Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Appear to have a virus


  • This topic is locked This topic is locked
23 replies to this topic

#1 tubbythebear

tubbythebear

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 17 October 2012 - 06:45 AM

Running Win 7 Pro 32 bit, all updates that I know of current.

Started having a lot of minor problems on about 10/13/12. It appeared there was a lot of internet activity when there shouldn't have been. But now it seems normal.

Using Comcast Norton Security Suite. I had version 5.2.x, which had apparently not updated to 6.x. Tried to run the LiveUpdate and nothing happened. Found out version 6 was out so went to Comcast to update. Update installed, but would not run LiveUpdate. So I got Norton removal tool, removed it, then reinstalled. LiveUpdate worked. Did a scan that found nothing significant - just tracking cookies. More weird stuff happened, so I tried to run it again, but would not do LiveUpdate. Ran scan in Safe Mode - nothing found. Ran the Norton rootkit tool - nothing found. Ran Trend Micro and Eset NOD32 online scans - nothing found.

Weird things happening:

LiveUpdate does not always work
Monitor resolution kept changing to lower resolution - now can't change at all (have ATI catalyst card).
No system restore points prior to 10/14 (2 total). Used to be more.
Firefox 10.0.8 or 16.0.1 opens with 2 windows and goes to httpS://www.google.com (secure) instead of http://www.google.com that it should go to.
Roboform does not show up in either Firefox or Internet Explorer as it should.
Firefox - all extensions are gone. Can't even find Extensions folder.

Unfortunately I don't have a system image prior to 10/14 when weekly backup done using Windows backup. Not enough disk space to save prior images, so image available is probably corrupted. Don't know how to keep a particular prior image.

DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Jack at 6:58:00 on 2012-10-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1592 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\ASDR.exe
C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\SlimDrivers\SlimDrivers.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SFT\GuardedID\GIDD.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Jack\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Jack\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\6.4.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\6.4.0.9\ips\ipsbho.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - c:\programdata\white sky, inc\id vault\iebho1.12.1002.3\NativeBHO.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\6.4.0.9\coieplg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Gadwin PrintScreen] "c:\program files\gadwin systems\printscreen\PrintScreen.exe" /nosplash
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Amazon Cloud Drive] c:\users\jack\appdata\local\amazon\cloud drive\AmazonCloudDrive.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Display] c:\program files\apc\powerchute personal edition\DataCollectionLauncher.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliType Pro] "c:\program files\microsoft device center\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft device center\ipoint.exe"
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
StartupFolder: c:\users\jack\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jack\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\jack\appdata\roaming\micros~1\windows\startm~1\programs\startup\shellf~1.lnk - c:\program files\shellfolderfix\ShellFolderFixUI.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\powerchute personal edition\Display.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{008C0D0A-E9EE-4D44-B6D0-DFC554B9DC17} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jack\appdata\roaming\mozilla\firefox\profiles\b8yo6d9s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=mpes
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4853b6d9-8684-445d-8eb2-4ac0510758be%7D&mid=d2bf0a16561d47d1a9b2d1544ff86bb0-7f475ade214d20fa2f181fdd27c38f5b8779875a&ds=ts024&v=10.0.0.7&lang=en&pr=sa&d=2012-02-25%2018%3A14%3A59&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-10-10 22:33; idvaultaddin@whitesky; c:\users\jack\appdata\roaming\mozilla\firefox\profiles\b8yo6d9s.default\extensions\idvaultaddin@whitesky
FF - ExtSQL: 2012-10-13 21:52; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\IPSFFPlgn
FF - ExtSQL: 2012-10-13 23:43; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\coFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604000.009\symds.sys [2012-10-13 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604000.009\symefa.sys [2012-10-13 924320]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-9-28 995488]
R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys [2012-10-13 132768]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2012-10-10 25232]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\ipsdefs\20121012.001\IDSvix86.sys [2012-10-12 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604000.009\ironx86.sys [2012-10-13 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0604000.009\symnets.sys [2012-10-13 318584]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-22 176128]
R2 APC Data Service;APC Data Service;c:\program files\apc\powerchute personal edition\dataserv.exe [2011-8-24 21880]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-10-3 61552]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\6.4.0.9\ccsvchst.exe [2012-10-13 138272]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-6-29 2735528]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-13 106656]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [2012-4-14 33280]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-8 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-10 39272]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-6-1 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-8 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-10-16 115168]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-9-5 12984]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-10 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-4 1343400]
.
=============== Created Last 30 ================
.
2012-10-17 01:27:08 8013680 ----a-w- c:\program files\mozilla firefox\Microsoft.mshtml.dll
2012-10-17 01:27:08 128624 ----a-w- c:\program files\mozilla firefox\CommonDotNET.dll
2012-10-17 01:27:08 104048 ----a-w- c:\program files\mozilla firefox\IdVaultCore.XmlSerializers.dll
2012-10-17 01:27:07 1721968 ----a-w- c:\program files\mozilla firefox\IdVaultCore.dll
2012-10-17 01:19:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-10-14 01:52:16 924320 ----a-w- c:\windows\system32\drivers\n360\0604000.009\symefa.sys
2012-10-14 01:52:16 574112 ----a-w- c:\windows\system32\drivers\n360\0604000.009\srtsp.sys
2012-10-14 01:52:16 340088 ----a-r- c:\windows\system32\drivers\n360\0604000.009\symds.sys
2012-10-14 01:52:16 32928 ----a-w- c:\windows\system32\drivers\n360\0604000.009\srtspx.sys
2012-10-14 01:52:16 318584 ----a-r- c:\windows\system32\drivers\n360\0604000.009\symnets.sys
2012-10-14 01:52:16 149624 ----a-r- c:\windows\system32\drivers\n360\0604000.009\ironx86.sys
2012-10-14 01:52:16 132768 ----a-w- c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys
2012-10-14 01:52:03 8942 ----a-w- c:\windows\system32\drivers\n360\0604000.009\symvtcer.dat
2012-10-14 00:48:17 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-14 00:48:17 -------- d-----w- c:\program files\Symantec
2012-10-14 00:48:17 -------- d-----w- c:\program files\common files\Symantec Shared
2012-10-14 00:47:32 -------- d-----w- c:\program files\Norton Security Suite
2012-10-14 00:47:27 -------- d-----w- c:\program files\NortonInstaller
2012-10-13 15:59:46 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-10-13 15:59:40 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d7e706f2-b3fe-4a63-9aa1-8acfa8b89352}\mpengine.dll
2012-10-11 03:17:49 -------- d-----w- c:\windows\system32\drivers\n360\0604000.009
2012-10-11 02:53:27 -------- d-----w- c:\windows\system32\drivers\N360
2012-10-11 02:33:37 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2012-10-11 02:33:28 -------- d-----w- c:\programdata\GID
2012-10-11 02:33:27 -------- d-----w- c:\program files\SFT
2012-10-11 00:05:30 -------- d-----w- c:\users\jack\appdata\roaming\Tific
2012-10-11 00:05:29 -------- d-----w- c:\users\jack\appdata\local\Symantec
2012-10-09 22:14:54 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 22:14:53 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 22:14:53 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 22:14:28 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 22:14:24 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 22:14:19 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-09 22:14:19 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-06 15:07:32 -------- d-----w- c:\program files\Microsoft Device Center
2012-09-28 22:13:59 -------- d-----w- c:\program files\iPod
2012-09-28 22:13:58 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-28 22:13:58 -------- d-----w- c:\program files\iTunes
2012-09-26 05:56:17 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
==================== Find3M ====================
.
2012-10-17 10:45:05 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-10-09 07:38:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 07:38:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 22:46:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 22:46:52 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-31 22:46:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
============= FINISH: 6:58:55.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 PM

Posted 17 October 2012 - 11:55 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tubbythebear

tubbythebear
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 18 October 2012 - 06:33 PM

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (2.0.0.1003)
JavaFX 2.1.1
Java 7 Update 7
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 tubbythebear

tubbythebear
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 18 October 2012 - 06:40 PM

# AdwCleaner v2.005 - Logfile created 10/18/2012 at 19:34:05
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Jack - JACK-PC
# Boot Mode : Normal
# Running from : C:\Users\Jack\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\b8yo6d9s.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B4853b6d9-8684-445d-8eb2-4ac0510758be%[...]

*************************

AdwCleaner[S1].txt - [1569 octets] - [18/10/2012 19:34:05]

########## EOF - C:\AdwCleaner[S1].txt - [1629 octets] ##########

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 PM

Posted 18 October 2012 - 06:47 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 tubbythebear

tubbythebear
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 18 October 2012 - 06:47 PM

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Jack [Admin rights]
Mode : Scan -- Date : 10/18/2012 19:45:52

Bad processes : 2
[SUSP PATH] AmazonCloudDrive.exe -- C:\Users\Jack\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe -> KILLED [TermProc]
[SUSP PATH] javaw.exe -- C:\Users\Jack\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe -> KILLED [TermProc]

Registry Entries : 5
[RUN][SUSP PATH] HKCU\[...]\Run : Amazon Cloud Drive (C:\Users\Jack\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2526848293-2330131860-2943383380-1000[...]\Run : Amazon Cloud Drive (C:\Users\Jack\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [LOADED]
SSDT[13] : NtAlertResumeThread @ 0x82F1BC99 -> HOOKED (Unknown @ 0x86EF2D90)
SSDT[14] : NtAlertThread @ 0x82E6EBE0 -> HOOKED (Unknown @ 0x86EF2EF0)
SSDT[19] : NtAllocateVirtualMemory @ 0x82E67BEC -> HOOKED (Unknown @ 0x86EEC8B8)
SSDT[22] : NtAlpcConnectPort @ 0x82EB344E -> HOOKED (Unknown @ 0x86E7F2C8)
SSDT[43] : NtAssignProcessToJobObject @ 0x82E3CFEE -> HOOKED (Unknown @ 0x86EF2538)
SSDT[74] : NtCreateMutant @ 0x82E4E2B2 -> HOOKED (Unknown @ 0x86EF2AE0)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E3F911 -> HOOKED (Unknown @ 0x86EF3E58)
SSDT[87] : NtCreateThread @ 0x82F19ECA -> HOOKED (Unknown @ 0x86EEF508)
SSDT[88] : NtCreateThreadEx @ 0x82EAE36B -> HOOKED (Unknown @ 0x86EF3F28)
SSDT[96] : NtDebugActiveProcess @ 0x82EEBD9A -> HOOKED (Unknown @ 0x86EF2618)
SSDT[111] : NtDuplicateObject @ 0x82E6F67A -> HOOKED (Unknown @ 0x86EEF1D0)
SSDT[131] : NtFreeVirtualMemory @ 0x82CF5AEC -> HOOKED (Unknown @ 0x86EEC690)
SSDT[145] : NtImpersonateAnonymousToken @ 0x82E338E0 -> HOOKED (Unknown @ 0x86EF2BD0)
SSDT[147] : NtImpersonateThread @ 0x82EB784C -> HOOKED (Unknown @ 0x86EF2CB0)
SSDT[155] : NtLoadDriver @ 0x82E03C20 -> HOOKED (Unknown @ 0x86E7F250)
SSDT[168] : NtMapViewOfSection @ 0x82E84532 -> HOOKED (Unknown @ 0x86EEC590)
SSDT[177] : NtOpenEvent @ 0x82E4DCAE -> HOOKED (Unknown @ 0x86EF2A00)
SSDT[190] : NtOpenProcess @ 0x82E4FAF8 -> HOOKED (Unknown @ 0x86EEF3B0)
SSDT[191] : NtOpenProcessToken @ 0x82EA223F -> HOOKED (Unknown @ 0x86EEF0F0)
SSDT[194] : NtOpenSection @ 0x82EA78BB -> HOOKED (Unknown @ 0x86EF2840)
SSDT[198] : NtOpenThread @ 0x82E9BFC3 -> HOOKED (Unknown @ 0x86EEF2C0)
SSDT[215] : NtProtectVirtualMemory @ 0x82E805A1 -> HOOKED (Unknown @ 0x86EF3008)
SSDT[304] : NtResumeThread @ 0x82EAE592 -> HOOKED (Unknown @ 0x86EF2FD0)
SSDT[316] : NtSetContextThread @ 0x82F1B745 -> HOOKED (Unknown @ 0x86EEC2E0)
SSDT[333] : NtSetInformationProcess @ 0x82E7678D -> HOOKED (Unknown @ 0x86EEC3C0)
SSDT[350] : NtSetSystemInformation @ 0x82E8C29A -> HOOKED (Unknown @ 0x86EF26F8)
SSDT[366] : NtSuspendProcess @ 0x82F1BBD3 -> HOOKED (Unknown @ 0x86EF2920)
SSDT[367] : NtSuspendThread @ 0x82ED3085 -> HOOKED (Unknown @ 0x86EEC120)
SSDT[370] : NtTerminateProcess @ 0x82E98BFB -> HOOKED (Unknown @ 0x86EEF608)
SSDT[371] : NtTerminateThread @ 0x82EB6584 -> HOOKED (Unknown @ 0x86EEC200)
SSDT[385] : NtUnmapViewOfSection @ 0x82EA287A -> HOOKED (Unknown @ 0x86EEC4B0)
SSDT[399] : NtWriteVirtualMemory @ 0x82E9D958 -> HOOKED (Unknown @ 0x86EEC780)
S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x87BFA528)
S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x87BFA2D8)
S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x87BFA218)
S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x87BFA398)
S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x87BFA458)
S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x87BF9F38)
S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x87BFA128)
S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x87BF9008)
S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x87BFA5E8)
S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x87BFA6B8)

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: WDC WD10EADS-00P6B0 ATA Device +++++
--- User ---
[MBR] a109eed9944bca1842f5ca06fa3b1d65
[BSP] 946b56611c10fbcb934187282284d51f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 PM

Posted 18 October 2012 - 06:59 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 tubbythebear

tubbythebear
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 18 October 2012 - 07:57 PM

On different computer. Had to uninstall Norton to let ComboFix run - norton killed combofix. Will take a while. will respond from infected computer when done.

#9 tubbythebear

tubbythebear
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 18 October 2012 - 08:19 PM

I can now set the screen resolution and it stays as I want it. Firefox starts with correct home page, not https as before. Roboform now shows up. I don't yet know how Norton will do. Need to reinstall from Comcast. Firefox addons appear to be lost. I will reinstall later.

Is my system OK now. Below is combofix log. I will wait until I hear from you.

ComboFix 12-10-18.03 - Jack 10/18/2012 20:45:15.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1968 [GMT -4:00]
Running from: c:\users\Jack\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\msstdfmt.dll
c:\windows\system32\SETE4D3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-19 01:06 . 2012-10-19 01:06 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-19 01:06 . 2012-10-19 01:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-17 01:19 . 2012-10-17 01:19 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-10-13 15:59 . 2012-09-19 04:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7E706F2-B3FE-4A63-9AA1-8ACFA8B89352}\mpengine.dll
2012-10-11 02:53 . 2012-10-14 03:43 -------- d-----w- c:\windows\system32\drivers\N360
2012-10-11 02:33 . 2011-07-05 14:24 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2012-10-11 02:33 . 2012-10-11 02:33 -------- d-----w- c:\programdata\GID
2012-10-11 02:33 . 2012-10-11 02:33 -------- d-----w- c:\program files\SFT
2012-10-11 00:05 . 2012-10-11 00:05 -------- d-----w- c:\users\Jack\AppData\Roaming\Tific
2012-10-11 00:05 . 2012-10-11 00:05 -------- d-----w- c:\users\Jack\AppData\Local\Symantec
2012-10-10 19:34 . 2012-10-10 19:34 -------- d-----w- c:\users\Guest\AppData\Local\Macromedia
2012-10-10 19:33 . 2012-10-10 19:33 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla
2012-10-10 19:32 . 2012-10-10 19:32 -------- d-----w- c:\users\Guest\AppData\Local\Deployment
2012-10-10 19:32 . 2012-10-10 19:32 -------- d-----w- c:\users\Guest\AppData\Local\Apps
2012-10-09 22:14 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 22:14 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 22:14 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 22:14 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 22:14 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 22:14 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-09 22:14 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-06 15:07 . 2012-10-06 15:07 -------- d-----w- c:\program files\Microsoft Device Center
2012-09-28 22:13 . 2012-09-28 22:13 -------- d-----w- c:\program files\iPod
2012-09-28 22:13 . 2012-09-28 22:14 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-28 22:13 . 2012-09-28 22:14 -------- d-----w- c:\program files\iTunes
2012-09-26 05:56 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-19 00:33 . 2011-09-05 16:23 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-10-09 07:38 . 2012-03-31 02:24 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 07:38 . 2011-12-24 17:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 22:46 . 2012-08-31 22:46 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 22:46 . 2012-07-11 01:40 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-31 22:46 . 2011-12-24 17:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-22 17:16 . 2012-09-12 13:31 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 13:31 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 13:31 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 13:31 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 16:57 . 2012-09-12 13:31 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-10-11 01:06 . 2012-10-17 01:18 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Amazon Cloud Drive"="c:\users\Jack\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-09-25 875512]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-09-08 109336]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-01 30192]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-23 98304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1109072]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 1629280]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
.
c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
ShellFolderFix.lnk - c:\program files\ShellFolderFix\ShellFolderFixUI.exe [2012-3-6 1819648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736]
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-10-3 5958768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 GIDv2;GIDv2; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 APC Data Service;APC Data Service;c:\program files\APC\PowerChute Personal Edition\dataserv.exe [x]
S2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 07:38]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-08 23:29]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-08 23:29]
.
2012-10-19 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2012-02-01 18:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\b8yo6d9s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=mpes
FF - ExtSQL: 2012-10-10 22:33; idvaultaddin@whitesky; c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\b8yo6d9s.default\extensions\idvaultaddin@whitesky
FF - ExtSQL: 2012-10-13 21:52; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn
FF - ExtSQL: 2012-10-13 23:43; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2526848293-2330131860-2943383380-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2526848293-2330131860-2943383380-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-18 21:07:38
ComboFix-quarantined-files.txt 2012-10-19 01:07
.
Pre-Run: 900,015,415,296 bytes free
Post-Run: 899,325,845,504 bytes free
.
- - End Of File - - 8DE00615800738B1E5DD9908FEC27ADE

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 PM

Posted 18 October 2012 - 08:36 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tubbythebear

tubbythebear
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 18 October 2012 - 10:43 PM

So far here is TDSSSkiller.


23:34:08.0094 4832 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
23:34:08.0453 4832 ============================================================
23:34:08.0453 4832 Current date / time: 2012/10/18 23:34:08.0453
23:34:08.0453 4832 SystemInfo:
23:34:08.0453 4832
23:34:08.0453 4832 OS Version: 6.1.7601 ServicePack: 1.0
23:34:08.0453 4832 Product type: Workstation
23:34:08.0453 4832 ComputerName: JACK-PC
23:34:08.0453 4832 UserName: Jack
23:34:08.0453 4832 Windows directory: C:\Windows
23:34:08.0453 4832 System windows directory: C:\Windows
23:34:08.0453 4832 Processor architecture: Intel x86
23:34:08.0453 4832 Number of processors: 4
23:34:08.0453 4832 Page size: 0x1000
23:34:08.0453 4832 Boot type: Normal boot
23:34:08.0453 4832 ============================================================
23:34:09.0295 4832 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:34:09.0342 4832 ============================================================
23:34:09.0342 4832 \Device\Harddisk0\DR0:
23:34:09.0342 4832 MBR partitions:
23:34:09.0342 4832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:34:09.0342 4832 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
23:34:09.0342 4832 ============================================================
23:34:09.0358 4832 C: <-> \Device\Harddisk0\DR0\Partition2
23:34:09.0358 4832 ============================================================
23:34:09.0358 4832 Initialize success
23:34:09.0358 4832 ============================================================
23:34:18.0047 5940 ============================================================
23:34:18.0047 5940 Scan started
23:34:18.0047 5940 Mode: Manual;
23:34:18.0047 5940 ============================================================
23:34:18.0702 5940 ================ Scan system memory ========================
23:34:18.0702 5940 System memory - ok
23:34:18.0702 5940 ================ Scan services =============================
23:34:18.0842 5940 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:34:18.0858 5940 1394ohci - ok
23:34:18.0874 5940 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:34:18.0874 5940 ACPI - ok
23:34:18.0889 5940 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:34:18.0889 5940 AcpiPmi - ok
23:34:18.0983 5940 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
23:34:18.0983 5940 AdobeActiveFileMonitor6.0 - ok
23:34:19.0092 5940 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:34:19.0092 5940 AdobeARMservice - ok
23:34:19.0154 5940 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:34:19.0154 5940 AdobeFlashPlayerUpdateSvc - ok
23:34:19.0186 5940 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:34:19.0186 5940 adp94xx - ok
23:34:19.0201 5940 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:34:19.0201 5940 adpahci - ok
23:34:19.0217 5940 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:34:19.0217 5940 adpu320 - ok
23:34:19.0248 5940 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:34:19.0248 5940 AeLookupSvc - ok
23:34:19.0295 5940 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
23:34:19.0295 5940 AFD - ok
23:34:19.0310 5940 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
23:34:19.0310 5940 agp440 - ok
23:34:19.0326 5940 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:34:19.0326 5940 aic78xx - ok
23:34:19.0342 5940 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:34:19.0342 5940 ALG - ok
23:34:19.0373 5940 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
23:34:19.0373 5940 aliide - ok
23:34:19.0404 5940 [ AEFEEE2E852F2774A4491C8EFA6C3B6E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:34:19.0404 5940 AMD External Events Utility - ok
23:34:19.0420 5940 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:34:19.0420 5940 amdagp - ok
23:34:19.0435 5940 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
23:34:19.0435 5940 amdide - ok
23:34:19.0451 5940 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:34:19.0451 5940 AmdK8 - ok
23:34:19.0622 5940 [ D05CF4523E0C04EF82454ABFD84FDC1D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:34:19.0747 5940 amdkmdag - ok
23:34:19.0763 5940 [ 92DC2E0AE49148F83B24D89C737B0C97 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:34:19.0763 5940 amdkmdap - ok
23:34:19.0778 5940 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:34:19.0778 5940 AmdPPM - ok
23:34:19.0810 5940 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:34:19.0810 5940 amdsata - ok
23:34:19.0825 5940 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:34:19.0825 5940 amdsbs - ok
23:34:19.0841 5940 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:34:19.0841 5940 amdxata - ok
23:34:19.0888 5940 [ 437A8FD32C54B9B072663127DF6F4A26 ] APC Data Service C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
23:34:19.0888 5940 APC Data Service - ok
23:34:19.0950 5940 [ 05111648D41351D1F0EBA05C9165B3DA ] APC UPS Service C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
23:34:19.0950 5940 APC UPS Service - ok
23:34:19.0981 5940 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
23:34:19.0997 5940 AppID - ok
23:34:20.0028 5940 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:34:20.0044 5940 AppIDSvc - ok
23:34:20.0075 5940 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
23:34:20.0075 5940 Appinfo - ok
23:34:20.0122 5940 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:34:20.0122 5940 Apple Mobile Device - ok
23:34:20.0153 5940 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
23:34:20.0153 5940 AppMgmt - ok
23:34:20.0168 5940 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:34:20.0168 5940 arc - ok
23:34:20.0184 5940 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:34:20.0184 5940 arcsas - ok
23:34:20.0215 5940 [ 4B720CC508B4FB999A7BF0E6D84F73E1 ] ASDR C:\Windows\System32\ASDR.exe
23:34:20.0215 5940 ASDR - ok
23:34:20.0246 5940 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:34:20.0246 5940 AsyncMac - ok
23:34:20.0262 5940 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
23:34:20.0262 5940 atapi - ok
23:34:20.0293 5940 [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
23:34:20.0293 5940 AtiHdmiService - ok
23:34:20.0434 5940 [ D05CF4523E0C04EF82454ABFD84FDC1D ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:34:20.0465 5940 atikmdag - ok
23:34:20.0512 5940 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:34:20.0512 5940 AudioEndpointBuilder - ok
23:34:20.0527 5940 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:34:20.0527 5940 Audiosrv - ok
23:34:20.0574 5940 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:34:20.0574 5940 AxInstSV - ok
23:34:20.0590 5940 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:34:20.0590 5940 b06bdrv - ok
23:34:20.0605 5940 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:34:20.0621 5940 b57nd60x - ok
23:34:20.0714 5940 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
23:34:20.0714 5940 BBSvc - ok
23:34:20.0761 5940 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
23:34:20.0761 5940 BBUpdate - ok
23:34:20.0792 5940 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:34:20.0792 5940 BDESVC - ok
23:34:20.0792 5940 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:34:20.0792 5940 Beep - ok
23:34:20.0839 5940 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
23:34:20.0839 5940 BFE - ok
23:34:20.0886 5940 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
23:34:20.0886 5940 BITS - ok
23:34:20.0902 5940 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:34:20.0902 5940 blbdrive - ok
23:34:20.0964 5940 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:34:20.0964 5940 Bonjour Service - ok
23:34:20.0980 5940 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:34:20.0980 5940 bowser - ok
23:34:20.0980 5940 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:34:20.0980 5940 BrFiltLo - ok
23:34:20.0995 5940 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:34:20.0995 5940 BrFiltUp - ok
23:34:21.0042 5940 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:34:21.0042 5940 BridgeMP - ok
23:34:21.0058 5940 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
23:34:21.0058 5940 Browser - ok
23:34:21.0089 5940 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:34:21.0089 5940 Brserid - ok
23:34:21.0104 5940 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:34:21.0104 5940 BrSerWdm - ok
23:34:21.0120 5940 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:34:21.0120 5940 BrUsbMdm - ok
23:34:21.0120 5940 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:34:21.0120 5940 BrUsbSer - ok
23:34:21.0136 5940 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:34:21.0136 5940 BTHMODEM - ok
23:34:21.0182 5940 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:34:21.0182 5940 bthserv - ok
23:34:21.0245 5940 catchme - ok
23:34:21.0260 5940 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:34:21.0260 5940 cdfs - ok
23:34:21.0307 5940 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:34:21.0307 5940 cdrom - ok
23:34:21.0354 5940 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
23:34:21.0354 5940 CertPropSvc - ok
23:34:21.0370 5940 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:34:21.0370 5940 circlass - ok
23:34:21.0385 5940 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:34:21.0385 5940 CLFS - ok
23:34:21.0448 5940 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:34:21.0448 5940 clr_optimization_v2.0.50727_32 - ok
23:34:21.0494 5940 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:34:21.0494 5940 clr_optimization_v4.0.30319_32 - ok
23:34:21.0510 5940 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:34:21.0510 5940 CmBatt - ok
23:34:21.0526 5940 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:34:21.0526 5940 cmdide - ok
23:34:21.0557 5940 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
23:34:21.0557 5940 CNG - ok
23:34:21.0572 5940 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:34:21.0572 5940 Compbatt - ok
23:34:21.0604 5940 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:34:21.0604 5940 CompositeBus - ok
23:34:21.0619 5940 COMSysApp - ok
23:34:21.0635 5940 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:34:21.0635 5940 crcdisk - ok
23:34:21.0666 5940 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:34:21.0666 5940 CryptSvc - ok
23:34:21.0697 5940 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
23:34:21.0713 5940 CSC - ok
23:34:21.0744 5940 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
23:34:21.0744 5940 CscService - ok
23:34:21.0791 5940 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
23:34:21.0791 5940 ctxusbm - ok
23:34:21.0838 5940 [ 0D11A47BD3380A5BD671DEA5C794F46C ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
23:34:21.0838 5940 dc3d - ok
23:34:21.0853 5940 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
23:34:21.0853 5940 DcomLaunch - ok
23:34:21.0869 5940 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:34:21.0884 5940 defragsvc - ok
23:34:21.0916 5940 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:34:21.0916 5940 DfsC - ok
23:34:21.0962 5940 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:34:21.0962 5940 Dhcp - ok
23:34:21.0978 5940 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:34:21.0978 5940 discache - ok
23:34:21.0994 5940 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:34:21.0994 5940 Disk - ok
23:34:22.0025 5940 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:34:22.0025 5940 Dnscache - ok
23:34:22.0056 5940 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
23:34:22.0056 5940 dot3svc - ok
23:34:22.0103 5940 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
23:34:22.0103 5940 DPS - ok
23:34:22.0118 5940 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:34:22.0118 5940 drmkaud - ok
23:34:22.0212 5940 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:34:22.0228 5940 DXGKrnl - ok
23:34:22.0321 5940 [ 0535BFBEDB9378DDD15BDF9957D57D71 ] e1express C:\Windows\system32\DRIVERS\e1e6232.sys
23:34:22.0321 5940 e1express - ok
23:34:22.0384 5940 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:34:22.0430 5940 EapHost - ok
23:34:22.0493 5940 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:34:22.0555 5940 ebdrv - ok
23:34:22.0571 5940 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
23:34:22.0571 5940 EFS - ok
23:34:22.0618 5940 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:34:22.0618 5940 ehRecvr - ok
23:34:22.0649 5940 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
23:34:22.0649 5940 ehSched - ok
23:34:22.0680 5940 [ 42584EC72495F4DA1704123A20AC1012 ] EIO C:\Windows\system32\DRIVERS\EIO.sys
23:34:22.0680 5940 EIO - ok
23:34:22.0711 5940 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:34:22.0711 5940 elxstor - ok
23:34:22.0727 5940 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:34:22.0727 5940 ErrDev - ok
23:34:22.0758 5940 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:34:22.0758 5940 EventSystem - ok
23:34:22.0774 5940 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:34:22.0774 5940 exfat - ok
23:34:22.0789 5940 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:34:22.0789 5940 fastfat - ok
23:34:22.0836 5940 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
23:34:22.0852 5940 Fax - ok
23:34:22.0867 5940 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:34:22.0867 5940 fdc - ok
23:34:22.0867 5940 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:34:22.0883 5940 fdPHost - ok
23:34:22.0883 5940 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:34:22.0883 5940 FDResPub - ok
23:34:22.0898 5940 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:34:22.0898 5940 FileInfo - ok
23:34:22.0898 5940 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:34:22.0898 5940 Filetrace - ok
23:34:22.0961 5940 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:34:22.0961 5940 FLEXnet Licensing Service - ok
23:34:22.0976 5940 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:34:22.0976 5940 flpydisk - ok
23:34:22.0992 5940 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:34:23.0008 5940 FltMgr - ok
23:34:23.0039 5940 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
23:34:23.0039 5940 FontCache - ok
23:34:23.0086 5940 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:34:23.0086 5940 FontCache3.0.0.0 - ok
23:34:23.0101 5940 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:34:23.0101 5940 FsDepends - ok
23:34:23.0132 5940 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
23:34:23.0132 5940 fssfltr - ok
23:34:23.0164 5940 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:34:23.0179 5940 Fs_Rec - ok
23:34:23.0195 5940 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:34:23.0195 5940 fvevol - ok
23:34:23.0226 5940 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:34:23.0242 5940 gagp30kx - ok
23:34:23.0273 5940 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:34:23.0273 5940 GEARAspiWDM - ok
23:34:23.0304 5940 [ 20F6C49E2C410FCD32D781F521579BF5 ] GIDv2 C:\Windows\system32\drivers\GIDv2.sys
23:34:23.0304 5940 GIDv2 - ok
23:34:23.0351 5940 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:34:23.0351 5940 GoogleDesktopManager-051210-111108 - ok
23:34:23.0382 5940 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
23:34:23.0398 5940 gpsvc - ok
23:34:23.0476 5940 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:34:23.0476 5940 gupdate - ok
23:34:23.0476 5940 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:34:23.0476 5940 gupdatem - ok
23:34:23.0491 5940 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:34:23.0491 5940 hcw85cir - ok
23:34:23.0522 5940 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:34:23.0522 5940 HdAudAddService - ok
23:34:23.0538 5940 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:34:23.0538 5940 HDAudBus - ok
23:34:23.0554 5940 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:34:23.0554 5940 HidBatt - ok
23:34:23.0569 5940 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:34:23.0569 5940 HidBth - ok
23:34:23.0569 5940 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:34:23.0569 5940 HidIr - ok
23:34:23.0600 5940 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
23:34:23.0600 5940 hidserv - ok
23:34:23.0647 5940 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:34:23.0647 5940 HidUsb - ok
23:34:23.0678 5940 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:34:23.0678 5940 hkmsvc - ok
23:34:23.0710 5940 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:34:23.0710 5940 HomeGroupListener - ok
23:34:23.0741 5940 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:34:23.0741 5940 HomeGroupProvider - ok
23:34:23.0756 5940 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:34:23.0756 5940 HpSAMD - ok
23:34:23.0788 5940 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:34:23.0803 5940 HTTP - ok
23:34:23.0803 5940 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:34:23.0819 5940 hwpolicy - ok
23:34:23.0834 5940 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:34:23.0834 5940 i8042prt - ok
23:34:23.0881 5940 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:34:23.0881 5940 iaStorV - ok
23:34:23.0944 5940 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:34:23.0944 5940 IDriverT - ok
23:34:23.0990 5940 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:34:24.0006 5940 idsvc - ok
23:34:24.0068 5940 [ 6A6CDC596E0B56808D25B524400EC774 ] IDVaultSvc C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
23:34:24.0068 5940 IDVaultSvc - ok
23:34:24.0100 5940 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:34:24.0100 5940 iirsp - ok
23:34:24.0146 5940 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
23:34:24.0146 5940 IKEEXT - ok
23:34:24.0162 5940 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
23:34:24.0162 5940 intelide - ok
23:34:24.0178 5940 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:34:24.0178 5940 intelppm - ok
23:34:24.0224 5940 [ 7F4D4971E87C3C2563F86A4232F56A60 ] IOMap C:\Windows\system32\drivers\IOMap.sys
23:34:24.0224 5940 IOMap - ok
23:34:24.0240 5940 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:34:24.0240 5940 IPBusEnum - ok
23:34:24.0271 5940 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:34:24.0271 5940 IpFilterDriver - ok
23:34:24.0302 5940 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:34:24.0318 5940 iphlpsvc - ok
23:34:24.0334 5940 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:34:24.0334 5940 IPMIDRV - ok
23:34:24.0349 5940 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:34:24.0365 5940 IPNAT - ok
23:34:24.0412 5940 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:34:24.0412 5940 iPod Service - ok
23:34:24.0443 5940 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:34:24.0443 5940 IRENUM - ok
23:34:24.0458 5940 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:34:24.0458 5940 isapnp - ok
23:34:24.0474 5940 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:34:24.0474 5940 iScsiPrt - ok
23:34:24.0505 5940 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:34:24.0505 5940 kbdclass - ok
23:34:24.0536 5940 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:34:24.0536 5940 kbdhid - ok
23:34:24.0536 5940 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
23:34:24.0552 5940 KeyIso - ok
23:34:24.0568 5940 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:34:24.0568 5940 KSecDD - ok
23:34:24.0614 5940 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:34:24.0614 5940 KSecPkg - ok
23:34:24.0646 5940 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:34:24.0646 5940 KtmRm - ok
23:34:24.0661 5940 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
23:34:24.0661 5940 LanmanServer - ok
23:34:24.0692 5940 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:34:24.0692 5940 LanmanWorkstation - ok
23:34:24.0739 5940 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:34:24.0739 5940 lltdio - ok
23:34:24.0770 5940 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:34:24.0770 5940 lltdsvc - ok
23:34:24.0802 5940 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:34:24.0802 5940 lmhosts - ok
23:34:24.0817 5940 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:34:24.0817 5940 LSI_FC - ok
23:34:24.0833 5940 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:34:24.0833 5940 LSI_SAS - ok
23:34:24.0848 5940 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:34:24.0848 5940 LSI_SAS2 - ok
23:34:24.0864 5940 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:34:24.0864 5940 LSI_SCSI - ok
23:34:24.0880 5940 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:34:24.0880 5940 luafv - ok
23:34:24.0911 5940 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:34:24.0911 5940 Mcx2Svc - ok
23:34:24.0926 5940 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:34:24.0926 5940 megasas - ok
23:34:24.0942 5940 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:34:24.0942 5940 MegaSR - ok
23:34:24.0958 5940 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:34:24.0973 5940 MMCSS - ok
23:34:24.0989 5940 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:34:24.0989 5940 Modem - ok
23:34:25.0004 5940 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:34:25.0004 5940 monitor - ok
23:34:25.0020 5940 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:34:25.0020 5940 mouclass - ok
23:34:25.0036 5940 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:34:25.0036 5940 mouhid - ok
23:34:25.0082 5940 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:34:25.0082 5940 mountmgr - ok
23:34:25.0176 5940 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:34:25.0176 5940 MozillaMaintenance - ok
23:34:25.0207 5940 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
23:34:25.0207 5940 mpio - ok
23:34:25.0223 5940 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:34:25.0223 5940 mpsdrv - ok
23:34:25.0270 5940 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:34:25.0270 5940 MpsSvc - ok
23:34:25.0301 5940 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:34:25.0301 5940 MRxDAV - ok
23:34:25.0332 5940 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:34:25.0332 5940 mrxsmb - ok
23:34:25.0348 5940 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:34:25.0348 5940 mrxsmb10 - ok
23:34:25.0363 5940 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:34:25.0363 5940 mrxsmb20 - ok
23:34:25.0379 5940 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
23:34:25.0394 5940 msahci - ok
23:34:25.0410 5940 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:34:25.0410 5940 msdsm - ok
23:34:25.0426 5940 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:34:25.0426 5940 MSDTC - ok
23:34:25.0441 5940 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:34:25.0441 5940 Msfs - ok
23:34:25.0457 5940 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:34:25.0457 5940 mshidkmdf - ok
23:34:25.0472 5940 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:34:25.0472 5940 msisadrv - ok
23:34:25.0504 5940 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:34:25.0504 5940 MSiSCSI - ok
23:34:25.0519 5940 msiserver - ok
23:34:25.0535 5940 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:34:25.0535 5940 MSKSSRV - ok
23:34:25.0550 5940 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:34:25.0550 5940 MSPCLOCK - ok
23:34:25.0566 5940 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:34:25.0566 5940 MSPQM - ok
23:34:25.0582 5940 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:34:25.0582 5940 MsRPC - ok
23:34:25.0597 5940 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:34:25.0597 5940 mssmbios - ok
23:34:25.0613 5940 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:34:25.0613 5940 MSTEE - ok
23:34:25.0628 5940 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:34:25.0628 5940 MTConfig - ok
23:34:25.0644 5940 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:34:25.0644 5940 Mup - ok
23:34:25.0675 5940 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
23:34:25.0675 5940 napagent - ok
23:34:25.0691 5940 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:34:25.0706 5940 NativeWifiP - ok
23:34:25.0753 5940 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:34:25.0753 5940 NDIS - ok
23:34:25.0784 5940 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:34:25.0784 5940 NdisCap - ok
23:34:25.0784 5940 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:34:25.0784 5940 NdisTapi - ok
23:34:25.0816 5940 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:34:25.0816 5940 Ndisuio - ok
23:34:25.0847 5940 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:34:25.0847 5940 NdisWan - ok
23:34:25.0878 5940 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:34:25.0878 5940 NDProxy - ok
23:34:25.0894 5940 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:34:25.0894 5940 NetBIOS - ok
23:34:25.0909 5940 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:34:25.0925 5940 NetBT - ok
23:34:25.0925 5940 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
23:34:25.0940 5940 Netlogon - ok
23:34:25.0987 5940 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:34:25.0987 5940 Netman - ok
23:34:26.0003 5940 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:34:26.0003 5940 netprofm - ok
23:34:26.0050 5940 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:34:26.0050 5940 NetTcpPortSharing - ok
23:34:26.0065 5940 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:34:26.0065 5940 nfrd960 - ok
23:34:26.0112 5940 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:34:26.0112 5940 NlaSvc - ok
23:34:26.0128 5940 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:34:26.0128 5940 Npfs - ok
23:34:26.0128 5940 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:34:26.0128 5940 nsi - ok
23:34:26.0143 5940 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:34:26.0143 5940 nsiproxy - ok
23:34:26.0190 5940 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:34:26.0206 5940 Ntfs - ok
23:34:26.0221 5940 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:34:26.0221 5940 Null - ok
23:34:26.0252 5940 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:34:26.0252 5940 nvraid - ok
23:34:26.0268 5940 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:34:26.0268 5940 nvstor - ok
23:34:26.0299 5940 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:34:26.0299 5940 nv_agp - ok
23:34:26.0315 5940 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:34:26.0315 5940 ohci1394 - ok
23:34:26.0346 5940 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:34:26.0346 5940 p2pimsvc - ok
23:34:26.0362 5940 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:34:26.0377 5940 p2psvc - ok
23:34:26.0377 5940 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:34:26.0377 5940 Parport - ok
23:34:26.0408 5940 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:34:26.0408 5940 partmgr - ok
23:34:26.0424 5940 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:34:26.0424 5940 Parvdm - ok
23:34:26.0424 5940 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:34:26.0424 5940 PcaSvc - ok
23:34:26.0440 5940 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
23:34:26.0440 5940 pci - ok
23:34:26.0471 5940 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
23:34:26.0471 5940 pciide - ok
23:34:26.0486 5940 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:34:26.0486 5940 pcmcia - ok
23:34:26.0502 5940 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:34:26.0502 5940 pcw - ok
23:34:26.0533 5940 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:34:26.0533 5940 PEAUTH - ok
23:34:26.0580 5940 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:34:26.0596 5940 PeerDistSvc - ok
23:34:26.0658 5940 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
23:34:26.0689 5940 pla - ok
23:34:26.0720 5940 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:34:26.0720 5940 PlugPlay - ok
23:34:26.0736 5940 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:34:26.0736 5940 PNRPAutoReg - ok
23:34:26.0752 5940 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:34:26.0752 5940 PNRPsvc - ok
23:34:26.0798 5940 [ 4B30EE7037EA1529F5FC80DE5DC42A30 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
23:34:26.0798 5940 Point32 - ok
23:34:26.0798 5940 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:34:26.0798 5940 PolicyAgent - ok
23:34:26.0845 5940 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
23:34:26.0845 5940 Power - ok
23:34:26.0861 5940 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:34:26.0861 5940 PptpMiniport - ok
23:34:26.0876 5940 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:34:26.0876 5940 Processor - ok
23:34:26.0923 5940 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
23:34:26.0923 5940 ProfSvc - ok
23:34:26.0923 5940 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:34:26.0923 5940 ProtectedStorage - ok
23:34:26.0939 5940 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:34:26.0939 5940 Psched - ok
23:34:26.0970 5940 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
23:34:26.0970 5940 PSI - ok
23:34:27.0001 5940 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:34:27.0017 5940 PxHelp20 - ok
23:34:27.0048 5940 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:34:27.0064 5940 ql2300 - ok
23:34:27.0079 5940 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:34:27.0079 5940 ql40xx - ok
23:34:27.0110 5940 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:34:27.0110 5940 QWAVE - ok
23:34:27.0126 5940 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:34:27.0126 5940 QWAVEdrv - ok
23:34:27.0142 5940 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:34:27.0157 5940 RasAcd - ok
23:34:27.0173 5940 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:34:27.0173 5940 RasAgileVpn - ok
23:34:27.0173 5940 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:34:27.0188 5940 RasAuto - ok
23:34:27.0188 5940 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:34:27.0188 5940 Rasl2tp - ok
23:34:27.0235 5940 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
23:34:27.0235 5940 RasMan - ok
23:34:27.0251 5940 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:34:27.0251 5940 RasPppoe - ok
23:34:27.0251 5940 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:34:27.0251 5940 RasSstp - ok
23:34:27.0282 5940 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:34:27.0298 5940 rdbss - ok
23:34:27.0313 5940 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:34:27.0313 5940 rdpbus - ok
23:34:27.0329 5940 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:34:27.0329 5940 RDPCDD - ok
23:34:27.0376 5940 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:34:27.0376 5940 RDPDR - ok
23:34:27.0391 5940 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:34:27.0391 5940 RDPENCDD - ok
23:34:27.0407 5940 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:34:27.0407 5940 RDPREFMP - ok
23:34:27.0438 5940 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:34:27.0516 5940 RDPWD - ok
23:34:27.0547 5940 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:34:27.0547 5940 rdyboost - ok
23:34:27.0563 5940 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:34:27.0578 5940 RemoteAccess - ok
23:34:27.0578 5940 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:34:27.0578 5940 RemoteRegistry - ok
23:34:27.0610 5940 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:34:27.0610 5940 RpcEptMapper - ok
23:34:27.0625 5940 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:34:27.0625 5940 RpcLocator - ok
23:34:27.0641 5940 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
23:34:27.0656 5940 RpcSs - ok
23:34:27.0656 5940 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:34:27.0656 5940 rspndr - ok
23:34:27.0688 5940 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:34:27.0688 5940 s3cap - ok
23:34:27.0703 5940 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
23:34:27.0703 5940 SamSs - ok
23:34:27.0719 5940 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:34:27.0719 5940 sbp2port - ok
23:34:27.0734 5940 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:34:27.0734 5940 SCardSvr - ok
23:34:27.0750 5940 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:34:27.0750 5940 scfilter - ok
23:34:27.0797 5940 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
23:34:27.0797 5940 Schedule - ok
23:34:27.0812 5940 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:34:27.0812 5940 SCPolicySvc - ok
23:34:27.0844 5940 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:34:27.0844 5940 SDRSVC - ok
23:34:27.0859 5940 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:34:27.0859 5940 secdrv - ok
23:34:27.0875 5940 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:34:27.0875 5940 seclogon - ok
23:34:27.0922 5940 [ 1CE8490E8919EF5C72275952C202E749 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
23:34:27.0937 5940 Secunia PSI Agent - ok
23:34:27.0953 5940 [ 9337C7C45392A32CAC5E59DDAC0D0342 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
23:34:27.0953 5940 Secunia Update Agent - ok
23:34:27.0968 5940 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
23:34:27.0968 5940 SENS - ok
23:34:28.0000 5940 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:34:28.0000 5940 SensrSvc - ok
23:34:28.0000 5940 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:34:28.0015 5940 Serenum - ok
23:34:28.0031 5940 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:34:28.0031 5940 Serial - ok
23:34:28.0046 5940 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:34:28.0046 5940 sermouse - ok
23:34:28.0093 5940 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
23:34:28.0093 5940 SessionEnv - ok
23:34:28.0124 5940 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:34:28.0124 5940 sffdisk - ok
23:34:28.0140 5940 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:34:28.0140 5940 sffp_mmc - ok
23:34:28.0156 5940 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:34:28.0156 5940 sffp_sd - ok
23:34:28.0171 5940 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:34:28.0171 5940 sfloppy - ok
23:34:28.0202 5940 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:34:28.0202 5940 SharedAccess - ok
23:34:28.0218 5940 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:34:28.0234 5940 ShellHWDetection - ok
23:34:28.0249 5940 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:34:28.0249 5940 sisagp - ok
23:34:28.0280 5940 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:34:28.0280 5940 SiSRaid2 - ok
23:34:28.0296 5940 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:34:28.0296 5940 SiSRaid4 - ok
23:34:28.0312 5940 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:34:28.0312 5940 Smb - ok
23:34:28.0343 5940 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:34:28.0343 5940 SNMPTRAP - ok
23:34:28.0358 5940 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:34:28.0358 5940 spldr - ok
23:34:28.0390 5940 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
23:34:28.0390 5940 Spooler - ok
23:34:28.0483 5940 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
23:34:28.0530 5940 sppsvc - ok
23:34:28.0561 5940 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:34:28.0561 5940 sppuinotify - ok
23:34:28.0592 5940 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:34:28.0592 5940 srv - ok
23:34:28.0608 5940 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:34:28.0624 5940 srv2 - ok
23:34:28.0624 5940 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:34:28.0624 5940 srvnet - ok
23:34:28.0639 5940 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:34:28.0639 5940 SSDPSRV - ok
23:34:28.0655 5940 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:34:28.0670 5940 SstpSvc - ok
23:34:28.0686 5940 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:34:28.0686 5940 stexstor - ok
23:34:28.0702 5940 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
23:34:28.0717 5940 StiSvc - ok
23:34:28.0733 5940 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:34:28.0733 5940 storflt - ok
23:34:28.0764 5940 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
23:34:28.0764 5940 StorSvc - ok
23:34:28.0780 5940 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:34:28.0780 5940 storvsc - ok
23:34:28.0842 5940 [ 6ED7ABF6CB1E6EC0DEBB53E0F104ED64 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
23:34:28.0842 5940 SWDUMon - ok
23:34:28.0842 5940 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
23:34:28.0842 5940 swenum - ok
23:34:28.0858 5940 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:34:28.0873 5940 swprv - ok
23:34:28.0904 5940 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
23:34:28.0920 5940 SysMain - ok
23:34:28.0936 5940 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:34:28.0936 5940 TabletInputService - ok
23:34:28.0982 5940 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
23:34:28.0982 5940 TapiSrv - ok
23:34:28.0982 5940 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:34:28.0982 5940 TBS - ok
23:34:29.0045 5940 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:34:29.0060 5940 Tcpip - ok
23:34:29.0107 5940 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:34:29.0107 5940 TCPIP6 - ok
23:34:29.0138 5940 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:34:29.0138 5940 tcpipreg - ok
23:34:29.0170 5940 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:34:29.0170 5940 TDPIPE - ok
23:34:29.0201 5940 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:34:29.0201 5940 TDTCP - ok
23:34:29.0216 5940 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:34:29.0216 5940 tdx - ok
23:34:29.0326 5940 [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
23:34:29.0341 5940 TeamViewer7 - ok
23:34:29.0372 5940 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:34:29.0372 5940 TermDD - ok
23:34:29.0404 5940 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
23:34:29.0419 5940 TermService - ok
23:34:29.0419 5940 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:34:29.0435 5940 Themes - ok
23:34:29.0435 5940 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:34:29.0450 5940 THREADORDER - ok
23:34:29.0450 5940 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:34:29.0466 5940 TrkWks - ok
23:34:29.0513 5940 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:34:29.0513 5940 TrustedInstaller - ok
23:34:29.0544 5940 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:34:29.0544 5940 tssecsrv - ok
23:34:29.0591 5940 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:34:29.0591 5940 TsUsbFlt - ok
23:34:29.0622 5940 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:34:29.0622 5940 tunnel - ok
23:34:29.0653 5940 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:34:29.0653 5940 uagp35 - ok
23:34:29.0669 5940 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:34:29.0684 5940 udfs - ok
23:34:29.0700 5940 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:34:29.0700 5940 UI0Detect - ok
23:34:29.0716 5940 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:34:29.0716 5940 uliagpkx - ok
23:34:29.0731 5940 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
23:34:29.0731 5940 umbus - ok
23:34:29.0747 5940 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:34:29.0747 5940 UmPass - ok
23:34:29.0778 5940 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
23:34:29.0794 5940 UmRdpService - ok
23:34:29.0809 5940 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:34:29.0825 5940 upnphost - ok
23:34:29.0856 5940 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:34:29.0856 5940 USBAAPL - ok
23:34:29.0872 5940 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:34:29.0872 5940 usbccgp - ok
23:34:29.0903 5940 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:34:29.0903 5940 usbcir - ok
23:34:29.0918 5940 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:34:29.0918 5940 usbehci - ok
23:34:29.0934 5940 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:34:29.0934 5940 usbhub - ok
23:34:29.0950 5940 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:34:29.0950 5940 usbohci - ok
23:34:29.0965 5940 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:34:29.0965 5940 usbprint - ok
23:34:29.0981 5940 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:34:29.0981 5940 USBSTOR - ok
23:34:29.0996 5940 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:34:29.0996 5940 usbuhci - ok
23:34:30.0012 5940 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:34:30.0012 5940 UxSms - ok
23:34:30.0028 5940 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
23:34:30.0028 5940 VaultSvc - ok
23:34:30.0028 5940 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:34:30.0028 5940 vdrvroot - ok
23:34:30.0074 5940 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
23:34:30.0074 5940 vds - ok
23:34:30.0106 5940 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:34:30.0106 5940 vga - ok
23:34:30.0106 5940 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:34:30.0106 5940 VgaSave - ok
23:34:30.0137 5940 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:34:30.0137 5940 vhdmp - ok
23:34:30.0168 5940 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:34:30.0168 5940 viaagp - ok
23:34:30.0184 5940 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:34:30.0184 5940 ViaC7 - ok
23:34:30.0199 5940 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
23:34:30.0199 5940 viaide - ok
23:34:30.0230 5940 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:34:30.0230 5940 vmbus - ok
23:34:30.0246 5940 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:34:30.0246 5940 VMBusHID - ok
23:34:30.0262 5940 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:34:30.0262 5940 volmgr - ok
23:34:30.0277 5940 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:34:30.0277 5940 volmgrx - ok
23:34:30.0293 5940 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:34:30.0293 5940 volsnap - ok
23:34:30.0308 5940 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:34:30.0308 5940 vsmraid - ok
23:34:30.0355 5940 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
23:34:30.0371 5940 VSS - ok
23:34:30.0402 5940 [ 682FCF7D2EB5158CD30408E976562408 ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
23:34:30.0402 5940 VSTHWBS2 - ok
23:34:30.0418 5940 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:34:30.0433 5940 VST_DPV - ok
23:34:30.0433 5940 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:34:30.0433 5940 vwifibus - ok
23:34:30.0464 5940 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:34:30.0480 5940 W32Time - ok
23:34:30.0480 5940 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:34:30.0480 5940 WacomPen - ok
23:34:30.0527 5940 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:34:30.0527 5940 WANARP - ok
23:34:30.0527 5940 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:34:30.0527 5940 Wanarpv6 - ok
23:34:30.0589 5940 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:34:30.0605 5940 WatAdminSvc - ok
23:34:30.0652 5940 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
23:34:30.0667 5940 wbengine - ok
23:34:30.0683 5940 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:34:30.0683 5940 WbioSrvc - ok
23:34:30.0730 5940 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:34:30.0730 5940 wcncsvc - ok
23:34:30.0745 5940 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:34:30.0745 5940 WcsPlugInService - ok
23:34:30.0761 5940 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:34:30.0761 5940 Wd - ok
23:34:30.0776 5940 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:34:30.0792 5940 Wdf01000 - ok
23:34:30.0792 5940 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:34:30.0808 5940 WdiServiceHost - ok
23:34:30.0808 5940 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:34:30.0808 5940 WdiSystemHost - ok
23:34:30.0839 5940 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
23:34:30.0839 5940 WebClient - ok
23:34:30.0854 5940 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:34:30.0854 5940 Wecsvc - ok
23:34:30.0870 5940 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:34:30.0870 5940 wercplsupport - ok
23:34:30.0886 5940 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:34:30.0886 5940 WerSvc - ok
23:34:30.0917 5940 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:34:30.0917 5940 WfpLwf - ok
23:34:30.0917 5940 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:34:30.0917 5940 WIMMount - ok
23:34:30.0948 5940 [ BC0C7EA89194C299F051C24119000E17 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:34:30.0948 5940 winachsf - ok
23:34:30.0995 5940 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:34:31.0010 5940 WinDefend - ok
23:34:31.0010 5940 WinHttpAutoProxySvc - ok
23:34:31.0057 5940 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:34:31.0057 5940 Winmgmt - ok
23:34:31.0104 5940 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
23:34:31.0120 5940 WinRM - ok
23:34:31.0166 5940 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\drivers\WinUSB.SYS
23:34:31.0166 5940 WinUsb - ok
23:34:31.0182 5940 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:34:31.0198 5940 Wlansvc - ok
23:34:31.0291 5940 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:34:31.0322 5940 wlidsvc - ok
23:34:31.0338 5940 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:34:31.0338 5940 WmiAcpi - ok
23:34:31.0354 5940 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:34:31.0354 5940 wmiApSrv - ok
23:34:31.0400 5940 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:34:31.0400 5940 WMPNetworkSvc - ok
23:34:31.0416 5940 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:34:31.0432 5940 WPCSvc - ok
23:34:31.0463 5940 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:34:31.0463 5940 WPDBusEnum - ok
23:34:31.0478 5940 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:34:31.0478 5940 ws2ifsl - ok
23:34:31.0494 5940 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
23:34:31.0494 5940 wscsvc - ok
23:34:31.0525 5940 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
23:34:31.0525 5940 WSDPrintDevice - ok
23:34:31.0541 5940 [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
23:34:31.0541 5940 WSDScan - ok
23:34:31.0541 5940 WSearch - ok
23:34:31.0603 5940 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:34:31.0634 5940 wuauserv - ok
23:34:31.0666 5940 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:34:31.0666 5940 WudfPf - ok
23:34:31.0697 5940 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:34:31.0697 5940 wudfsvc - ok
23:34:31.0712 5940 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:34:31.0712 5940 WwanSvc - ok
23:34:31.0728 5940 ================ Scan global ===============================
23:34:31.0744 5940 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:34:31.0790 5940 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
23:34:31.0790 5940 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
23:34:31.0806 5940 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:34:31.0837 5940 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:34:31.0837 5940 [Global] - ok
23:34:31.0837 5940 ================ Scan MBR ==================================
23:34:31.0853 5940 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:34:32.0024 5940 \Device\Harddisk0\DR0 - ok
23:34:32.0024 5940 ================ Scan VBR ==================================
23:34:32.0024 5940 [ 19A9D8E8A22BC5D1D0010987C4B6B672 ] \Device\Harddisk0\DR0\Partition1
23:34:32.0024 5940 \Device\Harddisk0\DR0\Partition1 - ok
23:34:32.0056 5940 [ 02AE23C3B1D1A7A64B16D4F848B3F17A ] \Device\Harddisk0\DR0\Partition2
23:34:32.0056 5940 \Device\Harddisk0\DR0\Partition2 - ok
23:34:32.0056 5940 ============================================================
23:34:32.0056 5940 Scan finished
23:34:32.0056 5940 ============================================================
23:34:32.0071 1824 Detected object count: 0
23:34:32.0071 1824 Actual detected object count: 0

#12 tubbythebear

tubbythebear
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 18 October 2012 - 11:02 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-18 23:35:46
-----------------------------
23:35:46.318 OS Version: Windows 6.1.7601 Service Pack 1
23:35:46.318 Number of processors: 4 586 0xF0B
23:35:46.318 ComputerName: JACK-PC UserName: Jack
23:36:08.766 Initialize success
23:38:29.593 AVAST engine defs: 12101802
23:38:37.455 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:38:37.455 Disk 0 Vendor: WDC_WD10EADS-00P6B0 01.00A01 Size: 953869MB BusType: 3
23:38:37.471 Disk 0 MBR read successfully
23:38:37.471 Disk 0 MBR scan
23:38:37.471 Disk 0 Windows 7 default MBR code
23:38:37.471 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:38:37.502 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
23:38:37.518 Disk 0 scanning sectors +1953521664
23:38:37.565 Disk 0 scanning C:\Windows\system32\drivers
23:38:45.723 Service scanning
23:39:02.961 Modules scanning
23:39:08.733 Disk 0 trace - called modules:
23:39:08.749 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
23:39:09.248 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861f4798]
23:39:09.248 3 CLASSPNP.SYS[8b86e59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x853e5908]
23:39:10.917 AVAST engine scan C:\Windows
23:39:13.554 AVAST engine scan C:\Windows\system32
23:41:11.304 AVAST engine scan C:\Windows\system32\drivers
23:41:22.021 AVAST engine scan C:\Users\Jack
23:48:54.905 AVAST engine scan C:\ProgramData
23:50:27.460 Scan finished successfully
00:00:42.101 Disk 0 MBR has been saved successfully to "C:\Users\Jack\Downloads\MBR.dat"
00:00:42.101 The log file has been saved successfully to "C:\Users\Jack\Downloads\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 PM

Posted 18 October 2012 - 11:15 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 tubbythebear

tubbythebear
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 19 October 2012 - 12:35 AM

Computer seems fine. Nothing odd happening.

ComboFix 12-10-18.03 - Jack 10/19/2012 1:01.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1798 [GMT -4:00]
Running from: c:\users\Jack\Desktop\ComboFix.exe
Command switches used :: c:\users\Jack\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-19 05:22 . 2012-10-19 05:22 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-19 05:22 . 2012-10-19 05:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-17 01:19 . 2012-10-17 01:19 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-10-13 15:59 . 2012-09-19 04:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7E706F2-B3FE-4A63-9AA1-8ACFA8B89352}\mpengine.dll
2012-10-11 02:53 . 2012-10-14 03:43 -------- d-----w- c:\windows\system32\drivers\N360
2012-10-11 02:33 . 2011-07-05 14:24 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2012-10-11 02:33 . 2012-10-11 02:33 -------- d-----w- c:\programdata\GID
2012-10-11 02:33 . 2012-10-11 02:33 -------- d-----w- c:\program files\SFT
2012-10-11 00:05 . 2012-10-11 00:05 -------- d-----w- c:\users\Jack\AppData\Roaming\Tific
2012-10-11 00:05 . 2012-10-11 00:05 -------- d-----w- c:\users\Jack\AppData\Local\Symantec
2012-10-10 19:34 . 2012-10-10 19:34 -------- d-----w- c:\users\Guest\AppData\Local\Macromedia
2012-10-10 19:33 . 2012-10-10 19:33 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla
2012-10-10 19:32 . 2012-10-10 19:32 -------- d-----w- c:\users\Guest\AppData\Local\Deployment
2012-10-10 19:32 . 2012-10-10 19:32 -------- d-----w- c:\users\Guest\AppData\Local\Apps
2012-10-09 22:14 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 22:14 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 22:14 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 22:14 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 22:14 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 22:14 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-09 22:14 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-06 15:07 . 2012-10-06 15:07 -------- d-----w- c:\program files\Microsoft Device Center
2012-09-28 22:13 . 2012-09-28 22:13 -------- d-----w- c:\program files\iPod
2012-09-28 22:13 . 2012-09-28 22:14 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-28 22:13 . 2012-09-28 22:14 -------- d-----w- c:\program files\iTunes
2012-09-26 05:56 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-19 01:22 . 2011-09-05 16:23 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-10-09 07:38 . 2012-03-31 02:24 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 07:38 . 2011-12-24 17:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 22:46 . 2012-08-31 22:46 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 22:46 . 2012-07-11 01:40 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-31 22:46 . 2011-12-24 17:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-22 17:16 . 2012-09-12 13:31 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 13:31 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 13:31 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 13:31 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 16:57 . 2012-09-12 13:31 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-10-11 01:06 . 2012-10-17 01:18 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Amazon Cloud Drive"="c:\users\Jack\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-09-25 875512]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-09-08 109336]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-01 30192]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-23 98304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1109072]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 1629280]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
.
c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
ShellFolderFix.lnk - c:\program files\ShellFolderFix\ShellFolderFixUI.exe [2012-3-6 1819648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736]
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-10-3 5958768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 GIDv2;GIDv2; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 APC Data Service;APC Data Service;c:\program files\APC\PowerChute Personal Edition\dataserv.exe [x]
S2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 93343754
*NewlyCreated* - ASWMBR
*Deregistered* - 93343754
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 07:38]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-08 23:29]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-08 23:29]
.
2012-10-19 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2012-02-01 18:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\b8yo6d9s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=mpes
FF - ExtSQL: 2012-10-10 22:33; idvaultaddin@whitesky; c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\b8yo6d9s.default\extensions\idvaultaddin@whitesky
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2526848293-2330131860-2943383380-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2526848293-2330131860-2943383380-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(664)
c:\windows\system32\GIDHook.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\EasyHook32.dll
c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-10-19 01:23:41
ComboFix-quarantined-files.txt 2012-10-19 05:23
ComboFix2.txt 2012-10-19 01:07
.
Pre-Run: 898,757,332,992 bytes free
Post-Run: 898,851,356,672 bytes free
.
- - End Of File - - 362E67DD82818E53C988BE5298635D74

#15 tubbythebear

tubbythebear
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 19 October 2012 - 12:36 AM

Just noticed all Firefox addons are back and working.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users