Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirection problems


  • This topic is locked This topic is locked
24 replies to this topic

#1 pat2452

pat2452

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 11 October 2012 - 09:21 PM

I use mostly Internet Explorer and google as my search page. Today, I've been getting nothing but redirect pages from popular sites once I click on them from google. I've been mostly redirected to Scour. I upgraded to the newest free Norton and Malawarebytes and the full system scans came back clean. I uninstalled Java, Adobe reader, google toolbar, and firefox. I upgraded to the latest versions of Java, Adobe reader, google chrome, and Firefox. I've been reading your forums on other similar topics and ran a TDSSKiller which also came back clean. I then ran aswMBR and one line came back "infected". This has been the only infection I can find today after all the different scans I did. Note that I have not updated anything regarding Internet Explorer. Below please fine my aswMBR log results. I do not know the next step. Thank you very much in advance.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-11 21:25:04
-----------------------------
21:25:04.304 OS Version: Windows x64 6.1.7601 Service Pack 1
21:25:04.304 Number of processors: 4 586 0x2A07
21:25:04.304 ComputerName: DESK-1 UserName: Admin
21:25:07.704 Initialize success
21:25:15.594 AVAST engine defs: 12101101
21:26:16.336 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:26:16.336 Disk 0 Vendor: ST325031 JC47 Size: 238475MB BusType: 3
21:26:16.346 Disk 0 MBR read successfully
21:26:16.346 Disk 0 MBR scan
21:26:16.346 Disk 0 Windows VISTA default MBR code
21:26:16.356 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
21:26:16.366 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 752 MB offset 81920
21:26:16.386 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237680 MB offset 1622016
21:26:16.406 Disk 0 scanning C:\Windows\system32\drivers
21:26:24.756 Service scanning
21:26:46.804 Modules scanning
21:26:46.804 Disk 0 trace - called modules:
21:26:46.824 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:26:47.154 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006290060]
21:26:47.154 3 CLASSPNP.SYS[fffff880015c243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005030050]
21:26:49.514 AVAST engine scan C:\Windows
21:26:52.434 AVAST engine scan C:\Windows\system32
21:29:28.224 AVAST engine scan C:\Windows\system32\drivers
21:29:39.844 AVAST engine scan C:\Users\Admin
21:29:41.304 File: C:\Users\Admin\AppData\Local\Apps\Adobe\uojzklu.dll **INFECTED** Win32:BHO-AHA [Trj]
21:33:51.824 AVAST engine scan C:\ProgramData
21:34:53.149 Scan finished successfully
21:36:34.469 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
21:36:34.479 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-11 21:55:46
-----------------------------
21:55:46.985 OS Version: Windows x64 6.1.7601 Service Pack 1
21:55:46.985 Number of processors: 4 586 0x2A07
21:55:46.985 ComputerName: DESK-1 UserName: Admin
21:55:48.155 Initialize success
21:55:56.220 AVAST engine defs: 12101101
21:56:35.412 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:56:35.412 Disk 0 Vendor: ST325031 JC47 Size: 238475MB BusType: 3
21:56:35.428 Disk 0 MBR read successfully
21:56:35.428 Disk 0 MBR scan
21:56:35.428 Disk 0 Windows VISTA default MBR code
21:56:35.443 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
21:56:35.459 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 752 MB offset 81920
21:56:35.459 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237680 MB offset 1622016
21:56:35.490 Disk 0 scanning C:\Windows\system32\drivers
21:56:46.176 Service scanning
21:57:10.434 Modules scanning
21:57:10.434 Disk 0 trace - called modules:
21:57:10.450 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:57:10.965 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006290060]
21:57:10.965 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800442e050]
21:57:13.773 AVAST engine scan C:\Windows
21:57:16.222 AVAST engine scan C:\Windows\system32
22:00:07.073 AVAST engine scan C:\Windows\system32\drivers
22:00:18.415 AVAST engine scan C:\Users\Admin
22:00:19.741 File: C:\Users\Admin\AppData\Local\Apps\Adobe\uojzklu.dll **INFECTED** Win32:BHO-AHA [Trj]
22:00:44.451 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
22:00:44.451 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 AM

Posted 12 October 2012 - 12:36 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pat2452

pat2452
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 12 October 2012 - 05:42 PM

Thank you Gringo.

I was able to run the Security Check and the Rogue Killer. My computer wouldn't let me run AdwCleaner.

Security Check results

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java 7 Update 7
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.1)
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````


Rogue Killer Results

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : Remove -- Date : 10/12/2012 18:38:01

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] FreeScreenSharing.exe -- C:\Users\Admin\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe -> KILLED [TermProc]
[SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Admin\AppData\Local\Apps\Adobe\uojzklu.dll -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : FreeScreenSharing ("C:\Users\Admin\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe") -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Adobe (rundll32.exe "C:\Users\Admin\AppData\Local\Apps\Adobe\uojzklu.dll",DllRegisterServerW) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

69.25.74.37 MAIL007 #Exchange Hosting 07/28/11 17:19:45

69.25.75.251 MAIL091 #Exchange Hosting 07/28/11 17:19:45

69.25.75.251 MAIL091.mail.lan #Exchange Hosting 07/28/11 17:19:45

69.25.75.245 MAIL005 #Exchange Hosting 07/28/11 17:19:45

69.25.75.245 MAIL005.mail.lan #Exchange Hosting 07/28/11 17:19:45

64.95.72.204 BE034 #Exchange Hosting 07/28/11 17:19:45

64.95.72.204 BE034.mail.lan #Exchange Hosting 07/28/11 17:19:45

69.25.75.242 MAIL092 #Exchange Hosting 07/28/11 17:19:45

69.25.75.242 MAIL092.mail.lan #Exchange Hosting 07/28/11 17:19:45

74.201.97.112 MAILR012 #Exchange Hosting 07/28/11 17:19:45

74.201.97.112 MAILR012.mail.lan #Exchange Hosting 07/28/11 17:19:45



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250312AS +++++
--- User ---
[MBR] 6d26ca34f272a0635e565752957b15ba
[BSP] 47609f065fc7342b732ef669d3a74df9 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 752 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1622016 | Size: 237680 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Please advise. Thank you very much.

-Patrick

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 AM

Posted 12 October 2012 - 07:05 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pat2452

pat2452
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 12 October 2012 - 07:49 PM

ComboFix 12-10-12.01 - Admin 10/12/2012 20:27:34.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4053.2413 [GMT -4:00]
Running from: c:\users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OP8KQ6T\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 )))))))))))))))))))))))))))))))
.
.
2012-10-13 00:31 . 2012-10-13 00:31 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-10-13 00:31 . 2012-10-13 00:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-12 01:48 . 2012-10-12 01:48 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-12 01:48 . 2012-10-11 01:06 261600 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-10-12 01:48 . 2012-10-11 01:06 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-12 01:48 . 2012-10-11 01:06 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-12 01:48 . 2012-10-11 01:05 192600 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-10-12 01:48 . 2012-10-11 01:05 124384 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-10-12 01:48 . 2012-10-11 01:05 115168 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-10-12 01:48 . 2012-10-11 01:05 2559968 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-10-12 01:48 . 2012-10-11 01:05 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-10-12 01:48 . 2012-10-11 01:05 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-10-12 01:48 . 2012-10-11 01:05 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-10-12 01:15 . 2012-10-12 01:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-12 01:14 . 2012-10-12 01:14 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-12 01:14 . 2012-10-12 01:14 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-12 01:14 . 2012-10-12 01:14 -------- d-----w- c:\program files (x86)\Java
2012-10-12 01:14 . 2012-10-12 01:14 -------- d-----w- c:\programdata\McAfee
2012-10-11 22:09 . 2012-10-11 22:09 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-10-11 22:09 . 2012-10-11 22:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-11 22:09 . 2012-10-11 22:09 -------- d-----w- c:\programdata\Malwarebytes
2012-10-11 22:09 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-11 20:44 . 2012-09-19 04:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF97CFB4-F767-43DD-A38A-304BDFC938E3}\mpengine.dll
2012-10-11 19:37 . 2012-10-11 19:37 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-10-11 19:31 . 2012-10-11 19:31 -------- d-----w- C:\N360_BACKUP
2012-10-11 19:29 . 2012-10-11 19:29 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-10-11 19:29 . 2012-10-11 19:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-10-11 19:28 . 2012-10-11 20:35 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-10-11 19:28 . 2012-10-11 19:28 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-10-11 19:28 . 2012-10-11 19:28 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-10-11 19:22 . 2012-10-12 00:56 -------- d-----w- c:\windows\system32\appmgmt
2012-10-11 19:22 . 2012-10-11 19:29 -------- d-----w- c:\program files\Symantec
2012-10-11 19:16 . 2012-10-11 19:28 -------- d-----w- c:\programdata\Norton
2012-10-11 19:14 . 2012-10-11 19:14 -------- d-----w- c:\users\Admin\AppData\Local\White_Sky,_Inc
2012-10-11 19:14 . 2012-10-11 19:14 -------- d-----w- c:\programdata\IsolatedStorage
2012-10-11 19:14 . 2012-10-11 21:59 -------- d-----w- c:\users\Admin\AppData\Local\ID Vault
2012-10-11 19:13 . 2012-10-11 21:59 -------- d-----w- c:\users\Admin\AppData\Roaming\ID Vault
2012-10-11 19:12 . 2012-10-11 22:00 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2012-10-11 19:12 . 2012-10-11 19:12 -------- d-----w- c:\programdata\White Sky, Inc
2012-10-10 13:19 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 13:19 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 13:19 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 13:19 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 13:18 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 13:18 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 13:18 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 13:18 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 13:18 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 13:18 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 13:18 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 13:18 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-09-28 19:52 . 2012-09-28 19:52 -------- d-----w- c:\programdata\Ezprint
2012-09-28 19:40 . 2010-04-14 19:08 295592 ----a-w- c:\windows\system32\LXECwupd.exe
2012-09-28 19:40 . 2010-02-22 09:09 510464 ----a-w- c:\windows\system32\LXECwupd.dll
2012-09-28 19:37 . 2012-09-28 19:37 -------- d-----w- C:\Lexmark
2012-09-28 19:29 . 2012-09-28 20:30 -------- d-----w- c:\programdata\lx_Cats
2012-09-28 19:29 . 2009-11-04 17:18 189440 ----a-w- c:\windows\system32\Spool\prtprocs\x64\lxecdrpp.dll
2012-09-28 19:29 . 2012-09-28 19:40 -------- d-----w- c:\program files\Lexmark Pro800-Pro900 Series
2012-09-28 19:19 . 2012-09-28 19:39 -------- d-----w- c:\program files\Lexmark
2012-09-26 13:20 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 01:14 . 2011-06-01 01:01 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-11 07:02 . 2011-06-09 17:55 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-22 18:12 . 2012-09-12 16:13 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 16:13 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 16:13 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 16:13 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 13:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 16:13 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 16:13 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-18 18:15 . 2012-08-15 14:03 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-17 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-12-03 112152]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2011-8-1 77824]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2011-8-1 15360]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-8-1 1146880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 136176]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-15 45736]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 115168]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-09 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-09-28 1385120]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121011.001\IDSvia64.sys [2012-10-10 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2011-11-17 405624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 165032]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-15 1052328]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-10-28 315568]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-11 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 15:00]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 15:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2010-10-04 2907240]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-23 148280]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7hv7fggx.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-10-12 20:36:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-13 00:36
.
Pre-Run: 204,740,370,432 bytes free
Post-Run: 204,584,747,008 bytes free
.
- - End Of File - - 4ABF9EEE4B1DD2DF1937020ABB91EB7E




The computer seems to be running smoothly now. I tried roughly 10-15 google sites and haven't received any redirects. Is there a next step? I was thinking about removing everything but Norton and Malawarebytes. Thoughts? I can't thank you enough!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 AM

Posted 13 October 2012 - 04:49 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pat2452

pat2452
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 13 October 2012 - 11:59 AM

tdsskiller

12:43:25.0746 26564 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:43:26.0151 26564 ============================================================
12:43:26.0151 26564 Current date / time: 2012/10/13 12:43:26.0151
12:43:26.0151 26564 SystemInfo:
12:43:26.0151 26564
12:43:26.0151 26564 OS Version: 6.1.7601 ServicePack: 1.0
12:43:26.0151 26564 Product type: Workstation
12:43:26.0151 26564 ComputerName: DESK-1
12:43:26.0151 26564 UserName: Admin
12:43:26.0151 26564 Windows directory: C:\Windows
12:43:26.0151 26564 System windows directory: C:\Windows
12:43:26.0151 26564 Running under WOW64
12:43:26.0151 26564 Processor architecture: Intel x64
12:43:26.0151 26564 Number of processors: 4
12:43:26.0151 26564 Page size: 0x1000
12:43:26.0151 26564 Boot type: Normal boot
12:43:26.0151 26564 ============================================================
12:43:26.0548 26564 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:43:26.0548 26564 ============================================================
12:43:26.0548 26564 \Device\Harddisk0\DR0:
12:43:26.0548 26564 MBR partitions:
12:43:26.0548 26564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x178000
12:43:26.0548 26564 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18C000, BlocksNum 0x1D038000
12:43:26.0548 26564 ============================================================
12:43:26.0579 26564 C: <-> \Device\Harddisk0\DR0\Partition2
12:43:26.0579 26564 ============================================================
12:43:26.0579 26564 Initialize success
12:43:26.0579 26564 ============================================================
12:43:34.0554 26000 ============================================================
12:43:34.0554 26000 Scan started
12:43:34.0554 26000 Mode: Manual;
12:43:34.0554 26000 ============================================================
12:43:35.0593 26000 ================ Scan system memory ========================
12:43:35.0593 26000 System memory - ok
12:43:35.0593 26000 ================ Scan services =============================
12:43:35.0874 26000 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:43:35.0889 26000 1394ohci - ok
12:43:35.0936 26000 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:43:35.0936 26000 ACPI - ok
12:43:35.0967 26000 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:43:35.0967 26000 AcpiPmi - ok
12:43:36.0076 26000 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:43:36.0076 26000 AdobeARMservice - ok
12:43:36.0186 26000 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:43:36.0186 26000 AdobeFlashPlayerUpdateSvc - ok
12:43:36.0217 26000 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:43:36.0232 26000 adp94xx - ok
12:43:36.0264 26000 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:43:36.0279 26000 adpahci - ok
12:43:36.0295 26000 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:43:36.0295 26000 adpu320 - ok
12:43:36.0328 26000 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:43:36.0331 26000 AeLookupSvc - ok
12:43:36.0401 26000 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:43:36.0406 26000 AFD - ok
12:43:36.0445 26000 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:43:36.0445 26000 agp440 - ok
12:43:36.0445 26000 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:43:36.0460 26000 ALG - ok
12:43:36.0491 26000 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:43:36.0491 26000 aliide - ok
12:43:36.0523 26000 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:43:36.0523 26000 AMD External Events Utility - ok
12:43:36.0554 26000 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:43:36.0554 26000 amdide - ok
12:43:36.0569 26000 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:43:36.0569 26000 AmdK8 - ok
12:43:36.0725 26000 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:43:36.0913 26000 amdkmdag - ok
12:43:36.0959 26000 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:43:36.0959 26000 amdkmdap - ok
12:43:37.0006 26000 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:43:37.0006 26000 AmdPPM - ok
12:43:37.0671 26000 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:43:37.0686 26000 amdsata - ok
12:43:37.0702 26000 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:43:37.0702 26000 amdsbs - ok
12:43:37.0733 26000 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:43:37.0733 26000 amdxata - ok
12:43:37.0764 26000 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:43:37.0764 26000 AppID - ok
12:43:37.0780 26000 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:43:37.0780 26000 AppIDSvc - ok
12:43:37.0796 26000 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:43:37.0796 26000 Appinfo - ok
12:43:37.0842 26000 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:43:37.0842 26000 AppMgmt - ok
12:43:37.0874 26000 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:43:37.0874 26000 arc - ok
12:43:37.0889 26000 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:43:37.0905 26000 arcsas - ok
12:43:37.0983 26000 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:43:37.0983 26000 aspnet_state - ok
12:43:38.0014 26000 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:43:38.0014 26000 AsyncMac - ok
12:43:38.0061 26000 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:43:38.0061 26000 atapi - ok
12:43:38.0123 26000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:43:38.0139 26000 AudioEndpointBuilder - ok
12:43:38.0154 26000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:43:38.0154 26000 AudioSrv - ok
12:43:38.0201 26000 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:43:38.0201 26000 AxInstSV - ok
12:43:38.0248 26000 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:43:38.0264 26000 b06bdrv - ok
12:43:38.0295 26000 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:43:38.0295 26000 b57nd60a - ok
12:43:38.0342 26000 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:43:38.0342 26000 BDESVC - ok
12:43:38.0360 26000 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:43:38.0360 26000 Beep - ok
12:43:38.0401 26000 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:43:38.0421 26000 BFE - ok
12:43:38.0629 26000 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
12:43:38.0645 26000 BHDrvx64 - ok
12:43:38.0692 26000 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
12:43:38.0707 26000 BITS - ok
12:43:38.0754 26000 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:43:38.0754 26000 blbdrive - ok
12:43:38.0785 26000 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:43:38.0785 26000 bowser - ok
12:43:38.0816 26000 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:43:38.0816 26000 BrFiltLo - ok
12:43:38.0832 26000 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:43:38.0832 26000 BrFiltUp - ok
12:43:38.0879 26000 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:43:38.0879 26000 BridgeMP - ok
12:43:38.0910 26000 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:43:38.0910 26000 Browser - ok
12:43:38.0926 26000 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:43:38.0926 26000 Brserid - ok
12:43:38.0941 26000 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:43:38.0941 26000 BrSerWdm - ok
12:43:38.0957 26000 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:43:38.0957 26000 BrUsbMdm - ok
12:43:38.0972 26000 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:43:38.0972 26000 BrUsbSer - ok
12:43:38.0972 26000 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:43:38.0988 26000 BTHMODEM - ok
12:43:39.0019 26000 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:43:39.0019 26000 bthserv - ok
12:43:39.0050 26000 catchme - ok
12:43:39.0128 26000 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
12:43:39.0144 26000 ccSet_N360 - ok
12:43:39.0175 26000 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:43:39.0175 26000 cdfs - ok
12:43:39.0206 26000 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:43:39.0206 26000 cdrom - ok
12:43:39.0238 26000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:43:39.0253 26000 CertPropSvc - ok
12:43:39.0284 26000 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:43:39.0284 26000 circlass - ok
12:43:39.0316 26000 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:43:39.0316 26000 CLFS - ok
12:43:39.0347 26000 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:43:39.0347 26000 clr_optimization_v2.0.50727_32 - ok
12:43:39.0388 26000 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:43:39.0391 26000 clr_optimization_v2.0.50727_64 - ok
12:43:39.0422 26000 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:43:39.0422 26000 clr_optimization_v4.0.30319_32 - ok
12:43:39.0445 26000 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:43:39.0445 26000 clr_optimization_v4.0.30319_64 - ok
12:43:39.0481 26000 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
12:43:39.0481 26000 CmBatt - ok
12:43:39.0497 26000 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:43:39.0497 26000 cmdide - ok
12:43:39.0528 26000 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:43:39.0543 26000 CNG - ok
12:43:39.0543 26000 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:43:39.0559 26000 Compbatt - ok
12:43:39.0575 26000 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:43:39.0590 26000 CompositeBus - ok
12:43:39.0590 26000 COMSysApp - ok
12:43:39.0621 26000 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:43:39.0621 26000 crcdisk - ok
12:43:39.0668 26000 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:43:39.0668 26000 CryptSvc - ok
12:43:39.0684 26000 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
12:43:39.0699 26000 CSC - ok
12:43:39.0715 26000 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
12:43:39.0731 26000 CscService - ok
12:43:39.0777 26000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:43:39.0777 26000 DcomLaunch - ok
12:43:39.0824 26000 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:43:39.0824 26000 defragsvc - ok
12:43:39.0840 26000 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:43:39.0840 26000 DfsC - ok
12:43:39.0887 26000 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:43:39.0887 26000 Dhcp - ok
12:43:39.0933 26000 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:43:39.0933 26000 discache - ok
12:43:39.0965 26000 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:43:39.0965 26000 Disk - ok
12:43:40.0011 26000 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
12:43:40.0011 26000 dmvsc - ok
12:43:40.0027 26000 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:43:40.0027 26000 Dnscache - ok
12:43:40.0058 26000 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:43:40.0058 26000 dot3svc - ok
12:43:40.0074 26000 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:43:40.0074 26000 DPS - ok
12:43:40.0121 26000 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:43:40.0121 26000 drmkaud - ok
12:43:40.0152 26000 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:43:40.0183 26000 DXGKrnl - ok
12:43:40.0214 26000 [ 60633132A929C09FE78FAB16541F9E71 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
12:43:40.0214 26000 e1cexpress - ok
12:43:40.0230 26000 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:43:40.0230 26000 EapHost - ok
12:43:40.0308 26000 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:43:40.0355 26000 ebdrv - ok
12:43:40.0421 26000 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:43:40.0429 26000 eeCtrl - ok
12:43:40.0465 26000 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:43:40.0465 26000 EFS - ok
12:43:40.0512 26000 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:43:40.0528 26000 ehRecvr - ok
12:43:40.0559 26000 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:43:40.0559 26000 ehSched - ok
12:43:40.0590 26000 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:43:40.0621 26000 elxstor - ok
12:43:40.0684 26000 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:43:40.0684 26000 EraserUtilRebootDrv - ok
12:43:40.0684 26000 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:43:40.0684 26000 ErrDev - ok
12:43:40.0746 26000 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:43:40.0746 26000 EventSystem - ok
12:43:40.0762 26000 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:43:40.0762 26000 exfat - ok
12:43:40.0793 26000 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:43:40.0793 26000 fastfat - ok
12:43:40.0840 26000 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:43:40.0855 26000 Fax - ok
12:43:40.0871 26000 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:43:40.0871 26000 fdc - ok
12:43:40.0902 26000 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:43:40.0902 26000 fdPHost - ok
12:43:40.0918 26000 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:43:40.0918 26000 FDResPub - ok
12:43:40.0949 26000 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:43:40.0949 26000 FileInfo - ok
12:43:40.0964 26000 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:43:40.0964 26000 Filetrace - ok
12:43:40.0996 26000 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:43:40.0996 26000 flpydisk - ok
12:43:41.0011 26000 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:43:41.0011 26000 FltMgr - ok
12:43:41.0058 26000 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:43:41.0074 26000 FontCache - ok
12:43:41.0105 26000 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:43:41.0105 26000 FontCache3.0.0.0 - ok
12:43:41.0120 26000 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:43:41.0120 26000 FsDepends - ok
12:43:41.0167 26000 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:43:41.0167 26000 Fs_Rec - ok
12:43:41.0214 26000 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:43:41.0214 26000 fvevol - ok
12:43:41.0245 26000 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:43:41.0245 26000 gagp30kx - ok
12:43:41.0276 26000 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:43:41.0292 26000 gpsvc - ok
12:43:41.0339 26000 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:43:41.0339 26000 gupdate - ok
12:43:41.0370 26000 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:43:41.0370 26000 gupdatem - ok
12:43:41.0406 26000 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:43:41.0406 26000 gusvc - ok
12:43:41.0442 26000 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:43:41.0442 26000 hcw85cir - ok
12:43:41.0470 26000 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:43:41.0470 26000 HDAudBus - ok
12:43:41.0486 26000 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:43:41.0486 26000 HidBatt - ok
12:43:41.0502 26000 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:43:41.0502 26000 HidBth - ok
12:43:41.0517 26000 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:43:41.0533 26000 HidIr - ok
12:43:41.0548 26000 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:43:41.0548 26000 hidserv - ok
12:43:41.0580 26000 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:43:41.0580 26000 HidUsb - ok
12:43:41.0626 26000 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:43:41.0626 26000 hkmsvc - ok
12:43:41.0658 26000 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:43:41.0658 26000 HomeGroupListener - ok
12:43:41.0689 26000 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:43:41.0689 26000 HomeGroupProvider - ok
12:43:41.0736 26000 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:43:41.0736 26000 HpSAMD - ok
12:43:41.0782 26000 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:43:41.0798 26000 HTTP - ok
12:43:41.0829 26000 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:43:41.0829 26000 hwpolicy - ok
12:43:41.0845 26000 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:43:41.0860 26000 i8042prt - ok
12:43:41.0876 26000 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys
12:43:41.0876 26000 iaStor - ok
12:43:41.0954 26000 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:43:41.0954 26000 IAStorDataMgrSvc - ok
12:43:41.0985 26000 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:43:41.0985 26000 iaStorV - ok
12:43:42.0032 26000 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:43:42.0048 26000 idsvc - ok
12:43:42.0141 26000 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121012.001\IDSvia64.sys
12:43:42.0157 26000 IDSVia64 - ok
12:43:42.0204 26000 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:43:42.0204 26000 iirsp - ok
12:43:42.0235 26000 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:43:42.0250 26000 IKEEXT - ok
12:43:42.0328 26000 [ 19F9D8F7C996D5AE22E913491C912009 ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHD64.sys
12:43:42.0375 26000 IntcAzAudAddService - ok
12:43:42.0425 26000 [ 28D387EEFAD7CC3A0BEB9C3262E83ADD ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
12:43:42.0427 26000 Intel® PROSet Monitoring Service - ok
12:43:42.0466 26000 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:43:42.0466 26000 intelide - ok
12:43:42.0507 26000 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:43:42.0507 26000 intelppm - ok
12:43:42.0538 26000 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:43:42.0538 26000 IPBusEnum - ok
12:43:42.0569 26000 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:43:42.0585 26000 IpFilterDriver - ok
12:43:42.0616 26000 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:43:42.0632 26000 iphlpsvc - ok
12:43:42.0663 26000 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:43:42.0663 26000 IPMIDRV - ok
12:43:42.0663 26000 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:43:42.0663 26000 IPNAT - ok
12:43:42.0694 26000 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:43:42.0694 26000 IRENUM - ok
12:43:42.0725 26000 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:43:42.0725 26000 isapnp - ok
12:43:42.0741 26000 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:43:42.0757 26000 iScsiPrt - ok
12:43:42.0803 26000 [ 3B794CA0DE73790420DEBA3C759F1502 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
12:43:42.0803 26000 jhi_service - ok
12:43:42.0835 26000 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:43:42.0835 26000 kbdclass - ok
12:43:42.0866 26000 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:43:42.0866 26000 kbdhid - ok
12:43:42.0881 26000 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:43:42.0881 26000 KeyIso - ok
12:43:42.0897 26000 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:43:42.0913 26000 KSecDD - ok
12:43:42.0944 26000 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:43:42.0944 26000 KSecPkg - ok
12:43:42.0959 26000 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:43:42.0975 26000 ksthunk - ok
12:43:42.0991 26000 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:43:43.0006 26000 KtmRm - ok
12:43:43.0053 26000 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:43:43.0053 26000 LanmanServer - ok
12:43:43.0069 26000 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:43:43.0069 26000 LanmanWorkstation - ok
12:43:43.0100 26000 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:43:43.0100 26000 lltdio - ok
12:43:43.0131 26000 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:43:43.0131 26000 lltdsvc - ok
12:43:43.0162 26000 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:43:43.0162 26000 lmhosts - ok
12:43:43.0225 26000 [ DB083F1D27BA8A59CABB00F0A0FB6F84 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:43:43.0225 26000 LMS - ok
12:43:43.0271 26000 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:43:43.0271 26000 LSI_FC - ok
12:43:43.0271 26000 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:43:43.0271 26000 LSI_SAS - ok
12:43:43.0287 26000 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:43:43.0287 26000 LSI_SAS2 - ok
12:43:43.0303 26000 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:43:43.0303 26000 LSI_SCSI - ok
12:43:43.0334 26000 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:43:43.0334 26000 luafv - ok
12:43:43.0427 26000 [ 1F02B554DDC4086D786537A3BF6488F1 ] lxecCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe
12:43:43.0432 26000 lxecCATSCustConnectService - ok
12:43:43.0435 26000 lxec_device - ok
12:43:43.0474 26000 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:43:43.0489 26000 MBAMProtector - ok
12:43:43.0546 26000 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:43:43.0546 26000 MBAMScheduler - ok
12:43:43.0593 26000 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:43:43.0608 26000 MBAMService - ok
12:43:43.0640 26000 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:43:43.0640 26000 Mcx2Svc - ok
12:43:43.0655 26000 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:43:43.0655 26000 megasas - ok
12:43:43.0686 26000 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:43:43.0686 26000 MegaSR - ok
12:43:43.0749 26000 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:43:43.0749 26000 MEIx64 - ok
12:43:43.0780 26000 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:43:43.0796 26000 MMCSS - ok
12:43:43.0811 26000 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:43:43.0811 26000 Modem - ok
12:43:43.0842 26000 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:43:43.0842 26000 monitor - ok
12:43:43.0874 26000 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:43:43.0874 26000 mouclass - ok
12:43:43.0905 26000 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:43:43.0905 26000 mouhid - ok
12:43:43.0936 26000 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:43:43.0936 26000 mountmgr - ok
12:43:43.0983 26000 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:43:43.0983 26000 MozillaMaintenance - ok
12:43:43.0998 26000 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:43:43.0998 26000 mpio - ok
12:43:44.0014 26000 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:43:44.0014 26000 mpsdrv - ok
12:43:44.0045 26000 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:43:44.0076 26000 MpsSvc - ok
12:43:44.0076 26000 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:43:44.0092 26000 MRxDAV - ok
12:43:44.0108 26000 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:43:44.0108 26000 mrxsmb - ok
12:43:44.0139 26000 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:43:44.0139 26000 mrxsmb10 - ok
12:43:44.0154 26000 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:43:44.0154 26000 mrxsmb20 - ok
12:43:44.0170 26000 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:43:44.0170 26000 msahci - ok
12:43:44.0201 26000 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:43:44.0201 26000 msdsm - ok
12:43:44.0217 26000 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:43:44.0232 26000 MSDTC - ok
12:43:44.0248 26000 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:43:44.0248 26000 Msfs - ok
12:43:44.0279 26000 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:43:44.0279 26000 mshidkmdf - ok
12:43:44.0295 26000 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:43:44.0295 26000 msisadrv - ok
12:43:44.0326 26000 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:43:44.0326 26000 MSiSCSI - ok
12:43:44.0326 26000 msiserver - ok
12:43:44.0357 26000 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:43:44.0357 26000 MSKSSRV - ok
12:43:44.0373 26000 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:43:44.0373 26000 MSPCLOCK - ok
12:43:44.0388 26000 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:43:44.0388 26000 MSPQM - ok
12:43:44.0404 26000 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:43:44.0420 26000 MsRPC - ok
12:43:44.0435 26000 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:43:44.0435 26000 mssmbios - ok
12:43:44.0435 26000 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:43:44.0451 26000 MSTEE - ok
12:43:44.0461 26000 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:43:44.0463 26000 MTConfig - ok
12:43:44.0463 26000 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:43:44.0479 26000 Mup - ok
12:43:44.0647 26000 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe
12:43:44.0647 26000 N360 - ok
12:43:45.0006 26000 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:43:45.0022 26000 napagent - ok
12:43:45.0069 26000 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:43:45.0069 26000 NativeWifiP - ok
12:43:45.0131 26000 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121012.020\ENG64.SYS
12:43:45.0131 26000 NAVENG - ok
12:43:45.0193 26000 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121012.020\EX64.SYS
12:43:45.0225 26000 NAVEX15 - ok
12:43:45.0271 26000 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:43:45.0303 26000 NDIS - ok
12:43:45.0334 26000 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:43:45.0334 26000 NdisCap - ok
12:43:45.0365 26000 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:43:45.0365 26000 NdisTapi - ok
12:43:45.0381 26000 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:43:45.0381 26000 Ndisuio - ok
12:43:45.0396 26000 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:43:45.0396 26000 NdisWan - ok
12:43:45.0427 26000 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:43:45.0427 26000 NDProxy - ok
12:43:45.0466 26000 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:43:45.0469 26000 NetBIOS - ok
12:43:45.0471 26000 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:43:45.0471 26000 NetBT - ok
12:43:45.0487 26000 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:43:45.0487 26000 Netlogon - ok
12:43:45.0523 26000 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:43:45.0541 26000 Netman - ok
12:43:45.0575 26000 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:43:45.0575 26000 NetMsmqActivator - ok
12:43:45.0575 26000 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:43:45.0590 26000 NetPipeActivator - ok
12:43:45.0606 26000 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:43:45.0606 26000 netprofm - ok
12:43:45.0606 26000 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:43:45.0606 26000 NetTcpActivator - ok
12:43:45.0621 26000 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:43:45.0621 26000 NetTcpPortSharing - ok
12:43:45.0653 26000 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
12:43:45.0653 26000 netvsc - ok
12:43:45.0699 26000 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:43:45.0699 26000 nfrd960 - ok
12:43:45.0731 26000 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:43:45.0746 26000 NlaSvc - ok
12:43:45.0762 26000 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:43:45.0762 26000 Npfs - ok
12:43:45.0777 26000 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:43:45.0777 26000 nsi - ok
12:43:45.0777 26000 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:43:45.0777 26000 nsiproxy - ok
12:43:45.0824 26000 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:43:45.0871 26000 Ntfs - ok
12:43:45.0887 26000 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:43:45.0887 26000 Null - ok
12:43:45.0933 26000 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:43:45.0933 26000 nvraid - ok
12:43:45.0965 26000 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:43:45.0965 26000 nvstor - ok
12:43:45.0980 26000 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:43:45.0980 26000 nv_agp - ok
12:43:45.0996 26000 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:43:45.0996 26000 ohci1394 - ok
12:43:46.0043 26000 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:43:46.0043 26000 ose - ok
12:43:46.0167 26000 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:43:46.0183 26000 osppsvc - ok
12:43:46.0199 26000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:43:46.0199 26000 p2pimsvc - ok
12:43:46.0230 26000 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:43:46.0230 26000 p2psvc - ok
12:43:46.0261 26000 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:43:46.0261 26000 Parport - ok
12:43:46.0292 26000 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:43:46.0292 26000 partmgr - ok
12:43:46.0339 26000 [ 363B3F857ABEE85767E01E3044C539CD ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
12:43:46.0355 26000 PBADRV - ok
12:43:46.0370 26000 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:43:46.0370 26000 PcaSvc - ok
12:43:46.0401 26000 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:43:46.0401 26000 pci - ok
12:43:46.0417 26000 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:43:46.0417 26000 pciide - ok
12:43:46.0448 26000 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:43:46.0464 26000 pcmcia - ok
12:43:46.0476 26000 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:43:46.0476 26000 pcw - ok
12:43:46.0492 26000 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:43:46.0508 26000 PEAUTH - ok
12:43:46.0551 26000 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:43:46.0598 26000 PeerDistSvc - ok
12:43:46.0660 26000 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:43:46.0660 26000 PerfHost - ok
12:43:46.0707 26000 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:43:46.0738 26000 pla - ok
12:43:46.0801 26000 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:43:46.0801 26000 PlugPlay - ok
12:43:46.0801 26000 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:43:46.0816 26000 PNRPAutoReg - ok
12:43:46.0832 26000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:43:46.0832 26000 PNRPsvc - ok
12:43:46.0863 26000 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:43:46.0863 26000 PolicyAgent - ok
12:43:46.0910 26000 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:43:46.0910 26000 Power - ok
12:43:46.0957 26000 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:43:46.0957 26000 PptpMiniport - ok
12:43:46.0972 26000 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:43:46.0972 26000 Processor - ok
12:43:47.0004 26000 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:43:47.0004 26000 ProfSvc - ok
12:43:47.0019 26000 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:43:47.0019 26000 ProtectedStorage - ok
12:43:47.0050 26000 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:43:47.0050 26000 Psched - ok
12:43:47.0082 26000 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
12:43:47.0082 26000 PxHlpa64 - ok
12:43:47.0144 26000 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:43:47.0191 26000 ql2300 - ok
12:43:47.0206 26000 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:43:47.0206 26000 ql40xx - ok
12:43:47.0238 26000 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:43:47.0238 26000 QWAVE - ok
12:43:47.0253 26000 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:43:47.0253 26000 QWAVEdrv - ok
12:43:47.0269 26000 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:43:47.0269 26000 RasAcd - ok
12:43:47.0300 26000 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:43:47.0300 26000 RasAgileVpn - ok
12:43:47.0347 26000 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:43:47.0347 26000 RasAuto - ok
12:43:47.0362 26000 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:43:47.0362 26000 Rasl2tp - ok
12:43:47.0378 26000 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:43:47.0394 26000 RasMan - ok
12:43:47.0409 26000 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:43:47.0409 26000 RasPppoe - ok
12:43:47.0425 26000 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:43:47.0425 26000 RasSstp - ok
12:43:47.0440 26000 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:43:47.0440 26000 rdbss - ok
12:43:47.0472 26000 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:43:47.0472 26000 rdpbus - ok
12:43:47.0508 26000 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:43:47.0508 26000 RDPCDD - ok
12:43:47.0528 26000 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:43:47.0531 26000 RDPDR - ok
12:43:47.0541 26000 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:43:47.0541 26000 RDPENCDD - ok
12:43:47.0559 26000 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:43:47.0562 26000 RDPREFMP - ok
12:43:47.0593 26000 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:43:47.0593 26000 RDPWD - ok
12:43:47.0624 26000 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:43:47.0624 26000 rdyboost - ok
12:43:47.0655 26000 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:43:47.0655 26000 RemoteAccess - ok
12:43:47.0998 26000 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:43:47.0998 26000 RemoteRegistry - ok
12:43:48.0092 26000 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
12:43:48.0108 26000 RoxMediaDB12OEM - ok
12:43:48.0139 26000 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
12:43:48.0139 26000 RoxWatch12 - ok
12:43:48.0154 26000 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:43:48.0170 26000 RpcEptMapper - ok
12:43:48.0186 26000 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:43:48.0186 26000 RpcLocator - ok
12:43:48.0201 26000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:43:48.0201 26000 RpcSs - ok
12:43:48.0248 26000 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:43:48.0248 26000 rspndr - ok
12:43:48.0264 26000 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:43:48.0264 26000 s3cap - ok
12:43:48.0279 26000 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:43:48.0279 26000 SamSs - ok
12:43:48.0295 26000 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:43:48.0295 26000 sbp2port - ok
12:43:48.0310 26000 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:43:48.0326 26000 SCardSvr - ok
12:43:48.0326 26000 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:43:48.0342 26000 scfilter - ok
12:43:48.0372 26000 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:43:48.0394 26000 Schedule - ok
12:43:48.0416 26000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:43:48.0417 26000 SCPolicySvc - ok
12:43:48.0430 26000 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:43:48.0434 26000 SDRSVC - ok
12:43:48.0472 26000 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:43:48.0474 26000 secdrv - ok
12:43:48.0484 26000 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:43:48.0486 26000 seclogon - ok
12:43:48.0594 26000 [ F3D951071C624137430FE65A67541EF9 ] SecureStorageService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
12:43:48.0633 26000 SecureStorageService - ok
12:43:48.0666 26000 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:43:48.0668 26000 SENS - ok
12:43:48.0681 26000 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:43:48.0684 26000 SensrSvc - ok
12:43:48.0720 26000 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:43:48.0722 26000 Serenum - ok
12:43:48.0741 26000 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:43:48.0744 26000 Serial - ok
12:43:48.0762 26000 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:43:48.0762 26000 sermouse - ok
12:43:48.0793 26000 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:43:48.0793 26000 SessionEnv - ok
12:43:48.0793 26000 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:43:48.0809 26000 sffdisk - ok
12:43:48.0809 26000 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:43:48.0809 26000 sffp_mmc - ok
12:43:48.0809 26000 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:43:48.0809 26000 sffp_sd - ok
12:43:48.0825 26000 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:43:48.0825 26000 sfloppy - ok
12:43:48.0856 26000 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:43:48.0856 26000 SharedAccess - ok
12:43:48.0871 26000 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:43:48.0887 26000 ShellHWDetection - ok
12:43:48.0903 26000 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:43:48.0903 26000 SiSRaid2 - ok
12:43:48.0903 26000 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:43:48.0903 26000 SiSRaid4 - ok
12:43:48.0965 26000 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:43:48.0981 26000 SkypeUpdate - ok
12:43:49.0012 26000 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:43:49.0012 26000 Smb - ok
12:43:49.0043 26000 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:43:49.0059 26000 SNMPTRAP - ok
12:43:49.0059 26000 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:43:49.0074 26000 spldr - ok
12:43:49.0105 26000 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:43:49.0121 26000 Spooler - ok
12:43:49.0183 26000 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:43:49.0261 26000 sppsvc - ok
12:43:49.0293 26000 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:43:49.0293 26000 sppuinotify - ok
12:43:49.0402 26000 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
12:43:49.0417 26000 SRTSP - ok
12:43:49.0449 26000 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
12:43:49.0449 26000 SRTSPX - ok
12:43:49.0495 26000 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:43:49.0495 26000 srv - ok
12:43:49.0495 26000 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:43:49.0513 26000 srv2 - ok
12:43:49.0523 26000 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:43:49.0523 26000 srvnet - ok
12:43:49.0555 26000 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:43:49.0570 26000 SSDPSRV - ok
12:43:49.0583 26000 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:43:49.0583 26000 SstpSvc - ok
12:43:49.0598 26000 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:43:49.0598 26000 stexstor - ok
12:43:49.0645 26000 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
12:43:49.0645 26000 StillCam - ok
12:43:49.0708 26000 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:43:49.0723 26000 stisvc - ok
12:43:49.0754 26000 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
12:43:49.0770 26000 stllssvr - ok
12:43:49.0786 26000 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
12:43:49.0786 26000 StorSvc - ok
12:43:49.0817 26000 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:43:49.0817 26000 storvsc - ok
12:43:49.0848 26000 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:43:49.0848 26000 swenum - ok
12:43:49.0879 26000 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:43:49.0879 26000 swprv - ok
12:43:49.0926 26000 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
12:43:49.0942 26000 SymDS - ok
12:43:49.0988 26000 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
12:43:50.0020 26000 SymEFA - ok
12:43:50.0066 26000 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:43:50.0066 26000 SymEvent - ok
12:43:50.0113 26000 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS
12:43:50.0113 26000 SymIRON - ok
12:43:50.0129 26000 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS
12:43:50.0129 26000 SymNetS - ok
12:43:50.0160 26000 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
12:43:50.0160 26000 SynthVid - ok
12:43:50.0207 26000 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:43:50.0254 26000 SysMain - ok
12:43:50.0269 26000 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:43:50.0269 26000 TabletInputService - ok
12:43:50.0285 26000 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:43:50.0285 26000 TapiSrv - ok
12:43:50.0300 26000 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:43:50.0300 26000 TBS - ok
12:43:50.0363 26000 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:43:50.0410 26000 Tcpip - ok
12:43:50.0472 26000 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:43:50.0488 26000 TCPIP6 - ok
12:43:50.0503 26000 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:43:50.0503 26000 tcpipreg - ok
12:43:50.0578 26000 [ E42D560E2163480E7B586B14ABEB3386 ] tcsd_win32.exe C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
12:43:50.0606 26000 tcsd_win32.exe - ok
12:43:50.0731 26000 [ 347D6407C90C0B6AC82F8249EBA9A482 ] TdmService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
12:43:50.0731 26000 TdmService - ok
12:43:50.0762 26000 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:43:50.0762 26000 TDPIPE - ok
12:43:50.0793 26000 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:43:50.0793 26000 TDTCP - ok
12:43:50.0825 26000 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:43:50.0825 26000 tdx - ok
12:43:50.0840 26000 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:43:50.0840 26000 TermDD - ok
12:43:50.0871 26000 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:43:50.0887 26000 TermService - ok
12:43:50.0903 26000 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:43:50.0903 26000 Themes - ok
12:43:50.0918 26000 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:43:50.0918 26000 THREADORDER - ok
12:43:50.0934 26000 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:43:50.0934 26000 TrkWks - ok
12:43:50.0965 26000 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:43:50.0981 26000 TrustedInstaller - ok
12:43:50.0996 26000 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:43:50.0996 26000 tssecsrv - ok
12:43:51.0012 26000 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:43:51.0027 26000 TsUsbFlt - ok
12:43:51.0043 26000 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:43:51.0043 26000 TsUsbGD - ok
12:43:51.0059 26000 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:43:51.0074 26000 tunnel - ok
12:43:51.0074 26000 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:43:51.0090 26000 uagp35 - ok
12:43:51.0105 26000 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:43:51.0105 26000 udfs - ok
12:43:51.0137 26000 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:43:51.0137 26000 UI0Detect - ok
12:43:51.0152 26000 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:43:51.0152 26000 uliagpkx - ok
12:43:51.0183 26000 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:43:51.0183 26000 umbus - ok
12:43:51.0199 26000 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:43:51.0199 26000 UmPass - ok
12:43:51.0230 26000 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
12:43:51.0246 26000 UmRdpService - ok
12:43:51.0324 26000 [ 07AE0C9F64C4D83ABAA816EE23548D6D ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:43:51.0386 26000 UNS - ok
12:43:51.0402 26000 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:43:51.0417 26000 upnphost - ok
12:43:51.0464 26000 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:43:51.0464 26000 usbccgp - ok
12:43:51.0511 26000 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:43:51.0511 26000 usbcir - ok
12:43:51.0545 26000 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:43:51.0547 26000 usbehci - ok
12:43:51.0570 26000 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:43:51.0586 26000 usbhub - ok
12:43:51.0609 26000 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:43:51.0611 26000 usbohci - ok
12:43:51.0661 26000 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:43:51.0661 26000 usbprint - ok
12:43:51.0708 26000 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:43:51.0708 26000 usbscan - ok
12:43:51.0723 26000 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:43:51.0739 26000 USBSTOR - ok
12:43:51.0786 26000 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:43:51.0786 26000 usbuhci - ok
12:43:51.0817 26000 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:43:51.0817 26000 UxSms - ok
12:43:51.0848 26000 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:43:51.0848 26000 VaultSvc - ok
12:43:51.0879 26000 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:43:51.0879 26000 vdrvroot - ok
12:43:51.0910 26000 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:43:51.0926 26000 vds - ok
12:43:51.0942 26000 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:43:51.0942 26000 vga - ok
12:43:51.0957 26000 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:43:51.0957 26000 VgaSave - ok
12:43:51.0973 26000 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:43:51.0973 26000 vhdmp - ok
12:43:52.0004 26000 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:43:52.0004 26000 viaide - ok
12:43:52.0020 26000 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:43:52.0020 26000 VMBusHID - ok
12:43:52.0051 26000 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:43:52.0051 26000 volmgr - ok
12:43:52.0066 26000 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:43:52.0082 26000 volmgrx - ok
12:43:52.0098 26000 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:43:52.0098 26000 volsnap - ok
12:43:52.0129 26000 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:43:52.0129 26000 vsmraid - ok
12:43:52.0176 26000 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:43:52.0207 26000 VSS - ok
12:43:52.0207 26000 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:43:52.0222 26000 vwifibus - ok
12:43:52.0238 26000 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:43:52.0254 26000 W32Time - ok
12:43:52.0254 26000 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:43:52.0254 26000 WacomPen - ok
12:43:52.0285 26000 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:43:52.0285 26000 WANARP - ok
12:43:52.0285 26000 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:43:52.0285 26000 Wanarpv6 - ok
12:43:52.0363 26000 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:43:52.0394 26000 WatAdminSvc - ok
12:43:52.0441 26000 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:43:52.0472 26000 wbengine - ok
12:43:52.0488 26000 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:43:52.0503 26000 WbioSrvc - ok
12:43:52.0519 26000 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:43:52.0519 26000 wcncsvc - ok
12:43:52.0534 26000 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:43:52.0534 26000 WcsPlugInService - ok
12:43:52.0555 26000 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:43:52.0557 26000 Wd - ok
12:43:52.0562 26000 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:43:52.0578 26000 Wdf01000 - ok
12:43:52.0627 26000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:43:52.0630 26000 WdiServiceHost - ok
12:43:52.0632 26000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:43:52.0632 26000 WdiSystemHost - ok
12:43:52.0635 26000 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:43:52.0635 26000 WebClient - ok
12:43:52.0682 26000 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:43:52.0697 26000 Wecsvc - ok
12:43:52.0713 26000 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:43:52.0713 26000 wercplsupport - ok
12:43:52.0728 26000 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:43:52.0744 26000 WerSvc - ok
12:43:52.0775 26000 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:43:52.0775 26000 WfpLwf - ok
12:43:52.0791 26000 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:43:52.0791 26000 WIMMount - ok
12:43:52.0806 26000 WinDefend - ok
12:43:52.0806 26000 WinHttpAutoProxySvc - ok
12:43:52.0838 26000 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:43:52.0853 26000 Winmgmt - ok
12:43:52.0900 26000 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:43:52.0947 26000 WinRM - ok
12:43:52.0994 26000 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:43:53.0025 26000 Wlansvc - ok
12:43:53.0040 26000 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:43:53.0040 26000 WmiAcpi - ok
12:43:53.0072 26000 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:43:53.0072 26000 wmiApSrv - ok
12:43:53.0103 26000 WMPNetworkSvc - ok
12:43:53.0150 26000 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:43:53.0150 26000 WPCSvc - ok
12:43:53.0165 26000 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:43:53.0165 26000 WPDBusEnum - ok
12:43:53.0181 26000 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:43:53.0181 26000 ws2ifsl - ok
12:43:53.0196 26000 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
12:43:53.0196 26000 wscsvc - ok
12:43:53.0243 26000 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
12:43:53.0243 26000 WSDPrintDevice - ok
12:43:53.0243 26000 WSearch - ok
12:43:53.0321 26000 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:43:53.0384 26000 wuauserv - ok
12:43:53.0399 26000 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:43:53.0399 26000 WudfPf - ok
12:43:53.0399 26000 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:43:53.0415 26000 WUDFRd - ok
12:43:53.0430 26000 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:43:53.0430 26000 wudfsvc - ok
12:43:53.0446 26000 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:43:53.0462 26000 WwanSvc - ok
12:43:53.0477 26000 ================ Scan global ===============================
12:43:53.0493 26000 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:43:53.0524 26000 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
12:43:53.0540 26000 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
12:43:53.0555 26000 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:43:53.0581 26000 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:43:53.0583 26000 [Global] - ok
12:43:53.0583 26000 ================ Scan MBR ==================================
12:43:53.0599 26000 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:43:53.0752 26000 \Device\Harddisk0\DR0 - ok
12:43:53.0752 26000 ================ Scan VBR ==================================
12:43:53.0767 26000 [ 0AF05A436C7A3A91F828E97FB998C7A9 ] \Device\Harddisk0\DR0\Partition1
12:43:53.0767 26000 \Device\Harddisk0\DR0\Partition1 - ok
12:43:53.0783 26000 [ EB41177375FEAD85B1B7DBF43939DA3A ] \Device\Harddisk0\DR0\Partition2
12:43:53.0783 26000 \Device\Harddisk0\DR0\Partition2 - ok
12:43:53.0783 26000 ============================================================
12:43:53.0783 26000 Scan finished
12:43:53.0783 26000 ============================================================
12:43:53.0799 26148 Detected object count: 0
12:43:53.0799 26148 Actual detected object count: 0



aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-13 12:48:18
-----------------------------
12:48:18.490 OS Version: Windows x64 6.1.7601 Service Pack 1
12:48:18.490 Number of processors: 4 586 0x2A07
12:48:18.490 ComputerName: DESK-1 UserName: Admin
12:48:20.706 Initialize success
12:49:05.207 AVAST engine defs: 12101300
12:49:07.022 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:49:07.022 Disk 0 Vendor: ST325031 JC47 Size: 238475MB BusType: 3
12:49:07.022 Disk 0 MBR read successfully
12:49:07.022 Disk 0 MBR scan
12:49:07.038 Disk 0 Windows VISTA default MBR code
12:49:07.038 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
12:49:07.053 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 752 MB offset 81920
12:49:07.053 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237680 MB offset 1622016
12:49:07.069 Disk 0 scanning C:\Windows\system32\drivers
12:49:17.423 Service scanning
12:49:39.867 Modules scanning
12:49:39.867 Disk 0 trace - called modules:
12:49:39.898 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:49:39.898 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006290060]
12:49:39.898 3 CLASSPNP.SYS[fffff8800123b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004445050]
12:49:40.735 AVAST engine scan C:\Windows
12:49:43.044 AVAST engine scan C:\Windows\system32
12:52:17.540 AVAST engine scan C:\Windows\system32\drivers
12:52:27.788 AVAST engine scan C:\Users\Admin
12:52:28.697 File: C:\Users\Admin\AppData\Local\Apps\Adobe\uojzklu.dll **INFECTED** Win32:BHO-AHA [Trj]
12:57:00.241 AVAST engine scan C:\ProgramData
12:57:47.004 Scan finished successfully
12:58:08.414 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
12:58:08.414 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR2.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 AM

Posted 13 October 2012 - 12:38 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

File::
C:\Users\Admin\AppData\Local\Apps\Adobe\uojzklu.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 AM

Posted 16 October 2012 - 12:13 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 pat2452

pat2452
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 16 October 2012 - 08:37 AM

Thank you very much Gringo. I hope to revisit this again tonight. I understand we are not done.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 AM

Posted 16 October 2012 - 12:58 PM

hope to see you then



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 pat2452

pat2452
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 16 October 2012 - 05:40 PM

Here is my latest Combo Fix Script
ComboFix 12-10-16.02 - Admin 10/16/2012 18:34:27.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4053.2432 [GMT -4:00]
Running from: c:\users\Admin\Downloads\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Admin\AppData\Local\Apps\Adobe\uojzklu.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 22:37 . 2012-10-16 22:37 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-10-16 22:37 . 2012-10-16 22:37 -------- d-----w- c:\users\TEMP.DESK-1\AppData\Local\temp
2012-10-16 22:37 . 2012-10-16 22:37 -------- d-----w- c:\users\TEMP.DESK-1.000\AppData\Local\temp
2012-10-16 22:37 . 2012-10-16 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-13 02:49 . 2012-10-13 02:49 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-13 02:49 . 2012-10-13 02:49 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-12 01:48 . 2012-10-12 01:48 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-12 01:48 . 2012-10-11 01:06 261600 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-10-12 01:48 . 2012-10-11 01:06 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-12 01:48 . 2012-10-11 01:06 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-12 01:48 . 2012-10-11 01:05 192600 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-10-12 01:48 . 2012-10-11 01:05 124384 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-10-12 01:48 . 2012-10-11 01:05 115168 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-10-12 01:48 . 2012-10-11 01:05 2559968 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-10-12 01:48 . 2012-10-11 01:05 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-10-12 01:48 . 2012-10-11 01:05 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-10-12 01:48 . 2012-10-11 01:05 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-10-12 01:15 . 2012-10-12 01:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-12 01:14 . 2012-10-12 01:14 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-12 01:14 . 2012-10-12 01:14 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-12 01:14 . 2012-10-12 01:14 -------- d-----w- c:\program files (x86)\Java
2012-10-12 01:14 . 2012-10-12 01:14 -------- d-----w- c:\programdata\McAfee
2012-10-11 22:09 . 2012-10-11 22:09 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-10-11 22:09 . 2012-10-11 22:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-11 22:09 . 2012-10-11 22:09 -------- d-----w- c:\programdata\Malwarebytes
2012-10-11 22:09 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-11 20:44 . 2012-09-19 04:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF97CFB4-F767-43DD-A38A-304BDFC938E3}\mpengine.dll
2012-10-11 19:37 . 2012-10-11 19:37 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-10-11 19:31 . 2012-10-11 19:31 -------- d-----w- C:\N360_BACKUP
2012-10-11 19:29 . 2012-10-11 19:29 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-10-11 19:29 . 2012-10-11 19:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-10-11 19:28 . 2012-10-11 20:35 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-10-11 19:28 . 2012-10-11 19:28 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-10-11 19:28 . 2012-10-11 19:28 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-10-11 19:22 . 2012-10-12 00:56 -------- d-----w- c:\windows\system32\appmgmt
2012-10-11 19:22 . 2012-10-11 19:29 -------- d-----w- c:\program files\Symantec
2012-10-11 19:16 . 2012-10-11 19:28 -------- d-----w- c:\programdata\Norton
2012-10-11 19:14 . 2012-10-11 19:14 -------- d-----w- c:\users\Admin\AppData\Local\White_Sky,_Inc
2012-10-11 19:14 . 2012-10-11 19:14 -------- d-----w- c:\programdata\IsolatedStorage
2012-10-11 19:14 . 2012-10-11 21:59 -------- d-----w- c:\users\Admin\AppData\Local\ID Vault
2012-10-11 19:13 . 2012-10-11 21:59 -------- d-----w- c:\users\Admin\AppData\Roaming\ID Vault
2012-10-11 19:12 . 2012-10-11 22:00 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2012-10-11 19:12 . 2012-10-11 19:12 -------- d-----w- c:\programdata\White Sky, Inc
2012-10-10 13:19 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 13:19 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 13:19 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 13:19 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 13:18 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 13:18 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 13:18 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 13:18 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 13:18 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 13:18 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 13:18 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 13:18 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-09-28 19:52 . 2012-09-28 19:52 -------- d-----w- c:\programdata\Ezprint
2012-09-28 19:40 . 2010-04-14 19:08 295592 ----a-w- c:\windows\system32\LXECwupd.exe
2012-09-28 19:40 . 2010-02-22 09:09 510464 ----a-w- c:\windows\system32\LXECwupd.dll
2012-09-28 19:37 . 2012-09-28 19:37 -------- d-----w- C:\Lexmark
2012-09-28 19:29 . 2012-10-15 20:34 -------- d-----w- c:\programdata\lx_Cats
2012-09-28 19:29 . 2009-11-04 17:18 189440 ----a-w- c:\windows\system32\Spool\prtprocs\x64\lxecdrpp.dll
2012-09-28 19:29 . 2012-09-28 19:40 -------- d-----w- c:\program files\Lexmark Pro800-Pro900 Series
2012-09-28 19:19 . 2012-09-28 19:39 -------- d-----w- c:\program files\Lexmark
2012-09-26 13:20 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 01:14 . 2011-06-01 01:01 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-11 07:02 . 2011-06-09 17:55 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-22 18:12 . 2012-09-12 16:13 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 16:13 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 16:13 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 16:13 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 13:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 16:13 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 16:13 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-17 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-12-03 112152]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2011-8-1 77824]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2011-8-1 15360]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-8-1 1146880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 136176]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-15 45736]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13 250808]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 115168]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-09 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-09-28 1385120]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121013.001\IDSvia64.sys [2012-10-10 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2011-11-17 405624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 165032]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-15 1052328]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-10-28 315568]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-11 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13 02:49]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 15:00]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 15:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2010-10-04 2907240]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-23 148280]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7hv7fggx.default\
FF - ExtSQL: 2012-10-11 15:37; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn
FF - ExtSQL: 2012-10-11 16:35; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-16 18:38:08
ComboFix-quarantined-files.txt 2012-10-16 22:38
ComboFix2.txt 2012-10-16 22:32
ComboFix3.txt 2012-10-13 00:36
.
Pre-Run: 204,429,033,472 bytes free
Post-Run: 204,367,753,216 bytes free
.
- - End Of File - - 3CE4A2C642550B8A2E24F370C1B740E4

The computer seems to be running the same as before.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 AM

Posted 16 October 2012 - 06:14 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 pat2452

pat2452
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 16 October 2012 - 06:16 PM

ABBYY FineReader for ScanSnap ™ 4.1
Adobe Acrobat X Standard - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
ATI Catalyst Control Center
Brother MFL-Pro Suite MFC-8890DW
Brother MFL-Pro Suite MFC-9840CDW
CardMinder
CardMinder V4.1
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink PowerDVD 9.5
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
DirectX 9 Runtime
FreeScreenSharing
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Control Center
Intel® Identity Protection Technology 1.0.71.0
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java 7 Update 7
Java Auto Updater
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Suite
Octoshape add-in for Adobe Flash Player
PhotoShowExpress
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
ScanSnap
ScanSnap Manager
ScanSnap Organizer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Skins
Skype™ 5.10
Sonic CinePlayer Decoder Pack
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WebEx
Windows Live Mesh ActiveX Control for Remote Connections

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 AM

Posted 16 October 2012 - 08:42 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users