Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect at least


  • This topic is locked This topic is locked
37 replies to this topic

#1 asmdrap

asmdrap

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 15 October 2012 - 11:17 AM

Hello, I seem to have a google redirect virus or something that causes me to get redirected on searches. Malewarebytes and combofix do not find anything attached are the logs:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-15 12:15:58
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD3200BEKT-00KA9T0 rev.01.01A01
Running: n3vluk9q.exe; Driver: C:\Users\Mom\AppData\Local\Temp\uwldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A8F3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AC8D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\Users\Mom\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !
? C:\Users\Mom\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 00, 19, 00] {SUB [EAX], AL; SBB [EAX], EAX}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtMapViewOfSection + 6 77245C2E 1 Byte [28]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 03, 19, 00] {SUB [EBX], AL; SBB [EAX], EAX}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 00, 19, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 01, 19, 00] {TEST AL, 0x1; SBB [EAX], EAX}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 02, 19, 00] {TEST AL, 0x2; SBB [EAX], EAX}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 01, 19, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 02, 19, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 00, 19, 00] {TEST AL, 0x0; SBB [EAX], EAX}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 01, 19, 00] {SUB [ECX], AL; SBB [EAX], EAX}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 02, 19, 00] {SUB [EDX], AL; SBB [EAX], EAX}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 1 Byte [68]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 03, 19, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 00, 2B, 00] {SUB [EAX], AL; SUB EAX, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtMapViewOfSection + 6 77245C2E 1 Byte [28]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 03, 2B, 00] {SUB [EBX], AL; SUB EAX, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 00, 2B, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 01, 2B, 00] {TEST AL, 0x1; SUB EAX, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 02, 2B, 00] {TEST AL, 0x2; SUB EAX, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 01, 2B, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 02, 2B, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 00, 2B, 00] {TEST AL, 0x0; SUB EAX, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 01, 2B, 00] {SUB [ECX], AL; SUB EAX, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 02, 2B, 00] {SUB [EDX], AL; SUB EAX, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 1 Byte [68]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 03, 2B, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2656] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 00, 1E, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtMapViewOfSection + 6 77245C2E 1 Byte [28]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 03, 1E, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 00, 1E, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 01, 1E, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 02, 1E, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 01, 1E, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 02, 1E, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 00, 1E, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 01, 1E, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 02, 1E, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 1 Byte [68]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 03, 1E, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 00, 3C, 00] {SUB [EAX], AL; CMP AL, 0x0}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + 6 77245C2E 1 Byte [28]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 03, 3C, 00] {SUB [EBX], AL; CMP AL, 0x0}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 00, 3C, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 01, 3C, 00] {TEST AL, 0x1; CMP AL, 0x0}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 02, 3C, 00] {TEST AL, 0x2; CMP AL, 0x0}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 01, 3C, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 02, 3C, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 00, 3C, 00] {TEST AL, 0x0; CMP AL, 0x0}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 01, 3C, 00] {SUB [ECX], AL; CMP AL, 0x0}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 02, 3C, 00] {SUB [EDX], AL; CMP AL, 0x0}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 1 Byte [68]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 03, 3C, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 00, 1B, 00] {SUB [EAX], AL; SBB EAX, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtMapViewOfSection + 6 77245C2E 1 Byte [28]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 03, 1B, 00] {SUB [EBX], AL; SBB EAX, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 00, 1B, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 01, 1B, 00] {TEST AL, 0x1; SBB EAX, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 02, 1B, 00] {TEST AL, 0x2; SBB EAX, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 01, 1B, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 02, 1B, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 00, 1B, 00] {TEST AL, 0x0; SBB EAX, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 01, 1B, 00] {SUB [ECX], AL; SBB EAX, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 02, 1B, 00] {SUB [EDX], AL; SBB EAX, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 1 Byte [68]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 03, 1B, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 00, 40, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtMapViewOfSection + 6 77245C2E 1 Byte [28]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 03, 40, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 00, 40, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 01, 40, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 02, 40, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 01, 40, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 02, 40, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 00, 40, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 01, 40, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 02, 40, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 1 Byte [68]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 03, 40, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 00, 28, 00] {SUB [EAX], AL; SUB [EAX], AL}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtMapViewOfSection + 6 77245C2E 1 Byte [28]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 03, 28, 00] {SUB [EBX], AL; SUB [EAX], AL}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 00, 28, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 01, 28, 00] {TEST AL, 0x1; SUB [EAX], AL}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 02, 28, 00] {TEST AL, 0x2; SUB [EAX], AL}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 01, 28, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 02, 28, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 00, 28, 00] {TEST AL, 0x0; SUB [EAX], AL}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 01, 28, 00] {SUB [ECX], AL; SUB [EAX], AL}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 02, 28, 00] {SUB [EDX], AL; SUB [EAX], AL}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 1 Byte [68]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 03, 28, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 00, 22, 00] {SUB [EAX], AL; AND AL, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtMapViewOfSection + 6 77245C2E 1 Byte [28]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 03, 22, 00] {SUB [EBX], AL; AND AL, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 00, 22, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 01, 22, 00] {TEST AL, 0x1; AND AL, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 02, 22, 00] {TEST AL, 0x2; AND AL, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 01, 22, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 02, 22, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 00, 22, 00] {TEST AL, 0x0; AND AL, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 01, 22, 00] {SUB [ECX], AL; AND AL, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 02, 22, 00] {SUB [EDX], AL; AND AL, [EAX]}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 1 Byte [68]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 03, 22, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 00, 24, 00] {SUB [EAX], AL; AND AL, 0x0}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtMapViewOfSection + 6 77245C2E 1 Byte [28]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 03, 24, 00] {SUB [EBX], AL; AND AL, 0x0}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 00, 24, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 01, 24, 00] {TEST AL, 0x1; AND AL, 0x0}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 02, 24, 00] {TEST AL, 0x2; AND AL, 0x0}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 01, 24, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 02, 24, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 00, 24, 00] {TEST AL, 0x0; AND AL, 0x0}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 01, 24, 00] {SUB [ECX], AL; AND AL, 0x0}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 02, 24, 00] {SUB [EDX], AL; AND AL, 0x0}
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 1 Byte [68]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 03, 24, 00]
.text C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000991 28968 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000993 20231 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009ab 45091 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009ac 20639 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009ad 17767 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009ae 45160 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009af 41334 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009b0 20656 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009b1 23790 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009b2 45091 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009b3 45160 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009b4 18677 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009b5 17107 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009b6 45160 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009b7 25003 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009bb 17707 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009bc 22285 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009bd 16637 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009bf 19053 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009aa 41363 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009be 19308 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C8E0.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C8E1.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C8F1.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C8F2.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C8F3.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C904.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C905.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C916.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C917.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C927.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C928.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C939.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C93A.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C93B.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C94B.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C94C.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C95D.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C95E.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C95F.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C970.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C971.tmp 150798 bytes
File C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C972.tmp 150798 bytes

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Mom at 11:22:56 on 2012-10-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.848 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - c:\progra~1\appgra~1\APPGRA~1.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: opinionoutpost.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://devryonline.webex.com/client/T27L10NSP25/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2D2682E3-E393-4095-BDD0-849D7D7AF2C5}\0484F6D65614234363 : DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
TCP: Interfaces\{2D2682E3-E393-4095-BDD0-849D7D7AF2C5}\64D434055524C49434 : DhcpNameServer = 65.24.0.168 65.24.0.169 209.18.47.61 209.18.47.62
TCP: Interfaces\{2D2682E3-E393-4095-BDD0-849D7D7AF2C5}\D4F4D4D20534F5E4564777F627B6 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2D2682E3-E393-4095-BDD0-849D7D7AF2C5}\E4F602745656B602E45656465646633493239383 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{BBAC9EF6-4B84-4C42-9095-69E748BEC204} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-6 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-4 250808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-6 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-7 1343400]
.
=============== Created Last 30 ================
.
2012-10-15 14:55:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-15 14:45:39 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{771ad464-e553-4382-b071-60260c134805}\offreg.dll
2012-10-13 15:22:47 98816 ----a-w- c:\windows\sed.exe
2012-10-13 15:22:47 518144 ----a-w- c:\windows\SWREG.exe
2012-10-13 15:22:47 256000 ----a-w- c:\windows\PEV.exe
2012-10-13 15:22:47 208896 ----a-w- c:\windows\MBR.exe
2012-10-11 15:15:00 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{771ad464-e553-4382-b071-60260c134805}\mpengine.dll
2012-09-24 15:48:31 -------- d-----w- c:\users\mom\appdata\roaming\e-academy Inc
.
==================== Find3M ====================
.
2012-10-09 23:02:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 23:02:06 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:23:28.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 15 October 2012 - 11:37 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 asmdrap

asmdrap
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 16 October 2012 - 08:17 AM

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java™ 6 Update 26
Java version out of Date!
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 asmdrap

asmdrap
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 16 October 2012 - 08:20 AM

# AdwCleaner v2.005 - Logfile created 10/16/2012 at 09:18:59
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Mom - MOM-PC
# Boot Mode : Normal
# Running from : C:\Users\Mom\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\Program Files\AppGraffiti
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
Folder Found : C:\Users\Mom\AppData\Local\APN
Folder Found : C:\Users\Mom\AppData\LocalLow\AppGraffiti
Folder Found : C:\Users\Mom\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Mom\AppData\Roaming\Babylon

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppGraffiti
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\Software\AppGraffiti
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Key Found : HKLM\Software\Magical Jelly Bean\OpenCandy
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Found : HKU\S-1-5-21-455884114-3732746468-723559398-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-455884114-3732746468-723559398-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-455884114-3732746468-723559398-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4595 octets] - [16/10/2012 09:18:59]

########## EOF - C:\AdwCleaner[R1].txt - [4655 octets] ##########

#5 asmdrap

asmdrap
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 16 October 2012 - 08:23 AM

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Mom [Admin rights]
Mode : Remove -- Date : 10/16/2012 09:21:31

Bad processes : 0

Registry Entries : 1
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

Particular Files / Folders:

Driver : [LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD3200BEKT-00KA9T0 ATA Device +++++
--- User ---
[MBR] 19e83e62c26b44bf1e5fb4a6b0b32c9d
[BSP] beca2d938a6b26f91e739e9ceee15554 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#6 asmdrap

asmdrap
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 16 October 2012 - 08:24 AM

Hello, I have performed the steps and posted the logs above, I've used rogue killer and removed this thing before but it keeps coming back. Not sure what I do wrong from this point...

I certainly have some sort of redirect on all browsers. Thanks for all your help.

#7 asmdrap

asmdrap
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 16 October 2012 - 08:31 AM

oops I had forgotten to hit the delete key on advcleaner


# AdwCleaner v2.005 - Logfile created 10/16/2012 at 09:29:20
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Mom - MOM-PC
# Boot Mode : Normal
# Running from : C:\Users\Mom\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Program Files\AppGraffiti
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
Folder Deleted : C:\Users\Mom\AppData\Local\APN
Folder Deleted : C:\Users\Mom\AppData\LocalLow\AppGraffiti
Folder Deleted : C:\Users\Mom\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Mom\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppGraffiti
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\AppGraffiti
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Key Deleted : HKLM\Software\Magical Jelly Bean\OpenCandy
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4724 octets] - [16/10/2012 09:18:59]
AdwCleaner[S1].txt - [4284 octets] - [16/10/2012 09:29:20]

########## EOF - C:\AdwCleaner[S1].txt - [4344 octets] ##########

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 16 October 2012 - 12:57 PM

Hello asmdrap

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 asmdrap

asmdrap
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 16 October 2012 - 01:17 PM

ComboFix 12-10-16.02 - Mom 10/16/2012 14:06:21.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1281 [GMT -4:00]
Running from: c:\users\Mom\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 18:12 . 2012-10-16 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-16 13:20 . 2012-10-16 13:20 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-10-15 16:42 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{493BE27F-85BB-4625-9B3A-7A74410D617B}\mpengine.dll
2012-09-24 15:48 . 2012-09-24 15:48 -------- d-----w- c:\users\Mom\AppData\Roaming\e-academy Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 23:02 . 2012-09-04 23:19 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 23:02 . 2011-08-12 12:47 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 21:04 . 2011-10-31 00:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 17:16 . 2012-09-12 19:24 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-02 16:57 . 2012-09-12 19:24 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-03-11 04:21 300400 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-07 06:11 136176 ----atw- c:\users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-05-09 22:01 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-24 00:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-02-23 20:57 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-09-04 23:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 23:02]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 01:06]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 01:06]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-455884114-3732746468-723559398-1000Core.job
- c:\users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-18 06:11]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-455884114-3732746468-723559398-1000UA.job
- c:\users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-18 06:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: opinionoutpost.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_WEB_Win32.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-16 14:14:51
ComboFix-quarantined-files.txt 2012-10-16 18:14
ComboFix2.txt 2012-10-15 14:55
ComboFix3.txt 2012-10-13 15:37
.
Pre-Run: 249,862,811,648 bytes free
Post-Run: 249,872,211,968 bytes free
.
- - End Of File - - B9554CC0C2300400EA087DE544E5EC0D

#10 asmdrap

asmdrap
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 16 October 2012 - 01:23 PM

installed McAfee and rebooted - the redirect is back

Edited by asmdrap, 16 October 2012 - 01:40 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 16 October 2012 - 05:06 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 asmdrap

asmdrap
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 16 October 2012 - 06:01 PM

19:00:12.0212 4812 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:00:13.0007 4812 ============================================================
19:00:13.0007 4812 Current date / time: 2012/10/16 19:00:13.0007
19:00:13.0007 4812 SystemInfo:
19:00:13.0007 4812
19:00:13.0007 4812 OS Version: 6.1.7601 ServicePack: 1.0
19:00:13.0007 4812 Product type: Workstation
19:00:13.0008 4812 ComputerName: MOM-PC
19:00:13.0008 4812 UserName: Mom
19:00:13.0008 4812 Windows directory: C:\Windows
19:00:13.0008 4812 System windows directory: C:\Windows
19:00:13.0008 4812 Processor architecture: Intel x86
19:00:13.0008 4812 Number of processors: 2
19:00:13.0008 4812 Page size: 0x1000
19:00:13.0008 4812 Boot type: Normal boot
19:00:13.0008 4812 ============================================================
19:00:14.0743 4812 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:00:14.0746 4812 Drive \Device\Harddisk1\DR1 - Size: 0xEEDF8000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:00:14.0747 4812 ============================================================
19:00:14.0747 4812 \Device\Harddisk0\DR0:
19:00:14.0748 4812 MBR partitions:
19:00:14.0748 4812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:00:14.0748 4812 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
19:00:14.0748 4812 \Device\Harddisk1\DR1:
19:00:14.0748 4812 MBR partitions:
19:00:14.0748 4812 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x776A81
19:00:14.0748 4812 ============================================================
19:00:14.0765 4812 C: <-> \Device\Harddisk0\DR0\Partition2
19:00:14.0765 4812 ============================================================
19:00:14.0766 4812 Initialize success
19:00:14.0766 4812 ============================================================
19:00:27.0553 5012 ============================================================
19:00:27.0553 5012 Scan started
19:00:27.0553 5012 Mode: Manual;
19:00:27.0553 5012 ============================================================
19:00:28.0926 5012 ================ Scan system memory ========================
19:00:28.0926 5012 System memory - ok
19:00:28.0926 5012 ================ Scan services =============================
19:00:29.0082 5012 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:00:29.0082 5012 1394ohci - ok
19:00:29.0113 5012 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:00:29.0113 5012 ACPI - ok
19:00:29.0144 5012 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:00:29.0206 5012 AcpiPmi - ok
19:00:29.0331 5012 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:00:29.0409 5012 AdobeARMservice - ok
19:00:29.0487 5012 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:00:29.0565 5012 AdobeFlashPlayerUpdateSvc - ok
19:00:29.0612 5012 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:00:29.0643 5012 adp94xx - ok
19:00:29.0659 5012 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:00:29.0674 5012 adpahci - ok
19:00:29.0690 5012 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:00:29.0706 5012 adpu320 - ok
19:00:29.0721 5012 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:00:29.0721 5012 AeLookupSvc - ok
19:00:29.0768 5012 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:00:29.0768 5012 AFD - ok
19:00:29.0784 5012 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:00:29.0799 5012 agp440 - ok
19:00:29.0830 5012 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:00:29.0830 5012 aic78xx - ok
19:00:29.0862 5012 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:00:29.0862 5012 ALG - ok
19:00:29.0893 5012 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:00:29.0893 5012 aliide - ok
19:00:29.0924 5012 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:00:29.0940 5012 amdagp - ok
19:00:29.0971 5012 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:00:29.0971 5012 amdide - ok
19:00:29.0986 5012 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:00:30.0002 5012 AmdK8 - ok
19:00:30.0018 5012 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:00:30.0018 5012 AmdPPM - ok
19:00:30.0049 5012 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:00:30.0189 5012 amdsata - ok
19:00:30.0189 5012 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:00:30.0205 5012 amdsbs - ok
19:00:30.0220 5012 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:00:30.0361 5012 amdxata - ok
19:00:30.0392 5012 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:00:30.0532 5012 AppID - ok
19:00:30.0548 5012 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:00:30.0564 5012 AppIDSvc - ok
19:00:30.0595 5012 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:00:30.0595 5012 Appinfo - ok
19:00:30.0626 5012 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:00:30.0626 5012 AppMgmt - ok
19:00:30.0642 5012 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:00:30.0657 5012 arc - ok
19:00:30.0673 5012 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:00:30.0673 5012 arcsas - ok
19:00:30.0704 5012 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:00:30.0704 5012 AsyncMac - ok
19:00:30.0735 5012 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:00:30.0735 5012 atapi - ok
19:00:30.0782 5012 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:00:30.0876 5012 AudioEndpointBuilder - ok
19:00:30.0876 5012 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:00:30.0891 5012 Audiosrv - ok
19:00:30.0907 5012 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:00:30.0969 5012 AxInstSV - ok
19:00:30.0985 5012 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:00:31.0016 5012 b06bdrv - ok
19:00:31.0016 5012 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:00:31.0032 5012 b57nd60x - ok
19:00:31.0078 5012 [ EB7C2DADF52F50F69F198C14C3556DC1 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
19:00:31.0110 5012 BCM43XX - ok
19:00:31.0141 5012 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:00:31.0141 5012 BDESVC - ok
19:00:31.0156 5012 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:00:31.0156 5012 Beep - ok
19:00:31.0203 5012 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:00:31.0281 5012 BFE - ok
19:00:31.0312 5012 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
19:00:31.0344 5012 BITS - ok
19:00:31.0359 5012 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:00:31.0375 5012 blbdrive - ok
19:00:31.0390 5012 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:00:31.0453 5012 bowser - ok
19:00:31.0484 5012 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:00:31.0484 5012 BrFiltLo - ok
19:00:31.0500 5012 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:00:31.0515 5012 BrFiltUp - ok
19:00:31.0531 5012 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:00:31.0546 5012 BridgeMP - ok
19:00:31.0578 5012 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:00:31.0656 5012 Browser - ok
19:00:31.0671 5012 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:00:31.0687 5012 Brserid - ok
19:00:31.0702 5012 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:00:31.0718 5012 BrSerWdm - ok
19:00:31.0718 5012 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:00:31.0734 5012 BrUsbMdm - ok
19:00:31.0734 5012 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:00:31.0749 5012 BrUsbSer - ok
19:00:31.0765 5012 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:00:31.0780 5012 BTHMODEM - ok
19:00:31.0812 5012 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:00:31.0827 5012 bthserv - ok
19:00:31.0874 5012 catchme - ok
19:00:31.0890 5012 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:00:31.0905 5012 cdfs - ok
19:00:31.0952 5012 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:00:32.0030 5012 cdrom - ok
19:00:32.0061 5012 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:00:32.0124 5012 CertPropSvc - ok
19:00:32.0155 5012 [ 7FD604CD7A7A0FF8975AF61BDF64C577 ] cfwids C:\Windows\system32\drivers\cfwids.sys
19:00:32.0155 5012 cfwids - ok
19:00:32.0170 5012 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:00:32.0186 5012 circlass - ok
19:00:32.0202 5012 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:00:32.0202 5012 CLFS - ok
19:00:32.0248 5012 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:00:32.0248 5012 clr_optimization_v2.0.50727_32 - ok
19:00:32.0311 5012 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:00:32.0342 5012 clr_optimization_v4.0.30319_32 - ok
19:00:32.0358 5012 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:00:32.0373 5012 CmBatt - ok
19:00:32.0389 5012 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:00:32.0404 5012 cmdide - ok
19:00:32.0436 5012 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:00:32.0545 5012 CNG - ok
19:00:32.0576 5012 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:00:32.0576 5012 Compbatt - ok
19:00:32.0623 5012 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:00:32.0685 5012 CompositeBus - ok
19:00:32.0701 5012 COMSysApp - ok
19:00:32.0716 5012 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:00:32.0732 5012 crcdisk - ok
19:00:32.0763 5012 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:00:32.0826 5012 CryptSvc - ok
19:00:32.0857 5012 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:00:32.0935 5012 CSC - ok
19:00:32.0982 5012 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:00:32.0982 5012 CscService - ok
19:00:33.0044 5012 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
19:00:33.0122 5012 ctxusbm - ok
19:00:33.0138 5012 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:00:33.0153 5012 DcomLaunch - ok
19:00:33.0169 5012 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:00:33.0184 5012 defragsvc - ok
19:00:33.0216 5012 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:00:33.0294 5012 DfsC - ok
19:00:33.0340 5012 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:00:33.0387 5012 Dhcp - ok
19:00:33.0403 5012 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:00:33.0403 5012 discache - ok
19:00:33.0434 5012 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:00:33.0434 5012 Disk - ok
19:00:33.0465 5012 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:00:33.0528 5012 Dnscache - ok
19:00:33.0559 5012 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:00:33.0606 5012 dot3svc - ok
19:00:33.0637 5012 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:00:33.0637 5012 DPS - ok
19:00:33.0668 5012 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:00:33.0668 5012 drmkaud - ok
19:00:33.0699 5012 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:00:33.0808 5012 DXGKrnl - ok
19:00:33.0824 5012 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:00:33.0824 5012 EapHost - ok
19:00:33.0902 5012 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:00:34.0011 5012 ebdrv - ok
19:00:34.0042 5012 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:00:34.0120 5012 EFS - ok
19:00:34.0167 5012 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:00:34.0261 5012 ehRecvr - ok
19:00:34.0276 5012 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:00:34.0292 5012 ehSched - ok
19:00:34.0323 5012 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:00:34.0339 5012 elxstor - ok
19:00:34.0370 5012 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:00:34.0370 5012 ErrDev - ok
19:00:34.0401 5012 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:00:34.0401 5012 EventSystem - ok
19:00:34.0432 5012 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:00:34.0432 5012 exfat - ok
19:00:34.0448 5012 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:00:34.0464 5012 fastfat - ok
19:00:34.0510 5012 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:00:34.0604 5012 Fax - ok
19:00:34.0620 5012 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:00:34.0620 5012 fdc - ok
19:00:34.0635 5012 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:00:34.0651 5012 fdPHost - ok
19:00:34.0666 5012 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:00:34.0666 5012 FDResPub - ok
19:00:34.0682 5012 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:00:34.0698 5012 FileInfo - ok
19:00:34.0713 5012 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:00:34.0713 5012 Filetrace - ok
19:00:34.0729 5012 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:00:34.0744 5012 flpydisk - ok
19:00:34.0760 5012 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:00:34.0760 5012 FltMgr - ok
19:00:34.0807 5012 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:00:34.0822 5012 FontCache - ok
19:00:34.0854 5012 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:00:34.0869 5012 FontCache3.0.0.0 - ok
19:00:34.0885 5012 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:00:34.0900 5012 FsDepends - ok
19:00:34.0916 5012 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:00:34.0994 5012 Fs_Rec - ok
19:00:35.0025 5012 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:00:35.0025 5012 fvevol - ok
19:00:35.0041 5012 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:00:35.0056 5012 gagp30kx - ok
19:00:35.0103 5012 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:00:35.0119 5012 gpsvc - ok
19:00:35.0166 5012 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:00:35.0166 5012 gupdate - ok
19:00:35.0181 5012 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:00:35.0197 5012 gupdatem - ok
19:00:35.0244 5012 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:00:35.0322 5012 gusvc - ok
19:00:35.0337 5012 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:00:35.0353 5012 hcw85cir - ok
19:00:35.0400 5012 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:00:35.0587 5012 HdAudAddService - ok
19:00:35.0618 5012 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:00:35.0618 5012 HDAudBus - ok
19:00:35.0634 5012 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:00:35.0634 5012 HidBatt - ok
19:00:35.0649 5012 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:00:35.0665 5012 HidBth - ok
19:00:35.0680 5012 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:00:35.0696 5012 HidIr - ok
19:00:35.0712 5012 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
19:00:35.0712 5012 hidserv - ok
19:00:35.0743 5012 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:00:35.0883 5012 HidUsb - ok
19:00:35.0914 5012 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:00:35.0977 5012 hkmsvc - ok
19:00:36.0008 5012 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:00:36.0055 5012 HomeGroupListener - ok
19:00:36.0086 5012 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:00:36.0148 5012 HomeGroupProvider - ok
19:00:36.0180 5012 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:00:36.0195 5012 HpSAMD - ok
19:00:36.0242 5012 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:00:36.0258 5012 HTTP - ok
19:00:36.0273 5012 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:00:36.0289 5012 hwpolicy - ok
19:00:36.0304 5012 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:00:36.0304 5012 i8042prt - ok
19:00:36.0336 5012 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:00:36.0492 5012 iaStorV - ok
19:00:36.0538 5012 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:00:36.0648 5012 idsvc - ok
19:00:36.0788 5012 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:00:36.0866 5012 igfx - ok
19:00:36.0897 5012 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:00:36.0913 5012 iirsp - ok
19:00:36.0928 5012 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:00:37.0006 5012 IKEEXT - ok
19:00:37.0038 5012 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:00:37.0038 5012 intelide - ok
19:00:37.0053 5012 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:00:37.0053 5012 intelppm - ok
19:00:37.0069 5012 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:00:37.0084 5012 IPBusEnum - ok
19:00:37.0100 5012 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:00:37.0116 5012 IpFilterDriver - ok
19:00:37.0131 5012 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:00:37.0209 5012 iphlpsvc - ok
19:00:37.0225 5012 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:00:37.0303 5012 IPMIDRV - ok
19:00:37.0318 5012 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:00:37.0334 5012 IPNAT - ok
19:00:37.0334 5012 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:00:37.0350 5012 IRENUM - ok
19:00:37.0381 5012 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:00:37.0396 5012 isapnp - ok
19:00:37.0428 5012 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:00:37.0506 5012 iScsiPrt - ok
19:00:37.0521 5012 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:00:37.0521 5012 kbdclass - ok
19:00:37.0552 5012 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:00:37.0693 5012 kbdhid - ok
19:00:37.0708 5012 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:00:37.0708 5012 KeyIso - ok
19:00:37.0755 5012 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:00:37.0849 5012 KSecDD - ok
19:00:37.0880 5012 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:00:38.0020 5012 KSecPkg - ok
19:00:38.0052 5012 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:00:38.0067 5012 KtmRm - ok
19:00:38.0098 5012 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
19:00:38.0145 5012 LanmanServer - ok
19:00:38.0176 5012 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:00:38.0239 5012 LanmanWorkstation - ok
19:00:38.0270 5012 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:00:38.0270 5012 lltdio - ok
19:00:38.0286 5012 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:00:38.0301 5012 lltdsvc - ok
19:00:38.0317 5012 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:00:38.0332 5012 lmhosts - ok
19:00:38.0348 5012 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:00:38.0364 5012 LSI_FC - ok
19:00:38.0379 5012 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:00:38.0379 5012 LSI_SAS - ok
19:00:38.0395 5012 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:00:38.0410 5012 LSI_SAS2 - ok
19:00:38.0442 5012 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:00:38.0442 5012 LSI_SCSI - ok
19:00:38.0457 5012 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:00:38.0473 5012 luafv - ok
19:00:38.0551 5012 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:00:38.0551 5012 McAfee SiteAdvisor Service - ok
19:00:38.0676 5012 [ 1A77A98DFF5B43B1C50220E650C89BE6 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
19:00:38.0769 5012 McAWFwk - ok
19:00:38.0769 5012 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:00:38.0785 5012 McMPFSvc - ok
19:00:38.0785 5012 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:00:38.0785 5012 mcmscsvc - ok
19:00:38.0800 5012 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:00:38.0800 5012 McNaiAnn - ok
19:00:38.0832 5012 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:00:38.0832 5012 McNASvc - ok
19:00:38.0925 5012 [ ADA83A989D5822DAA5E2F62FDF118AC6 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
19:00:38.0941 5012 McODS - ok
19:00:38.0956 5012 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McOobeSv C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:00:38.0956 5012 McOobeSv - ok
19:00:38.0972 5012 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:00:38.0972 5012 McProxy - ok
19:00:39.0019 5012 [ F2861F8954D464F84C407A06A8D41D2F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:00:39.0019 5012 McShield - ok
19:00:39.0050 5012 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:00:39.0097 5012 Mcx2Svc - ok
19:00:39.0128 5012 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:00:39.0128 5012 megasas - ok
19:00:39.0144 5012 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:00:39.0159 5012 MegaSR - ok
19:00:39.0190 5012 [ 113445FC6A858EF453CDED5B0A0DF665 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
19:00:39.0190 5012 mfeapfk - ok
19:00:39.0237 5012 [ DBF6E1B388D5C070D438C61ADB990C30 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
19:00:39.0315 5012 mfeavfk - ok
19:00:39.0331 5012 mfeavfk01 - ok
19:00:39.0346 5012 [ A528B15E330EDB83EA649BE318D841D5 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
19:00:39.0362 5012 mfebopk - ok
19:00:39.0393 5012 [ A6DCD516F8C9E1DD3EAC10BA97EA42C1 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:00:39.0393 5012 mfefire - ok
19:00:39.0424 5012 [ C7DA1B8003C89ACEDAA13768F7A1C622 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
19:00:39.0424 5012 mfefirek - ok
19:00:39.0471 5012 [ 5E9679BB2FC4FA38EC8CA906C47ACD46 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
19:00:39.0565 5012 mfehidk - ok
19:00:39.0580 5012 [ 3A1AA28066785449DA570462E0532D0C ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
19:00:39.0658 5012 mfenlfk - ok
19:00:39.0690 5012 [ CE1711F7C3F72F6762ABD241DCFD5EE1 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
19:00:39.0768 5012 mferkdet - ok
19:00:39.0799 5012 [ 822BD7B6A2214EF6DB595579B583A4D3 ] mfevtp C:\Windows\system32\mfevtps.exe
19:00:39.0799 5012 mfevtp - ok
19:00:39.0830 5012 [ B2BAAC6BBEDDA3E26E82DB13FA0E5BEE ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
19:00:39.0908 5012 mfewfpk - ok
19:00:39.0939 5012 Microsoft SharePoint Workspace Audit Service - ok
19:00:39.0970 5012 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:00:39.0970 5012 MMCSS - ok
19:00:39.0986 5012 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:00:39.0986 5012 Modem - ok
19:00:40.0002 5012 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:00:40.0002 5012 monitor - ok
19:00:40.0017 5012 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:00:40.0033 5012 mouclass - ok
19:00:40.0048 5012 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:00:40.0064 5012 mouhid - ok
19:00:40.0095 5012 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:00:40.0095 5012 mountmgr - ok
19:00:40.0126 5012 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:00:40.0267 5012 mpio - ok
19:00:40.0282 5012 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:00:40.0282 5012 mpsdrv - ok
19:00:40.0329 5012 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:00:40.0407 5012 MpsSvc - ok
19:00:40.0438 5012 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:00:40.0594 5012 MRxDAV - ok
19:00:40.0610 5012 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:00:40.0750 5012 mrxsmb - ok
19:00:40.0782 5012 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:00:40.0922 5012 mrxsmb10 - ok
19:00:40.0938 5012 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:00:41.0062 5012 mrxsmb20 - ok
19:00:41.0094 5012 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:00:41.0234 5012 msahci - ok
19:00:41.0250 5012 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:00:41.0390 5012 msdsm - ok
19:00:41.0406 5012 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:00:41.0421 5012 MSDTC - ok
19:00:41.0437 5012 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:00:41.0452 5012 Msfs - ok
19:00:41.0468 5012 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:00:41.0468 5012 mshidkmdf - ok
19:00:41.0499 5012 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:00:41.0499 5012 msisadrv - ok
19:00:41.0546 5012 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:00:41.0562 5012 MSiSCSI - ok
19:00:41.0562 5012 msiserver - ok
19:00:41.0593 5012 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:00:41.0608 5012 MSKSSRV - ok
19:00:41.0624 5012 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:00:41.0640 5012 MSPCLOCK - ok
19:00:41.0655 5012 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:00:41.0655 5012 MSPQM - ok
19:00:41.0686 5012 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:00:41.0686 5012 MsRPC - ok
19:00:41.0718 5012 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:00:41.0718 5012 mssmbios - ok
19:00:41.0733 5012 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:00:41.0733 5012 MSTEE - ok
19:00:41.0764 5012 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:00:41.0780 5012 MTConfig - ok
19:00:41.0796 5012 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:00:41.0811 5012 Mup - ok
19:00:41.0842 5012 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:00:41.0858 5012 napagent - ok
19:00:41.0874 5012 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:00:41.0889 5012 NativeWifiP - ok
19:00:41.0952 5012 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:00:41.0952 5012 NDIS - ok
19:00:41.0983 5012 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:00:41.0983 5012 NdisCap - ok
19:00:42.0014 5012 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:00:42.0014 5012 NdisTapi - ok
19:00:42.0045 5012 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:00:42.0123 5012 Ndisuio - ok
19:00:42.0154 5012 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:00:42.0295 5012 NdisWan - ok
19:00:42.0310 5012 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:00:42.0388 5012 NDProxy - ok
19:00:42.0404 5012 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:00:42.0420 5012 NetBIOS - ok
19:00:42.0435 5012 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:00:42.0435 5012 NetBT - ok
19:00:42.0451 5012 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:00:42.0451 5012 Netlogon - ok
19:00:42.0482 5012 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:00:42.0498 5012 Netman - ok
19:00:42.0529 5012 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:00:42.0529 5012 netprofm - ok
19:00:42.0544 5012 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:00:42.0638 5012 NetTcpPortSharing - ok
19:00:42.0654 5012 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:00:42.0669 5012 nfrd960 - ok
19:00:42.0685 5012 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:00:42.0747 5012 NlaSvc - ok
19:00:42.0747 5012 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:00:42.0763 5012 Npfs - ok
19:00:42.0763 5012 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:00:42.0778 5012 nsi - ok
19:00:42.0794 5012 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:00:42.0794 5012 nsiproxy - ok
19:00:42.0856 5012 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:00:42.0966 5012 Ntfs - ok
19:00:42.0981 5012 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:00:42.0981 5012 Null - ok
19:00:43.0012 5012 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:00:43.0090 5012 nvraid - ok
19:00:43.0122 5012 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:00:43.0262 5012 nvstor - ok
19:00:43.0293 5012 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:00:43.0309 5012 nv_agp - ok
19:00:43.0340 5012 [ 19CAC780B858822055F46C58A111723C ] OEM02Dev C:\Windows\system32\DRIVERS\OEM02Dev.sys
19:00:43.0418 5012 OEM02Dev - ok
19:00:43.0434 5012 [ 86326062A90494BDD79CE383511D7D69 ] OEM02Vfx C:\Windows\system32\DRIVERS\OEM02Vfx.sys
19:00:43.0512 5012 OEM02Vfx - ok
19:00:43.0558 5012 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:00:43.0558 5012 ohci1394 - ok
19:00:43.0605 5012 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:00:43.0683 5012 ose - ok
19:00:43.0839 5012 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:00:43.0948 5012 osppsvc - ok
19:00:43.0964 5012 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:00:43.0995 5012 p2pimsvc - ok
19:00:44.0011 5012 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:00:44.0026 5012 p2psvc - ok
19:00:44.0058 5012 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:00:44.0058 5012 Parport - ok
19:00:44.0104 5012 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:00:44.0245 5012 partmgr - ok
19:00:44.0260 5012 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:00:44.0260 5012 Parvdm - ok
19:00:44.0276 5012 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:00:44.0292 5012 PcaSvc - ok
19:00:44.0307 5012 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:00:44.0385 5012 pci - ok
19:00:44.0432 5012 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:00:44.0448 5012 pciide - ok
19:00:44.0463 5012 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:00:44.0479 5012 pcmcia - ok
19:00:44.0494 5012 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:00:44.0494 5012 pcw - ok
19:00:44.0526 5012 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:00:44.0557 5012 PEAUTH - ok
19:00:44.0604 5012 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:00:44.0650 5012 PeerDistSvc - ok
19:00:44.0728 5012 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:00:44.0838 5012 pla - ok
19:00:44.0884 5012 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:00:44.0884 5012 PlugPlay - ok
19:00:44.0900 5012 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:00:44.0900 5012 PNRPAutoReg - ok
19:00:44.0916 5012 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:00:44.0916 5012 PNRPsvc - ok
19:00:44.0947 5012 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:00:45.0009 5012 PolicyAgent - ok
19:00:45.0040 5012 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:00:45.0040 5012 Power - ok
19:00:45.0056 5012 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:00:45.0072 5012 PptpMiniport - ok
19:00:45.0072 5012 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:00:45.0087 5012 Processor - ok
19:00:45.0118 5012 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:00:45.0181 5012 ProfSvc - ok
19:00:45.0196 5012 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:00:45.0196 5012 ProtectedStorage - ok
19:00:45.0212 5012 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:00:45.0212 5012 Psched - ok
19:00:45.0259 5012 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:00:45.0321 5012 ql2300 - ok
19:00:45.0337 5012 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:00:45.0352 5012 ql40xx - ok
19:00:45.0368 5012 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:00:45.0384 5012 QWAVE - ok
19:00:45.0399 5012 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:00:45.0415 5012 QWAVEdrv - ok
19:00:45.0430 5012 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:00:45.0446 5012 RasAcd - ok
19:00:45.0462 5012 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:00:45.0477 5012 RasAgileVpn - ok
19:00:45.0493 5012 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:00:45.0508 5012 RasAuto - ok
19:00:45.0508 5012 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:00:45.0524 5012 Rasl2tp - ok
19:00:45.0555 5012 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:00:45.0618 5012 RasMan - ok
19:00:45.0633 5012 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:00:45.0633 5012 RasPppoe - ok
19:00:45.0664 5012 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:00:45.0680 5012 RasSstp - ok
19:00:45.0696 5012 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:00:45.0852 5012 rdbss - ok
19:00:45.0867 5012 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:00:45.0883 5012 rdpbus - ok
19:00:45.0914 5012 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:00:45.0914 5012 RDPCDD - ok
19:00:45.0930 5012 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:00:46.0008 5012 RDPDR - ok
19:00:46.0023 5012 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:00:46.0023 5012 RDPENCDD - ok
19:00:46.0054 5012 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:00:46.0054 5012 RDPREFMP - ok
19:00:46.0101 5012 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:00:46.0242 5012 RDPWD - ok
19:00:46.0273 5012 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:00:46.0413 5012 rdyboost - ok
19:00:46.0429 5012 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:00:46.0444 5012 RemoteAccess - ok
19:00:46.0460 5012 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:00:46.0476 5012 RemoteRegistry - ok
19:00:46.0507 5012 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
19:00:46.0632 5012 rismxdp - ok
19:00:46.0647 5012 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:00:46.0663 5012 RpcEptMapper - ok
19:00:46.0694 5012 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:00:46.0694 5012 RpcLocator - ok
19:00:46.0725 5012 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:00:46.0725 5012 RpcSs - ok
19:00:46.0741 5012 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:00:46.0756 5012 rspndr - ok
19:00:46.0788 5012 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:00:46.0850 5012 s3cap - ok
19:00:46.0881 5012 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:00:46.0881 5012 SamSs - ok
19:00:46.0928 5012 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:00:47.0068 5012 sbp2port - ok
19:00:47.0100 5012 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:00:47.0100 5012 SCardSvr - ok
19:00:47.0115 5012 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:00:47.0178 5012 scfilter - ok
19:00:47.0224 5012 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:00:47.0318 5012 Schedule - ok
19:00:47.0334 5012 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:00:47.0334 5012 SCPolicySvc - ok
19:00:47.0380 5012 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
19:00:47.0505 5012 sdbus - ok
19:00:47.0536 5012 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:00:47.0599 5012 SDRSVC - ok
19:00:47.0614 5012 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:00:47.0614 5012 secdrv - ok
19:00:47.0630 5012 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:00:47.0646 5012 seclogon - ok
19:00:47.0661 5012 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
19:00:47.0661 5012 SENS - ok
19:00:47.0692 5012 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:00:47.0708 5012 SensrSvc - ok
19:00:47.0708 5012 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:00:47.0724 5012 Serenum - ok
19:00:47.0739 5012 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:00:47.0755 5012 Serial - ok
19:00:47.0786 5012 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:00:47.0786 5012 sermouse - ok
19:00:47.0833 5012 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:00:47.0895 5012 SessionEnv - ok
19:00:47.0911 5012 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:00:47.0926 5012 sffdisk - ok
19:00:47.0926 5012 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:00:47.0942 5012 sffp_mmc - ok
19:00:47.0958 5012 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:00:48.0020 5012 sffp_sd - ok
19:00:48.0036 5012 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:00:48.0051 5012 sfloppy - ok
19:00:48.0082 5012 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:00:48.0098 5012 SharedAccess - ok
19:00:48.0114 5012 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:00:48.0176 5012 ShellHWDetection - ok
19:00:48.0207 5012 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:00:48.0223 5012 sisagp - ok
19:00:48.0238 5012 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:00:48.0238 5012 SiSRaid2 - ok
19:00:48.0270 5012 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:00:48.0270 5012 SiSRaid4 - ok
19:00:48.0316 5012 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:00:57.0817 5012 SkypeUpdate - ok
19:00:57.0910 5012 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:00:57.0926 5012 Smb - ok
19:00:57.0973 5012 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:00:57.0988 5012 SNMPTRAP - ok
19:00:57.0988 5012 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:00:58.0004 5012 spldr - ok
19:00:58.0035 5012 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:00:58.0113 5012 Spooler - ok
19:00:58.0207 5012 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:00:58.0269 5012 sppsvc - ok
19:00:58.0300 5012 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:00:58.0347 5012 sppuinotify - ok
19:00:58.0394 5012 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:00:58.0534 5012 srv - ok
19:00:58.0550 5012 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:00:58.0722 5012 srv2 - ok
19:00:58.0753 5012 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:00:58.0784 5012 SrvHsfHDA - ok
19:00:58.0815 5012 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:00:58.0846 5012 SrvHsfV92 - ok
19:00:58.0878 5012 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:00:58.0893 5012 SrvHsfWinac - ok
19:00:58.0909 5012 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:00:59.0049 5012 srvnet - ok
19:00:59.0065 5012 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:00:59.0080 5012 SSDPSRV - ok
19:00:59.0112 5012 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:00:59.0127 5012 SstpSvc - ok
19:00:59.0158 5012 Steam Client Service - ok
19:00:59.0174 5012 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:00:59.0174 5012 stexstor - ok
19:00:59.0205 5012 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:00:59.0268 5012 StiSvc - ok
19:00:59.0283 5012 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:00:59.0361 5012 storflt - ok
19:00:59.0392 5012 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
19:00:59.0455 5012 StorSvc - ok
19:00:59.0470 5012 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:00:59.0533 5012 storvsc - ok
19:00:59.0548 5012 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:00:59.0564 5012 swenum - ok
19:00:59.0580 5012 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:00:59.0595 5012 swprv - ok
19:00:59.0642 5012 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:00:59.0736 5012 SysMain - ok
19:00:59.0767 5012 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:00:59.0814 5012 TabletInputService - ok
19:00:59.0845 5012 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:00:59.0907 5012 TapiSrv - ok
19:00:59.0923 5012 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:00:59.0938 5012 TBS - ok
19:01:00.0001 5012 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:01:00.0110 5012 Tcpip - ok
19:01:00.0157 5012 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:01:00.0157 5012 TCPIP6 - ok
19:01:00.0204 5012 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:01:00.0344 5012 tcpipreg - ok
19:01:00.0375 5012 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:01:00.0500 5012 TDPIPE - ok
19:01:00.0531 5012 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:01:00.0672 5012 TDTCP - ok
19:01:00.0703 5012 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:01:00.0843 5012 tdx - ok
19:01:00.0859 5012 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:01:00.0952 5012 TermDD - ok
19:01:00.0999 5012 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:01:01.0062 5012 TermService - ok
19:01:01.0077 5012 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:01:01.0093 5012 Themes - ok
19:01:01.0108 5012 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:01:01.0108 5012 THREADORDER - ok
19:01:01.0124 5012 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:01:01.0140 5012 TrkWks - ok
19:01:01.0171 5012 [ C11362058918CD38C8B8D3E265DA80F5 ] TrueSight C:\Windows\system32\drivers\TrueSight.sys
19:01:01.0327 5012 TrueSight - ok
19:01:01.0389 5012 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:01:01.0389 5012 TrustedInstaller - ok
19:01:01.0420 5012 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:01:01.0561 5012 tssecsrv - ok
19:01:01.0608 5012 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:01:01.0686 5012 TsUsbFlt - ok
19:01:01.0732 5012 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:01:01.0732 5012 tunnel - ok
19:01:01.0764 5012 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:01:01.0779 5012 uagp35 - ok
19:01:01.0810 5012 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:01:01.0873 5012 udfs - ok
19:01:01.0904 5012 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:01:01.0904 5012 UI0Detect - ok
19:01:01.0951 5012 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:01:01.0966 5012 uliagpkx - ok
19:01:02.0013 5012 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:01:02.0076 5012 umbus - ok
19:01:02.0091 5012 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:01:02.0091 5012 UmPass - ok
19:01:02.0138 5012 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:01:02.0185 5012 UmRdpService - ok
19:01:02.0216 5012 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:01:02.0232 5012 upnphost - ok
19:01:02.0263 5012 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:01:02.0341 5012 usbccgp - ok
19:01:02.0388 5012 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:01:02.0403 5012 usbcir - ok
19:01:02.0419 5012 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:01:02.0434 5012 usbehci - ok
19:01:02.0450 5012 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:01:02.0590 5012 usbhub - ok
19:01:02.0606 5012 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:01:02.0746 5012 usbohci - ok
19:01:02.0778 5012 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:01:02.0778 5012 usbprint - ok
19:01:02.0793 5012 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:01:02.0934 5012 USBSTOR - ok
19:01:02.0949 5012 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:01:02.0949 5012 usbuhci - ok
19:01:02.0980 5012 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:01:03.0105 5012 usbvideo - ok
19:01:03.0136 5012 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:01:03.0152 5012 UxSms - ok
19:01:03.0152 5012 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:01:03.0168 5012 VaultSvc - ok
19:01:03.0199 5012 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:01:03.0214 5012 vdrvroot - ok
19:01:03.0246 5012 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:01:03.0355 5012 vds - ok
19:01:03.0370 5012 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:01:03.0370 5012 vga - ok
19:01:03.0386 5012 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:01:03.0402 5012 VgaSave - ok
19:01:03.0433 5012 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:01:03.0511 5012 vhdmp - ok
19:01:03.0542 5012 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:01:03.0558 5012 viaagp - ok
19:01:03.0573 5012 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:01:03.0573 5012 ViaC7 - ok
19:01:03.0604 5012 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:01:03.0620 5012 viaide - ok
19:01:03.0651 5012 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:01:03.0729 5012 vmbus - ok
19:01:03.0776 5012 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:01:03.0838 5012 VMBusHID - ok
19:01:03.0854 5012 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:01:03.0932 5012 volmgr - ok
19:01:03.0963 5012 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:01:03.0963 5012 volmgrx - ok
19:01:04.0010 5012 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:01:04.0072 5012 volsnap - ok
19:01:04.0104 5012 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:01:04.0104 5012 vsmraid - ok
19:01:04.0150 5012 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:01:04.0166 5012 VSS - ok
19:01:04.0182 5012 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:01:04.0182 5012 vwifibus - ok
19:01:04.0213 5012 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:01:04.0228 5012 vwififlt - ok
19:01:04.0244 5012 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:01:04.0244 5012 vwifimp - ok
19:01:04.0291 5012 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:01:04.0306 5012 W32Time - ok
19:01:04.0322 5012 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:01:04.0338 5012 WacomPen - ok
19:01:04.0384 5012 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:01:04.0509 5012 WANARP - ok
19:01:04.0525 5012 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:01:04.0525 5012 Wanarpv6 - ok
19:01:04.0572 5012 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:01:04.0696 5012 WatAdminSvc - ok
19:01:04.0743 5012 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:01:04.0868 5012 wbengine - ok
19:01:04.0899 5012 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:01:04.0899 5012 WbioSrvc - ok
19:01:04.0946 5012 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:01:05.0008 5012 wcncsvc - ok
19:01:05.0024 5012 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:01:05.0024 5012 WcsPlugInService - ok
19:01:05.0040 5012 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:01:05.0055 5012 Wd - ok
19:01:05.0071 5012 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:01:05.0086 5012 Wdf01000 - ok
19:01:05.0102 5012 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:01:05.0118 5012 WdiServiceHost - ok
19:01:05.0118 5012 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:01:05.0118 5012 WdiSystemHost - ok
19:01:05.0164 5012 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:01:05.0227 5012 WebClient - ok
19:01:05.0242 5012 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:01:05.0258 5012 Wecsvc - ok
19:01:05.0274 5012 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:01:05.0289 5012 wercplsupport - ok
19:01:05.0305 5012 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:01:05.0320 5012 WerSvc - ok
19:01:05.0336 5012 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:01:05.0352 5012 WfpLwf - ok
19:01:05.0367 5012 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:01:05.0383 5012 WIMMount - ok
19:01:05.0445 5012 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:01:05.0461 5012 WinDefend - ok
19:01:05.0492 5012 WinHttpAutoProxySvc - ok
19:01:05.0539 5012 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:01:05.0539 5012 Winmgmt - ok
19:01:05.0586 5012 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:01:05.0679 5012 WinRM - ok
19:01:05.0742 5012 [ A67E5F9A400F3BD1BE3D80613B45F708 ] winusb C:\Windows\system32\DRIVERS\WinUsb.sys
19:01:05.0804 5012 winusb - ok
19:01:05.0851 5012 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:01:05.0882 5012 Wlansvc - ok
19:01:05.0929 5012 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:01:05.0929 5012 WmiAcpi - ok
19:01:05.0960 5012 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:01:05.0960 5012 wmiApSrv - ok
19:01:06.0022 5012 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:01:06.0147 5012 WMPNetworkSvc - ok
19:01:06.0163 5012 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:01:06.0178 5012 WPCSvc - ok
19:01:06.0210 5012 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:01:06.0272 5012 WPDBusEnum - ok
19:01:06.0288 5012 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:01:06.0288 5012 ws2ifsl - ok
19:01:06.0303 5012 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
19:01:06.0303 5012 wscsvc - ok
19:01:06.0319 5012 WSearch - ok
19:01:06.0397 5012 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:01:06.0444 5012 wuauserv - ok
19:01:06.0475 5012 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:01:06.0615 5012 WudfPf - ok
19:01:06.0646 5012 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:01:06.0787 5012 WUDFRd - ok
19:01:06.0818 5012 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:01:06.0880 5012 wudfsvc - ok
19:01:06.0896 5012 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:01:06.0927 5012 WwanSvc - ok
19:01:06.0974 5012 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
19:01:06.0974 5012 yukonw7 - ok
19:01:06.0990 5012 ================ Scan global ===============================
19:01:07.0036 5012 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:01:07.0114 5012 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:01:07.0192 5012 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:01:07.0208 5012 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:01:07.0239 5012 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:01:07.0239 5012 [Global] - ok
19:01:07.0255 5012 ================ Scan MBR ==================================
19:01:07.0255 5012 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:01:07.0504 5012 \Device\Harddisk0\DR0 - ok
19:01:07.0520 5012 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
19:01:07.0520 5012 \Device\Harddisk1\DR1 - ok
19:01:07.0520 5012 ================ Scan VBR ==================================
19:01:07.0536 5012 [ C2A6003168C7C62E576F66D8576D3F68 ] \Device\Harddisk0\DR0\Partition1
19:01:07.0536 5012 \Device\Harddisk0\DR0\Partition1 - ok
19:01:07.0551 5012 [ 36E312BAA1981049D99268D3E155E5BA ] \Device\Harddisk0\DR0\Partition2
19:01:07.0551 5012 \Device\Harddisk0\DR0\Partition2 - ok
19:01:07.0567 5012 [ CB4B25C43233A9984AB62CD903A2740D ] \Device\Harddisk1\DR1\Partition1
19:01:07.0567 5012 \Device\Harddisk1\DR1\Partition1 - ok
19:01:07.0567 5012 ============================================================
19:01:07.0567 5012 Scan finished
19:01:07.0567 5012 ============================================================
19:01:07.0582 4828 Detected object count: 0
19:01:07.0582 4828 Actual detected object count: 0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 16 October 2012 - 06:14 PM

hello


did you run the aswmbr report yet?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 asmdrap

asmdrap
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 16 October 2012 - 06:18 PM

was doing it - done now: (do I do fixmbr?)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-16 19:03:31
-----------------------------
19:03:31.430 OS Version: Windows 6.1.7601 Service Pack 1
19:03:31.430 Number of processors: 2 586 0xF0D
19:03:31.430 ComputerName: MOM-PC UserName: Mom
19:03:53.846 Initialize success
19:07:37.993 AVAST engine defs: 12101601
19:08:33.639 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
19:08:33.639 Disk 0 Vendor: WDC_WD3200BEKT-00KA9T0 01.01A01 Size: 305245MB BusType: 11
19:08:33.701 Disk 0 MBR read successfully
19:08:33.701 Disk 0 MBR scan
19:08:33.717 Disk 0 Windows 7 default MBR code
19:08:33.748 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:08:33.779 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
19:08:33.795 Disk 0 scanning sectors +625139712
19:08:33.873 Disk 0 scanning C:\Windows\system32\drivers
19:08:44.746 Service scanning
19:09:08.911 Modules scanning
19:09:15.432 Disk 0 trace - called modules:
19:09:15.447 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
19:09:15.463 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a93ac8]
19:09:15.478 3 CLASSPNP.SYS[8925e59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x855c8908]
19:09:16.414 AVAST engine scan C:\Windows
19:09:19.176 AVAST engine scan C:\Windows\system32
19:12:16.813 AVAST engine scan C:\Windows\system32\drivers
19:12:29.418 AVAST engine scan C:\Users\Mom
19:14:51.051 AVAST engine scan C:\ProgramData
19:15:42.967 Scan finished successfully
19:16:49.314 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Documents\MBR.dat"
19:16:49.330 The log file has been saved successfully to "C:\Users\Mom\Documents\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 16 October 2012 - 08:55 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users