Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Banload.BOO is stopping update to anti-virus program


  • This topic is locked This topic is locked
25 replies to this topic

#1 seplo

seplo

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 17 October 2012 - 09:07 AM

I use the anti-virus program supplied by my internet provider Total Defense Internet Security Suite (formerly by Computer Associates). Several days ago I began receiving alerts that automatic updates were failing. Attempted manual updates failed as well. At this point I downloaded a new version from the website to do a clean install of the software. Downloads came down corrupted and alerts that Win32/Banload.BOO had been quarantined. Repeated attempts to download the software yielded the same results. Scans with my anti-virus program, TDSSKILLER, MALWAREBYTES, and SUPERANTISPYWARE found no problems. ASWMBR.EXE
found "**INFECTED** Win32:Malware-gen" and its log is attached.

DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by seplo at 9:38:28 on 2012-10-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4061.2237 [GMT -4:00]
.
AV: Total Defense Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: Total Defense Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Total Defense Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus Plus\caamsvc.exe
C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus Plus\isafe.exe
C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe
C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\cfgmig32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Total Defense\Internet Security Suite\ccEvtMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WerFault.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Total Defense\Internet Security Suite\casc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe
C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Users\seplo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\seplo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\seplo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\seplo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Users\seplo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\seplo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\seplo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\seplo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://drudgereport.com/
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [TouchpadBlocker.exe] "C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe"
uRun: [Google Update] "C:\Users\seplo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Windows\System32\VetRedir.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} - hxxps://mydesk-hq02.morganstanley.com/prx/000/http/rc.ms.com:8180/md/1.2/common/htdocs/SPX/2.3.0.10/TerminalSvcsTCS.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{450DF5AB-835E-4E6C-9E20-8A8DE212F8B6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{450DF5AB-835E-4E6C-9E20-8A8DE212F8B6}\341626C65675966496 : DHCPNameServer = 10.240.205.161 10.240.205.162
TCP: Interfaces\{450DF5AB-835E-4E6C-9E20-8A8DE212F8B6}\C696E6B6379737 : DHCPNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{450DF5AB-835E-4E6C-9E20-8A8DE212F8B6}\F6074796D657D677966696 : DHCPNameServer = 10.240.205.161 10.240.205.162
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Notify: PFW - UmxWnp.Dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\Toolbar\caIEToolbar.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
x64-TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\Toolbar\caIEToolbar.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [cctray] "C:\Program Files\Total Defense\Internet Security Suite\casc.exe"
x64-Run: [PCHealthBoost] "C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe" /s
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: PFW - <no file>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\seplo\AppData\Roaming\Mozilla\Firefox\Profiles\w5urbm2o.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\seplo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\seplo\AppData\Roaming\Mozilla\Firefox\Profiles\w5urbm2o.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
FF - plugin: C:\Users\seplo\AppData\Roaming\Mozilla\Firefox\Profiles\w5urbm2o.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - ExtSQL: 2012-08-24 00:07; caaphishtoolbar@ca.com; C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox
FF - ExtSQL: 2012-09-14 20:05; LogMeInClient@logmein.com; C:\Users\seplo\AppData\Roaming\Mozilla\Firefox\Profiles\w5urbm2o.default\extensions\LogMeInClient@logmein.com
FF - ExtSQL: 2012-09-20 16:42; {77b819fa-95ad-4f2c-ac7c-486b356188a9}; C:\Users\seplo\AppData\Roaming\Mozilla\Firefox\Profiles\w5urbm2o.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - ExtSQL: !HIDDEN! 2009-11-14 02:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;C:\Windows\System32\drivers\KmxAMRT.sys [2011-10-27 182352]
R0 KmxFw;KmxFw;C:\Windows\System32\drivers\KmxFw.sys [2011-9-6 143824]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-8-18 55024]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-8-10 91864]
R1 KmxAgent;KmxAgent;C:\Windows\System32\drivers\KmxAgent.sys [2011-10-26 113744]
R1 KmxCfg;KmxCfg;C:\Windows\System32\drivers\KmxCfg.sys [2011-9-6 365136]
R1 KmxFile;KmxFile;C:\Windows\System32\drivers\KmxFile.sys [2011-9-6 87120]
R1 KmxFilter;HIPS Core Filter Driver;C:\Windows\System32\drivers\KmxFilter.sys [2011-9-6 99024]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/14 05:02:19];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-11-14 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-11-14 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-14 203264]
R2 CAAMSvc;CAAMSvc;C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus Plus\caamsvc.exe [2012-8-26 293704]
R2 CAISafe;CAISafe;C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus Plus\isafe.exe [2012-8-26 314416]
R2 ccSchedulerSVC;CA Common Scheduler Service;C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe [2012-8-26 287280]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2009-6-11 5730304]
R2 KmxCF;KmxCF;C:\Windows\System32\drivers\KmxCF.sys [2011-9-6 201936]
R2 KmxSbx;KmxSbx;C:\Windows\System32\drivers\KmxSbx.sys [2011-9-6 81488]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-7-24 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2009-8-25 72216]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-11 1153368]
R2 UmxEngine;TM Engine;C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-4-4 920656]
R2 WinSvchostManagerSrv;WinSvchostManagerSrv;C:\Windows\SysWOW64\cfgmig32.exe [2012-8-26 265264]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2009-8-18 59392]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2008-12-10 24636]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-6-22 189680]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-28 136176]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-8-18 172704]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-28 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-11 113120]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2009-8-18 158592]
S3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2009-8-18 318656]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-3 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-3 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-25 1255736]
S4 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-7 375208]
.
=============== Created Last 30 ================
.
2012-10-17 11:04:20 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1CC00B4-30BF-46CC-99C0-CA5FDC0A656C}\offreg.dll
2012-10-17 10:51:55 -------- d-----w- C:\Users\seplo\AppData\Local\Avg2013
2012-10-17 03:46:11 -------- d-----w- C:\Users\seplo\AppData\Roaming\TuneUp Software
2012-10-17 03:21:51 -------- d-----w- C:\Users\seplo\AppData\Local\MFAData
2012-10-16 04:55:18 -------- d-----w- C:\ProgramData\SUPERSetup
2012-10-01 12:59:58 -------- d-----w- C:\Users\seplo\AppData\Local\QuickPar
2012-10-01 12:58:39 -------- d-----w- C:\Program Files (x86)\QuickPar
2012-10-01 12:31:34 -------- d-----w- C:\Users\seplo\AppData\Roaming\Forte
2012-10-01 12:31:21 -------- d-----w- C:\Program Files (x86)\Agent
2012-09-21 07:45:50 61792 ------w- C:\Windows\System32\drivers\SET2917.tmp
2012-09-18 01:45:05 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-09-17 22:54:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-17 22:54:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-10-13 11:18:24 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-13 11:18:24 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-04 14:39:32 50296 ------w- C:\Windows\System32\drivers\SETF121.tmp
2012-09-04 14:39:32 50296 ------w- C:\Windows\System32\drivers\SETDEDA.tmp
2012-08-26 08:35:45 2524176 ----a-w- C:\Windows\System32\winsflt.dll
2012-08-26 08:35:45 1744912 ----a-w- C:\Windows\SysWow64\winsflt.dll
2012-08-21 01:57:40 76880 ----a-w- C:\BackupProductRes.dll
2012-08-21 01:57:40 437840 ----a-w- C:\DNABonesProxy.dll
2012-08-21 01:57:40 363600 ----a-w- C:\BackupProduct.exe
2012-08-21 01:57:40 2706512 ----a-w- C:\BonesResource.dll
2012-08-21 01:57:40 1461328 ----a-w- C:\DNABones.dll
.
============= FINISH: 9:39:48.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:46 AM

Posted 17 October 2012 - 02:40 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 seplo

seplo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 17 October 2012 - 04:07 PM

Hi Gringo,

As requested I attempted to run the suggested processes. I was unable to run AdwCleaner. The results are below.

Thank you for responding so quickly,

Seplo



Security Check

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Total Defense Anti-Virus Plus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.271 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Total Defense Internet Security Suite Anti-Virus Plus caamsvc.exe
Total Defense Internet Security Suite Anti-Virus Plus isafe.exe
`````````````````System Health check`````````````````[fo/b]
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````



AdwCleaner triggered my anti virus program and another copy of Win32/Banload.BOO was quarantined ... no download occured

[b]RogueKiller



RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : seplo [Admin rights]
Mode : Remove -- Date : 10/17/2012 16:48:13

Bad processes : 0

Registry Entries : 12
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (\??\C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (\??\C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl) -> DELETED
[TASK][SUSP PATH] {006AA6C5-1CBB-4F02-BFB9-A2B7C9012496} : C:\Windows\system32\pcalua.exe -a C:\Users\seplo\AppData\Local\Temp\DivXSetup.exe -d C:\Windows\SysWOW64 -c /update all -> DELETED
[TASK][SUSP PATH] {1BCB8C94-95BF-4F5D-BEA4-42D68D12377D} : C:\Users\seplo\Desktop\5550-enu-2kxpinfu.exe -> DELETED
[TASK][SUSP PATH] {24306AFD-25B6-41C2-8C6E-7D4131D45A86} : C:\Users\seplo\Desktop\5550-enu-2kxpinfu.exe -> DELETED
[TASK][SUSP PATH] {BA95DAFF-C684-49F3-B022-30A04073CC64} : C:\Windows\system32\pcalua.exe -a C:\Users\seplo\Desktop\CAInstall.exe -d C:\Users\seplo\Desktop -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\WLXPGSS.SCR) -> REPLACED (C:\Windows\system32\logon.scr)

Particular Files / Folders:
[ZeroAccess][FILE] @ : C:\Users\seplo\AppData\Local\{7e14a0cd-0738-722b-5746-7310cebee572}\@ --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Users\seplo\AppData\Local\{7e14a0cd-0738-722b-5746-7310cebee572}\U\00000004.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\seplo\AppData\Local\{7e14a0cd-0738-722b-5746-7310cebee572}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Users\seplo\AppData\Local\{7e14a0cd-0738-722b-5746-7310cebee572}\L\00000004.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\seplo\AppData\Local\{7e14a0cd-0738-722b-5746-7310cebee572}\L --> REMOVED

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: ST9250410ASG ATA Device +++++
--- User ---
[MBR] e9d6576848f59d73daa49a3e8b480fac
[BSP] 86b4cfb886902f41418c602e01f0fe85 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 223434 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#4 seplo

seplo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 17 October 2012 - 05:28 PM

Update: I have received 2 blue screen failures when attempting to "awaken" the system from sleep mode (it's intermittent)

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:46 AM

Posted 17 October 2012 - 08:48 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 seplo

seplo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 18 October 2012 - 03:53 AM

Hi Gringo,

As suggested I downloaded and executed Combofix. The log is below. There were some issues disabling "Total Defense Security Center" The applicable instructions for "CA Internet Security Suite 2010" (the original name) were followed. Alerts still occurred. Oddly, Total Defense Alerts even occurred after disabling the startup in MSCONFIG.EXE and rebooting. Regardless, Combofix executed without problems and I enabled my anti-virus and rebooted.

Unfortunately the problem was not fixed, a manual update to "Total Defense Security Center" failed and attempting to download AdwCleaner triggered the anti virus program causing a copy of Win32/Banload.BOO to be quarantined ... no download occured.


Thank you for your quick responses. I am hopeful that this problem can be resolved.

Regards,

Seplo





ComboFix 12-10-17.05 - seplo 10/17/2012 23:30:17.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4061.2294 [GMT -4:00]
Running from: c:\users\seplo\Favorites\Downloads\temp\ComboFix.exe
AV: Total Defense Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
FW: Total Defense Personal Firewall *Disabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
SP: Total Defense Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\SysWow64\msstdfmt.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
.
.
2012-10-18 03:44 . 2012-10-18 03:44 -------- d-----w- c:\users\Test\AppData\Local\temp
2012-10-18 03:44 . 2012-10-18 03:44 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-10-18 03:44 . 2012-10-18 03:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-18 03:44 . 2012-10-18 03:44 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-18 03:44 . 2012-10-18 03:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-18 03:44 . 2012-10-18 03:44 -------- d-----w- c:\users\Becky\AppData\Local\temp
2012-10-18 03:31 . 2012-10-18 03:31 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1CC00B4-30BF-46CC-99C0-CA5FDC0A656C}\offreg.dll
2012-10-17 10:51 . 2012-10-17 10:51 -------- d-----w- c:\users\seplo\AppData\Local\Avg2013
2012-10-17 03:46 . 2012-10-17 03:46 -------- d-----w- c:\users\seplo\AppData\Roaming\TuneUp Software
2012-10-17 03:21 . 2012-10-17 03:21 -------- d-----w- c:\users\seplo\AppData\Local\MFAData
2012-10-16 04:55 . 2012-10-16 04:55 -------- d-----w- c:\programdata\SUPERSetup
2012-10-01 12:59 . 2012-10-01 14:46 -------- d-----w- c:\users\seplo\AppData\Local\QuickPar
2012-10-01 12:58 . 2012-10-01 12:58 -------- d-----w- c:\program files (x86)\QuickPar
2012-10-01 12:31 . 2012-10-01 12:31 -------- d-----w- c:\users\seplo\AppData\Roaming\Forte
2012-10-01 12:31 . 2012-10-01 12:31 -------- d-----w- c:\program files (x86)\Agent
2012-09-21 07:45 . 2012-09-21 07:45 61792 ------w- c:\windows\system32\drivers\SET2917.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 11:18 . 2012-04-01 07:41 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-13 11:18 . 2011-05-15 13:25 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-07 21:04 . 2012-09-17 22:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 14:39 . 2012-09-04 14:39 50296 ------w- c:\windows\system32\drivers\SETF121.tmp
2012-09-04 14:39 . 2012-09-04 14:39 50296 ------w- c:\windows\system32\drivers\SETDEDA.tmp
2012-08-26 08:35 . 2012-08-26 08:35 2524176 ----a-w- c:\windows\system32\winsflt.dll
2012-08-26 08:35 . 2012-08-26 08:35 1744912 ----a-w- c:\windows\SysWow64\winsflt.dll
2012-08-24 01:36 . 2009-12-12 07:12 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-24 01:07 . 2012-08-21 00:29 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-08-21 01:57 . 2012-08-21 01:58 76880 ----a-w- C:\BackupProductRes.dll
2012-08-21 01:57 . 2012-08-21 01:58 437840 ----a-w- C:\DNABonesProxy.dll
2012-08-21 01:57 . 2012-08-21 01:58 363600 ----a-w- C:\BackupProduct.exe
2012-08-21 01:57 . 2012-08-21 01:58 2706512 ----a-w- C:\BonesResource.dll
2012-08-21 01:57 . 2012-08-21 01:58 1461328 ----a-w- C:\DNABones.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TouchpadBlocker.exe"="c:\program files\Touchpad Blocker\TouchpadBlocker.exe" [2012-07-11 881152]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2011-02-24 18:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
.
R2 Apache2.2;Remote Access Media Server;c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe [2008-12-10 24636]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dsl-db;Remote Access DB;c:\program files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2009-06-11 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-06-22 189680]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-04-04 920656]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-01-12 158592]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-01-12 318656]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1255736]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-13 375208]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-14 834544]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [2011-10-27 182352]
S0 KmxFw;KmxFw;c:\windows\System32\DRIVERS\kmxfw.sys [2011-09-07 143824]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-04-28 55024]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-11 91864]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2011-10-26 113744]
S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2011-09-07 365136]
S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2011-09-07 87120]
S1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\DRIVERS\KmxFilter.sys [2011-09-07 99024]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 203264]
S2 CAAMSvc;CAAMSvc;c:\program files\Total Defense\Internet Security Suite\Anti-Virus Plus\caamsvc.exe [2011-11-02 293704]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\Total Defense\Internet Security Suite\ccschedulersvc.exe [2011-12-23 287280]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2011-09-07 201936]
S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2011-09-07 81488]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-07-24 15928]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WinSvchostManagerSrv;WinSvchostManagerSrv;c:\windows\SysWOW64\cfgmig32.exe [2011-12-23 265264]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-08-24 59392]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6bf15eae6e3.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 10:19]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 10:19]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3232092536-1201403828-1253402384-1000Core.job
- c:\users\seplo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 16:50]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3232092536-1201403828-1253402384-1000UA.job
- c:\users\seplo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 16:50]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3232092536-1201403828-1253402384-1001Core.job
- c:\users\Becky\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-22 22:41]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3232092536-1201403828-1253402384-1001UA.job
- c:\users\Becky\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-22 22:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-07-24 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://drudgereport.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\windows\system32\VetRedir.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\seplo\AppData\Roaming\Mozilla\Firefox\Profiles\w5urbm2o.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/
FF - ExtSQL: 2012-08-24 00:07; caaphishtoolbar@ca.com; c:\program files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox
FF - ExtSQL: 2012-09-14 20:05; LogMeInClient@logmein.com; c:\users\seplo\AppData\Roaming\Mozilla\Firefox\Profiles\w5urbm2o.default\extensions\LogMeInClient@logmein.com
FF - ExtSQL: 2012-09-20 16:42; {77b819fa-95ad-4f2c-ac7c-486b356188a9}; c:\users\seplo\AppData\Roaming\Mozilla\Firefox\Profiles\w5urbm2o.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - ExtSQL: !HIDDEN! 2009-11-14 02:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
HKLM-Run-PCHealthBoost - c:\program files (x86)\PC HealthBoost\PCHealthBoost.exe
AddRemove-1610908638.optimumapp.iptv.optimum.net - c:\program files (x86)\Microsoft Silverlight\4.1.10329.0\Silverlight.Configuration.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2012-10-17 23:52:04
ComboFix-quarantined-files.txt 2012-10-18 03:52
ComboFix2.txt 2012-08-16 05:22
.
Pre-Run: 57,524,817,920 bytes free
Post-Run: 58,722,619,392 bytes free
.
- - End Of File - - 13F6118C6162D8AF55291FBF07C35E45

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:46 AM

Posted 18 October 2012 - 07:29 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 seplo

seplo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 18 October 2012 - 06:13 PM

Hi Gringo,

As suggested I downloaded and executed TDSSKiller.exe and aswMBR.exe. The logs are below. Just a reminder, I executed both of these programs prior to contacting you.

Unfortunately the problem is unchanged , a manual update to "Total Defense Security Center" failed and attempting to download AdwCleaner triggered the anti virus program causing a copy of Win32/Banload.BOO to be quarantined ... no download occurred.


Once again, thank you for your quick responses.

Regards,

Seplo

08:36:14.0061 4976 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
08:36:14.0670 4976 ============================================================
08:36:14.0670 4976 Current date / time: 2012/10/18 08:36:14.0670
08:36:14.0670 4976 SystemInfo:
08:36:14.0670 4976
08:36:14.0670 4976 OS Version: 6.1.7601 ServicePack: 1.0
08:36:14.0670 4976 Product type: Workstation
08:36:14.0670 4976 ComputerName: SEPLO-XPS
08:36:14.0685 4976 UserName: seplo
08:36:14.0685 4976 Windows directory: C:\Windows
08:36:14.0685 4976 System windows directory: C:\Windows
08:36:14.0685 4976 Running under WOW64
08:36:14.0685 4976 Processor architecture: Intel x64
08:36:14.0685 4976 Number of processors: 2
08:36:14.0685 4976 Page size: 0x1000
08:36:14.0685 4976 Boot type: Normal boot
08:36:14.0685 4976 ============================================================
08:36:15.0793 4976 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:36:15.0808 4976 ============================================================
08:36:15.0808 4976 \Device\Harddisk0\DR0:
08:36:15.0808 4976 MBR partitions:
08:36:15.0808 4976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
08:36:15.0808 4976 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x1B4657AB
08:36:15.0808 4976 ============================================================
08:36:15.0824 4976 C: <-> \Device\Harddisk0\DR0\Partition2
08:36:15.0855 4976 D: <-> \Device\Harddisk0\DR0\Partition1
08:36:15.0855 4976 ============================================================
08:36:15.0855 4976 Initialize success
08:36:15.0855 4976 ============================================================
08:36:20.0395 5916 ============================================================
08:36:20.0395 5916 Scan started
08:36:20.0395 5916 Mode: Manual;
08:36:20.0395 5916 ============================================================
08:36:22.0641 5916 ================ Scan system memory ========================
08:36:22.0641 5916 System memory - ok
08:36:22.0641 5916 ================ Scan services =============================
08:36:22.0860 5916 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:36:22.0875 5916 1394ohci - ok
08:36:22.0891 5916 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:36:22.0906 5916 ACPI - ok
08:36:22.0953 5916 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:36:22.0969 5916 AcpiPmi - ok
08:36:23.0172 5916 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:36:23.0203 5916 adp94xx - ok
08:36:23.0296 5916 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:36:23.0312 5916 adpahci - ok
08:36:23.0343 5916 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:36:23.0359 5916 adpu320 - ok
08:36:23.0406 5916 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:36:23.0421 5916 AeLookupSvc - ok
08:36:23.0608 5916 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
08:36:23.0624 5916 AESTFilters - ok
08:36:23.0686 5916 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:36:23.0702 5916 AFD - ok
08:36:23.0733 5916 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:36:23.0733 5916 agp440 - ok
08:36:23.0780 5916 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:36:23.0796 5916 ALG - ok
08:36:23.0874 5916 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:36:23.0905 5916 aliide - ok
08:36:23.0983 5916 [ F238BE4FA4E55EB67F17281FADF69851 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:36:24.0014 5916 AMD External Events Utility - ok
08:36:24.0045 5916 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:36:24.0045 5916 amdide - ok
08:36:24.0108 5916 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:36:24.0108 5916 AmdK8 - ok
08:36:24.0139 5916 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:36:24.0139 5916 AmdPPM - ok
08:36:24.0186 5916 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:36:24.0201 5916 amdsata - ok
08:36:24.0217 5916 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:36:24.0232 5916 amdsbs - ok
08:36:24.0248 5916 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:36:24.0248 5916 amdxata - ok
08:36:24.0388 5916 [ 375640F39F2D613B6FDCF8C2F956205A ] Apache2.2 C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
08:36:24.0388 5916 Apache2.2 - ok
08:36:24.0435 5916 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:36:24.0451 5916 AppID - ok
08:36:24.0513 5916 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:36:24.0529 5916 AppIDSvc - ok
08:36:24.0591 5916 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:36:24.0622 5916 Appinfo - ok
08:36:24.0732 5916 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
08:36:24.0747 5916 AppMgmt - ok
08:36:24.0810 5916 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
08:36:24.0825 5916 arc - ok
08:36:24.0841 5916 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:36:24.0856 5916 arcsas - ok
08:36:24.0888 5916 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:36:24.0888 5916 AsyncMac - ok
08:36:24.0934 5916 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:36:24.0934 5916 atapi - ok
08:36:25.0012 5916 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
08:36:25.0012 5916 AtiHdmiService - ok
08:36:25.0184 5916 [ 2DB9047AAC9D981F59CE06D04D70C4D8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:36:25.0309 5916 atikmdag - ok
08:36:25.0402 5916 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:36:25.0449 5916 AudioEndpointBuilder - ok
08:36:25.0496 5916 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:36:25.0512 5916 AudioSrv - ok
08:36:25.0543 5916 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:36:25.0574 5916 AxInstSV - ok
08:36:25.0636 5916 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:36:25.0652 5916 b06bdrv - ok
08:36:25.0714 5916 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:36:25.0746 5916 b57nd60a - ok
08:36:25.0808 5916 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:36:25.0839 5916 BDESVC - ok
08:36:25.0855 5916 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:36:25.0870 5916 Beep - ok
08:36:25.0933 5916 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:36:25.0995 5916 BFE - ok
08:36:26.0104 5916 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
08:36:26.0245 5916 BITS - ok
08:36:26.0276 5916 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:36:26.0292 5916 blbdrive - ok
08:36:26.0323 5916 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:36:26.0338 5916 bowser - ok
08:36:26.0370 5916 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:36:26.0370 5916 BrFiltLo - ok
08:36:26.0385 5916 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:36:26.0401 5916 BrFiltUp - ok
08:36:26.0416 5916 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:36:26.0432 5916 BridgeMP - ok
08:36:26.0479 5916 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:36:26.0510 5916 Browser - ok
08:36:26.0526 5916 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:36:26.0541 5916 Brserid - ok
08:36:26.0572 5916 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:36:26.0572 5916 BrSerWdm - ok
08:36:26.0588 5916 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:36:26.0604 5916 BrUsbMdm - ok
08:36:26.0604 5916 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:36:26.0619 5916 BrUsbSer - ok
08:36:26.0635 5916 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:36:26.0635 5916 BTHMODEM - ok
08:36:26.0682 5916 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:36:26.0713 5916 bthserv - ok
08:36:26.0900 5916 [ 4807102BE21649F9DF80055FF4C38E1A ] CAAMSvc C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus Plus\caamsvc.exe
08:36:26.0916 5916 CAAMSvc - ok
08:36:26.0994 5916 [ 455F346AE5B4A74601DE692FC1458B7B ] CaCCProvSP C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe
08:36:27.0009 5916 CaCCProvSP - ok
08:36:27.0087 5916 [ B93BD1EA16278F84A86B9F78C3E0A9D5 ] CAISafe C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus Plus\isafe.exe
08:36:27.0103 5916 CAISafe - ok
08:36:27.0103 5916 catchme - ok
08:36:27.0165 5916 [ 7FBE2CC0B67E3A74064161B79556BC1C ] ccSchedulerSVC C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe
08:36:27.0165 5916 ccSchedulerSVC - ok
08:36:27.0196 5916 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:36:27.0196 5916 cdfs - ok
08:36:27.0259 5916 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
08:36:27.0274 5916 cdrom - ok
08:36:27.0352 5916 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:36:27.0430 5916 CertPropSvc - ok
08:36:27.0524 5916 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:36:27.0555 5916 circlass - ok
08:36:27.0696 5916 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:36:27.0742 5916 CLFS - ok
08:36:27.0898 5916 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:36:27.0914 5916 clr_optimization_v2.0.50727_32 - ok
08:36:27.0976 5916 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:36:27.0976 5916 clr_optimization_v2.0.50727_64 - ok
08:36:28.0086 5916 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:36:28.0101 5916 clr_optimization_v4.0.30319_32 - ok
08:36:28.0132 5916 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:36:28.0148 5916 clr_optimization_v4.0.30319_64 - ok
08:36:28.0210 5916 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:36:28.0226 5916 CmBatt - ok
08:36:28.0257 5916 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:36:28.0257 5916 cmdide - ok
08:36:28.0304 5916 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:36:28.0320 5916 CNG - ok
08:36:28.0351 5916 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:36:28.0351 5916 Compbatt - ok
08:36:28.0398 5916 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:36:28.0398 5916 CompositeBus - ok
08:36:28.0413 5916 COMSysApp - ok
08:36:28.0444 5916 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:36:28.0444 5916 crcdisk - ok
08:36:28.0491 5916 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:36:28.0569 5916 CryptSvc - ok
08:36:28.0616 5916 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
08:36:28.0647 5916 CSC - ok
08:36:28.0647 5916 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
08:36:28.0694 5916 CscService - ok
08:36:28.0741 5916 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
08:36:28.0756 5916 CtClsFlt - ok
08:36:28.0850 5916 [ BF62FF663AE55E4ED99DE76881C2C0F1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
08:36:28.0850 5916 ctxusbm - ok
08:36:28.0912 5916 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:36:29.0068 5916 DcomLaunch - ok
08:36:29.0115 5916 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:36:29.0193 5916 defragsvc - ok
08:36:29.0224 5916 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:36:29.0240 5916 DfsC - ok
08:36:29.0256 5916 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:36:29.0302 5916 Dhcp - ok
08:36:29.0349 5916 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:36:29.0365 5916 discache - ok
08:36:29.0396 5916 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:36:29.0396 5916 Disk - ok
08:36:29.0443 5916 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:36:29.0505 5916 Dnscache - ok
08:36:29.0583 5916 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
08:36:29.0599 5916 DockLoginService - ok
08:36:29.0646 5916 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:36:29.0708 5916 dot3svc - ok
08:36:29.0770 5916 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:36:29.0848 5916 DPS - ok
08:36:29.0895 5916 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:36:29.0895 5916 drmkaud - ok
08:36:30.0051 5916 [ 0BB913F9F02677BD4AE96D4967CACFEE ] dsl-db C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
08:36:30.0192 5916 dsl-db - ok
08:36:30.0223 5916 [ 01ED2E518B8863A714F4541EEE70D15B ] dsl-fs-sync C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
08:36:30.0223 5916 dsl-fs-sync - ok
08:36:30.0270 5916 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:36:30.0285 5916 DXGKrnl - ok
08:36:30.0348 5916 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:36:30.0441 5916 EapHost - ok
08:36:30.0847 5916 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:36:30.0940 5916 ebdrv - ok
08:36:31.0018 5916 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:36:31.0112 5916 EFS - ok
08:36:31.0206 5916 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:36:31.0237 5916 ehRecvr - ok
08:36:31.0268 5916 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:36:31.0268 5916 ehSched - ok
08:36:31.0284 5916 ElbyCDIO - ok
08:36:31.0315 5916 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:36:31.0346 5916 elxstor - ok
08:36:31.0377 5916 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:36:31.0377 5916 ErrDev - ok
08:36:31.0455 5916 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:36:31.0533 5916 EventSystem - ok
08:36:31.0549 5916 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:36:31.0564 5916 exfat - ok
08:36:31.0596 5916 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
08:36:31.0611 5916 FACAP - ok
08:36:31.0627 5916 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:36:31.0642 5916 fastfat - ok
08:36:31.0705 5916 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:36:31.0783 5916 Fax - ok
08:36:31.0798 5916 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:36:31.0814 5916 fdc - ok
08:36:31.0830 5916 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:36:31.0876 5916 fdPHost - ok
08:36:31.0892 5916 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:36:31.0939 5916 FDResPub - ok
08:36:31.0954 5916 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:36:31.0954 5916 FileInfo - ok
08:36:31.0970 5916 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:36:31.0970 5916 Filetrace - ok
08:36:31.0986 5916 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:36:32.0001 5916 flpydisk - ok
08:36:32.0017 5916 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:36:32.0032 5916 FltMgr - ok
08:36:32.0095 5916 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:36:32.0173 5916 FontCache - ok
08:36:32.0251 5916 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:36:32.0251 5916 FontCache3.0.0.0 - ok
08:36:32.0266 5916 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:36:32.0282 5916 FsDepends - ok
08:36:32.0313 5916 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:36:32.0329 5916 Fs_Rec - ok
08:36:32.0376 5916 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:36:32.0407 5916 fvevol - ok
08:36:32.0438 5916 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:36:32.0469 5916 gagp30kx - ok
08:36:32.0516 5916 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:36:32.0594 5916 gpsvc - ok
08:36:32.0688 5916 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:36:32.0688 5916 gupdate - ok
08:36:32.0719 5916 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:36:32.0734 5916 gupdatem - ok
08:36:32.0750 5916 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:36:32.0766 5916 hcw85cir - ok
08:36:32.0812 5916 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:36:32.0844 5916 HDAudBus - ok
08:36:32.0875 5916 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:36:32.0875 5916 HidBatt - ok
08:36:32.0890 5916 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:36:32.0890 5916 HidBth - ok
08:36:32.0922 5916 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:36:32.0937 5916 HidIr - ok
08:36:32.0968 5916 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
08:36:33.0046 5916 hidserv - ok
08:36:33.0078 5916 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
08:36:33.0078 5916 HidUsb - ok
08:36:33.0124 5916 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:36:33.0202 5916 hkmsvc - ok
08:36:33.0312 5916 [ B634E9E318B31976EFBE460526D47076 ] hnmsvc C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
08:36:33.0343 5916 hnmsvc - ok
08:36:33.0390 5916 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:36:33.0483 5916 HomeGroupListener - ok
08:36:33.0499 5916 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:36:33.0624 5916 HomeGroupProvider - ok
08:36:33.0655 5916 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:36:33.0670 5916 HpSAMD - ok
08:36:33.0702 5916 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:36:33.0717 5916 HTTP - ok
08:36:33.0733 5916 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:36:33.0748 5916 hwpolicy - ok
08:36:33.0795 5916 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:36:33.0811 5916 i8042prt - ok
08:36:33.0904 5916 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:36:33.0936 5916 iaStorV - ok
08:36:34.0029 5916 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:36:34.0060 5916 idsvc - ok
08:36:34.0092 5916 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:36:34.0123 5916 iirsp - ok
08:36:34.0185 5916 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:36:34.0279 5916 IKEEXT - ok
08:36:34.0294 5916 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:36:34.0294 5916 intelide - ok
08:36:34.0326 5916 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:36:34.0326 5916 intelppm - ok
08:36:34.0357 5916 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:36:34.0435 5916 IPBusEnum - ok
08:36:34.0482 5916 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:36:34.0497 5916 IpFilterDriver - ok
08:36:34.0544 5916 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:36:34.0622 5916 iphlpsvc - ok
08:36:34.0638 5916 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:36:34.0653 5916 IPMIDRV - ok
08:36:34.0669 5916 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:36:34.0669 5916 IPNAT - ok
08:36:34.0700 5916 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:36:34.0716 5916 IRENUM - ok
08:36:34.0716 5916 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:36:34.0731 5916 isapnp - ok
08:36:34.0747 5916 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:36:34.0778 5916 iScsiPrt - ok
08:36:34.0825 5916 [ 5FEF11C18EC25CDCB27E6C8680690B69 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
08:36:34.0825 5916 itecir - ok
08:36:34.0934 5916 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
08:36:34.0965 5916 k57nd60a - ok
08:36:34.0996 5916 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:36:35.0012 5916 kbdclass - ok
08:36:35.0043 5916 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:36:35.0043 5916 kbdhid - ok
08:36:35.0059 5916 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:36:35.0137 5916 KeyIso - ok
08:36:35.0215 5916 [ 77481D3753F6DCB0A499C3A01460DC00 ] KmxAgent C:\Windows\system32\DRIVERS\kmxagent.sys
08:36:35.0215 5916 KmxAgent - ok
08:36:35.0277 5916 [ C30A499E4A05FA7C1B2B1325953F12D4 ] KmxAMRT C:\Windows\system32\DRIVERS\KmxAMRT.sys
08:36:35.0293 5916 KmxAMRT - ok
08:36:35.0340 5916 [ 2896919A9E5A4DC267A2D916F75D2346 ] KmxCF C:\Windows\system32\DRIVERS\KmxCF.sys
08:36:35.0371 5916 KmxCF - ok
08:36:35.0433 5916 [ 2FA4CB9DCA3ED83583659670F3B40916 ] KmxCfg C:\Windows\system32\DRIVERS\kmxcfg.sys
08:36:35.0464 5916 KmxCfg - ok
08:36:35.0496 5916 [ EB0576050B2A618563CAA3ECBF19F2EF ] KmxFile C:\Windows\system32\DRIVERS\KmxFile.sys
08:36:35.0511 5916 KmxFile - ok
08:36:35.0542 5916 [ 87DA5AFC8950EC34D0CDDF3438370727 ] KmxFilter C:\Windows\system32\DRIVERS\KmxFilter.sys
08:36:35.0558 5916 KmxFilter - ok
08:36:35.0605 5916 [ 15260D1B5BB6BA8E5079E758FCE88207 ] KmxFw C:\Windows\system32\DRIVERS\kmxfw.sys
08:36:35.0636 5916 KmxFw - ok
08:36:35.0667 5916 [ EEF33889A80990C70595457A5C97EE09 ] KmxSbx C:\Windows\system32\DRIVERS\KmxSbx.sys
08:36:35.0698 5916 KmxSbx - ok
08:36:35.0745 5916 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:36:35.0776 5916 KSecDD - ok
08:36:35.0823 5916 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:36:35.0854 5916 KSecPkg - ok
08:36:35.0901 5916 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:36:35.0917 5916 ksthunk - ok
08:36:35.0964 5916 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:36:36.0057 5916 KtmRm - ok
08:36:36.0120 5916 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:36:36.0276 5916 LanmanServer - ok
08:36:36.0307 5916 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:36:36.0478 5916 LanmanWorkstation - ok
08:36:36.0525 5916 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:36:36.0525 5916 lltdio - ok
08:36:36.0572 5916 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:36:36.0681 5916 lltdsvc - ok
08:36:36.0697 5916 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:36:36.0775 5916 lmhosts - ok
08:36:36.0900 5916 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
08:36:36.0915 5916 LMIGuardianSvc - ok
08:36:36.0962 5916 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
08:36:36.0962 5916 LMIInfo - ok
08:36:37.0024 5916 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
08:36:37.0040 5916 LMIMaint - ok
08:36:37.0056 5916 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
08:36:37.0071 5916 lmimirr - ok
08:36:37.0149 5916 LMIRfsClientNP - ok
08:36:37.0196 5916 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
08:36:37.0212 5916 LMIRfsDriver - ok
08:36:37.0305 5916 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
08:36:37.0336 5916 LogMeIn - ok
08:36:37.0399 5916 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:36:37.0414 5916 LSI_FC - ok
08:36:37.0430 5916 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:36:37.0461 5916 LSI_SAS - ok
08:36:37.0461 5916 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:36:37.0492 5916 LSI_SAS2 - ok
08:36:37.0508 5916 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:36:37.0524 5916 LSI_SCSI - ok
08:36:37.0555 5916 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:36:37.0570 5916 luafv - ok
08:36:37.0602 5916 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:36:37.0680 5916 Mcx2Svc - ok
08:36:37.0773 5916 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
08:36:37.0789 5916 MDM - ok
08:36:37.0804 5916 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:36:37.0836 5916 megasas - ok
08:36:37.0851 5916 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:36:37.0882 5916 MegaSR - ok
08:36:37.0992 5916 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:36:38.0023 5916 Microsoft Office Groove Audit Service - ok
08:36:38.0085 5916 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:36:38.0226 5916 MMCSS - ok
08:36:38.0241 5916 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:36:38.0257 5916 Modem - ok
08:36:38.0272 5916 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:36:38.0288 5916 monitor - ok
08:36:38.0319 5916 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
08:36:38.0319 5916 mouclass - ok
08:36:38.0350 5916 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:36:38.0366 5916 mouhid - ok
08:36:38.0397 5916 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:36:38.0444 5916 mountmgr - ok
08:36:38.0522 5916 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:36:38.0538 5916 MozillaMaintenance - ok
08:36:38.0584 5916 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:36:38.0631 5916 mpio - ok
08:36:38.0647 5916 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:36:38.0678 5916 mpsdrv - ok
08:36:38.0740 5916 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:36:38.0850 5916 MpsSvc - ok
08:36:38.0896 5916 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:36:38.0912 5916 MRxDAV - ok
08:36:38.0959 5916 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:36:38.0990 5916 mrxsmb - ok
08:36:39.0037 5916 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:36:39.0084 5916 mrxsmb10 - ok
08:36:39.0099 5916 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:36:39.0115 5916 mrxsmb20 - ok
08:36:39.0130 5916 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:36:39.0146 5916 msahci - ok
08:36:39.0162 5916 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:36:39.0193 5916 msdsm - ok
08:36:39.0208 5916 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:36:39.0302 5916 MSDTC - ok
08:36:39.0349 5916 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:36:39.0380 5916 Msfs - ok
08:36:39.0411 5916 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:36:39.0442 5916 mshidkmdf - ok
08:36:39.0442 5916 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:36:39.0458 5916 msisadrv - ok
08:36:39.0505 5916 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:36:39.0567 5916 MSiSCSI - ok
08:36:39.0583 5916 msiserver - ok
08:36:39.0598 5916 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:36:39.0614 5916 MSKSSRV - ok
08:36:39.0630 5916 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:36:39.0630 5916 MSPCLOCK - ok
08:36:39.0645 5916 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:36:39.0645 5916 MSPQM - ok
08:36:39.0692 5916 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:36:39.0739 5916 MsRPC - ok
08:36:39.0754 5916 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:36:39.0786 5916 mssmbios - ok
08:36:39.0801 5916 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:36:39.0817 5916 MSTEE - ok
08:36:39.0817 5916 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:36:39.0848 5916 MTConfig - ok
08:36:39.0864 5916 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:36:39.0879 5916 Mup - ok
08:36:39.0926 5916 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:36:40.0051 5916 napagent - ok
08:36:40.0082 5916 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:36:40.0113 5916 NativeWifiP - ok
08:36:40.0144 5916 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
08:36:40.0176 5916 NDIS - ok
08:36:40.0191 5916 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:36:40.0207 5916 NdisCap - ok
08:36:40.0269 5916 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:36:40.0316 5916 NdisTapi - ok
08:36:40.0378 5916 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:36:40.0441 5916 Ndisuio - ok
08:36:40.0612 5916 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:36:40.0628 5916 NdisWan - ok
08:36:40.0644 5916 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:36:40.0675 5916 NDProxy - ok
08:36:40.0690 5916 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:36:40.0706 5916 NetBIOS - ok
08:36:40.0722 5916 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:36:40.0753 5916 NetBT - ok
08:36:40.0768 5916 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:36:40.0846 5916 Netlogon - ok
08:36:40.0909 5916 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:36:41.0034 5916 Netman - ok
08:36:41.0065 5916 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:36:41.0174 5916 netprofm - ok
08:36:41.0205 5916 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:36:41.0205 5916 NetTcpPortSharing - ok
08:36:41.0377 5916 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
08:36:41.0517 5916 netw5v64 - ok
08:36:41.0611 5916 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:36:41.0642 5916 nfrd960 - ok
08:36:41.0689 5916 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:36:41.0829 5916 NlaSvc - ok
08:36:41.0860 5916 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:36:41.0876 5916 Npfs - ok
08:36:41.0907 5916 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:36:42.0063 5916 nsi - ok
08:36:42.0063 5916 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:36:42.0079 5916 nsiproxy - ok
08:36:42.0157 5916 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:36:42.0204 5916 Ntfs - ok
08:36:42.0235 5916 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:36:42.0250 5916 Null - ok
08:36:42.0313 5916 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:36:42.0344 5916 nvraid - ok
08:36:42.0360 5916 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:36:42.0391 5916 nvstor - ok
08:36:42.0453 5916 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:36:42.0500 5916 nv_agp - ok
08:36:42.0547 5916 [ D09CC91E92FD1FF81AF3A14BE2CBB20D ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
08:36:42.0594 5916 OA001Ufd - ok
08:36:42.0609 5916 [ A42CB6914AD67E1584E807CE53F1E62C ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
08:36:42.0625 5916 OA001Vid - ok
08:36:42.0703 5916 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:36:42.0734 5916 odserv - ok
08:36:42.0781 5916 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:36:42.0796 5916 ohci1394 - ok
08:36:42.0843 5916 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:36:42.0859 5916 ose - ok
08:36:42.0906 5916 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:36:43.0046 5916 p2pimsvc - ok
08:36:43.0062 5916 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:36:43.0186 5916 p2psvc - ok
08:36:43.0233 5916 [ 43E24699A18126F11E3D9BF6DB85518B ] Packet C:\Windows\system32\DRIVERS\packet.sys
08:36:43.0264 5916 Packet - ok
08:36:43.0311 5916 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:36:43.0327 5916 Parport - ok
08:36:43.0374 5916 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:36:43.0389 5916 partmgr - ok
08:36:43.0405 5916 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:36:43.0545 5916 PcaSvc - ok
08:36:43.0592 5916 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:36:43.0623 5916 pci - ok
08:36:43.0654 5916 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:36:43.0670 5916 pciide - ok
08:36:43.0748 5916 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:36:43.0795 5916 pcmcia - ok
08:36:43.0826 5916 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:36:43.0842 5916 pcw - ok
08:36:43.0920 5916 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:36:43.0966 5916 PEAUTH - ok
08:36:44.0013 5916 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
08:36:44.0154 5916 PeerDistSvc - ok
08:36:44.0263 5916 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:36:44.0341 5916 PerfHost - ok
08:36:44.0419 5916 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:36:44.0575 5916 pla - ok
08:36:44.0637 5916 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:36:44.0824 5916 PlugPlay - ok
08:36:44.0856 5916 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:36:44.0980 5916 PNRPAutoReg - ok
08:36:44.0996 5916 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:36:45.0105 5916 PNRPsvc - ok
08:36:45.0168 5916 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:36:45.0246 5916 PolicyAgent - ok
08:36:45.0292 5916 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:36:45.0480 5916 Power - ok
08:36:45.0526 5916 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:36:45.0558 5916 PptpMiniport - ok
08:36:45.0589 5916 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:36:45.0604 5916 Processor - ok
08:36:45.0651 5916 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:36:45.0807 5916 ProfSvc - ok
08:36:45.0823 5916 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:36:45.0901 5916 ProtectedStorage - ok
08:36:45.0948 5916 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:36:45.0979 5916 Psched - ok
08:36:46.0026 5916 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
08:36:46.0041 5916 PxHlpa64 - ok
08:36:46.0119 5916 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:36:46.0150 5916 ql2300 - ok
08:36:46.0166 5916 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:36:46.0197 5916 ql40xx - ok
08:36:46.0244 5916 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:36:46.0384 5916 QWAVE - ok
08:36:46.0400 5916 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:36:46.0431 5916 QWAVEdrv - ok
08:36:46.0431 5916 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:36:46.0462 5916 RasAcd - ok
08:36:46.0509 5916 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:36:46.0509 5916 RasAgileVpn - ok
08:36:46.0541 5916 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:36:46.0712 5916 RasAuto - ok
08:36:46.0743 5916 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:36:46.0759 5916 Rasl2tp - ok
08:36:46.0806 5916 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:36:46.0993 5916 RasMan - ok
08:36:47.0024 5916 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:36:47.0071 5916 RasPppoe - ok
08:36:47.0102 5916 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:36:47.0149 5916 RasSstp - ok
08:36:47.0165 5916 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:36:47.0196 5916 rdbss - ok
08:36:47.0227 5916 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:36:47.0243 5916 rdpbus - ok
08:36:47.0258 5916 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:36:47.0274 5916 RDPCDD - ok
08:36:47.0321 5916 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
08:36:47.0367 5916 RDPDR - ok
08:36:47.0399 5916 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:36:47.0414 5916 RDPENCDD - ok
08:36:47.0430 5916 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:36:47.0445 5916 RDPREFMP - ok
08:36:47.0523 5916 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:36:47.0555 5916 RdpVideoMiniport - ok
08:36:47.0601 5916 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:36:47.0633 5916 RDPWD - ok
08:36:47.0664 5916 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:36:47.0695 5916 rdyboost - ok
08:36:47.0726 5916 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:36:47.0835 5916 RemoteAccess - ok
08:36:47.0882 5916 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:36:48.0023 5916 RemoteRegistry - ok
08:36:48.0069 5916 [ D13D70FAC45FC1DF69F88559B1F72F0A ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
08:36:48.0085 5916 rimmptsk - ok
08:36:48.0101 5916 [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
08:36:48.0116 5916 rimsptsk - ok
08:36:48.0132 5916 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
08:36:48.0147 5916 rismxdp - ok
08:36:48.0163 5916 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:36:48.0288 5916 RpcEptMapper - ok
08:36:48.0335 5916 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:36:48.0428 5916 RpcLocator - ok
08:36:48.0506 5916 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
08:36:48.0647 5916 RpcSs - ok
08:36:48.0693 5916 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:36:48.0740 5916 rspndr - ok
08:36:48.0787 5916 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
08:36:48.0818 5916 s3cap - ok
08:36:48.0834 5916 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:36:48.0912 5916 SamSs - ok
08:36:48.0943 5916 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:36:48.0974 5916 sbp2port - ok
08:36:49.0083 5916 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
08:36:49.0099 5916 SBSDWSCService - ok
08:36:49.0146 5916 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:36:49.0302 5916 SCardSvr - ok
08:36:49.0333 5916 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:36:49.0364 5916 scfilter - ok
08:36:49.0427 5916 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:36:49.0614 5916 Schedule - ok
08:36:49.0629 5916 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:36:49.0661 5916 SCPolicySvc - ok
08:36:49.0692 5916 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
08:36:49.0723 5916 sdbus - ok
08:36:49.0754 5916 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:36:49.0910 5916 SDRSVC - ok
08:36:50.0004 5916 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
08:36:50.0019 5916 SeaPort - ok
08:36:50.0097 5916 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:36:50.0129 5916 secdrv - ok
08:36:50.0191 5916 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:36:50.0331 5916 seclogon - ok
08:36:50.0363 5916 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
08:36:50.0519 5916 SENS - ok
08:36:50.0534 5916 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:36:50.0690 5916 SensrSvc - ok
08:36:50.0706 5916 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:36:50.0721 5916 Serenum - ok
08:36:50.0721 5916 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:36:50.0753 5916 Serial - ok
08:36:50.0784 5916 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:36:50.0846 5916 sermouse - ok
08:36:50.0893 5916 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:36:51.0033 5916 SessionEnv - ok
08:36:51.0080 5916 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:36:51.0096 5916 sffdisk - ok
08:36:51.0111 5916 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:36:51.0143 5916 sffp_mmc - ok
08:36:51.0158 5916 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:36:51.0174 5916 sffp_sd - ok
08:36:51.0205 5916 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:36:51.0221 5916 sfloppy - ok
08:36:51.0267 5916 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:36:51.0345 5916 SharedAccess - ok
08:36:51.0377 5916 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:36:51.0533 5916 ShellHWDetection - ok
08:36:51.0564 5916 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:36:51.0626 5916 SiSRaid2 - ok
08:36:51.0689 5916 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:36:51.0751 5916 SiSRaid4 - ok
08:36:51.0813 5916 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:36:51.0860 5916 Smb - ok
08:36:51.0923 5916 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:36:52.0079 5916 SNMPTRAP - ok
08:36:52.0094 5916 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:36:52.0110 5916 spldr - ok
08:36:52.0157 5916 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:36:52.0313 5916 Spooler - ok
08:36:52.0422 5916 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:36:52.0640 5916 sppsvc - ok
08:36:52.0656 5916 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:36:52.0812 5916 sppuinotify - ok
08:36:52.0859 5916 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
08:36:52.0874 5916 sprtsvc_DellSupportCenter - ok
08:36:52.0952 5916 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
08:36:53.0030 5916 sptd - ok
08:36:53.0077 5916 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:36:53.0124 5916 srv - ok
08:36:53.0171 5916 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:36:53.0233 5916 srv2 - ok
08:36:53.0311 5916 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:36:53.0342 5916 srvnet - ok
08:36:53.0467 5916 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:36:53.0607 5916 SSDPSRV - ok
08:36:53.0639 5916 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:36:53.0779 5916 SstpSvc - ok
08:36:53.0966 5916 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
08:36:53.0982 5916 STacSV - ok
08:36:54.0029 5916 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:36:54.0075 5916 stexstor - ok
08:36:54.0107 5916 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
08:36:54.0169 5916 STHDA - ok
08:36:54.0216 5916 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:36:54.0403 5916 stisvc - ok
08:36:54.0512 5916 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
08:36:54.0528 5916 stllssvr - ok
08:36:54.0590 5916 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
08:36:54.0637 5916 storflt - ok
08:36:54.0668 5916 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
08:36:54.0684 5916 storvsc - ok
08:36:54.0715 5916 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:36:54.0731 5916 swenum - ok
08:36:54.0777 5916 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:36:54.0933 5916 swprv - ok
08:36:54.0965 5916 Synth3dVsc - ok
08:36:55.0043 5916 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:36:55.0214 5916 SysMain - ok
08:36:55.0261 5916 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:36:55.0417 5916 TabletInputService - ok
08:36:55.0464 5916 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:36:55.0620 5916 TapiSrv - ok
08:36:55.0635 5916 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:36:55.0776 5916 TBS - ok
08:36:55.0854 5916 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:36:55.0916 5916 Tcpip - ok
08:36:55.0979 5916 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:36:56.0010 5916 TCPIP6 - ok
08:36:56.0057 5916 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:36:56.0103 5916 tcpipreg - ok
08:36:56.0150 5916 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:36:56.0181 5916 TDPIPE - ok
08:36:56.0213 5916 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:36:56.0228 5916 TDTCP - ok
08:36:56.0259 5916 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:36:56.0275 5916 tdx - ok
08:36:56.0322 5916 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:36:56.0353 5916 TermDD - ok
08:36:56.0400 5916 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:36:56.0587 5916 TermService - ok
08:36:56.0665 5916 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:36:56.0837 5916 Themes - ok
08:36:56.0883 5916 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:36:56.0993 5916 THREADORDER - ok
08:36:57.0008 5916 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:36:57.0149 5916 TrkWks - ok
08:36:57.0211 5916 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:36:57.0211 5916 TrustedInstaller - ok
08:36:57.0258 5916 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:36:57.0305 5916 tssecsrv - ok
08:36:57.0336 5916 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:36:57.0367 5916 TsUsbFlt - ok
08:36:57.0367 5916 tsusbhub - ok
08:36:57.0429 5916 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:36:57.0461 5916 tunnel - ok
08:36:57.0507 5916 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:36:57.0554 5916 uagp35 - ok
08:36:57.0601 5916 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:36:57.0648 5916 udfs - ok
08:36:57.0663 5916 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:36:57.0819 5916 UI0Detect - ok
08:36:57.0851 5916 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:36:57.0882 5916 uliagpkx - ok
08:36:57.0929 5916 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
08:36:57.0944 5916 umbus - ok
08:36:57.0975 5916 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:36:57.0991 5916 UmPass - ok
08:36:58.0038 5916 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
08:36:58.0194 5916 UmRdpService - ok
08:36:58.0334 5916 [ AF950F62E5FC72FFDB7363F72600B21C ] UmxEngine C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
08:36:58.0365 5916 UmxEngine - ok
08:36:58.0412 5916 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:36:58.0599 5916 upnphost - ok
08:36:58.0646 5916 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:36:58.0662 5916 usbccgp - ok
08:36:58.0709 5916 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
08:36:58.0740 5916 usbcir - ok
08:36:58.0771 5916 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
08:36:58.0787 5916 usbehci - ok
08:36:58.0802 5916 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:36:58.0849 5916 usbhub - ok
08:36:58.0865 5916 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:36:58.0896 5916 usbohci - ok
08:36:58.0911 5916 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:36:58.0943 5916 usbprint - ok
08:36:58.0958 5916 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:36:58.0974 5916 USBSTOR - ok
08:36:59.0021 5916 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:36:59.0052 5916 usbuhci - ok
08:36:59.0114 5916 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
08:36:59.0145 5916 usbvideo - ok
08:36:59.0192 5916 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:36:59.0364 5916 UxSms - ok
08:36:59.0379 5916 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:36:59.0457 5916 VaultSvc - ok
08:36:59.0504 5916 [ C5E70C4E64666DB9D69C9F2FDAE22428 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
08:36:59.0535 5916 VClone - ok
08:36:59.0582 5916 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:36:59.0598 5916 vdrvroot - ok
08:36:59.0660 5916 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:36:59.0863 5916 vds - ok
08:36:59.0957 5916 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:37:00.0019 5916 vga - ok
08:37:00.0066 5916 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:37:00.0097 5916 VgaSave - ok
08:37:00.0159 5916 VGPU - ok
08:37:00.0237 5916 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:37:00.0284 5916 vhdmp - ok
08:37:00.0300 5916 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:37:00.0331 5916 viaide - ok
08:37:00.0347 5916 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
08:37:00.0378 5916 vmbus - ok
08:37:00.0393 5916 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
08:37:00.0425 5916 VMBusHID - ok
08:37:00.0440 5916 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:37:00.0471 5916 volmgr - ok
08:37:00.0503 5916 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:37:00.0581 5916 volmgrx - ok
08:37:00.0612 5916 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:37:00.0643 5916 volsnap - ok
08:37:00.0705 5916 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
08:37:00.0752 5916 vpcbus - ok
08:37:00.0799 5916 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
08:37:00.0830 5916 vpcnfltr - ok
08:37:00.0861 5916 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
08:37:00.0908 5916 vpcusb - ok
08:37:00.0986 5916 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
08:37:01.0033 5916 vpcvmm - ok
08:37:01.0080 5916 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:37:01.0158 5916 vsmraid - ok
08:37:01.0236 5916 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:37:01.0439 5916 VSS - ok
08:37:01.0454 5916 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
08:37:01.0470 5916 vwifibus - ok
08:37:01.0517 5916 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:37:01.0704 5916 W32Time - ok
08:37:01.0719 5916 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:37:01.0751 5916 WacomPen - ok
08:37:01.0797 5916 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:37:01.0829 5916 WANARP - ok
08:37:01.0829 5916 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:37:01.0844 5916 Wanarpv6 - ok
08:37:01.0938 5916 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:37:01.0969 5916 WatAdminSvc - ok
08:37:02.0078 5916 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:37:02.0265 5916 wbengine - ok
08:37:02.0312 5916 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:37:02.0484 5916 WbioSrvc - ok
08:37:02.0546 5916 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:37:02.0749 5916 wcncsvc - ok
08:37:02.0765 5916 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:37:02.0936 5916 WcsPlugInService - ok
08:37:02.0967 5916 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:37:02.0983 5916 Wd - ok
08:37:03.0014 5916 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:37:03.0045 5916 Wdf01000 - ok
08:37:03.0092 5916 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:37:03.0248 5916 WdiServiceHost - ok
08:37:03.0248 5916 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:37:03.0404 5916 WdiSystemHost - ok
08:37:03.0435 5916 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:37:03.0591 5916 WebClient - ok
08:37:03.0623 5916 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:37:03.0794 5916 Wecsvc - ok
08:37:03.0810 5916 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:37:03.0966 5916 wercplsupport - ok
08:37:03.0997 5916 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:37:04.0153 5916 WerSvc - ok
08:37:04.0184 5916 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:37:04.0215 5916 WfpLwf - ok
08:37:04.0247 5916 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
08:37:04.0293 5916 WimFltr - ok
08:37:04.0325 5916 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:37:04.0340 5916 WIMMount - ok
08:37:04.0371 5916 WinDefend - ok
08:37:04.0387 5916 WinHttpAutoProxySvc - ok
08:37:04.0481 5916 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:37:04.0543 5916 Winmgmt - ok
08:37:04.0621 5916 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:37:04.0824 5916 WinRM - ok
08:37:04.0933 5916 [ AE00FFF57C0E24943C7755849CBFBDA9 ] WinSvchostManagerSrv C:\Windows\SysWOW64\cfgmig32.exe
08:37:04.0949 5916 WinSvchostManagerSrv - ok
08:37:05.0011 5916 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:37:05.0198 5916 Wlansvc - ok
08:37:05.0323 5916 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:37:05.0370 5916 wlidsvc - ok
08:37:05.0417 5916 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:37:05.0463 5916 WmiAcpi - ok
08:37:05.0510 5916 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:37:05.0526 5916 wmiApSrv - ok
08:37:05.0557 5916 WMPNetworkSvc - ok
08:37:05.0588 5916 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:37:05.0760 5916 WPCSvc - ok
08:37:05.0791 5916 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:37:05.0978 5916 WPDBusEnum - ok
08:37:06.0025 5916 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:37:06.0056 5916 ws2ifsl - ok
08:37:06.0072 5916 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
08:37:06.0275 5916 wscsvc - ok
08:37:06.0275 5916 WSearch - ok
08:37:06.0555 5916 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:37:06.0774 5916 wuauserv - ok
08:37:06.0821 5916 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:37:06.0867 5916 WudfPf - ok
08:37:06.0914 5916 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:37:06.0945 5916 WUDFRd - ok
08:37:06.0977 5916 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:37:07.0164 5916 wudfsvc - ok
08:37:07.0179 5916 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:37:07.0351 5916 WwanSvc - ok
08:37:07.0382 5916 ================ Scan global ===============================
08:37:07.0429 5916 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:37:07.0491 5916 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:37:07.0679 5916 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:37:07.0866 5916 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:37:08.0022 5916 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:37:08.0178 5916 [Global] - ok
08:37:08.0178 5916 ================ Scan MBR ==================================
08:37:08.0193 5916 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:37:08.0490 5916 \Device\Harddisk0\DR0 - ok
08:37:08.0490 5916 ================ Scan VBR ==================================
08:37:08.0505 5916 [ 8846906EC6A8A54D8D2C33C3B43BC6FD ] \Device\Harddisk0\DR0\Partition1
08:37:08.0505 5916 \Device\Harddisk0\DR0\Partition1 - ok
08:37:08.0505 5916 [ 5377C0E54067A9AED3D611233CD3F26F ] \Device\Harddisk0\DR0\Partition2
08:37:08.0505 5916 \Device\Harddisk0\DR0\Partition2 - ok
08:37:08.0505 5916 ============================================================
08:37:08.0505 5916 Scan finished
08:37:08.0505 5916 ============================================================
08:37:08.0521 1236 Detected object count: 0
08:37:08.0521 1236 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-18 18:07:31
-----------------------------
18:07:31.736 OS Version: Windows x64 6.1.7601 Service Pack 1
18:07:31.736 Number of processors: 2 586 0x170A
18:07:31.736 ComputerName: SEPLO-XPS UserName: seplo
18:07:34.388 Initialize success
18:07:42.126 AVAST engine defs: 12101801
18:07:46.572 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:07:46.572 Disk 0 Vendor: ST9250410ASG 0002SDM1 Size: 238475MB BusType: 11
18:07:46.681 Disk 0 MBR read successfully
18:07:46.681 Disk 0 MBR scan
18:07:46.697 Disk 0 Windows 7 default MBR code
18:07:46.697 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:07:46.744 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 80325
18:07:46.775 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223434 MB offset 30800325
18:07:46.822 Disk 0 scanning C:\Windows\system32\drivers
18:08:37.060 Service scanning
18:09:31.785 Modules scanning
18:09:31.800 Disk 0 trace - called modules:
18:09:31.816 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:09:32.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80053c7060]
18:09:32.140 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046d61f0]
18:09:38.829 AVAST engine scan C:\Windows
18:09:53.116 AVAST engine scan C:\Windows\system32
18:15:39.117 AVAST engine scan C:\Windows\system32\drivers
18:16:21.109 AVAST engine scan C:\Users\seplo
18:46:35.616 AVAST engine scan C:\ProgramData
18:51:32.461 Scan finished successfully
18:55:05.720 Disk 0 MBR has been saved successfully to "C:\Users\seplo\Desktop\MBR.dat"
18:55:05.736 The log file has been saved successfully to "C:\Users\seplo\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:46 AM

Posted 18 October 2012 - 06:39 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 seplo

seplo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 18 October 2012 - 08:05 PM

Hi Gringo,

As suggested I executed Combofix by dragging CFScript.txt (which contained "ClearJavaCache::") into ComboFix.exe. The log is below. There were no problems running it.


Unfortunately the problem was not fixed, a manual update to "Total Defense Security Center" failed and attempting to download AdwCleaner triggered the anti virus program causing a copy of Win32/Banload.BOO to be quarantined ... no download occured.


Thank you for your quick responses. I am hopeful that this problem can be resolved.

Regards,

Seplo



ComboFix 12-10-17.05 - seplo 10/17/2012 23:30:17.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4061.2294 [GMT -4:00]
Running from: c:\users\seplo\Favorites\Downloads\temp\ComboFix.exe
AV: Total Defense Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
FW: Total Defense Personal Firewall *Disabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
SP: Total Defense Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\SysWow64\msstdfmt.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
.
.
2012-10-18 03:44 . 2012-10-18 03:44 -------- d-----w- c:\users\Test\AppData\Local\temp
2012-10-18 03:44 . 2012-10-18 03:44 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-10-18 03:44 . 2012-10-18 03:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-18 03:44 . 2012-10-18 03:44 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-18 03:44 . 2012-10-18 03:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-18 03:44 . 2012-10-18 03:44 -------- d-----w- c:\users\Becky\AppData\Local\temp
2012-10-18 03:31 . 2012-10-18 03:31 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1CC00B4-30BF-46CC-99C0-CA5FDC0A656C}\offreg.dll
2012-10-17 10:51 . 2012-10-17 10:51 -------- d-----w- c:\users\seplo\AppData\Local\Avg2013
2012-10-17 03:46 . 2012-10-17 03:46 -------- d-----w- c:\users\seplo\AppData\Roaming\TuneUp Software
2012-10-17 03:21 . 2012-10-17 03:21 -------- d-----w- c:\users\seplo\AppData\Local\MFAData
2012-10-16 04:55 . 2012-10-16 04:55 -------- d-----w- c:\programdata\SUPERSetup
2012-10-01 12:59 . 2012-10-01 14:46 -------- d-----w- c:\users\seplo\AppData\Local\QuickPar
2012-10-01 12:58 . 2012-10-01 12:58 -------- d-----w- c:\program files (x86)\QuickPar
2012-10-01 12:31 . 2012-10-01 12:31 -------- d-----w- c:\users\seplo\AppData\Roaming\Forte
2012-10-01 12:31 . 2012-10-01 12:31 -------- d-----w- c:\program files (x86)\Agent
2012-09-21 07:45 . 2012-09-21 07:45 61792 ------w- c:\windows\system32\drivers\SET2917.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 11:18 . 2012-04-01 07:41 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-13 11:18 . 2011-05-15 13:25 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-07 21:04 . 2012-09-17 22:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 14:39 . 2012-09-04 14:39 50296 ------w- c:\windows\system32\drivers\SETF121.tmp
2012-09-04 14:39 . 2012-09-04 14:39 50296 ------w- c:\windows\system32\drivers\SETDEDA.tmp
2012-08-26 08:35 . 2012-08-26 08:35 2524176 ----a-w- c:\windows\system32\winsflt.dll
2012-08-26 08:35 . 2012-08-26 08:35 1744912 ----a-w- c:\windows\SysWow64\winsflt.dll
2012-08-24 01:36 . 2009-12-12 07:12 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-24 01:07 . 2012-08-21 00:29 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-08-21 01:57 . 2012-08-21 01:58 76880 ----a-w- C:\BackupProductRes.dll
2012-08-21 01:57 . 2012-08-21 01:58 437840 ----a-w- C:\DNABonesProxy.dll
2012-08-21 01:57 . 2012-08-21 01:58 363600 ----a-w- C:\BackupProduct.exe
2012-08-21 01:57 . 2012-08-21 01:58 2706512 ----a-w- C:\BonesResource.dll
2012-08-21 01:57 . 2012-08-21 01:58 1461328 ----a-w- C:\DNABones.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TouchpadBlocker.exe"="c:\program files\Touchpad Blocker\TouchpadBlocker.exe" [2012-07-11 881152]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2011-02-24 18:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
.
R2 Apache2.2;Remote Access Media Server;c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe [2008-12-10 24636]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dsl-db;Remote Access DB;c:\program files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2009-06-11 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-06-22 189680]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-04-04 920656]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-01-12 158592]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-01-12 318656]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1255736]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-13 375208]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-14 834544]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [2011-10-27 182352]
S0 KmxFw;KmxFw;c:\windows\System32\DRIVERS\kmxfw.sys [2011-09-07 143824]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-04-28 55024]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-11 91864]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2011-10-26 113744]
S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2011-09-07 365136]
S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2011-09-07 87120]
S1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\DRIVERS\KmxFilter.sys [2011-09-07 99024]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 203264]
S2 CAAMSvc;CAAMSvc;c:\program files\Total Defense\Internet Security Suite\Anti-Virus Plus\caamsvc.exe [2011-11-02 293704]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\Total Defense\Internet Security Suite\ccschedulersvc.exe [2011-12-23 287280]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2011-09-07 201936]
S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2011-09-07 81488]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-07-24 15928]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WinSvchostManagerSrv;WinSvchostManagerSrv;c:\windows\SysWOW64\cfgmig32.exe [2011-12-23 265264]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-08-24 59392]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6bf15eae6e3.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 10:19]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 10:19]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3232092536-1201403828-1253402384-1000Core.job
- c:\users\seplo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 16:50]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3232092536-1201403828-1253402384-1000UA.job
- c:\users\seplo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 16:50]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3232092536-1201403828-1253402384-1001Core.job
- c:\users\Becky\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-22 22:41]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3232092536-1201403828-1253402384-1001UA.job
- c:\users\Becky\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-22 22:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-07-24 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://drudgereport.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\windows\system32\VetRedir.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\seplo\AppData\Roaming\Mozilla\Firefox\Profiles\w5urbm2o.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/
FF - ExtSQL: 2012-08-24 00:07; caaphishtoolbar@ca.com; c:\program files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox
FF - ExtSQL: 2012-09-14 20:05; LogMeInClient@logmein.com; c:\users\seplo\AppData\Roaming\Mozilla\Firefox\Profiles\w5urbm2o.default\extensions\LogMeInClient@logmein.com
FF - ExtSQL: 2012-09-20 16:42; {77b819fa-95ad-4f2c-ac7c-486b356188a9}; c:\users\seplo\AppData\Roaming\Mozilla\Firefox\Profiles\w5urbm2o.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - ExtSQL: !HIDDEN! 2009-11-14 02:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
HKLM-Run-PCHealthBoost - c:\program files (x86)\PC HealthBoost\PCHealthBoost.exe
AddRemove-1610908638.optimumapp.iptv.optimum.net - c:\program files (x86)\Microsoft Silverlight\4.1.10329.0\Silverlight.Configuration.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2012-10-17 23:52:04
ComboFix-quarantined-files.txt 2012-10-18 03:52
ComboFix2.txt 2012-08-16 05:22
.
Pre-Run: 57,524,817,920 bytes free
Post-Run: 58,722,619,392 bytes free
.
- - End Of File - - 13F6118C6162D8AF55291FBF07C35E45

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:46 AM

Posted 18 October 2012 - 08:33 PM

Hello


AdwCleaner triggered the anti virus program causing a copy of Win32/Banload.BOO to be quarantined ... no download occured. - don't keep trying to download it - it is not a sign of a virus it is your security software blocking it


I want you to uninstall "Total Defense Security and then reinstall to see if it wakes up



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 seplo

seplo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 18 October 2012 - 08:41 PM

In order for me to re-install it I must download a new version of the software. Doing this triggers the anti virus program too. Should I uninstall the software first and then go to download the anti-virus program? .... Without the anti-virus program to quarantine the file won't this leave me vulnerable to a bigger problem?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:46 AM

Posted 18 October 2012 - 09:08 PM

Go ahead and uninstall - the amount of time we are talking is not that much and if it happens now I am here to help



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 seplo

seplo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 18 October 2012 - 09:40 PM

Hi Gingo,

I re-installed Total Defense Security and the problem appears to have cleared.

Now here is the question ... Did I have a malware problem or was it Total Defense Security going flaky?

Should I ditch this software in favor of something else? This is provided by my internet provider for "free"


Seplo

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:46 AM

Posted 18 October 2012 - 09:44 PM

Hello


You and a bad virus on here as seen in the rougekiller report

Infection : ZeroAccess



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users