Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gringo - Reopening Topic


  • This topic is locked This topic is locked
26 replies to this topic

#1 hamerhokie

hamerhokie

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 28 October 2012 - 03:18 AM

Gringo - as requested.

Old topic:

http://www.bleepingcomputer.com/forums/topic462646.html/page__p__2781696__fromsearch__1#entry2781696

and here's the new problem:

http://www.bleepingcomputer.com/forums/topic473260.html

Thanks

Sandy Cormack

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 28 October 2012 - 03:49 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hamerhokie

hamerhokie
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 28 October 2012 - 01:28 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2012
Ran by SYSTEM at 28-10-2012 13:49:06
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [x]
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [x]
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [x]
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [x]
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [x]
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [x]
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe" [371712 2009-09-24] (Microsoft Corporation)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\Sandy\...\Run: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1C521C8P05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1 [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\Sandy\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Sandy\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-03] (Google Inc.)
HKLM\...\RunOnce: [*Restore] C:\windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)

==================== Services (Whitelisted) ===================

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 syshost32; "C:\windows\Installer\{22DCFA2F-5151-DE21-746B-1766540704FB}\syshost.exe" /service [356864 2012-09-13] (Chassis Plans)

==================== Drivers (Whitelisted) =====================

0 9b1a9223f57b689a; C:\Windows\System32\Drivers\9b1a9223f57b689a.sys [84952 2012-10-11] () ATTENTION =====> Rootkit?
1 brvymugq; C:\Windows\System32\Drivers\brvymugq.sys [49872 2012-10-11] (Microsoft Corporation)
1 eleybjju; C:\Windows\System32\Drivers\eleybjju.sys [49872 2012-10-12] ()
1 gmrdyarx; C:\Windows\System32\Drivers\gmrdyarx.sys [49872 2012-10-14] (Microsoft Corporation)
1 lkyothnk; C:\Windows\System32\Drivers\lkyothnk.sys [49872 2012-10-18] (Microsoft Corporation)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
1 mjgwbyli; C:\Windows\System32\Drivers\mjgwbyli.sys [49872 2012-10-15] (Microsoft Corporation)
1 muhwgcbf; C:\Windows\System32\Drivers\muhwgcbf.sys [49872 2012-10-14] ()
1 rdqtwjoa; C:\Windows\System32\Drivers\rdqtwjoa.sys [49872 2012-10-14] (Microsoft Corporation)
1 wglyhslc; C:\Windows\System32\Drivers\wglyhslc.sys [49872 2012-10-17] (Microsoft Corporation)
1 zvcwrjqh; C:\Windows\System32\Drivers\zvcwrjqh.sys [49872 2012-10-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-28 13:48 - 2012-10-28 13:48 - 00000000 ____D C:\FRST
2012-10-25 21:34 - 2012-10-25 21:34 - 00055296 ____A C:\Users\Sandy\Documents\Consultant website topology.ppt
2012-10-18 22:26 - 2012-10-18 22:26 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lkyothnk.sys
2012-10-17 22:28 - 2012-10-17 22:28 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wglyhslc.sys
2012-10-15 22:27 - 2012-10-15 22:27 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mjgwbyli.sys
2012-10-14 22:27 - 2012-10-14 22:27 - 00049872 ____A C:\Windows\System32\Drivers\muhwgcbf.sys
2012-10-14 22:27 - 2012-10-14 22:27 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\gmrdyarx.sys
2012-10-14 00:10 - 2012-10-14 00:10 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdqtwjoa.sys
2012-10-12 23:31 - 2012-10-12 23:31 - 00049872 ____A C:\Windows\System32\Drivers\eleybjju.sys
2012-10-12 03:10 - 2012-10-27 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-11 23:05 - 2012-10-11 23:05 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\brvymugq.sys
2012-10-11 23:04 - 2012-10-11 23:04 - 00000000 ____A C:\Windows\System32\Drivers\xwmetqjp.sys
2012-10-11 22:55 - 2012-10-11 22:55 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zvcwrjqh.sys
2012-10-10 19:57 - 2012-10-10 19:57 - 00000055 ____A C:\Users\Sandy\AppData\Roaming\mbam.context.scan
2012-10-02 19:22 - 2012-10-02 19:22 - 00046080 ____A C:\Users\Sandy\Documents\Elite 8 Academy Logo.pub

==================== 3 Months Modified Files ==================

2012-10-25 21:34 - 2012-10-25 21:34 - 00055296 ____A C:\Users\Sandy\Documents\Consultant website topology.ppt
2012-10-25 18:05 - 2012-09-14 21:50 - 00023552 ____A C:\Users\Sandy\Documents\Emergenetics Costs (version 1).xls
2012-10-20 22:21 - 2011-07-03 10:19 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-20 22:20 - 2012-04-05 19:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-20 22:13 - 2011-07-03 09:39 - 02092018 ____A C:\Windows\WindowsUpdate.log
2012-10-20 12:21 - 2011-07-03 10:19 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-18 22:26 - 2012-10-18 22:26 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lkyothnk.sys
2012-10-17 22:28 - 2012-10-17 22:28 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wglyhslc.sys
2012-10-15 22:27 - 2012-10-15 22:27 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mjgwbyli.sys
2012-10-14 22:27 - 2012-10-14 22:27 - 00049872 ____A C:\Windows\System32\Drivers\muhwgcbf.sys
2012-10-14 22:27 - 2012-10-14 22:27 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\gmrdyarx.sys
2012-10-14 00:10 - 2012-10-14 00:10 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdqtwjoa.sys
2012-10-12 23:31 - 2012-10-12 23:31 - 00049872 ____A C:\Windows\System32\Drivers\eleybjju.sys
2012-10-11 23:05 - 2012-10-11 23:05 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\brvymugq.sys
2012-10-11 23:04 - 2012-10-11 23:04 - 00000000 ____A C:\Windows\System32\Drivers\xwmetqjp.sys
2012-10-11 22:55 - 2012-10-11 22:55 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zvcwrjqh.sys
2012-10-11 22:55 - 2012-09-13 19:50 - 00084952 ____A C:\Windows\System32\Drivers\9b1a9223f57b689a.sys
2012-10-11 21:48 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-11 21:48 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-11 21:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-11 21:40 - 2009-07-13 20:51 - 00043346 ____A C:\Windows\setupact.log
2012-10-11 20:57 - 2010-11-20 19:47 - 00272976 ____A C:\Windows\PFRO.log
2012-10-10 19:57 - 2012-10-10 19:57 - 00000055 ____A C:\Users\Sandy\AppData\Roaming\mbam.context.scan
2012-10-08 21:20 - 2012-04-05 19:15 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-08 21:20 - 2011-09-08 22:04 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-06 06:45 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-02 19:22 - 2012-10-02 19:22 - 00046080 ____A C:\Users\Sandy\Documents\Elite 8 Academy Logo.pub
2012-09-09 20:30 - 2012-09-09 20:30 - 00036238 ____A C:\Users\Sandy\Downloads\wp_outbrain.zip
2012-09-09 19:12 - 2011-09-25 21:28 - 00014848 ____A C:\Users\Sandy\Documents\Emergenetics Costs.xls
2012-09-02 06:50 - 2012-08-28 05:00 - 00002105 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-08-28 04:52 - 2012-08-28 04:52 - 00023552 ____A C:\Users\Sandy\Documents\BTH Schedule w Phil.xls
2012-08-26 17:36 - 2012-08-26 17:17 - 265342388 ____A C:\Users\Sandy\Downloads\ihatemountains2-v1.5.zip
2012-08-19 21:37 - 2012-06-21 05:06 - 00213998 ____A C:\Users\Sandy\Documents\mobilemarketingapps.co.spy
2012-08-19 21:37 - 2011-11-30 20:33 - 00212614 ____A C:\Users\Sandy\.spyglass.properties
2012-08-16 21:13 - 2011-08-11 14:26 - 00002030 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-08-08 22:55 - 2012-08-08 22:55 - 00012263 ____A C:\Users\Sandy\Desktop\KickStartTemplates.zip
2012-08-06 22:35 - 2012-08-06 22:20 - 139859928 ____A C:\Users\Sandy\Desktop\The-Secret-Ingredient.zip
2012-08-06 22:28 - 2012-08-06 22:19 - 37305952 ____A C:\Users\Sandy\Desktop\part1-freetrafficheaven.zip
2012-08-06 22:27 - 2012-08-06 22:19 - 37305952 ____A C:\Users\Sandy\Downloads\part1-freetrafficheaven.zip
2012-08-06 22:24 - 2012-08-06 22:19 - 18537816 ____A C:\Users\Sandy\Desktop\part2-freetrafficheaven.zip
2012-08-06 22:20 - 2012-08-06 22:19 - 00776745 ____A C:\Users\Sandy\Desktop\pdf-freetrafficheaven.zip
2012-08-04 21:01 - 2012-08-04 21:01 - 00002223 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-08-04 20:58 - 2012-08-04 20:58 - 00739824 ____A (Google Inc.) C:\Users\Sandy\Downloads\GoogleEarthSetup.exe

ZeroAccess:
C:\Windows\Installer\{396bc10f-2988-55c1-bcfd-d01a8cd3c029}
C:\Windows\Installer\{396bc10f-2988-55c1-bcfd-d01a8cd3c029}\L
C:\Windows\Installer\{396bc10f-2988-55c1-bcfd-d01a8cd3c029}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1858048381-2172650203-1399953108-1000\$396bc10f298855c1bcfdd01a8cd3c029

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-14 00:10:03
Restore point made on: 2012-10-15 22:27:13
Restore point made on: 2012-10-17 22:28:05
Restore point made on: 2012-10-20 22:31:22
Restore point made on: 2012-10-22 22:27:38
Restore point made on: 2012-10-26 00:56:48

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 2662.87 MB
Available physical RAM: 2158.26 MB
Total Pagefile: 2661.07 MB
Available Pagefile: 2141.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (TI106147W0C) (Fixed) (Total:285.29 GB) (Free:185.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (MW4MERCS_02) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
5 Drive g: () (Removable) (Total:7.45 GB) (Free:7.4 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 285 GB 1501 MB
Partition 3 Primary 11 GB 286 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106147W0C NTFS Partition 285 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7633 MB Healthy

=========================================================

Last Boot: 2012-10-25 20:34

==================== End Of Log =============================







Farbar Recovery Scan Tool (x64) Version: 26-10-2012
Ran by SYSTEM at 2012-10-28 14:25:12
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-07-28 01:34] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 28 October 2012 - 03:08 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

1 brvymugq; C:\Windows\System32\Drivers\brvymugq.sys [49872 2012-10-11] (Microsoft Corporation)
1 eleybjju; C:\Windows\System32\Drivers\eleybjju.sys [49872 2012-10-12] ()
1 gmrdyarx; C:\Windows\System32\Drivers\gmrdyarx.sys [49872 2012-10-14] (Microsoft Corporation)
1 lkyothnk; C:\Windows\System32\Drivers\lkyothnk.sys [49872 2012-10-18] (Microsoft Corporation)
1 mjgwbyli; C:\Windows\System32\Drivers\mjgwbyli.sys [49872 2012-10-15] (Microsoft Corporation)
1 muhwgcbf; C:\Windows\System32\Drivers\muhwgcbf.sys [49872 2012-10-14] ()
1 rdqtwjoa; C:\Windows\System32\Drivers\rdqtwjoa.sys [49872 2012-10-14] (Microsoft Corporation)
1 wglyhslc; C:\Windows\System32\Drivers\wglyhslc.sys [49872 2012-10-17] (Microsoft Corporation)
1 zvcwrjqh; C:\Windows\System32\Drivers\zvcwrjqh.sys [49872 2012-10-11] (Microsoft Corporation)
C:\Windows\System32\Drivers\9b1a9223f57b689a.sys
C:\Windows\System32\Drivers\brvymugq.sys
C:\Windows\System32\Drivers\eleybjju.sys
C:\Windows\System32\Drivers\gmrdyarx.sys
C:\Windows\System32\Drivers\lkyothnk.sys
C:\Windows\System32\Drivers\mjgwbyli.sys
C:\Windows\System32\Drivers\muhwgcbf.sys
C:\Windows\System32\Drivers\rdqtwjoa.sys
C:\Windows\System32\Drivers\wglyhslc.sys
C:\Windows\System32\Drivers\zvcwrjqh.sys
C:\Windows\System32\Drivers\xwmetqjp.sys
C:\Windows\Installer\{396bc10f-2988-55c1-bcfd-d01a8cd3c029}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\$Recycle.Bin\S-1-5-21-1858048381-2172650203-1399953108-1000\$396bc10f298855c1bcfdd01a8cd3c029
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
0 9b1a9223f57b689a; C:\Windows\System32\Drivers\9b1a9223f57b689a.sys [84952 2012-10-11] () ATTENTION =====> Rootkit?

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 hamerhokie

hamerhokie
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 28 October 2012 - 04:37 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2012
Ran by SYSTEM at 2012-10-28 17:36:00 Run:1
Running from G:\

==============================================

brvymugq service deleted successfully.
eleybjju service deleted successfully.
gmrdyarx service deleted successfully.
lkyothnk service deleted successfully.
mjgwbyli service deleted successfully.
muhwgcbf service deleted successfully.
rdqtwjoa service deleted successfully.
wglyhslc service deleted successfully.
zvcwrjqh service deleted successfully.
C:\Windows\System32\Drivers\9b1a9223f57b689a.sys moved successfully.
C:\Windows\System32\Drivers\brvymugq.sys moved successfully.
C:\Windows\System32\Drivers\eleybjju.sys moved successfully.
C:\Windows\System32\Drivers\gmrdyarx.sys moved successfully.
C:\Windows\System32\Drivers\lkyothnk.sys moved successfully.
C:\Windows\System32\Drivers\mjgwbyli.sys moved successfully.
C:\Windows\System32\Drivers\muhwgcbf.sys moved successfully.
C:\Windows\System32\Drivers\rdqtwjoa.sys moved successfully.
C:\Windows\System32\Drivers\wglyhslc.sys moved successfully.
C:\Windows\System32\Drivers\zvcwrjqh.sys moved successfully.
C:\Windows\System32\Drivers\xwmetqjp.sys moved successfully.
C:\Windows\Installer\{396bc10f-2988-55c1-bcfd-d01a8cd3c029} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\$Recycle.Bin\S-1-5-21-1858048381-2172650203-1399953108-1000\$396bc10f298855c1bcfdd01a8cd3c029 moved successfully.

The operation completed successfully.
9b1a9223f57b689a service deleted successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 28 October 2012 - 05:02 PM

can you boot into windows now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 hamerhokie

hamerhokie
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 28 October 2012 - 05:04 PM

Yes! It went to one of the system restore points I had tried earlier.

What was wrong?

Edited by hamerhokie, 28 October 2012 - 05:05 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 28 October 2012 - 08:35 PM

Hello

Looks like you got reinfected from what I can tell around the 11th

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 hamerhokie

hamerhokie
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 28 October 2012 - 09:56 PM

Log below

After running Combofix, none of my desktop icons work. I get an error: Illegal operation attempted on a registry key that has been marked for deletion. This applies to both data files and executables.



ComboFix 12-10-26.05 - Sandy 10/28/2012 22:11:55.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1568 [GMT -4:00]
Running from: c:\users\Sandy\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sandy\AppData\Roaming\ubot
c:\windows\Installer\{22DCFA2F-5151-DE21-746B-1766540704FB}\syshost.exe
c:\windows\TEMP\~2AB9.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))
.
.
2012-10-29 02:27 . 2012-10-29 02:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-29 02:27 . 2012-10-29 02:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-28 21:48 . 2012-10-28 21:48 -------- d-----w- C:\FRST
2012-10-21 06:15 . 2012-10-21 06:15 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DF16572-A1EE-4F7B-AE2B-62EB3A6C9018}\offreg.dll
2012-10-21 06:14 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DF16572-A1EE-4F7B-AE2B-62EB3A6C9018}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 05:20 . 2012-04-06 03:15 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 05:20 . 2011-09-09 06:04 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-27 21:22 . 2011-11-27 22:48 691712 ----a-w- c:\program files\Instant Backlink Magic.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 15:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-02 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 05:20]
.
2012-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 18:19]
.
2012-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 18:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\s7bx2ghv.default\
FF - ExtSQL: !HIDDEN! 2011-08-07 22:40; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Completion time: 2012-10-28 22:49:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-29 02:49
.
Pre-Run: 201,689,870,336 bytes free
Post-Run: 201,461,448,704 bytes free
.
- - End Of File - - 832277CDCC78C53CB91EA5DE7F38E958

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 28 October 2012 - 10:06 PM

Greetings

see NOTE 2 above and restart the computer

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 hamerhokie

hamerhokie
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 29 October 2012 - 12:15 AM

TDSS report:


00:36:54.0541 3356 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
00:36:55.0271 3356 ============================================================
00:36:55.0271 3356 Current date / time: 2012/10/29 00:36:55.0271
00:36:55.0271 3356 SystemInfo:
00:36:55.0271 3356
00:36:55.0271 3356 OS Version: 6.1.7601 ServicePack: 1.0
00:36:55.0271 3356 Product type: Workstation
00:36:55.0271 3356 ComputerName: SANDY-LAPTOP
00:36:55.0271 3356 UserName: Sandy
00:36:55.0271 3356 Windows directory: C:\windows
00:36:55.0271 3356 System windows directory: C:\windows
00:36:55.0271 3356 Running under WOW64
00:36:55.0271 3356 Processor architecture: Intel x64
00:36:55.0271 3356 Number of processors: 2
00:36:55.0271 3356 Page size: 0x1000
00:36:55.0271 3356 Boot type: Normal boot
00:36:55.0271 3356 ============================================================
00:36:56.0541 3356 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:36:56.0551 3356 ============================================================
00:36:56.0551 3356 \Device\Harddisk0\DR0:
00:36:56.0551 3356 MBR partitions:
00:36:56.0551 3356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23A94800
00:36:56.0551 3356 ============================================================
00:36:56.0591 3356 C: <-> \Device\Harddisk0\DR0\Partition1
00:36:56.0591 3356 ============================================================
00:36:56.0591 3356 Initialize success
00:36:56.0591 3356 ============================================================
00:37:01.0212 0976 ============================================================
00:37:01.0212 0976 Scan started
00:37:01.0212 0976 Mode: Manual;
00:37:01.0212 0976 ============================================================
00:37:02.0327 0976 ================ Scan system memory ========================
00:37:02.0327 0976 System memory - ok
00:37:02.0337 0976 ================ Scan services =============================
00:37:02.0847 0976 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
00:37:02.0857 0976 1394ohci - ok
00:37:02.0907 0976 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
00:37:02.0907 0976 ACPI - ok
00:37:02.0967 0976 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
00:37:02.0967 0976 AcpiPmi - ok
00:37:03.0107 0976 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:37:03.0107 0976 AdobeARMservice - ok
00:37:03.0287 0976 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:37:03.0287 0976 AdobeFlashPlayerUpdateSvc - ok
00:37:03.0357 0976 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
00:37:03.0367 0976 adp94xx - ok
00:37:03.0417 0976 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
00:37:03.0427 0976 adpahci - ok
00:37:03.0467 0976 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
00:37:03.0477 0976 adpu320 - ok
00:37:03.0527 0976 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
00:37:03.0527 0976 AeLookupSvc - ok
00:37:03.0607 0976 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
00:37:03.0617 0976 AFD - ok
00:37:03.0677 0976 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
00:37:03.0677 0976 agp440 - ok
00:37:03.0727 0976 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
00:37:03.0727 0976 ALG - ok
00:37:03.0787 0976 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
00:37:03.0787 0976 aliide - ok
00:37:03.0847 0976 [ A8B81D750556FB9A9266EC65BFAB63AF ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
00:37:03.0847 0976 AMD External Events Utility - ok
00:37:03.0887 0976 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
00:37:03.0887 0976 amdide - ok
00:37:03.0947 0976 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
00:37:03.0947 0976 AmdK8 - ok
00:37:04.0237 0976 [ 7A1AC757F3A2A3126A806B7319CAB21B ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
00:37:04.0477 0976 amdkmdag - ok
00:37:04.0557 0976 [ EEF6F806EEDFD1C746071F1FD684870E ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
00:37:04.0557 0976 amdkmdap - ok
00:37:04.0607 0976 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
00:37:04.0607 0976 AmdPPM - ok
00:37:04.0667 0976 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
00:37:04.0667 0976 amdsata - ok
00:37:04.0737 0976 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
00:37:04.0737 0976 amdsbs - ok
00:37:04.0777 0976 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
00:37:04.0787 0976 amdxata - ok
00:37:04.0827 0976 [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7 ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys
00:37:04.0827 0976 amd_sata - ok
00:37:04.0877 0976 [ 23726116B4FBCC84FC45B95157C08F5F ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys
00:37:04.0877 0976 amd_xata - ok
00:37:04.0957 0976 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
00:37:04.0957 0976 AppID - ok
00:37:05.0007 0976 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
00:37:05.0007 0976 AppIDSvc - ok
00:37:05.0067 0976 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
00:37:05.0067 0976 Appinfo - ok
00:37:05.0187 0976 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
00:37:05.0187 0976 arc - ok
00:37:05.0207 0976 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
00:37:05.0217 0976 arcsas - ok
00:37:05.0247 0976 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
00:37:05.0257 0976 AsyncMac - ok
00:37:05.0287 0976 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
00:37:05.0297 0976 atapi - ok
00:37:05.0537 0976 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
00:37:05.0547 0976 AudioEndpointBuilder - ok
00:37:05.0707 0976 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
00:37:05.0717 0976 AudioSrv - ok
00:37:05.0787 0976 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
00:37:05.0787 0976 AxInstSV - ok
00:37:05.0857 0976 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
00:37:05.0867 0976 b06bdrv - ok
00:37:05.0907 0976 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
00:37:05.0907 0976 b57nd60a - ok
00:37:06.0157 0976 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
00:37:06.0167 0976 BBSvc - ok
00:37:06.0247 0976 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
00:37:06.0247 0976 BBUpdate - ok
00:37:06.0287 0976 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
00:37:06.0287 0976 BDESVC - ok
00:37:06.0347 0976 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
00:37:06.0347 0976 Beep - ok
00:37:06.0457 0976 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
00:37:06.0467 0976 BFE - ok
00:37:06.0577 0976 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
00:37:06.0597 0976 BITS - ok
00:37:06.0657 0976 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
00:37:06.0657 0976 blbdrive - ok
00:37:06.0697 0976 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
00:37:06.0697 0976 bowser - ok
00:37:06.0737 0976 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
00:37:06.0737 0976 BrFiltLo - ok
00:37:06.0777 0976 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
00:37:06.0777 0976 BrFiltUp - ok
00:37:06.0817 0976 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
00:37:06.0827 0976 BridgeMP - ok
00:37:06.0867 0976 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
00:37:06.0867 0976 Browser - ok
00:37:06.0917 0976 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
00:37:06.0927 0976 Brserid - ok
00:37:06.0957 0976 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
00:37:06.0957 0976 BrSerWdm - ok
00:37:07.0017 0976 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
00:37:07.0017 0976 BrUsbMdm - ok
00:37:07.0057 0976 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
00:37:07.0057 0976 BrUsbSer - ok
00:37:07.0097 0976 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
00:37:07.0097 0976 BTHMODEM - ok
00:37:07.0157 0976 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
00:37:07.0167 0976 bthserv - ok
00:37:07.0187 0976 catchme - ok
00:37:07.0257 0976 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
00:37:07.0257 0976 cdfs - ok
00:37:07.0317 0976 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
00:37:07.0327 0976 cdrom - ok
00:37:07.0387 0976 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
00:37:07.0387 0976 CertPropSvc - ok
00:37:07.0447 0976 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
00:37:07.0457 0976 circlass - ok
00:37:07.0497 0976 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
00:37:07.0547 0976 CLFS - ok
00:37:07.0637 0976 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:37:07.0637 0976 clr_optimization_v2.0.50727_32 - ok
00:37:07.0717 0976 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:37:07.0727 0976 clr_optimization_v2.0.50727_64 - ok
00:37:07.0857 0976 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:37:07.0867 0976 clr_optimization_v4.0.30319_32 - ok
00:37:07.0977 0976 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:37:07.0977 0976 clr_optimization_v4.0.30319_64 - ok
00:37:08.0057 0976 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
00:37:08.0057 0976 CmBatt - ok
00:37:08.0097 0976 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
00:37:08.0097 0976 cmdide - ok
00:37:08.0217 0976 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
00:37:08.0227 0976 CNG - ok
00:37:08.0477 0976 [ 99B1B888B793DE320C5479B3C953781F ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
00:37:08.0517 0976 CnxtHdAudService - ok
00:37:08.0627 0976 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
00:37:08.0627 0976 Compbatt - ok
00:37:08.0687 0976 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
00:37:08.0687 0976 CompositeBus - ok
00:37:08.0727 0976 COMSysApp - ok
00:37:08.0767 0976 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
00:37:08.0777 0976 crcdisk - ok
00:37:08.0887 0976 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
00:37:08.0897 0976 CryptSvc - ok
00:37:08.0997 0976 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
00:37:09.0007 0976 DcomLaunch - ok
00:37:09.0087 0976 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
00:37:09.0087 0976 defragsvc - ok
00:37:09.0127 0976 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
00:37:09.0137 0976 DfsC - ok
00:37:09.0207 0976 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
00:37:09.0207 0976 Dhcp - ok
00:37:09.0257 0976 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
00:37:09.0257 0976 discache - ok
00:37:09.0317 0976 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
00:37:09.0327 0976 Disk - ok
00:37:09.0387 0976 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
00:37:09.0397 0976 Dnscache - ok
00:37:09.0437 0976 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
00:37:09.0437 0976 dot3svc - ok
00:37:09.0477 0976 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
00:37:09.0487 0976 DPS - ok
00:37:09.0537 0976 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
00:37:09.0537 0976 drmkaud - ok
00:37:09.0597 0976 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
00:37:09.0647 0976 DXGKrnl - ok
00:37:09.0707 0976 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
00:37:09.0707 0976 EapHost - ok
00:37:09.0857 0976 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
00:37:09.0947 0976 ebdrv - ok
00:37:09.0987 0976 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
00:37:09.0987 0976 EFS - ok
00:37:10.0077 0976 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
00:37:10.0087 0976 ehRecvr - ok
00:37:10.0117 0976 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
00:37:10.0117 0976 ehSched - ok
00:37:10.0217 0976 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
00:37:10.0227 0976 elxstor - ok
00:37:10.0267 0976 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
00:37:10.0267 0976 ErrDev - ok
00:37:10.0347 0976 [ 5D82D501D2FEE413B1F45F0302B5802C ] ETD C:\windows\system32\DRIVERS\ETD.sys
00:37:10.0347 0976 ETD - ok
00:37:10.0397 0976 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
00:37:10.0407 0976 EventSystem - ok
00:37:10.0447 0976 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
00:37:10.0457 0976 exfat - ok
00:37:10.0517 0976 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
00:37:10.0517 0976 fastfat - ok
00:37:10.0597 0976 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
00:37:10.0607 0976 Fax - ok
00:37:10.0657 0976 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
00:37:10.0657 0976 fdc - ok
00:37:10.0707 0976 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
00:37:10.0747 0976 fdPHost - ok
00:37:10.0787 0976 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
00:37:10.0787 0976 FDResPub - ok
00:37:10.0837 0976 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
00:37:10.0847 0976 FileInfo - ok
00:37:10.0917 0976 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
00:37:10.0917 0976 Filetrace - ok
00:37:10.0977 0976 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
00:37:10.0977 0976 flpydisk - ok
00:37:11.0017 0976 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
00:37:11.0017 0976 FltMgr - ok
00:37:11.0087 0976 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
00:37:11.0107 0976 FontCache - ok
00:37:11.0207 0976 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:37:11.0207 0976 FontCache3.0.0.0 - ok
00:37:11.0267 0976 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
00:37:11.0267 0976 FsDepends - ok
00:37:11.0317 0976 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
00:37:11.0317 0976 Fs_Rec - ok
00:37:11.0387 0976 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
00:37:11.0387 0976 fvevol - ok
00:37:11.0487 0976 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
00:37:11.0487 0976 FwLnk - ok
00:37:11.0537 0976 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
00:37:11.0547 0976 gagp30kx - ok
00:37:11.0607 0976 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
00:37:11.0627 0976 gpsvc - ok
00:37:11.0717 0976 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:37:11.0717 0976 gupdate - ok
00:37:11.0757 0976 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:37:11.0757 0976 gupdatem - ok
00:37:11.0847 0976 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:37:11.0867 0976 gusvc - ok
00:37:11.0897 0976 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
00:37:11.0907 0976 hcw85cir - ok
00:37:11.0947 0976 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
00:37:11.0957 0976 HdAudAddService - ok
00:37:12.0007 0976 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
00:37:12.0007 0976 HDAudBus - ok
00:37:12.0037 0976 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
00:37:12.0037 0976 HidBatt - ok
00:37:12.0087 0976 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
00:37:12.0097 0976 HidBth - ok
00:37:12.0127 0976 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
00:37:12.0127 0976 HidIr - ok
00:37:12.0177 0976 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
00:37:12.0177 0976 hidserv - ok
00:37:12.0247 0976 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
00:37:12.0247 0976 HidUsb - ok
00:37:12.0287 0976 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
00:37:12.0307 0976 hkmsvc - ok
00:37:12.0347 0976 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
00:37:12.0357 0976 HomeGroupListener - ok
00:37:12.0397 0976 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
00:37:12.0407 0976 HomeGroupProvider - ok
00:37:12.0547 0976 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:37:12.0557 0976 hpqcxs08 - ok
00:37:12.0607 0976 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:37:12.0607 0976 hpqddsvc - ok
00:37:12.0637 0976 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
00:37:12.0637 0976 HpSAMD - ok
00:37:12.0727 0976 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
00:37:12.0747 0976 HPSLPSVC - ok
00:37:12.0807 0976 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
00:37:12.0817 0976 HTTP - ok
00:37:12.0837 0976 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
00:37:12.0847 0976 hwpolicy - ok
00:37:12.0897 0976 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
00:37:12.0907 0976 i8042prt - ok
00:37:12.0997 0976 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
00:37:13.0007 0976 iaStorV - ok
00:37:13.0087 0976 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:37:13.0107 0976 idsvc - ok
00:37:13.0147 0976 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
00:37:13.0147 0976 iirsp - ok
00:37:13.0227 0976 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
00:37:13.0247 0976 IKEEXT - ok
00:37:13.0287 0976 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
00:37:13.0287 0976 intelide - ok
00:37:13.0347 0976 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
00:37:13.0357 0976 intelppm - ok
00:37:13.0407 0976 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
00:37:13.0407 0976 IPBusEnum - ok
00:37:13.0437 0976 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
00:37:13.0437 0976 IpFilterDriver - ok
00:37:13.0557 0976 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
00:37:13.0567 0976 iphlpsvc - ok
00:37:13.0607 0976 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
00:37:13.0617 0976 IPMIDRV - ok
00:37:13.0677 0976 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
00:37:13.0687 0976 IPNAT - ok
00:37:13.0737 0976 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
00:37:13.0747 0976 IRENUM - ok
00:37:13.0777 0976 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
00:37:13.0777 0976 isapnp - ok
00:37:13.0827 0976 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
00:37:13.0837 0976 iScsiPrt - ok
00:37:13.0867 0976 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
00:37:13.0867 0976 kbdclass - ok
00:37:13.0947 0976 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
00:37:13.0947 0976 kbdhid - ok
00:37:13.0977 0976 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
00:37:13.0977 0976 KeyIso - ok
00:37:14.0047 0976 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
00:37:14.0057 0976 KSecDD - ok
00:37:14.0107 0976 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
00:37:14.0107 0976 KSecPkg - ok
00:37:14.0147 0976 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
00:37:14.0157 0976 ksthunk - ok
00:37:14.0217 0976 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
00:37:14.0227 0976 KtmRm - ok
00:37:14.0267 0976 [ 0E154DA6CA9105354A07D0C576804037 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
00:37:14.0267 0976 L1C - ok
00:37:14.0317 0976 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
00:37:14.0327 0976 LanmanServer - ok
00:37:14.0387 0976 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
00:37:14.0387 0976 LanmanWorkstation - ok
00:37:14.0457 0976 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
00:37:14.0457 0976 lltdio - ok
00:37:14.0527 0976 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
00:37:14.0537 0976 lltdsvc - ok
00:37:14.0567 0976 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
00:37:14.0577 0976 lmhosts - ok
00:37:14.0637 0976 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
00:37:14.0637 0976 LSI_FC - ok
00:37:14.0687 0976 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
00:37:14.0687 0976 LSI_SAS - ok
00:37:14.0737 0976 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
00:37:14.0737 0976 LSI_SAS2 - ok
00:37:14.0797 0976 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
00:37:14.0807 0976 LSI_SCSI - ok
00:37:14.0857 0976 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
00:37:14.0857 0976 luafv - ok
00:37:14.0957 0976 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
00:37:14.0957 0976 MBAMProtector - ok
00:37:15.0087 0976 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:37:15.0097 0976 MBAMService - ok
00:37:15.0207 0976 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
00:37:15.0217 0976 McComponentHostService - ok
00:37:15.0257 0976 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
00:37:15.0257 0976 Mcx2Svc - ok
00:37:15.0367 0976 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
00:37:15.0377 0976 MDM - ok
00:37:15.0407 0976 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
00:37:15.0417 0976 megasas - ok
00:37:15.0467 0976 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
00:37:15.0477 0976 MegaSR - ok
00:37:15.0517 0976 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
00:37:15.0517 0976 MMCSS - ok
00:37:15.0567 0976 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
00:37:15.0567 0976 Modem - ok
00:37:15.0607 0976 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
00:37:15.0607 0976 monitor - ok
00:37:15.0657 0976 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
00:37:15.0657 0976 mouclass - ok
00:37:15.0707 0976 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
00:37:15.0707 0976 mouhid - ok
00:37:15.0747 0976 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
00:37:15.0757 0976 mountmgr - ok
00:37:16.0007 0976 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:37:16.0007 0976 MozillaMaintenance - ok
00:37:16.0057 0976 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
00:37:16.0057 0976 mpio - ok
00:37:16.0097 0976 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
00:37:16.0097 0976 mpsdrv - ok
00:37:16.0227 0976 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
00:37:16.0277 0976 MpsSvc - ok
00:37:16.0317 0976 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
00:37:16.0327 0976 MRxDAV - ok
00:37:16.0387 0976 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
00:37:16.0397 0976 mrxsmb - ok
00:37:16.0487 0976 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
00:37:16.0487 0976 mrxsmb10 - ok
00:37:16.0537 0976 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
00:37:16.0547 0976 mrxsmb20 - ok
00:37:16.0617 0976 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
00:37:16.0617 0976 msahci - ok
00:37:16.0657 0976 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
00:37:16.0657 0976 msdsm - ok
00:37:16.0867 0976 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
00:37:16.0877 0976 MSDTC - ok
00:37:16.0937 0976 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
00:37:16.0937 0976 Msfs - ok
00:37:16.0957 0976 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
00:37:16.0957 0976 mshidkmdf - ok
00:37:16.0997 0976 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
00:37:16.0997 0976 msisadrv - ok
00:37:17.0087 0976 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
00:37:17.0087 0976 MSiSCSI - ok
00:37:17.0117 0976 msiserver - ok
00:37:17.0147 0976 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
00:37:17.0157 0976 MSKSSRV - ok
00:37:17.0187 0976 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
00:37:17.0187 0976 MSPCLOCK - ok
00:37:17.0217 0976 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
00:37:17.0217 0976 MSPQM - ok
00:37:17.0267 0976 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
00:37:17.0277 0976 MsRPC - ok
00:37:17.0317 0976 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
00:37:17.0317 0976 mssmbios - ok
00:37:17.0357 0976 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
00:37:17.0357 0976 MSTEE - ok
00:37:17.0397 0976 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
00:37:17.0397 0976 MTConfig - ok
00:37:17.0427 0976 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
00:37:17.0437 0976 Mup - ok
00:37:17.0497 0976 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
00:37:17.0557 0976 napagent - ok
00:37:17.0627 0976 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
00:37:17.0637 0976 NativeWifiP - ok
00:37:17.0727 0976 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
00:37:17.0747 0976 NDIS - ok
00:37:17.0797 0976 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
00:37:17.0807 0976 NdisCap - ok
00:37:17.0867 0976 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
00:37:17.0867 0976 NdisTapi - ok
00:37:17.0897 0976 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
00:37:17.0897 0976 Ndisuio - ok
00:37:17.0937 0976 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
00:37:17.0947 0976 NdisWan - ok
00:37:17.0987 0976 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
00:37:17.0987 0976 NDProxy - ok
00:37:18.0057 0976 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:37:18.0067 0976 Net Driver HPZ12 - ok
00:37:18.0107 0976 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
00:37:18.0107 0976 NetBIOS - ok
00:37:18.0147 0976 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
00:37:18.0157 0976 NetBT - ok
00:37:18.0177 0976 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
00:37:18.0177 0976 Netlogon - ok
00:37:18.0237 0976 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
00:37:18.0247 0976 Netman - ok
00:37:18.0337 0976 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
00:37:18.0347 0976 netprofm - ok
00:37:18.0387 0976 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:37:18.0387 0976 NetTcpPortSharing - ok
00:37:18.0437 0976 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
00:37:18.0447 0976 nfrd960 - ok
00:37:18.0497 0976 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
00:37:18.0517 0976 NlaSvc - ok
00:37:18.0557 0976 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
00:37:18.0557 0976 Npfs - ok
00:37:18.0597 0976 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
00:37:18.0597 0976 nsi - ok
00:37:18.0627 0976 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
00:37:18.0627 0976 nsiproxy - ok
00:37:18.0757 0976 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
00:37:18.0787 0976 Ntfs - ok
00:37:18.0827 0976 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
00:37:18.0837 0976 Null - ok
00:37:18.0877 0976 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
00:37:18.0877 0976 nvraid - ok
00:37:18.0957 0976 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
00:37:18.0967 0976 nvstor - ok
00:37:19.0027 0976 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
00:37:19.0027 0976 nv_agp - ok
00:37:19.0067 0976 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
00:37:19.0067 0976 ohci1394 - ok
00:37:19.0147 0976 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:37:19.0157 0976 ose - ok
00:37:19.0217 0976 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
00:37:19.0227 0976 p2pimsvc - ok
00:37:19.0277 0976 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
00:37:19.0287 0976 p2psvc - ok
00:37:19.0327 0976 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
00:37:19.0327 0976 Parport - ok
00:37:19.0387 0976 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
00:37:19.0397 0976 partmgr - ok
00:37:19.0447 0976 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
00:37:19.0457 0976 PcaSvc - ok
00:37:19.0527 0976 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
00:37:19.0557 0976 pci - ok
00:37:19.0667 0976 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
00:37:19.0667 0976 pciide - ok
00:37:19.0717 0976 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
00:37:19.0717 0976 pcmcia - ok
00:37:19.0747 0976 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
00:37:19.0757 0976 pcw - ok
00:37:19.0807 0976 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
00:37:19.0847 0976 PEAUTH - ok
00:37:21.0727 0976 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
00:37:21.0727 0976 PerfHost - ok
00:37:21.0797 0976 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
00:37:21.0797 0976 PGEffect - ok
00:37:21.0877 0976 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
00:37:21.0897 0976 pla - ok
00:37:21.0957 0976 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
00:37:21.0967 0976 PlugPlay - ok
00:37:22.0037 0976 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:37:22.0037 0976 Pml Driver HPZ12 - ok
00:37:22.0067 0976 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
00:37:22.0067 0976 PNRPAutoReg - ok
00:37:22.0117 0976 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
00:37:22.0127 0976 PNRPsvc - ok
00:37:22.0177 0976 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\windows\system32\DRIVERS\point64.sys
00:37:22.0177 0976 Point64 - ok
00:37:22.0237 0976 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
00:37:22.0247 0976 PolicyAgent - ok
00:37:22.0297 0976 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
00:37:22.0307 0976 Power - ok
00:37:22.0367 0976 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
00:37:22.0367 0976 PptpMiniport - ok
00:37:22.0397 0976 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
00:37:22.0407 0976 Processor - ok
00:37:22.0457 0976 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
00:37:22.0467 0976 ProfSvc - ok
00:37:22.0487 0976 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
00:37:22.0487 0976 ProtectedStorage - ok
00:37:22.0547 0976 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
00:37:22.0557 0976 Psched - ok
00:37:22.0647 0976 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
00:37:22.0697 0976 ql2300 - ok
00:37:22.0727 0976 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
00:37:22.0737 0976 ql40xx - ok
00:37:22.0777 0976 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
00:37:22.0787 0976 QWAVE - ok
00:37:22.0827 0976 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
00:37:22.0837 0976 QWAVEdrv - ok
00:37:22.0867 0976 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
00:37:22.0867 0976 RasAcd - ok
00:37:22.0927 0976 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
00:37:22.0927 0976 RasAgileVpn - ok
00:37:22.0977 0976 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
00:37:22.0977 0976 RasAuto - ok
00:37:23.0047 0976 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
00:37:23.0047 0976 Rasl2tp - ok
00:37:23.0107 0976 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
00:37:23.0117 0976 RasMan - ok
00:37:23.0167 0976 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
00:37:23.0167 0976 RasPppoe - ok
00:37:23.0207 0976 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
00:37:23.0207 0976 RasSstp - ok
00:37:23.0257 0976 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
00:37:23.0267 0976 rdbss - ok
00:37:23.0337 0976 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
00:37:23.0337 0976 rdpbus - ok
00:37:23.0377 0976 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
00:37:23.0387 0976 RDPCDD - ok
00:37:23.0447 0976 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
00:37:23.0447 0976 RDPENCDD - ok
00:37:23.0497 0976 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
00:37:23.0497 0976 RDPREFMP - ok
00:37:23.0587 0976 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
00:37:23.0587 0976 RDPWD - ok
00:37:23.0677 0976 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
00:37:23.0677 0976 rdyboost - ok
00:37:23.0737 0976 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
00:37:23.0747 0976 RemoteAccess - ok
00:37:23.0787 0976 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
00:37:23.0797 0976 RemoteRegistry - ok
00:37:23.0867 0976 [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
00:37:23.0877 0976 RimUsb - ok
00:37:23.0907 0976 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
00:37:23.0917 0976 RpcEptMapper - ok
00:37:23.0957 0976 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
00:37:23.0967 0976 RpcLocator - ok
00:37:24.0007 0976 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
00:37:24.0017 0976 RpcSs - ok
00:37:24.0077 0976 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
00:37:24.0087 0976 rspndr - ok
00:37:24.0177 0976 [ 0E3DCF76F11DC431B088A2DFD7265CDA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
00:37:24.0177 0976 RSUSBSTOR - ok
00:37:24.0257 0976 [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
00:37:24.0277 0976 RTL8192Ce - ok
00:37:24.0297 0976 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
00:37:24.0307 0976 SamSs - ok
00:37:24.0337 0976 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
00:37:24.0337 0976 sbp2port - ok
00:37:24.0487 0976 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
00:37:24.0507 0976 SBSDWSCService - ok
00:37:24.0597 0976 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
00:37:24.0597 0976 SCardSvr - ok
00:37:24.0637 0976 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
00:37:24.0637 0976 scfilter - ok
00:37:24.0697 0976 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
00:37:24.0717 0976 Schedule - ok
00:37:24.0767 0976 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
00:37:24.0767 0976 SCPolicySvc - ok
00:37:24.0847 0976 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
00:37:24.0857 0976 SDRSVC - ok
00:37:24.0907 0976 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
00:37:24.0907 0976 secdrv - ok
00:37:24.0947 0976 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
00:37:24.0957 0976 seclogon - ok
00:37:24.0987 0976 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
00:37:24.0987 0976 SENS - ok
00:37:25.0017 0976 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
00:37:25.0037 0976 SensrSvc - ok
00:37:25.0087 0976 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
00:37:25.0087 0976 Serenum - ok
00:37:25.0127 0976 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
00:37:25.0137 0976 Serial - ok
00:37:25.0167 0976 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
00:37:25.0167 0976 sermouse - ok
00:37:25.0237 0976 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
00:37:25.0247 0976 SessionEnv - ok
00:37:25.0277 0976 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
00:37:25.0287 0976 sffdisk - ok
00:37:25.0307 0976 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
00:37:25.0317 0976 sffp_mmc - ok
00:37:25.0347 0976 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
00:37:25.0347 0976 sffp_sd - ok
00:37:25.0367 0976 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
00:37:25.0367 0976 sfloppy - ok
00:37:25.0457 0976 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
00:37:25.0467 0976 SharedAccess - ok
00:37:25.0527 0976 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
00:37:25.0527 0976 ShellHWDetection - ok
00:37:25.0577 0976 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
00:37:25.0617 0976 SiSRaid2 - ok
00:37:25.0647 0976 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
00:37:25.0657 0976 SiSRaid4 - ok
00:37:25.0737 0976 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
00:37:25.0747 0976 Smb - ok
00:37:25.0827 0976 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
00:37:25.0837 0976 SNMPTRAP - ok
00:37:25.0867 0976 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
00:37:25.0867 0976 spldr - ok
00:37:25.0917 0976 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
00:37:25.0937 0976 Spooler - ok
00:37:26.0167 0976 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
00:37:26.0307 0976 sppsvc - ok
00:37:26.0447 0976 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
00:37:26.0487 0976 sppuinotify - ok
00:37:26.0547 0976 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
00:37:26.0557 0976 srv - ok
00:37:26.0617 0976 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
00:37:26.0627 0976 srv2 - ok
00:37:26.0657 0976 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
00:37:26.0657 0976 srvnet - ok
00:37:26.0737 0976 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
00:37:26.0747 0976 SSDPSRV - ok
00:37:26.0767 0976 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
00:37:26.0777 0976 SstpSvc - ok
00:37:26.0827 0976 Steam Client Service - ok
00:37:26.0877 0976 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
00:37:26.0877 0976 stexstor - ok
00:37:26.0917 0976 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
00:37:26.0917 0976 StillCam - ok
00:37:26.0997 0976 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
00:37:27.0007 0976 stisvc - ok
00:37:27.0037 0976 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
00:37:27.0047 0976 swenum - ok
00:37:27.0107 0976 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
00:37:27.0117 0976 swprv - ok
00:37:27.0187 0976 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
00:37:27.0217 0976 SysMain - ok
00:37:27.0257 0976 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
00:37:27.0257 0976 TabletInputService - ok
00:37:27.0287 0976 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
00:37:27.0297 0976 TapiSrv - ok
00:37:27.0337 0976 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
00:37:27.0337 0976 TBS - ok
00:37:27.0447 0976 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
00:37:27.0487 0976 Tcpip - ok
00:37:27.0587 0976 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
00:37:27.0607 0976 TCPIP6 - ok
00:37:27.0647 0976 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
00:37:27.0657 0976 tcpipreg - ok
00:37:27.0687 0976 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
00:37:27.0697 0976 tdcmdpst - ok
00:37:27.0737 0976 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
00:37:27.0737 0976 TDPIPE - ok
00:37:27.0787 0976 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
00:37:27.0797 0976 TDTCP - ok
00:37:27.0827 0976 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
00:37:27.0837 0976 tdx - ok
00:37:27.0857 0976 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
00:37:27.0857 0976 TermDD - ok
00:37:27.0937 0976 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
00:37:27.0947 0976 TermService - ok
00:37:27.0977 0976 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
00:37:27.0987 0976 Themes - ok
00:37:28.0007 0976 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
00:37:28.0007 0976 THREADORDER - ok
00:37:28.0077 0976 [ DFE9BA871B9F3DBB591BD113611CBCC0 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
00:37:28.0087 0976 TMachInfo - ok
00:37:28.0137 0976 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
00:37:28.0137 0976 TODDSrv - ok
00:37:28.0237 0976 [ DB9719688C08F42705FEB3F6A0C98B91 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
00:37:28.0247 0976 TosCoSrv - ok
00:37:28.0347 0976 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
00:37:28.0347 0976 TOSHIBA HDD SSD Alert Service - ok
00:37:28.0387 0976 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
00:37:28.0397 0976 TrkWks - ok
00:37:28.0467 0976 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
00:37:28.0477 0976 TrustedInstaller - ok
00:37:28.0527 0976 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
00:37:28.0527 0976 tssecsrv - ok
00:37:28.0577 0976 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
00:37:28.0587 0976 TsUsbFlt - ok
00:37:28.0617 0976 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
00:37:28.0617 0976 TsUsbGD - ok
00:37:28.0717 0976 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
00:37:28.0717 0976 tunnel - ok
00:37:28.0807 0976 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
00:37:28.0807 0976 TVALZ - ok
00:37:28.0857 0976 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
00:37:28.0857 0976 uagp35 - ok
00:37:28.0907 0976 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
00:37:28.0917 0976 udfs - ok
00:37:28.0987 0976 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
00:37:28.0997 0976 UI0Detect - ok
00:37:29.0057 0976 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
00:37:29.0057 0976 uliagpkx - ok
00:37:29.0157 0976 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
00:37:29.0157 0976 umbus - ok
00:37:29.0187 0976 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
00:37:29.0187 0976 UmPass - ok
00:37:29.0237 0976 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
00:37:29.0247 0976 upnphost - ok
00:37:29.0327 0976 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
00:37:29.0337 0976 usbaudio - ok
00:37:29.0387 0976 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
00:37:29.0387 0976 usbccgp - ok
00:37:29.0437 0976 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
00:37:29.0437 0976 usbcir - ok
00:37:29.0497 0976 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
00:37:29.0507 0976 usbehci - ok
00:37:29.0557 0976 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
00:37:29.0567 0976 usbhub - ok
00:37:29.0627 0976 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
00:37:29.0627 0976 usbohci - ok
00:37:29.0677 0976 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
00:37:29.0677 0976 usbprint - ok
00:37:29.0707 0976 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
00:37:29.0707 0976 USBSTOR - ok
00:37:29.0767 0976 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
00:37:29.0767 0976 usbuhci - ok
00:37:29.0837 0976 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
00:37:29.0847 0976 usbvideo - ok
00:37:29.0887 0976 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
00:37:29.0897 0976 UxSms - ok
00:37:29.0927 0976 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
00:37:29.0927 0976 VaultSvc - ok
00:37:29.0997 0976 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
00:37:29.0997 0976 vdrvroot - ok
00:37:30.0047 0976 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
00:37:30.0067 0976 vds - ok
00:37:30.0137 0976 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
00:37:30.0137 0976 vga - ok
00:37:30.0167 0976 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
00:37:30.0167 0976 VgaSave - ok
00:37:30.0207 0976 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
00:37:30.0207 0976 vhdmp - ok
00:37:30.0247 0976 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
00:37:30.0247 0976 viaide - ok
00:37:30.0287 0976 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
00:37:30.0297 0976 volmgr - ok
00:37:30.0337 0976 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
00:37:30.0347 0976 volmgrx - ok
00:37:30.0377 0976 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
00:37:30.0387 0976 volsnap - ok
00:37:30.0437 0976 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
00:37:30.0437 0976 vsmraid - ok
00:37:30.0527 0976 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
00:37:30.0557 0976 VSS - ok
00:37:30.0597 0976 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
00:37:30.0597 0976 vwifibus - ok
00:37:30.0647 0976 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
00:37:30.0657 0976 vwififlt - ok
00:37:30.0707 0976 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
00:37:30.0707 0976 W32Time - ok
00:37:30.0767 0976 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
00:37:30.0767 0976 WacomPen - ok
00:37:30.0817 0976 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
00:37:30.0817 0976 WANARP - ok
00:37:30.0847 0976 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
00:37:30.0847 0976 Wanarpv6 - ok
00:37:30.0987 0976 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
00:37:31.0007 0976 WatAdminSvc - ok
00:37:31.0097 0976 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
00:37:31.0117 0976 wbengine - ok
00:37:31.0157 0976 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
00:37:31.0167 0976 WbioSrvc - ok
00:37:31.0217 0976 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
00:37:31.0227 0976 wcncsvc - ok
00:37:31.0257 0976 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
00:37:31.0257 0976 WcsPlugInService - ok
00:37:31.0297 0976 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
00:37:31.0297 0976 Wd - ok
00:37:31.0347 0976 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
00:37:31.0357 0976 Wdf01000 - ok
00:37:31.0387 0976 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
00:37:31.0387 0976 WdiServiceHost - ok
00:37:31.0407 0976 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
00:37:31.0417 0976 WdiSystemHost - ok
00:37:31.0467 0976 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
00:37:31.0477 0976 WebClient - ok
00:37:31.0507 0976 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
00:37:31.0577 0976 Wecsvc - ok
00:37:31.0597 0976 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
00:37:31.0607 0976 wercplsupport - ok
00:37:31.0657 0976 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
00:37:31.0657 0976 WerSvc - ok
00:37:31.0697 0976 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
00:37:31.0697 0976 WfpLwf - ok
00:37:31.0737 0976 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
00:37:31.0737 0976 WIMMount - ok
00:37:31.0787 0976 WinDefend - ok
00:37:31.0797 0976 WinHttpAutoProxySvc - ok
00:37:31.0927 0976 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
00:37:31.0937 0976 Winmgmt - ok
00:37:32.0107 0976 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
00:37:32.0177 0976 WinRM - ok
00:37:32.0257 0976 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
00:37:32.0257 0976 WinUsb - ok
00:37:32.0327 0976 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
00:37:32.0347 0976 Wlansvc - ok
00:37:32.0427 0976 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:37:32.0427 0976 wlcrasvc - ok
00:37:32.0727 0976 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:37:32.0797 0976 wlidsvc - ok
00:37:32.0827 0976 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
00:37:32.0827 0976 WmiAcpi - ok
00:37:32.0897 0976 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
00:37:32.0907 0976 wmiApSrv - ok
00:37:32.0947 0976 WMPNetworkSvc - ok
00:37:32.0977 0976 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
00:37:32.0977 0976 WPCSvc - ok
00:37:33.0017 0976 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
00:37:33.0017 0976 WPDBusEnum - ok
00:37:33.0067 0976 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
00:37:33.0067 0976 ws2ifsl - ok
00:37:33.0117 0976 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
00:37:33.0127 0976 wscsvc - ok
00:37:33.0187 0976 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
00:37:33.0187 0976 WSDPrintDevice - ok
00:37:33.0207 0976 WSearch - ok
00:37:33.0347 0976 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
00:37:33.0387 0976 wuauserv - ok
00:37:33.0417 0976 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
00:37:33.0427 0976 WudfPf - ok
00:37:33.0477 0976 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
00:37:33.0487 0976 WUDFRd - ok
00:37:33.0547 0976 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
00:37:33.0547 0976 wudfsvc - ok
00:37:33.0597 0976 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
00:37:33.0627 0976 WwanSvc - ok
00:37:33.0677 0976 ================ Scan global ===============================
00:37:33.0717 0976 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
00:37:33.0777 0976 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
00:37:33.0807 0976 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
00:37:33.0847 0976 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
00:37:33.0897 0976 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
00:37:33.0907 0976 [Global] - ok
00:37:33.0917 0976 ================ Scan MBR ==================================
00:37:33.0937 0976 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
00:37:34.0147 0976 \Device\Harddisk0\DR0 - ok
00:37:34.0147 0976 ================ Scan VBR ==================================
00:37:34.0167 0976 [ 80FF801DBE2BBB8D72C04DF77D231689 ] \Device\Harddisk0\DR0\Partition1
00:37:34.0167 0976 \Device\Harddisk0\DR0\Partition1 - ok
00:37:34.0177 0976 ============================================================
00:37:34.0177 0976 Scan finished
00:37:34.0177 0976 ============================================================
00:37:34.0207 2668 Detected object count: 0
00:37:34.0207 2668 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-29 00:41:19
-----------------------------
00:41:19.028 OS Version: Windows x64 6.1.7601 Service Pack 1
00:41:19.028 Number of processors: 2 586 0x100
00:41:19.028 ComputerName: SANDY-LAPTOP UserName: Sandy
00:41:20.651 Initialize success
00:42:20.202 AVAST engine defs: 12102801
00:43:29.372 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
00:43:29.372 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 11
00:43:29.404 Disk 0 MBR read successfully
00:43:29.404 Disk 0 MBR scan
00:43:29.419 Disk 0 Windows VISTA default MBR code
00:43:29.419 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
00:43:29.450 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292137 MB offset 3074048
00:43:29.482 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11607 MB offset 601370624
00:43:29.528 Disk 0 scanning C:\windows\system32\drivers
00:43:42.118 Service scanning
00:44:32.709 Modules scanning
00:44:32.724 Disk 0 trace - called modules:
00:44:32.755 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
00:44:32.771 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002fdd060]
00:44:32.787 3 CLASSPNP.SYS[fffff8800198643f] -> nt!IofCallDriver -> [0xfffffa8002eb3ac0]
00:44:32.787 5 amd_xata.sys[fffff880011638b4] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8002ead060]
00:44:34.237 AVAST engine scan C:\windows
00:44:38.496 AVAST engine scan C:\windows\system32
00:48:37.379 AVAST engine scan C:\windows\system32\drivers
00:48:55.943 AVAST engine scan C:\Users\Sandy
01:13:16.294 Disk 0 MBR has been saved successfully to "C:\Users\Sandy\Desktop\MBR.dat"
01:13:16.310 The log file has been saved successfully to "C:\Users\Sandy\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 29 October 2012 - 12:27 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 hamerhokie

hamerhokie
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 29 October 2012 - 10:47 AM

The Babylon Search screen comes up when I open Google Chrome. Other than that it works fine.




ComboFix 12-10-26.05 - Sandy 10/29/2012 1:34.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1388 [GMT -4:00]
Running from: c:\users\Sandy\Desktop\ComboFix.exe
Command switches used :: c:\users\Sandy\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))
.
.
2012-10-29 06:29 . 2012-10-29 06:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-29 06:29 . 2012-10-29 06:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-28 21:48 . 2012-10-28 21:48 -------- d-----w- C:\FRST
2012-10-21 06:15 . 2012-10-29 04:39 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DF16572-A1EE-4F7B-AE2B-62EB3A6C9018}\offreg.dll
2012-10-21 06:14 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DF16572-A1EE-4F7B-AE2B-62EB3A6C9018}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 05:20 . 2012-04-06 03:15 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 05:20 . 2011-09-09 06:04 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-27 21:22 . 2011-11-27 22:48 691712 ----a-w- c:\program files\Instant Backlink Magic.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 15:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-28 115168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-02 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 85642543
*Deregistered* - 85642543
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 05:20]
.
2012-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 18:19]
.
2012-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 18:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\s7bx2ghv.default\
FF - ExtSQL: !HIDDEN! 2011-08-07 22:40; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-29 02:34:02
ComboFix-quarantined-files.txt 2012-10-29 06:34
ComboFix2.txt 2012-10-29 02:49
.
Pre-Run: 200,476,278,784 bytes free
Post-Run: 200,329,166,848 bytes free
.
- - End Of File - - 730B55872976DEE38534CE8FD81E079B

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 29 October 2012 - 12:07 PM

Hello

I want you to uninstall chrome and if asked about user data or settings then remove that also


restart the computer and reinstall chrome - check it for me now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 hamerhokie

hamerhokie
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 29 October 2012 - 01:04 PM

Chrome works fine after reinstall.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users