok
13:12:20.0434 1980 msiserver - ok
13:12:20.0450 1980 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:12:20.0450 1980 MSKSSRV - ok
13:12:20.0481 1980 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:12:20.0481 1980 MsMpSvc - ok
13:12:20.0497 1980 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:12:20.0497 1980 MSPCLOCK - ok
13:12:20.0543 1980 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:12:20.0543 1980 MSPQM - ok
13:12:20.0559 1980 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:12:20.0559 1980 MsRPC - ok
13:12:20.0575 1980 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:12:20.0575 1980 mssmbios - ok
13:12:20.0684 1980 MSSQL$SQLEXPRESS - ok
13:12:20.0746 1980 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:12:20.0746 1980 MSSQLServerADHelper - ok
13:12:20.0762 1980 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:12:20.0762 1980 MSTEE - ok
13:12:20.0777 1980 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:12:20.0793 1980 MTConfig - ok
13:12:20.0824 1980 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
13:12:20.0824 1980 Mup - ok
13:12:20.0855 1980 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
13:12:20.0855 1980 napagent - ok
13:12:20.0871 1980 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:12:20.0871 1980 NativeWifiP - ok
13:12:20.0933 1980 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:12:20.0933 1980 NDIS - ok
13:12:20.0949 1980 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:12:20.0949 1980 NdisCap - ok
13:12:20.0996 1980 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:12:20.0996 1980 NdisTapi - ok
13:12:21.0027 1980 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:12:21.0027 1980 Ndisuio - ok
13:12:21.0058 1980 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:12:21.0058 1980 NdisWan - ok
13:12:21.0105 1980 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:12:21.0105 1980 NDProxy - ok
13:12:21.0105 1980 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:12:21.0105 1980 NetBIOS - ok
13:12:21.0183 1980 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:12:21.0183 1980 NetBT - ok
13:12:21.0199 1980 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
13:12:21.0199 1980 Netlogon - ok
13:12:21.0214 1980 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
13:12:21.0214 1980 Netman - ok
13:12:21.0261 1980 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
13:12:21.0261 1980 netprofm - ok
13:12:21.0292 1980 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:12:21.0292 1980 NetTcpPortSharing - ok
13:12:21.0355 1980 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:12:21.0355 1980 nfrd960 - ok
13:12:21.0386 1980 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:12:21.0386 1980 NisDrv - ok
13:12:21.0417 1980 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
13:12:21.0417 1980 NisSrv - ok
13:12:21.0464 1980 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:12:21.0464 1980 NlaSvc - ok
13:12:21.0511 1980 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:12:21.0511 1980 Npfs - ok
13:12:21.0542 1980 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
13:12:21.0542 1980 nsi - ok
13:12:21.0557 1980 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:12:21.0557 1980 nsiproxy - ok
13:12:21.0604 1980 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:12:21.0604 1980 Ntfs - ok
13:12:21.0635 1980 [ EF2B9A14EC5DD74ADE3417FAF1B45E16 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
13:12:21.0635 1980 NuidFltr - ok
13:12:21.0651 1980 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
13:12:21.0651 1980 Null - ok
13:12:21.0745 1980 [ 1F093CC3E11C9DA8B2F899A249A6EB27 ] NVIDIA Performance Driver Service C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
13:12:21.0760 1980 NVIDIA Performance Driver Service - ok
13:12:21.0932 1980 [ E572EBF0A86A76E7CFCAAB00648F0F83 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:12:21.0994 1980 nvlddmkm - ok
13:12:22.0025 1980 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:12:22.0025 1980 nvraid - ok
13:12:22.0072 1980 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:12:22.0072 1980 nvstor - ok
13:12:22.0088 1980 [ A511F04A121F52CFA538407A77BB7E92 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:12:22.0103 1980 nvsvc - ok
13:12:22.0119 1980 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:12:22.0119 1980 nv_agp - ok
13:12:22.0228 1980 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:12:22.0228 1980 odserv - ok
13:12:22.0244 1980 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:12:22.0244 1980 ohci1394 - ok
13:12:22.0275 1980 [ F4CB9C1991314B1352DDBD8A968E4471 ] OlyCamComm C:\Windows\system32\DRIVERS\OlyCamComm.sys
13:12:22.0275 1980 OlyCamComm - ok
13:12:22.0306 1980 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:12:22.0306 1980 ose - ok
13:12:22.0337 1980 [ 44BDE84F0034E24A279EF019D7431B13 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
13:12:22.0337 1980 ossrv - ok
13:12:22.0369 1980 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:12:22.0369 1980 p2pimsvc - ok
13:12:22.0384 1980 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
13:12:22.0384 1980 p2psvc - ok
13:12:22.0447 1980 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:12:22.0447 1980 Parport - ok
13:12:22.0478 1980 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:12:22.0478 1980 partmgr - ok
13:12:22.0525 1980 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:12:22.0525 1980 Parvdm - ok
13:12:22.0540 1980 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:12:22.0540 1980 PcaSvc - ok
13:12:22.0587 1980 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
13:12:22.0603 1980 pci - ok
13:12:22.0618 1980 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
13:12:22.0618 1980 pciide - ok
13:12:22.0634 1980 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:12:22.0634 1980 pcmcia - ok
13:12:22.0681 1980 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
13:12:22.0681 1980 pcw - ok
13:12:22.0774 1980 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:12:22.0774 1980 PEAUTH - ok
13:12:22.0852 1980 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:12:22.0852 1980 PeerDistSvc - ok
13:12:22.0946 1980 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
13:12:22.0961 1980 pla - ok
13:12:23.0039 1980 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:12:23.0055 1980 PlugPlay - ok
13:12:23.0086 1980 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:12:23.0086 1980 PNRPAutoReg - ok
13:12:23.0102 1980 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:12:23.0102 1980 PNRPsvc - ok
13:12:23.0133 1980 [ 420336F91EB745811CF130C80EDE0653 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
13:12:23.0133 1980 Point32 - ok
13:12:23.0180 1980 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:12:23.0180 1980 PolicyAgent - ok
13:12:23.0211 1980 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
13:12:23.0211 1980 Power - ok
13:12:23.0273 1980 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:12:23.0273 1980 PptpMiniport - ok
13:12:23.0289 1980 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:12:23.0289 1980 Processor - ok
13:12:23.0320 1980 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
13:12:23.0320 1980 ProfSvc - ok
13:12:23.0383 1980 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:12:23.0383 1980 ProtectedStorage - ok
13:12:23.0398 1980 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:12:23.0398 1980 Psched - ok
13:12:23.0461 1980 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:12:23.0476 1980 ql2300 - ok
13:12:23.0492 1980 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:12:23.0492 1980 ql40xx - ok
13:12:23.0539 1980 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
13:12:23.0539 1980 QWAVE - ok
13:12:23.0554 1980 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:12:23.0554 1980 QWAVEdrv - ok
13:12:23.0570 1980 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:12:23.0570 1980 RasAcd - ok
13:12:23.0585 1980 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:12:23.0585 1980 RasAgileVpn - ok
13:12:23.0648 1980 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
13:12:23.0648 1980 RasAuto - ok
13:12:23.0648 1980 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:12:23.0648 1980 Rasl2tp - ok
13:12:23.0679 1980 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
13:12:23.0679 1980 RasMan - ok
13:12:23.0741 1980 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:12:23.0741 1980 RasPppoe - ok
13:12:23.0741 1980 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:12:23.0741 1980 RasSstp - ok
13:12:23.0804 1980 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:12:23.0804 1980 rdbss - ok
13:12:23.0819 1980 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:12:23.0819 1980 rdpbus - ok
13:12:23.0851 1980 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:12:23.0851 1980 RDPCDD - ok
13:12:23.0913 1980 [ 3A3A4C256B91276210D3A2FAF019313D ] RDPDISPM C:\Windows\system32\DRIVERS\rdpdispm.sys
13:12:23.0913 1980 RDPDISPM - ok
13:12:23.0929 1980 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:12:23.0929 1980 RDPDR - ok
13:12:23.0944 1980 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:12:23.0944 1980 RDPENCDD - ok
13:12:24.0022 1980 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:12:24.0022 1980 RDPREFMP - ok
13:12:24.0053 1980 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:12:24.0053 1980 RDPWD - ok
13:12:24.0085 1980 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:12:24.0085 1980 rdyboost - ok
13:12:24.0131 1980 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
13:12:24.0131 1980 RemoteAccess - ok
13:12:24.0147 1980 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:12:24.0147 1980 RemoteRegistry - ok
13:12:24.0163 1980 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:12:24.0163 1980 RpcEptMapper - ok
13:12:24.0178 1980 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
13:12:24.0178 1980 RpcLocator - ok
13:12:24.0225 1980 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
13:12:24.0225 1980 RpcSs - ok
13:12:24.0241 1980 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:12:24.0241 1980 rspndr - ok
13:12:24.0319 1980 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:12:24.0319 1980 s3cap - ok
13:12:24.0334 1980 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
13:12:24.0334 1980 SamSs - ok
13:12:24.0412 1980 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:12:24.0412 1980 SASDIFSV - ok
13:12:24.0475 1980 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:12:24.0475 1980 SASKUTIL - ok
13:12:24.0490 1980 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:12:24.0506 1980 sbp2port - ok
13:12:24.0568 1980 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:12:24.0568 1980 SCardSvr - ok
13:12:24.0568 1980 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:12:24.0584 1980 scfilter - ok
13:12:24.0615 1980 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
13:12:24.0615 1980 Schedule - ok
13:12:24.0646 1980 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:12:24.0662 1980 SCPolicySvc - ok
13:12:24.0709 1980 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:12:24.0709 1980 SDRSVC - ok
13:12:24.0724 1980 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:12:24.0724 1980 secdrv - ok
13:12:24.0740 1980 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
13:12:24.0740 1980 seclogon - ok
13:12:24.0787 1980 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
13:12:24.0787 1980 SENS - ok
13:12:24.0818 1980 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:12:24.0818 1980 SensrSvc - ok
13:12:24.0865 1980 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:12:24.0865 1980 Serenum - ok
13:12:24.0958 1980 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:12:24.0958 1980 Serial - ok
13:12:24.0974 1980 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:12:24.0974 1980 sermouse - ok
13:12:25.0005 1980 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
13:12:25.0005 1980 SessionEnv - ok
13:12:25.0067 1980 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:12:25.0067 1980 sffdisk - ok
13:12:25.0067 1980 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:12:25.0067 1980 sffp_mmc - ok
13:12:25.0067 1980 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:12:25.0067 1980 sffp_sd - ok
13:12:25.0114 1980 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:12:25.0114 1980 sfloppy - ok
13:12:25.0192 1980 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:12:25.0192 1980 SharedAccess - ok
13:12:25.0223 1980 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:12:25.0223 1980 ShellHWDetection - ok
13:12:25.0270 1980 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:12:25.0270 1980 sisagp - ok
13:12:25.0286 1980 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:12:25.0286 1980 SiSRaid2 - ok
13:12:25.0286 1980 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:12:25.0286 1980 SiSRaid4 - ok
13:12:25.0348 1980 [ F39C03D8068331438221F6DBDCC6F9C7 ] SIUSBXP C:\Windows\system32\drivers\SiUSBXp.sys
13:12:25.0348 1980 SIUSBXP - ok
13:12:25.0379 1980 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:12:25.0379 1980 Smb - ok
13:12:25.0411 1980 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:12:25.0411 1980 SNMPTRAP - ok
13:12:25.0442 1980 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
13:12:25.0442 1980 spldr - ok
13:12:25.0473 1980 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
13:12:25.0473 1980 Spooler - ok
13:12:25.0551 1980 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
13:12:25.0567 1980 sppsvc - ok
13:12:25.0676 1980 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:12:25.0676 1980 sppuinotify - ok
13:12:25.0707 1980 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:12:25.0707 1980 SQLBrowser - ok
13:12:25.0738 1980 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:12:25.0738 1980 SQLWriter - ok
13:12:25.0816 1980 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:12:25.0816 1980 srv - ok
13:12:25.0816 1980 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:12:25.0832 1980 srv2 - ok
13:12:25.0832 1980 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:12:25.0832 1980 srvnet - ok
13:12:25.0863 1980 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:12:25.0863 1980 SSDPSRV - ok
13:12:25.0925 1980 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:12:25.0925 1980 SstpSvc - ok
13:12:25.0957 1980 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:12:25.0957 1980 stexstor - ok
13:12:26.0003 1980 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
13:12:26.0019 1980 StiSvc - ok
13:12:26.0081 1980 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:12:26.0081 1980 storflt - ok
13:12:26.0128 1980 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
13:12:26.0128 1980 StorSvc - ok
13:12:26.0175 1980 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:12:26.0175 1980 storvsc - ok
13:12:26.0191 1980 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
13:12:26.0191 1980 swenum - ok
13:12:26.0300 1980 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:12:26.0300 1980 SwitchBoard - ok
13:12:26.0331 1980 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
13:12:26.0347 1980 swprv - ok
13:12:26.0378 1980 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
13:12:26.0393 1980 SysMain - ok
13:12:26.0440 1980 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:12:26.0440 1980 TabletInputService - ok
13:12:26.0471 1980 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
13:12:26.0471 1980 TapiSrv - ok
13:12:26.0518 1980 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
13:12:26.0518 1980 TBS - ok
13:12:26.0565 1980 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:12:26.0581 1980 Tcpip - ok
13:12:26.0612 1980 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:12:26.0612 1980 TCPIP6 - ok
13:12:26.0705 1980 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:12:26.0705 1980 tcpipreg - ok
13:12:26.0737 1980 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:12:26.0737 1980 TDPIPE - ok
13:12:26.0768 1980 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:12:26.0768 1980 TDTCP - ok
13:12:26.0783 1980 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:12:26.0783 1980 tdx - ok
13:12:26.0815 1980 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:12:26.0815 1980 TermDD - ok
13:12:26.0861 1980 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
13:12:26.0861 1980 TermService - ok
13:12:26.0939 1980 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
13:12:26.0939 1980 Themes - ok
13:12:26.0955 1980 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
13:12:26.0955 1980 THREADORDER - ok
13:12:27.0002 1980 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
13:12:27.0002 1980 TPM - ok
13:12:27.0017 1980 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
13:12:27.0017 1980 TrkWks - ok
13:12:27.0064 1980 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:12:27.0064 1980 TrustedInstaller - ok
13:12:27.0095 1980 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:12:27.0095 1980 tssecsrv - ok
13:12:27.0173 1980 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:12:27.0173 1980 TsUsbFlt - ok
13:12:27.0205 1980 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:12:27.0205 1980 tunnel - ok
13:12:27.0220 1980 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:12:27.0220 1980 uagp35 - ok
13:12:27.0283 1980 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:12:27.0283 1980 udfs - ok
13:12:27.0314 1980 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:12:27.0314 1980 UI0Detect - ok
13:12:27.0407 1980 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:12:27.0407 1980 uliagpkx - ok
13:12:27.0454 1980 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
13:12:27.0454 1980 umbus - ok
13:12:27.0470 1980 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:12:27.0470 1980 UmPass - ok
13:12:27.0532 1980 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
13:12:27.0532 1980 UmRdpService - ok
13:12:27.0548 1980 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
13:12:27.0563 1980 upnphost - ok
13:12:27.0610 1980 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:12:27.0610 1980 usbccgp - ok
13:12:27.0688 1980 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:12:27.0704 1980 usbcir - ok
13:12:27.0751 1980 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:12:27.0751 1980 usbehci - ok
13:12:27.0766 1980 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:12:27.0766 1980 usbhub - ok
13:12:27.0782 1980 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:12:27.0782 1980 usbohci - ok
13:12:27.0844 1980 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:12:27.0844 1980 usbprint - ok
13:12:27.0875 1980 [ 88701ECA76145E2C011C0EEFF0F7B70E ] usbser C:\Windows\system32\DRIVERS\usbser.sys
13:12:27.0875 1980 usbser - ok
13:12:27.0875 1980 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:12:27.0875 1980 USBSTOR - ok
13:12:27.0938 1980 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:12:27.0938 1980 usbuhci - ok
13:12:27.0985 1980 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
13:12:27.0985 1980 UxSms - ok
13:12:28.0031 1980 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
13:12:28.0031 1980 VaultSvc - ok
13:12:28.0047 1980 [ 94D73B62E458FB56C9CE60AA96D914F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
13:12:28.0047 1980 VClone - ok
13:12:28.0063 1980 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:12:28.0063 1980 vdrvroot - ok
13:12:28.0125 1980 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
13:12:28.0125 1980 vds - ok
13:12:28.0141 1980 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:12:28.0141 1980 vga - ok
13:12:28.0156 1980 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:12:28.0156 1980 VgaSave - ok
13:12:28.0219 1980 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:12:28.0219 1980 vhdmp - ok
13:12:28.0250 1980 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:12:28.0250 1980 viaagp - ok
13:12:28.0250 1980 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:12:28.0265 1980 ViaC7 - ok
13:12:28.0265 1980 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
13:12:28.0265 1980 viaide - ok
13:12:28.0297 1980 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:12:28.0297 1980 vmbus - ok
13:12:28.0343 1980 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:12:28.0343 1980 VMBusHID - ok
13:12:28.0343 1980 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:12:28.0343 1980 volmgr - ok
13:12:28.0375 1980 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:12:28.0375 1980 volmgrx - ok
13:12:28.0390 1980 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:12:28.0390 1980 volsnap - ok
13:12:28.0484 1980 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:12:28.0484 1980 vsmraid - ok
13:12:28.0562 1980 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
13:12:28.0577 1980 VSS - ok
13:12:28.0609 1980 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:12:28.0609 1980 vwifibus - ok
13:12:28.0640 1980 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
13:12:28.0640 1980 W32Time - ok
13:12:28.0655 1980 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:12:28.0655 1980 WacomPen - ok
13:12:28.0687 1980 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:12:28.0687 1980 WANARP - ok
13:12:28.0702 1980 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:12:28.0702 1980 Wanarpv6 - ok
13:12:28.0765 1980 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:12:28.0765 1980 WatAdminSvc - ok
13:12:28.0827 1980 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
13:12:28.0843 1980 wbengine - ok
13:12:28.0858 1980 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:12:28.0858 1980 WbioSrvc - ok
13:12:28.0921 1980 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:12:28.0921 1980 wcncsvc - ok
13:12:28.0936 1980 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:12:28.0936 1980 WcsPlugInService - ok
13:12:28.0999 1980 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:12:28.0999 1980 Wd - ok
13:12:29.0014 1980 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:12:29.0014 1980 Wdf01000 - ok
13:12:29.0014 1980 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:12:29.0014 1980 WdiServiceHost - ok
13:12:29.0030 1980 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:12:29.0030 1980 WdiSystemHost - ok
13:12:29.0061 1980 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
13:12:29.0061 1980 WebClient - ok
13:12:29.0092 1980 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:12:29.0092 1980 Wecsvc - ok
13:12:29.0123 1980 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:12:29.0123 1980 wercplsupport - ok
13:12:29.0139 1980 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
13:12:29.0139 1980 WerSvc - ok
13:12:29.0155 1980 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:12:29.0155 1980 WfpLwf - ok
13:12:29.0170 1980 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:12:29.0170 1980 WIMMount - ok
13:12:29.0217 1980 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:12:29.0233 1980 WinDefend - ok
13:12:29.0233 1980 WinHttpAutoProxySvc - ok
13:12:29.0279 1980 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:12:29.0279 1980 Winmgmt - ok
13:12:29.0342 1980 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
13:12:29.0342 1980 WinRM - ok
13:12:29.0420 1980 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:12:29.0420 1980 WinUsb - ok
13:12:29.0451 1980 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:12:29.0451 1980 Wlansvc - ok
13:12:29.0560 1980 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:12:29.0560 1980 wlcrasvc - ok
13:12:29.0638 1980 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:12:29.0654 1980 wlidsvc - ok
13:12:29.0685 1980 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:12:29.0685 1980 WmiAcpi - ok
13:12:29.0716 1980 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:12:29.0716 1980 wmiApSrv - ok
13:12:29.0841 1980 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:12:29.0857 1980 WMPNetworkSvc - ok
13:12:29.0872 1980 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:12:29.0872 1980 WPCSvc - ok
13:12:29.0903 1980 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:12:29.0903 1980 WPDBusEnum - ok
13:12:29.0950 1980 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:12:29.0950 1980 ws2ifsl - ok
13:12:29.0966 1980 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
13:12:29.0981 1980 wscsvc - ok
13:12:29.0981 1980 WSearch - ok
13:12:30.0075 1980 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:12:30.0122 1980 wuauserv - ok
13:12:30.0137 1980 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:12:30.0137 1980 WudfPf - ok
13:12:30.0184 1980 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:12:30.0184 1980 WUDFRd - ok
13:12:30.0215 1980 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:12:30.0215 1980 wudfsvc - ok
13:12:30.0262 1980 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:12:30.0278 1980 WwanSvc - ok
13:12:30.0278 1980 ================ Scan global ===============================
13:12:30.0371 1980 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
13:12:30.0387 1980 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
13:12:30.0403 1980 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
13:12:30.0449 1980 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:12:30.0481 1980 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:12:30.0496 1980 [Global] - ok
13:12:30.0496 1980 ================ Scan MBR ==================================
13:12:30.0496 1980 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:12:30.0637 1980 \Device\Harddisk0\DR0 - ok
13:12:30.0637 1980 [ 3381AF29C3E8E19D7F65A2C969C466BD ] \Device\Harddisk1\DR2
13:12:30.0652 1980 \Device\Harddisk1\DR2 - ok
13:12:30.0652 1980 ================ Scan VBR ==================================
13:12:30.0652 1980 [ 76CD3AA0AB18561FFA3E90291F3C6300 ] \Device\Harddisk0\DR0\Partition1
13:12:30.0652 1980 \Device\Harddisk0\DR0\Partition1 - ok
13:12:30.0652 1980 ============================================================
13:12:30.0652 1980 Scan finished
13:12:30.0652 1980 ============================================================
13:12:30.0699 1080 Detected object count: 1
13:12:30.0699 1080 Actual detected object count: 1
13:13:03.0241 1080 MpKsl47ce3be0 ( ForgedFile.Multi.Generic ) - skipped by user
13:13:03.0241 1080 MpKsl47ce3be0 ( ForgedFile.Multi.Generic ) - User select action: Skip

aswMBR was defaulted to Quickscan on the pulldown menu, so that is what I ran:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-10 13:19:51
-----------------------------
13:19:51.438 OS Version: Windows 6.1.7601 Service Pack 1
13:19:51.438 Number of processors: 2 586 0x1A05
13:19:51.438 ComputerName: BRIAN-PC UserName: Brian
13:19:52.343 Initialize success
13:21:22.699 AVAST engine defs: 12091000
13:21:42.495 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:21:42.495 Disk 0 Vendor: ST332041 CC45 Size: 305245MB BusType: 8
13:21:42.511 Disk 0 MBR read successfully
13:21:42.511 Disk 0 MBR scan
13:21:42.526 Disk 0 Windows 7 default MBR code
13:21:42.573 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
13:21:42.589 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305164 MB offset 160650
13:21:42.589 Disk 0 scanning sectors +625137345
13:21:42.745 Disk 0 scanning C:\Windows\system32\drivers
13:21:53.259 Service scanning
13:22:13.913 Modules scanning
13:22:19.436 Disk 0 trace - called modules:
13:22:19.451 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll
13:22:19.451 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86886810]
13:22:19.467 3 CLASSPNP.SYS[8b59359e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85134028]
13:22:21.199 AVAST engine scan C:\Windows
13:22:23.523 AVAST engine scan C:\Windows\system32
13:25:28.040 AVAST engine scan C:\Windows\system32\drivers
13:25:44.280 AVAST engine scan C:\Users\Brian
13:28:11.076 AVAST engine scan C:\ProgramData
13:30:20.806 Scan finished successfully
13:43:49.465 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
13:43:49.527 The log file has been saved successfully to "E:\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 10 September 2012 - 01:03 PM

Greetings ballen622

That file is fine.

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\ConduitEngine

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ballen622

ballen622
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 10 September 2012 - 01:34 PM

Again CF gave me a warning that MSE was active, but I don't think it is. The computer is allowing me to run these scans & fixes and seems stable. The CF scan did not encounter any problems. Here is the log:

ComboFix 12-09-10.04 - Brian 09/10/2012 14:19:18.2.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3006.2295 [GMT -4:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
Command switches used :: c:\users\Brian\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg
.
.
((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-10 18:25 . 2012-09-10 18:25 -------- d-----w- c:\users\Brian\AppData\Local\temp
2012-09-10 18:25 . 2012-09-10 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-10 17:30 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDBC0EFE-0EB0-4069-85C6-FDF19D720F06}\mpengine.dll
2012-09-06 22:15 . 2012-09-06 22:15 -------- d-----w- C:\FRST
2012-08-27 12:17 . 2012-02-09 18:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03D886A4-AE73-465C-966C-4A5EC13EB695}\gapaengine.dll
2012-08-27 12:17 . 2012-08-20 05:53 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-27 12:14 . 2012-08-27 12:14 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-24 17:00 . 2012-08-24 17:00 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-23 17:07 . 2012-08-23 17:08 -------- d-----w- c:\programdata\036DFF5B00482ED415B2FFE4F875EF7E
2012-08-15 05:39 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 05:39 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 05:39 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 05:39 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 05:39 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 05:39 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 05:39 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2012-08-06 17:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-11-29 20:26 3908192 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-04-09 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-07-14 24576]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe" [2012-02-10 167584]
"BbInstallUser"="c:\program files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe" [2012-03-23 48216]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTxfiReg.exe" [2009-07-14 47104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl47ce3be0;MpKsl47ce3be0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B1A77A6-59C1-4FE2-8476-7E2335262A51}\MpKsl47ce3be0.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [x]
R2 FileOpenManagerSvc;FileOpenManagerSvc;c:\programdata\FileOpen\Services\FileOpenManagerSvc32.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [x]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [x]
R2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\DRIVERS\OlyCamComm.sys [x]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 15:47]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 15:47]
.
2012-09-10 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 19:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\program files\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-conduitEngine - c:\program files\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"=hex:51,66,7a,6c,4c,1d,38,12,60,59,f4,
a5,a5,0d,c6,0e,c4,46,a2,df,b3,36,d4,e0
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d0,68,eb,f5,2c,84,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-10 14:26:22
ComboFix-quarantined-files.txt 2012-09-10 18:26
ComboFix2.txt 2012-09-10 16:53
.
Pre-Run: 249,614,905,344 bytes free
Post-Run: 249,676,550,144 bytes free
.
- - End Of File - - 8E82B335847C8EB9D17F7674E34940A6

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 10 September 2012 - 02:44 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ballen622

ballen622
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 10 September 2012 - 05:00 PM

Update for Microsoft Office 2007 (KB2508958)
2010 Florida Complete Collection
Able2Extract 7.0
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe AIR
Adobe Community Help
Adobe InDesign CS5
Adobe Media Player
Adobe Photoshop 6.0
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Adobe SVG Viewer
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ashampoo Burning Studio 6 FREE v.6.80
AutoCAD 2008 - English
Autodesk DWF Viewer 7
Binreader
Bluebeam Revu 10
Bluewater Racing 1.52
CDRoller version 9.30
Citrix online plug-in (Web)
Conduit Engine
Creative Audio Control Panel
Creative Console Launcher
Creative Software AutoUpdate
Creative Sound Blaster Properties
CutePDF Writer 2.8
D3DX10
DHTML Editing Component
DivX Setup
Dolby Digital Live Pack
DWGdirectX 3.2
E-CAT / E20 Configuration Services
EasyLog USB
EnergyGauge USA
EnergyGaugeSummit
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSTOOLS
essvatgt
ExtractNow
FastStone Image Viewer 4.3
FileOpen Client
Fugawi 4.5
FugVS2005
Google Earth
Google Update Helper
GrabIt 1.7.2 Beta 4 (build 997)
HangerCAD 2000
HP LaserJet P1500 series
HPCarePackCore
HPCarePackProducts
HPSSupply
iDEN Download Apps Utility
iDEN i580 CP R5C.00.05 Upgrade Utility
IsoBuster 2.8.5
Java Auto Updater
Java™ 6 Update 30
Kodak EasyShare software
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft IntelliType Pro 8.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MotoHelper 2.0.51 Driver 5.1.0
MotoHelper MergeModules
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.1.0
MPS Prolog LT
MrvlUsgTracking
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyAshampoo Toolbar
netbrdg
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Performance Drivers
OfotoXMI
OpenAL
OpenCPN 2.3.1
Pandora
PDF Settings CS5
PolarCOM
PVSonyDll
RegCure
REScheck 4.4.3.1 (Current User)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SFR
SHASTA
skin0001
SKINXSDK
Sound Blaster X-Fi
staticcr
SUPERAntiSpyware
SureTrak 3.0a
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VBA (2627.01)
VC80CRTRedist - 8.0.50727.6195
VirtualCloneDrive
VirtualLab Client 6.0.14
Visual Lighting Software
VLC media player 1.1.7
VPRINTOL
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
windroplr version 1.3.2
WIRELESS

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 10 September 2012 - 08:42 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Conduit Engine
Java™ 6 Update 30
RegCure
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users