Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect - Scour, etc.


  • This topic is locked This topic is locked
23 replies to this topic

#1 Supe

Supe

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 30 October 2012 - 07:28 PM

Have been getting intermittent Google redirects to pay-per-click engines such as Scour, and have been unsuccessful thus far. Any attempts to eliminate with typical spyware removal tools have been unsuccessful or would return after sleep/re-logging into Windows. AVG recently removed a crypt.BAIJ trojan, and found a Win32/Cryptor entry tied to prshg.dll on multiple dates. Also picked up IDP.Trojan.7E3AF828 about 2-3 weeks before the redirects were noticed. MB removed a PUM.Bad.Proxy registry entry and Malware.Trace file. Scan results for the past few days have been showing up clean. Running Windows 7 64 bit, DDS log posted below, attach.txt file is attached. Ran GMER, but did not have the option of selecting boxes other than services, registry, files, and ADS. All others were greyed out/could not be selected. Scan/log file showed no results. Any help is much appreciated.

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Bryan at 19:44:13 on 2012-10-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2651 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\splwow64.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [AdobeUpdater] "C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe"
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup] <no file>
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9F279C36-CABD-4452-87E8-C3AC288B5059} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\urtdj62j.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\urtdj62j.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bryan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2011-2-24 36232]
R0 EUFS;EUFS;C:\Windows\System32\drivers\eufs.sys [2011-2-24 26504]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-15 55280]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2011-2-24 17800]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-12-15 92160]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 EASEUS Agent;EASEUS Agent;C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe [2011-2-24 55688]
R2 FileOpenManagerSvc;FileOpen Manager Service;C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [2011-12-9 334720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-25 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-25 676936]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-10-10 1021888]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-1-3 172704]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-12-15 317480]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-25 25928]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2012-10-25 22704]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-8-2 243840]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 115168]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-18 1255736]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
.js: <filetype is not registered>
.
=============== Created Last 30 ================
.
2012-10-29 21:31:42 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-10-29 21:31:42 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-10-26 02:26:28 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2012-10-26 02:26:25 110080 ----a-r- C:\Users\Bryan\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
2012-10-26 02:26:25 110080 ----a-r- C:\Users\Bryan\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
2012-10-26 02:26:25 110080 ----a-r- C:\Users\Bryan\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
2012-10-26 02:26:24 -------- d-----w- C:\sh4ldr
2012-10-26 02:26:24 -------- d-----w- C:\Program Files\Enigma Software Group
2012-10-26 02:25:32 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-10-26 02:16:02 -------- d-----w- C:\Users\Bryan\AppData\Roaming\Malwarebytes
2012-10-26 02:15:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-26 02:15:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-26 02:15:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-26 01:44:33 208216 ----a-w- C:\Windows\System32\drivers\20660188.sys
2012-10-25 23:09:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-02 23:32:14 -------- d-----w- C:\Users\Bryan\AppData\Local\{6250848E-0CE9-11E2-8271-B8AC6F996F26}
.
==================== Find3M ====================
.
2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 19:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 18:05:27 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 18:02:20 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-08-24 17:10:47 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 17:08:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-08-24 16:45:23 482816 ----a-w- C:\Windows\System32\html.iec
2012-08-24 16:02:45 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 16:01:45 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-08-24 15:27:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-11 00:53:01 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:54:04 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 19:44:48.22 ===============

Attached Files


Edited by Supe, 30 October 2012 - 07:29 PM.


BC AdBot (Login to Remove)

 


#2 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:35 PM

Posted 31 October 2012 - 12:42 AM

Hello Supe :)

  • I will be helping with your computer problems.
  • From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.
  • I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.
  • Remember that you came here for help, so allow us to help you :)
  • If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.
  • Always do the steps they are listed in (left to right, top to bottom).
  • I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.
  • If you have a question about something, do not hesitate to ask.

Let's begin:

Posted Image From Programs and Features (via Control Panel), please uninstall the below:
  • Java™ 6 Update 26 (64-bit)
  • Java™ 6 Update 29
  • SpyHunter

__

  • Please download and install CCleaner Slim
  • Open CCleaner and click the Options button
  • Now choose Advanced
  • Uncheck everything here except for Skip User Account Control warning
  • Now click the Cleaner button and press the Run Cleaner button at the bottom right of the program.
  • If this is your first time running this program, a prompt may appear asking for confirmation to delete temporary files. Go ahead and proceed.

__

Posted Image Please download and run TDSSKiller
  • VERY IMPORTANT: In the event that threats are detected, allow TDSSKiller to perform the default action by simply pressing the Continue button.
  • Do NOT change the default action on your own unless instructed by a malware helper! Doing so may render your computer unbootable.
  • If threats were detected, TDSSKiller will require a reboot in order to attempt to clean the system.
  • After the scan is complete, you can find the TDSSKiller log at the root of your C: drive.
    • Example: C:\TDSSKiller.2.8.10.0_29.09.2012_00.22.50_log.txt
  • Please post the contents of this file to your next message.

__

Posted Image Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

__

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you. Post the contents of the ComboFix log into your next message.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

Edited by thisisu, 31 October 2012 - 12:42 AM.


#3 Supe

Supe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 31 October 2012 - 07:41 AM

Thank you for the response. I will go through the recommendations and post back this evening.

#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:35 PM

Posted 31 October 2012 - 01:29 PM

Ok :thumbup2:

#5 Supe

Supe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 31 October 2012 - 05:29 PM

TDSS log below, will perform MB next.


18:26:57.0729 6528 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
18:26:58.0159 6528 ============================================================
18:26:58.0159 6528 Current date / time: 2012/10/31 18:26:58.0159
18:26:58.0159 6528 SystemInfo:
18:26:58.0159 6528
18:26:58.0159 6528 OS Version: 6.1.7600 ServicePack: 0.0
18:26:58.0160 6528 Product type: Workstation
18:26:58.0160 6528 ComputerName: DEXTER
18:26:58.0160 6528 UserName: Bryan
18:26:58.0160 6528 Windows directory: C:\Windows
18:26:58.0160 6528 System windows directory: C:\Windows
18:26:58.0160 6528 Running under WOW64
18:26:58.0160 6528 Processor architecture: Intel x64
18:26:58.0160 6528 Number of processors: 8
18:26:58.0160 6528 Page size: 0x1000
18:26:58.0160 6528 Boot type: Normal boot
18:26:58.0160 6528 ============================================================
18:26:59.0508 6528 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:26:59.0520 6528 Drive \Device\Harddisk5\DR5 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:26:59.0522 6528 ============================================================
18:26:59.0522 6528 \Device\Harddisk0\DR0:
18:26:59.0522 6528 MBR partitions:
18:26:59.0522 6528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
18:26:59.0522 6528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x729A65B0
18:26:59.0522 6528 \Device\Harddisk5\DR5:
18:26:59.0522 6528 MBR partitions:
18:26:59.0522 6528 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
18:26:59.0522 6528 ============================================================
18:26:59.0552 6528 C: <-> \Device\Harddisk0\DR0\Partition2
18:26:59.0623 6528 I: <-> \Device\Harddisk5\DR5\Partition1
18:26:59.0623 6528 ============================================================
18:26:59.0623 6528 Initialize success
18:26:59.0624 6528 ============================================================
18:27:03.0609 6268 ============================================================
18:27:03.0609 6268 Scan started
18:27:03.0609 6268 Mode: Manual;
18:27:03.0609 6268 ============================================================
18:27:04.0175 6268 ================ Scan system memory ========================
18:27:04.0175 6268 System memory - ok
18:27:04.0175 6268 ================ Scan services =============================
18:27:04.0308 6268 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:27:04.0310 6268 1394ohci - ok
18:27:04.0334 6268 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
18:27:04.0337 6268 ACPI - ok
18:27:04.0340 6268 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
18:27:04.0341 6268 AcpiPmi - ok
18:27:04.0356 6268 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:27:04.0361 6268 adp94xx - ok
18:27:04.0384 6268 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:27:04.0387 6268 adpahci - ok
18:27:04.0399 6268 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:27:04.0401 6268 adpu320 - ok
18:27:04.0439 6268 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:27:04.0440 6268 AeLookupSvc - ok
18:27:04.0506 6268 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:27:04.0507 6268 AERTFilters - ok
18:27:04.0556 6268 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
18:27:04.0560 6268 AFD - ok
18:27:04.0569 6268 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
18:27:04.0571 6268 agp440 - ok
18:27:04.0583 6268 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:27:04.0585 6268 ALG - ok
18:27:04.0593 6268 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
18:27:04.0594 6268 aliide - ok
18:27:04.0604 6268 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
18:27:04.0605 6268 amdide - ok
18:27:04.0612 6268 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:27:04.0613 6268 AmdK8 - ok
18:27:04.0621 6268 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:27:04.0622 6268 AmdPPM - ok
18:27:04.0632 6268 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
18:27:04.0633 6268 amdsata - ok
18:27:04.0645 6268 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:27:04.0647 6268 amdsbs - ok
18:27:04.0661 6268 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
18:27:04.0662 6268 amdxata - ok
18:27:04.0719 6268 [ 2C4A05FCEF72EF614DCD11D0872498C9 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
18:27:04.0721 6268 AnyDVD - ok
18:27:04.0739 6268 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
18:27:04.0740 6268 AppID - ok
18:27:04.0755 6268 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:27:04.0756 6268 AppIDSvc - ok
18:27:04.0765 6268 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
18:27:04.0767 6268 Appinfo - ok
18:27:04.0874 6268 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:27:04.0875 6268 Apple Mobile Device - ok
18:27:04.0887 6268 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:27:04.0889 6268 arc - ok
18:27:04.0899 6268 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:27:04.0900 6268 arcsas - ok
18:27:04.0911 6268 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:27:04.0912 6268 AsyncMac - ok
18:27:04.0925 6268 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
18:27:04.0925 6268 atapi - ok
18:27:04.0967 6268 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:27:04.0973 6268 AudioEndpointBuilder - ok
18:27:04.0981 6268 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:27:04.0984 6268 AudioSrv - ok
18:27:05.0137 6268 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
18:27:05.0229 6268 AVGIDSAgent - ok
18:27:05.0273 6268 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:27:05.0274 6268 AVGIDSDriver - ok
18:27:05.0304 6268 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
18:27:05.0305 6268 AVGIDSFilter - ok
18:27:05.0360 6268 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
18:27:05.0362 6268 AVGIDSHA - ok
18:27:05.0375 6268 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
18:27:05.0378 6268 Avgldx64 - ok
18:27:05.0386 6268 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
18:27:05.0387 6268 Avgmfx64 - ok
18:27:05.0390 6268 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
18:27:05.0391 6268 Avgrkx64 - ok
18:27:05.0423 6268 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
18:27:05.0426 6268 Avgtdia - ok
18:27:05.0436 6268 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
18:27:05.0438 6268 avgwd - ok
18:27:05.0452 6268 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:27:05.0454 6268 AxInstSV - ok
18:27:05.0477 6268 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:27:05.0481 6268 b06bdrv - ok
18:27:05.0496 6268 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:27:05.0499 6268 b57nd60a - ok
18:27:05.0579 6268 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:27:05.0581 6268 BBSvc - ok
18:27:05.0613 6268 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:27:05.0615 6268 BBUpdate - ok
18:27:05.0627 6268 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:27:05.0629 6268 BDESVC - ok
18:27:05.0657 6268 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:27:05.0658 6268 Beep - ok
18:27:05.0677 6268 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
18:27:05.0684 6268 BFE - ok
18:27:05.0725 6268 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
18:27:05.0733 6268 BITS - ok
18:27:05.0745 6268 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:27:05.0746 6268 blbdrive - ok
18:27:05.0800 6268 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:27:05.0804 6268 Bonjour Service - ok
18:27:05.0835 6268 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:27:05.0837 6268 bowser - ok
18:27:05.0846 6268 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:27:05.0847 6268 BrFiltLo - ok
18:27:05.0859 6268 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:27:05.0860 6268 BrFiltUp - ok
18:27:05.0871 6268 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
18:27:05.0873 6268 Browser - ok
18:27:05.0887 6268 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:27:05.0890 6268 Brserid - ok
18:27:05.0900 6268 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:27:05.0901 6268 BrSerWdm - ok
18:27:05.0911 6268 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:27:05.0912 6268 BrUsbMdm - ok
18:27:05.0917 6268 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:27:05.0918 6268 BrUsbSer - ok
18:27:05.0928 6268 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:27:05.0929 6268 BTHMODEM - ok
18:27:05.0945 6268 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:27:05.0947 6268 bthserv - ok
18:27:05.0958 6268 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:27:05.0960 6268 cdfs - ok
18:27:05.0970 6268 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:27:05.0972 6268 cdrom - ok
18:27:05.0984 6268 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
18:27:05.0985 6268 CertPropSvc - ok
18:27:05.0998 6268 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:27:06.0000 6268 circlass - ok
18:27:06.0015 6268 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:27:06.0019 6268 CLFS - ok
18:27:06.0091 6268 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:27:06.0093 6268 clr_optimization_v2.0.50727_32 - ok
18:27:06.0138 6268 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:27:06.0140 6268 clr_optimization_v2.0.50727_64 - ok
18:27:06.0151 6268 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:27:06.0152 6268 CmBatt - ok
18:27:06.0159 6268 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
18:27:06.0160 6268 cmdide - ok
18:27:06.0207 6268 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
18:27:06.0212 6268 CNG - ok
18:27:06.0221 6268 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:27:06.0223 6268 Compbatt - ok
18:27:06.0238 6268 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:27:06.0239 6268 CompositeBus - ok
18:27:06.0242 6268 COMSysApp - ok
18:27:06.0251 6268 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:27:06.0252 6268 crcdisk - ok
18:27:06.0288 6268 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:27:06.0290 6268 CryptSvc - ok
18:27:06.0334 6268 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
18:27:06.0336 6268 CtClsFlt - ok
18:27:06.0379 6268 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:27:06.0384 6268 DcomLaunch - ok
18:27:06.0417 6268 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:27:06.0420 6268 defragsvc - ok
18:27:06.0457 6268 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:27:06.0461 6268 DfsC - ok
18:27:06.0491 6268 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
18:27:06.0494 6268 Dhcp - ok
18:27:06.0502 6268 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:27:06.0503 6268 discache - ok
18:27:06.0534 6268 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:27:06.0535 6268 Disk - ok
18:27:06.0562 6268 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:27:06.0564 6268 Dnscache - ok
18:27:06.0620 6268 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
18:27:06.0621 6268 DockLoginService - ok
18:27:06.0650 6268 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
18:27:06.0653 6268 dot3svc - ok
18:27:06.0662 6268 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
18:27:06.0664 6268 DPS - ok
18:27:06.0704 6268 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:27:06.0706 6268 drmkaud - ok
18:27:06.0748 6268 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:27:06.0757 6268 DXGKrnl - ok
18:27:06.0764 6268 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:27:06.0766 6268 EapHost - ok
18:27:06.0808 6268 [ 2EA8CCC4AF7D9223DD397D8CCB636F5D ] EASEUS Agent C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe
18:27:06.0809 6268 EASEUS Agent - ok
18:27:06.0864 6268 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:27:06.0923 6268 ebdrv - ok
18:27:06.0952 6268 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
18:27:06.0954 6268 EFS - ok
18:27:07.0020 6268 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:27:07.0026 6268 ehRecvr - ok
18:27:07.0035 6268 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:27:07.0037 6268 ehSched - ok
18:27:07.0049 6268 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
18:27:07.0050 6268 ElbyCDIO - ok
18:27:07.0070 6268 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:27:07.0075 6268 elxstor - ok
18:27:07.0090 6268 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
18:27:07.0091 6268 ErrDev - ok
18:27:07.0133 6268 esgiguard - ok
18:27:07.0170 6268 [ 74A88F4B1F22F394E27792A0195505D1 ] EUBAKUP C:\Windows\system32\drivers\eubakup.sys
18:27:07.0171 6268 EUBAKUP - ok
18:27:07.0204 6268 [ 5A720EACFE8DB9D8D28C691C09269A58 ] EUDSKACS C:\Windows\system32\drivers\eudskacs.sys
18:27:07.0205 6268 EUDSKACS - ok
18:27:07.0230 6268 [ 84F2D1D52BB527A8477B2DB2C220DD0D ] EUFS C:\Windows\system32\drivers\eufs.sys
18:27:07.0231 6268 EUFS - ok
18:27:07.0277 6268 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:27:07.0281 6268 EventSystem - ok
18:27:07.0299 6268 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:27:07.0301 6268 exfat - ok
18:27:07.0349 6268 [ E7F412035B832013FA32F412246C5BFF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
18:27:07.0351 6268 FACAP - ok
18:27:07.0365 6268 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:27:07.0367 6268 fastfat - ok
18:27:07.0406 6268 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
18:27:07.0413 6268 Fax - ok
18:27:07.0428 6268 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:27:07.0429 6268 fdc - ok
18:27:07.0458 6268 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:27:07.0459 6268 fdPHost - ok
18:27:07.0465 6268 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:27:07.0466 6268 FDResPub - ok
18:27:07.0478 6268 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:27:07.0480 6268 FileInfo - ok
18:27:07.0525 6268 [ 13AE84E8E90D60CE9AF309EE08FF1B85 ] FileOpenManagerSvc C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
18:27:07.0528 6268 FileOpenManagerSvc - ok
18:27:07.0536 6268 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:27:07.0538 6268 Filetrace - ok
18:27:07.0553 6268 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:27:07.0554 6268 flpydisk - ok
18:27:07.0578 6268 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:27:07.0580 6268 FltMgr - ok
18:27:07.0600 6268 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
18:27:07.0617 6268 FontCache - ok
18:27:07.0675 6268 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:27:07.0676 6268 FontCache3.0.0.0 - ok
18:27:07.0691 6268 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:27:07.0692 6268 FsDepends - ok
18:27:07.0737 6268 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:27:07.0738 6268 Fs_Rec - ok
18:27:07.0747 6268 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:27:07.0748 6268 fvevol - ok
18:27:07.0759 6268 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:27:07.0761 6268 gagp30kx - ok
18:27:07.0804 6268 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:27:07.0813 6268 GEARAspiWDM - ok
18:27:07.0828 6268 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
18:27:07.0835 6268 gpsvc - ok
18:27:07.0851 6268 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:27:07.0852 6268 hcw85cir - ok
18:27:07.0870 6268 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:27:07.0872 6268 HDAudBus - ok
18:27:07.0888 6268 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:27:07.0889 6268 HidBatt - ok
18:27:07.0944 6268 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:27:07.0946 6268 HidBth - ok
18:27:07.0972 6268 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:27:07.0993 6268 HidIr - ok
18:27:08.0033 6268 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:27:08.0037 6268 hidserv - ok
18:27:08.0117 6268 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:27:08.0118 6268 HidUsb - ok
18:27:08.0148 6268 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:27:08.0151 6268 hkmsvc - ok
18:27:08.0160 6268 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:27:08.0163 6268 HomeGroupListener - ok
18:27:08.0193 6268 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:27:08.0196 6268 HomeGroupProvider - ok
18:27:08.0209 6268 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
18:27:08.0210 6268 HpSAMD - ok
18:27:08.0230 6268 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:27:08.0236 6268 HTTP - ok
18:27:08.0249 6268 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:27:08.0250 6268 hwpolicy - ok
18:27:08.0263 6268 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:27:08.0265 6268 i8042prt - ok
18:27:08.0309 6268 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:27:08.0313 6268 iaStor - ok
18:27:08.0333 6268 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
18:27:08.0337 6268 iaStorV - ok
18:27:08.0395 6268 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:27:08.0403 6268 idsvc - ok
18:27:08.0417 6268 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:27:08.0419 6268 iirsp - ok
18:27:08.0446 6268 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
18:27:08.0453 6268 IKEEXT - ok
18:27:08.0515 6268 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:27:08.0548 6268 IntcAzAudAddService - ok
18:27:08.0552 6268 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:27:08.0553 6268 intelide - ok
18:27:08.0560 6268 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:27:08.0561 6268 intelppm - ok
18:27:08.0595 6268 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:27:08.0596 6268 IPBusEnum - ok
18:27:08.0624 6268 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:27:08.0626 6268 IpFilterDriver - ok
18:27:08.0649 6268 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:27:08.0655 6268 iphlpsvc - ok
18:27:08.0670 6268 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:27:08.0671 6268 IPMIDRV - ok
18:27:08.0679 6268 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:27:08.0681 6268 IPNAT - ok
18:27:08.0727 6268 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:27:08.0735 6268 iPod Service - ok
18:27:08.0741 6268 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:27:08.0742 6268 IRENUM - ok
18:27:08.0745 6268 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
18:27:08.0746 6268 isapnp - ok
18:27:08.0785 6268 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:27:08.0788 6268 iScsiPrt - ok
18:27:08.0800 6268 [ 249EE2D26CB1530F3BEDE0AC8B9E3099 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
18:27:08.0803 6268 k57nd60a - ok
18:27:08.0812 6268 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:27:08.0813 6268 kbdclass - ok
18:27:08.0826 6268 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:27:08.0826 6268 kbdhid - ok
18:27:08.0829 6268 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
18:27:08.0830 6268 KeyIso - ok
18:27:08.0855 6268 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:27:08.0857 6268 KSecDD - ok
18:27:08.0866 6268 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:27:08.0867 6268 KSecPkg - ok
18:27:08.0875 6268 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:27:08.0876 6268 ksthunk - ok
18:27:08.0907 6268 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:27:08.0911 6268 KtmRm - ok
18:27:08.0942 6268 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:27:08.0945 6268 LanmanServer - ok
18:27:08.0981 6268 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:27:08.0984 6268 LanmanWorkstation - ok
18:27:08.0992 6268 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:27:08.0993 6268 lltdio - ok
18:27:09.0012 6268 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:27:09.0016 6268 lltdsvc - ok
18:27:09.0030 6268 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:27:09.0032 6268 lmhosts - ok
18:27:09.0048 6268 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:27:09.0050 6268 LSI_FC - ok
18:27:09.0064 6268 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:27:09.0066 6268 LSI_SAS - ok
18:27:09.0080 6268 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:27:09.0081 6268 LSI_SAS2 - ok
18:27:09.0090 6268 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:27:09.0092 6268 LSI_SCSI - ok
18:27:09.0109 6268 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:27:09.0111 6268 luafv - ok
18:27:09.0143 6268 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:27:09.0145 6268 MBAMProtector - ok
18:27:09.0182 6268 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:27:09.0186 6268 MBAMScheduler - ok
18:27:09.0205 6268 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:27:09.0210 6268 MBAMService - ok
18:27:09.0238 6268 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:27:09.0240 6268 Mcx2Svc - ok
18:27:09.0250 6268 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:27:09.0251 6268 megasas - ok
18:27:09.0264 6268 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:27:09.0267 6268 MegaSR - ok
18:27:09.0345 6268 Microsoft SharePoint Workspace Audit Service - ok
18:27:09.0361 6268 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:27:09.0363 6268 MMCSS - ok
18:27:09.0376 6268 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:27:09.0377 6268 Modem - ok
18:27:09.0394 6268 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:27:09.0395 6268 monitor - ok
18:27:09.0401 6268 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:27:09.0403 6268 mouclass - ok
18:27:09.0407 6268 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:27:09.0408 6268 mouhid - ok
18:27:09.0427 6268 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:27:09.0429 6268 mountmgr - ok
18:27:09.0487 6268 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:27:09.0489 6268 MozillaMaintenance - ok
18:27:09.0496 6268 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
18:27:09.0498 6268 mpio - ok
18:27:09.0508 6268 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:27:09.0509 6268 mpsdrv - ok
18:27:09.0531 6268 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:27:09.0539 6268 MpsSvc - ok
18:27:09.0549 6268 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:27:09.0551 6268 MRxDAV - ok
18:27:09.0585 6268 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:27:09.0587 6268 mrxsmb - ok
18:27:09.0622 6268 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:27:09.0624 6268 mrxsmb10 - ok
18:27:09.0633 6268 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:27:09.0635 6268 mrxsmb20 - ok
18:27:09.0647 6268 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
18:27:09.0648 6268 msahci - ok
18:27:09.0663 6268 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
18:27:09.0664 6268 msdsm - ok
18:27:09.0676 6268 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:27:09.0678 6268 MSDTC - ok
18:27:09.0698 6268 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:27:09.0700 6268 Msfs - ok
18:27:09.0710 6268 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:27:09.0711 6268 mshidkmdf - ok
18:27:09.0718 6268 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
18:27:09.0719 6268 msisadrv - ok
18:27:09.0752 6268 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:27:09.0754 6268 MSiSCSI - ok
18:27:09.0756 6268 msiserver - ok
18:27:09.0774 6268 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:27:09.0774 6268 MSKSSRV - ok
18:27:09.0788 6268 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:27:09.0789 6268 MSPCLOCK - ok
18:27:09.0801 6268 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:27:09.0802 6268 MSPQM - ok
18:27:09.0817 6268 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:27:09.0821 6268 MsRPC - ok
18:27:09.0829 6268 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:27:09.0830 6268 mssmbios - ok
18:27:09.0841 6268 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:27:09.0842 6268 MSTEE - ok
18:27:09.0847 6268 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:27:09.0848 6268 MTConfig - ok
18:27:09.0861 6268 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:27:09.0862 6268 Mup - ok
18:27:09.0893 6268 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
18:27:09.0898 6268 napagent - ok
18:27:09.0918 6268 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:27:09.0921 6268 NativeWifiP - ok
18:27:09.0944 6268 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:27:09.0951 6268 NDIS - ok
18:27:09.0967 6268 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:27:09.0968 6268 NdisCap - ok
18:27:09.0970 6268 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:27:09.0971 6268 NdisTapi - ok
18:27:09.0985 6268 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:27:09.0986 6268 Ndisuio - ok
18:27:09.0997 6268 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:27:09.0999 6268 NdisWan - ok
18:27:10.0005 6268 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:27:10.0006 6268 NDProxy - ok
18:27:10.0016 6268 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:27:10.0018 6268 NetBIOS - ok
18:27:10.0032 6268 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:27:10.0034 6268 NetBT - ok
18:27:10.0041 6268 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
18:27:10.0042 6268 Netlogon - ok
18:27:10.0052 6268 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:27:10.0056 6268 Netman - ok
18:27:10.0094 6268 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:27:10.0099 6268 netprofm - ok
18:27:10.0133 6268 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:27:10.0134 6268 NetTcpPortSharing - ok
18:27:10.0149 6268 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:27:10.0150 6268 nfrd960 - ok
18:27:10.0166 6268 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:27:10.0170 6268 NlaSvc - ok
18:27:10.0236 6268 [ EF7A048FE8E3F102C78C9BD7C448BB6C ] nosGetPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
18:27:10.0237 6268 nosGetPlusHelper - ok
18:27:10.0240 6268 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:27:10.0240 6268 Npfs - ok
18:27:10.0252 6268 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:27:10.0254 6268 nsi - ok
18:27:10.0266 6268 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:27:10.0266 6268 nsiproxy - ok
18:27:10.0301 6268 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:27:10.0326 6268 Ntfs - ok
18:27:10.0334 6268 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:27:10.0335 6268 Null - ok
18:27:10.0527 6268 [ 51BD7EF17F0B525994AD5B3748C8288B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:27:10.0696 6268 nvlddmkm - ok
18:27:10.0721 6268 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
18:27:10.0722 6268 nvraid - ok
18:27:10.0742 6268 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
18:27:10.0744 6268 nvstor - ok
18:27:10.0772 6268 [ FCE8537BF5D504680212D536A3BFE5E2 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:27:10.0776 6268 nvsvc - ok
18:27:10.0791 6268 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
18:27:10.0793 6268 nv_agp - ok
18:27:10.0803 6268 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:27:10.0804 6268 ohci1394 - ok
18:27:10.0865 6268 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:27:10.0867 6268 ose - ok
18:27:10.0985 6268 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:27:11.0053 6268 osppsvc - ok
18:27:11.0087 6268 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:27:11.0091 6268 p2pimsvc - ok
18:27:11.0104 6268 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:27:11.0109 6268 p2psvc - ok
18:27:11.0121 6268 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:27:11.0127 6268 Parport - ok
18:27:11.0171 6268 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:27:11.0172 6268 partmgr - ok
18:27:11.0180 6268 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:27:11.0183 6268 PcaSvc - ok
18:27:11.0195 6268 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
18:27:11.0197 6268 pci - ok
18:27:11.0200 6268 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:27:11.0200 6268 pciide - ok
18:27:11.0221 6268 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:27:11.0223 6268 pcmcia - ok
18:27:11.0239 6268 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:27:11.0240 6268 pcw - ok
18:27:11.0259 6268 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:27:11.0264 6268 PEAUTH - ok
18:27:11.0342 6268 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:27:11.0343 6268 PerfHost - ok
18:27:11.0375 6268 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
18:27:11.0400 6268 pla - ok
18:27:11.0432 6268 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:27:11.0436 6268 PlugPlay - ok
18:27:11.0442 6268 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:27:11.0444 6268 PNRPAutoReg - ok
18:27:11.0449 6268 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:27:11.0452 6268 PNRPsvc - ok
18:27:11.0486 6268 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:27:11.0491 6268 PolicyAgent - ok
18:27:11.0503 6268 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:27:11.0505 6268 Power - ok
18:27:11.0515 6268 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:27:11.0517 6268 PptpMiniport - ok
18:27:11.0531 6268 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:27:11.0532 6268 Processor - ok
18:27:11.0550 6268 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
18:27:11.0552 6268 ProfSvc - ok
18:27:11.0564 6268 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:27:11.0565 6268 ProtectedStorage - ok
18:27:11.0585 6268 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:27:11.0586 6268 Psched - ok
18:27:11.0616 6268 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:27:11.0618 6268 PxHlpa64 - ok
18:27:11.0646 6268 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:27:11.0671 6268 ql2300 - ok
18:27:11.0686 6268 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:27:11.0688 6268 ql40xx - ok
18:27:11.0702 6268 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:27:11.0705 6268 QWAVE - ok
18:27:11.0711 6268 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:27:11.0712 6268 QWAVEdrv - ok
18:27:11.0724 6268 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:27:11.0725 6268 RasAcd - ok
18:27:11.0754 6268 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:27:11.0755 6268 RasAgileVpn - ok
18:27:11.0767 6268 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:27:11.0769 6268 RasAuto - ok
18:27:11.0781 6268 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:27:11.0783 6268 Rasl2tp - ok
18:27:11.0791 6268 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
18:27:11.0795 6268 RasMan - ok
18:27:11.0805 6268 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:27:11.0806 6268 RasPppoe - ok
18:27:11.0814 6268 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:27:11.0816 6268 RasSstp - ok
18:27:11.0838 6268 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:27:11.0841 6268 rdbss - ok
18:27:11.0854 6268 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:27:11.0855 6268 rdpbus - ok
18:27:11.0866 6268 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:27:11.0866 6268 RDPCDD - ok
18:27:11.0871 6268 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:27:11.0871 6268 RDPENCDD - ok
18:27:11.0875 6268 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:27:11.0875 6268 RDPREFMP - ok
18:27:11.0904 6268 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:27:11.0906 6268 RDPWD - ok
18:27:11.0920 6268 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:27:11.0922 6268 rdyboost - ok
18:27:11.0955 6268 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:27:11.0957 6268 RemoteAccess - ok
18:27:11.0968 6268 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:27:11.0971 6268 RemoteRegistry - ok
18:27:12.0084 6268 [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
18:27:12.0101 6268 RoxMediaDB10 - ok
18:27:12.0132 6268 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:27:12.0135 6268 RpcEptMapper - ok
18:27:12.0165 6268 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:27:12.0166 6268 RpcLocator - ok
18:27:12.0181 6268 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
18:27:12.0184 6268 RpcSs - ok
18:27:12.0206 6268 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:27:12.0208 6268 rspndr - ok
18:27:12.0210 6268 RxFilter - ok
18:27:12.0230 6268 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
18:27:12.0231 6268 SamSs - ok
18:27:12.0246 6268 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
18:27:12.0248 6268 sbp2port - ok
18:27:12.0253 6268 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:27:12.0256 6268 SCardSvr - ok
18:27:12.0272 6268 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:27:12.0273 6268 scfilter - ok
18:27:12.0318 6268 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
18:27:12.0336 6268 Schedule - ok
18:27:12.0369 6268 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:27:12.0370 6268 SCPolicySvc - ok
18:27:12.0377 6268 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:27:12.0380 6268 SDRSVC - ok
18:27:12.0392 6268 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:27:12.0393 6268 secdrv - ok
18:27:12.0424 6268 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
18:27:12.0426 6268 seclogon - ok
18:27:12.0436 6268 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:27:12.0438 6268 SENS - ok
18:27:12.0442 6268 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:27:12.0444 6268 SensrSvc - ok
18:27:12.0455 6268 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:27:12.0456 6268 Serenum - ok
18:27:12.0467 6268 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:27:12.0468 6268 Serial - ok
18:27:12.0481 6268 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:27:12.0482 6268 sermouse - ok
18:27:12.0500 6268 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
18:27:12.0504 6268 SessionEnv - ok
18:27:12.0551 6268 SessionLauncher - ok
18:27:12.0566 6268 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:27:12.0567 6268 sffdisk - ok
18:27:12.0578 6268 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:27:12.0579 6268 sffp_mmc - ok
18:27:12.0585 6268 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:27:12.0585 6268 sffp_sd - ok
18:27:12.0598 6268 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:27:12.0599 6268 sfloppy - ok
18:27:12.0615 6268 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:27:12.0619 6268 SharedAccess - ok
18:27:12.0634 6268 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:27:12.0638 6268 ShellHWDetection - ok
18:27:12.0652 6268 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:27:12.0653 6268 SiSRaid2 - ok
18:27:12.0664 6268 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:27:12.0666 6268 SiSRaid4 - ok
18:27:12.0676 6268 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:27:12.0677 6268 Smb - ok
18:27:12.0688 6268 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:27:12.0690 6268 SNMPTRAP - ok
18:27:12.0695 6268 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:27:12.0696 6268 spldr - ok
18:27:12.0731 6268 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
18:27:12.0736 6268 Spooler - ok
18:27:12.0788 6268 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
18:27:12.0839 6268 sppsvc - ok
18:27:12.0855 6268 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:27:12.0858 6268 sppuinotify - ok
18:27:12.0915 6268 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:27:12.0919 6268 srv - ok
18:27:12.0932 6268 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:27:12.0936 6268 srv2 - ok
18:27:12.0979 6268 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:27:12.0981 6268 srvnet - ok
18:27:12.0991 6268 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:27:12.0993 6268 SSDPSRV - ok
18:27:13.0003 6268 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:27:13.0005 6268 SstpSvc - ok
18:27:13.0038 6268 Steam Client Service - ok
18:27:13.0051 6268 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:27:13.0053 6268 stexstor - ok
18:27:13.0068 6268 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
18:27:13.0074 6268 stisvc - ok
18:27:13.0129 6268 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:27:13.0167 6268 stllssvr - ok
18:27:13.0196 6268 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:27:13.0197 6268 swenum - ok
18:27:13.0398 6268 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:27:13.0402 6268 SwitchBoard - ok
18:27:13.0422 6268 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:27:13.0428 6268 swprv - ok
18:27:13.0482 6268 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
18:27:13.0516 6268 SysMain - ok
18:27:13.0529 6268 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:27:13.0531 6268 TabletInputService - ok
18:27:13.0541 6268 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
18:27:13.0544 6268 TapiSrv - ok
18:27:13.0553 6268 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:27:13.0555 6268 TBS - ok
18:27:13.0605 6268 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:27:13.0631 6268 Tcpip - ok
18:27:13.0663 6268 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:27:13.0671 6268 TCPIP6 - ok
18:27:13.0686 6268 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:27:13.0688 6268 tcpipreg - ok
18:27:13.0703 6268 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:27:13.0704 6268 TDPIPE - ok
18:27:13.0732 6268 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:27:13.0733 6268 TDTCP - ok
18:27:13.0742 6268 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:27:13.0743 6268 tdx - ok
18:27:13.0754 6268 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:27:13.0755 6268 TermDD - ok
18:27:13.0770 6268 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
18:27:13.0777 6268 TermService - ok
18:27:13.0789 6268 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:27:13.0791 6268 Themes - ok
18:27:13.0823 6268 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:27:13.0824 6268 THREADORDER - ok
18:27:13.0833 6268 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:27:13.0835 6268 TrkWks - ok
18:27:13.0903 6268 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:27:13.0904 6268 TrustedInstaller - ok
18:27:13.0914 6268 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:27:13.0915 6268 tssecsrv - ok
18:27:13.0928 6268 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:27:13.0930 6268 tunnel - ok
18:27:13.0940 6268 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:27:13.0941 6268 uagp35 - ok
18:27:13.0958 6268 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:27:13.0961 6268 udfs - ok
18:27:13.0979 6268 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:27:13.0981 6268 UI0Detect - ok
18:27:13.0990 6268 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
18:27:13.0992 6268 uliagpkx - ok
18:27:14.0003 6268 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:27:14.0004 6268 umbus - ok
18:27:14.0012 6268 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:27:14.0013 6268 UmPass - ok
18:27:14.0031 6268 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:27:14.0035 6268 upnphost - ok
18:27:14.0075 6268 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:27:14.0077 6268 USBAAPL64 - ok
18:27:14.0106 6268 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:27:14.0107 6268 usbaudio - ok
18:27:14.0114 6268 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:27:14.0116 6268 usbccgp - ok
18:27:14.0119 6268 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
18:27:14.0120 6268 usbcir - ok
18:27:14.0123 6268 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:27:14.0124 6268 usbehci - ok
18:27:14.0138 6268 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:27:14.0142 6268 usbhub - ok
18:27:14.0155 6268 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:27:14.0157 6268 usbohci - ok
18:27:14.0166 6268 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:27:14.0167 6268 usbprint - ok
18:27:14.0197 6268 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:27:14.0198 6268 usbscan - ok
18:27:14.0215 6268 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:27:14.0216 6268 USBSTOR - ok
18:27:14.0233 6268 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:27:14.0234 6268 usbuhci - ok
18:27:14.0248 6268 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:27:14.0250 6268 usbvideo - ok
18:27:14.0259 6268 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:27:14.0261 6268 UxSms - ok
18:27:14.0278 6268 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
18:27:14.0279 6268 VaultSvc - ok
18:27:14.0287 6268 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
18:27:14.0288 6268 vdrvroot - ok
18:27:14.0298 6268 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
18:27:14.0304 6268 vds - ok
18:27:14.0318 6268 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:27:14.0319 6268 vga - ok
18:27:14.0333 6268 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:27:14.0334 6268 VgaSave - ok
18:27:14.0353 6268 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
18:27:14.0355 6268 vhdmp - ok
18:27:14.0365 6268 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
18:27:14.0366 6268 viaide - ok
18:27:14.0381 6268 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
18:27:14.0382 6268 volmgr - ok
18:27:14.0394 6268 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:27:14.0397 6268 volmgrx - ok
18:27:14.0410 6268 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
18:27:14.0413 6268 volsnap - ok
18:27:14.0423 6268 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:27:14.0425 6268 vsmraid - ok
18:27:14.0477 6268 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
18:27:14.0485 6268 VSS - ok
18:27:14.0495 6268 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:27:14.0496 6268 vwifibus - ok
18:27:14.0505 6268 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:27:14.0509 6268 W32Time - ok
18:27:14.0524 6268 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:27:14.0526 6268 WacomPen - ok
18:27:14.0543 6268 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:27:14.0545 6268 WANARP - ok
18:27:14.0547 6268 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:27:14.0548 6268 Wanarpv6 - ok
18:27:14.0592 6268 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:27:14.0618 6268 WatAdminSvc - ok
18:27:14.0654 6268 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
18:27:14.0679 6268 wbengine - ok
18:27:14.0693 6268 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:27:14.0696 6268 WbioSrvc - ok
18:27:14.0713 6268 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:27:14.0717 6268 wcncsvc - ok
18:27:14.0724 6268 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:27:14.0727 6268 WcsPlugInService - ok
18:27:14.0729 6268 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:27:14.0730 6268 Wd - ok
18:27:14.0751 6268 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:27:14.0757 6268 Wdf01000 - ok
18:27:14.0766 6268 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:27:14.0768 6268 WdiServiceHost - ok
18:27:14.0771 6268 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:27:14.0772 6268 WdiSystemHost - ok
18:27:14.0780 6268 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
18:27:14.0784 6268 WebClient - ok
18:27:14.0788 6268 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:27:14.0792 6268 Wecsvc - ok
18:27:14.0821 6268 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:27:14.0824 6268 wercplsupport - ok
18:27:14.0834 6268 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:27:14.0836 6268 WerSvc - ok
18:27:14.0841 6268 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:27:14.0842 6268 WfpLwf - ok
18:27:14.0855 6268 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:27:14.0856 6268 WIMMount - ok
18:27:14.0886 6268 WinDefend - ok
18:27:14.0889 6268 WinHttpAutoProxySvc - ok
18:27:14.0943 6268 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:27:14.0945 6268 Winmgmt - ok
18:27:15.0004 6268 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
18:27:15.0037 6268 WinRM - ok
18:27:15.0095 6268 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:27:15.0096 6268 WinUsb - ok
18:27:15.0119 6268 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:27:15.0128 6268 Wlansvc - ok
18:27:15.0141 6268 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:27:15.0142 6268 WmiAcpi - ok
18:27:15.0178 6268 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:27:15.0180 6268 wmiApSrv - ok
18:27:15.0191 6268 WMPNetworkSvc - ok
18:27:15.0196 6268 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:27:15.0198 6268 WPCSvc - ok
18:27:15.0211 6268 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:27:15.0214 6268 WPDBusEnum - ok
18:27:15.0221 6268 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:27:15.0222 6268 ws2ifsl - ok
18:27:15.0234 6268 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:27:15.0237 6268 wscsvc - ok
18:27:15.0239 6268 WSearch - ok
18:27:15.0299 6268 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:27:15.0333 6268 wuauserv - ok
18:27:15.0343 6268 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:27:15.0345 6268 WudfPf - ok
18:27:15.0367 6268 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:27:15.0368 6268 WUDFRd - ok
18:27:15.0377 6268 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:27:15.0380 6268 wudfsvc - ok
18:27:15.0388 6268 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:27:15.0392 6268 WwanSvc - ok
18:27:15.0401 6268 ================ Scan global ===============================
18:27:15.0427 6268 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:27:15.0463 6268 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
18:27:15.0469 6268 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
18:27:15.0498 6268 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:27:15.0537 6268 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:27:15.0541 6268 [Global] - ok
18:27:15.0541 6268 ================ Scan MBR ==================================
18:27:15.0551 6268 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
18:27:15.0668 6268 \Device\Harddisk0\DR0 - ok
18:27:15.0671 6268 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
18:27:15.0675 6268 \Device\Harddisk5\DR5 - ok
18:27:15.0676 6268 ================ Scan VBR ==================================
18:27:15.0677 6268 [ A5C682221BB3BE9CA89446427C662F59 ] \Device\Harddisk0\DR0\Partition1
18:27:15.0678 6268 \Device\Harddisk0\DR0\Partition1 - ok
18:27:15.0690 6268 [ 78D9B7DA3FB3AEA9283E388FAF2C2666 ] \Device\Harddisk0\DR0\Partition2
18:27:15.0691 6268 \Device\Harddisk0\DR0\Partition2 - ok
18:27:15.0694 6268 [ D22FA84B92B0A27F09D5160421119400 ] \Device\Harddisk5\DR5\Partition1
18:27:15.0696 6268 \Device\Harddisk5\DR5\Partition1 - ok
18:27:15.0696 6268 ============================================================
18:27:15.0696 6268 Scan finished
18:27:15.0696 6268 ============================================================
18:27:15.0703 0872 Detected object count: 0
18:27:15.0703 0872 Actual detected object count: 0

#6 Supe

Supe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 31 October 2012 - 05:33 PM

MBAM log:


Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.28.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Bryan :: DEXTER [administrator]

Protection: Enabled

10/31/2012 6:30:13 PM
mbam-log-2012-10-31 (18-30-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206817
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 Supe

Supe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 31 October 2012 - 05:53 PM

And finally, Combofix log:


ComboFix 12-10-31.03 - Bryan 10/31/2012 18:46:14.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2554 [GMT -4:00]
Running from: c:\users\Bryan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bryan\AppData\Local\chromeupdate.crx
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-31 )))))))))))))))))))))))))))))))
.
.
2012-10-31 22:50 . 2012-10-31 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-31 22:22 . 2012-10-31 22:22 -------- d-----w- c:\program files\CCleaner
2012-10-29 21:31 . 2012-10-31 22:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-29 21:31 . 2012-10-29 21:34 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-10-26 02:26 . 2012-10-26 02:26 -------- d-----w- c:\program files\Enigma Software Group
2012-10-26 02:25 . 2012-10-31 22:20 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-10-26 02:16 . 2012-10-26 02:16 -------- d-----w- c:\users\Bryan\AppData\Roaming\Malwarebytes
2012-10-26 02:15 . 2012-10-26 02:15 -------- d-----w- c:\programdata\Malwarebytes
2012-10-26 02:15 . 2012-10-28 16:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-26 02:15 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-26 01:44 . 2012-10-26 01:44 208216 ----a-w- c:\windows\system32\drivers\20660188.sys
2012-10-25 23:09 . 2012-10-26 01:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-02 23:32 . 2012-10-02 23:32 -------- d-----w- c:\users\Bryan\AppData\Local\{6250848E-0CE9-11E2-8271-B8AC6F996F26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 07:04 . 2010-02-15 03:36 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-24 18:05 . 2012-09-21 20:31 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-21 20:31 1501696 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-21 20:31 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-21 20:31 1026560 ----a-w- c:\windows\system32\mstime.dll
2012-08-24 18:02 . 2012-09-21 20:31 9375744 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:02 . 2012-09-21 20:31 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:02 . 2012-09-21 20:31 736256 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:02 . 2012-09-21 20:31 82944 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-24 18:02 . 2012-09-21 20:31 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-24 18:02 . 2012-09-21 20:31 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:01 . 2012-09-21 20:31 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:01 . 2012-09-21 20:31 2458624 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 18:01 . 2012-09-21 20:31 12404736 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:01 . 2012-09-21 20:31 256000 ----a-w- c:\windows\system32\iepeers.dll
2012-08-24 18:01 . 2012-09-21 20:31 445952 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-24 17:59 . 2012-09-21 20:31 12288 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-24 17:10 . 2012-09-21 20:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 17:08 . 2012-09-21 20:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-24 16:45 . 2012-09-21 20:31 482816 ----a-w- c:\windows\system32\html.iec
2012-08-24 16:02 . 2012-09-21 20:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 16:01 . 2012-09-21 20:31 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-08-24 15:27 . 2012-09-21 20:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-09 1353080]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2012-01-12 2789280]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe [2011-01-22 55688]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-08-02 243840]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 115168]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-01-22 36232]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-01-22 26504]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-01-22 17800]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe [2011-12-10 334720]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 67891889
*Deregistered* - 67891889
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2967225536-4021671288-2522134075-1001Core.job
- c:\users\Bryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 19:12]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2967225536-4021671288-2522134075-1001UA.job
- c:\users\Bryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 19:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker64.exe" [2011-12-10 900992]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\urtdj62j.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
Toolbar-Locked - (no file)
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2967225536-4021671288-2522134075-1001\Software\SecuROM\License information*]
"datasecu"=hex:b7,d4,47,4a,6c,30,c9,bb,4c,55,eb,50,25,72,7c,8a,08,71,cb,0e,0a,
e7,ad,9a,54,59,76,24,20,0b,ec,02,c5,45,e9,be,eb,e8,f8,b0,5c,4c,51,65,4c,23,\
"rkeysecu"=hex:ab,ee,5f,ce,ea,4e,30,cd,d9,fc,f3,5f,d4,36,fe,52
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-31 18:51:35
ComboFix-quarantined-files.txt 2012-10-31 22:51
.
Pre-Run: 658,007,048,192 bytes free
Post-Run: 657,859,203,072 bytes free
.
- - End Of File - - 3237C36B19D333552CCFAD13508C055D

#8 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:35 PM

Posted 31 October 2012 - 09:58 PM

Posted Image Fix items using ComboFix
  • Make sure that ComboFix.exe that you previously downloaded is still on your desktop.
    • If it is not on your desktop, the below will not work.
  • Open Notepad and copy paste the information in the box below into Notepad:

    KillAll::
    DDS::
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    FileLook::
    C:\Windows\System32\drivers\20660188.sys
    FireFox::
    FF - ProfilePath - c:\users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\urtdj62j.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50370
    Folder::
    C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
    
  • Now save this file to your desktop with the following name: CFScript.txt
  • You should now have both ComboFix.exe and CFScript.txt on your desktop.
  • Shutdown your antivirus at this time to avoid any conflicts.
  • Now use your mouse clicker to drag CFScript.txt on top of ComboFix.exe and then release the left mouse clicker.
    Posted Image
  • This will launch ComboFix.
  • Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
  • Allow ComboFix to update itself if prompted.
  • When ComboFix finishes, a log will be produced at C:\ComboFix.txt
  • Post the contents of this log into your next message.

__

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


#9 Supe

Supe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 01 November 2012 - 07:22 PM

Created the text file, drag and dropped onto ComboFix. Part way through, received an MBAM window error message stating "[Shell_NotifyIcon] Failed to perform desired action. ErrorCode: 0]

Upon clicking OK, the ComboFix window idled for over an hour, and I had to close it. No log file was created.

#10 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:35 PM

Posted 01 November 2012 - 07:25 PM

Try again through Safe Mode or with MBAM closed / disabled.

#11 Supe

Supe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 01 November 2012 - 08:39 PM

Had to temporarily uninstall AVG as I could not deactivate it in SafeMode, but got it to run finally:

ComboFix 12-10-31.03 - Bryan 11/01/2012 21:26:00.3.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2773 [GMT -4:00]
Running from: c:\users\Bryan\Desktop\ComboFix.exe
Command switches used :: c:\users\Bryan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe
c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCall.dll
c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla.dll
c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla2.dll
c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla21.dll
c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla31.dll
c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla31.exe
c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla32.dll
c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla33.dll
c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla34.dll
c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla36.dll
c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla36.exe
c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseData.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-10-02 to 2012-11-02 )))))))))))))))))))))))))))))))
.
.
2012-11-02 01:30 . 2012-11-02 01:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-31 22:22 . 2012-10-31 22:22 -------- d-----w- c:\program files\CCleaner
2012-10-29 21:31 . 2012-11-01 23:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-10-29 21:31 . 2012-10-31 22:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-26 02:26 . 2012-10-26 02:26 -------- d-----w- c:\program files\Enigma Software Group
2012-10-26 02:16 . 2012-10-26 02:16 -------- d-----w- c:\users\Bryan\AppData\Roaming\Malwarebytes
2012-10-26 02:15 . 2012-10-26 02:15 -------- d-----w- c:\programdata\Malwarebytes
2012-10-26 02:15 . 2012-10-28 16:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-26 02:15 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-26 01:44 . 2012-10-26 01:44 208216 ----a-w- c:\windows\system32\drivers\20660188.sys
2012-10-25 23:09 . 2012-10-26 01:44 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 07:04 . 2010-02-15 03:36 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-24 18:05 . 2012-09-21 20:31 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-21 20:31 1501696 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-21 20:31 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-21 20:31 1026560 ----a-w- c:\windows\system32\mstime.dll
2012-08-24 18:02 . 2012-09-21 20:31 9375744 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:02 . 2012-09-21 20:31 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:02 . 2012-09-21 20:31 736256 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:02 . 2012-09-21 20:31 82944 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-24 18:02 . 2012-09-21 20:31 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-24 18:02 . 2012-09-21 20:31 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:01 . 2012-09-21 20:31 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:01 . 2012-09-21 20:31 2458624 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 18:01 . 2012-09-21 20:31 12404736 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:01 . 2012-09-21 20:31 256000 ----a-w- c:\windows\system32\iepeers.dll
2012-08-24 18:01 . 2012-09-21 20:31 445952 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-24 17:59 . 2012-09-21 20:31 12288 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-24 17:10 . 2012-09-21 20:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 17:08 . 2012-09-21 20:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-24 16:45 . 2012-09-21 20:31 482816 ----a-w- c:\windows\system32\html.iec
2012-08-24 16:02 . 2012-09-21 20:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 16:01 . 2012-09-21 20:31 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-08-24 15:27 . 2012-09-21 20:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\System32\drivers\20660188.sys ---
Company: Kaspersky Lab, GERT
File Description: Kaspersky Lab Mini Driver
File Version: 2.8.4.0 built by: WinDDK
Product Name: Kaspersky Lab Mini Driver
Copyright: Copyright © Kaspersky Lab, GERT
Original Filename: klmd.sys
File size: 208216
Created time: 2012-10-26 01:44
Modified time: 2012-10-26 01:44
MD5: F146E2BA475893DD77B2370DC1211FC6
SHA1: B34C5CDBC9597694131FD20562DB201F62E6D1FE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-09 1353080]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2012-01-12 2789280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-08-02 243840]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 115168]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-01-22 36232]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-01-22 26504]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-01-22 17800]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe [2011-01-22 55688]
S2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe [2011-12-10 334720]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2967225536-4021671288-2522134075-1001Core.job
- c:\users\Bryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 19:12]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2967225536-4021671288-2522134075-1001UA.job
- c:\users\Bryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 19:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker64.exe" [2011-12-10 900992]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\urtdj62j.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2967225536-4021671288-2522134075-1001\Software\SecuROM\License information*]
"datasecu"=hex:b7,d4,47,4a,6c,30,c9,bb,4c,55,eb,50,25,72,7c,8a,08,71,cb,0e,0a,
e7,ad,9a,54,59,76,24,20,0b,ec,02,c5,45,e9,be,eb,e8,f8,b0,5c,4c,51,65,4c,23,\
"rkeysecu"=hex:ab,ee,5f,ce,ea,4e,30,cd,d9,fc,f3,5f,d4,36,fe,52
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2012-11-01 21:38:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-02 01:38
ComboFix2.txt 2012-10-31 22:51
.
Pre-Run: 665,492,799,488 bytes free
Post-Run: 665,429,913,600 bytes free
.
- - End Of File - - CD4714E7DE708082BB9FF11A2EDF8460

#12 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:35 PM

Posted 01 November 2012 - 09:02 PM

Hi,

Test to see if the redirects are still occurring. If so, let me know in which browser(s) it happens in.

Also, please post the contents of this log into your next message: C:\Qoobox\ComboFix-quarantined-files.txt

#13 Supe

Supe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 01 November 2012 - 09:19 PM

JRT log:

Junkware Removal Tool (JRT) by Thisisu
Version: 2.4.0 (11.01.2012)
OS: Windows 7 Home Premium x64
Ran by Bryan on Thu 11/01/2012 at 21:40:47.46
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired

Successfully deleted: [npMozCouponPrinter.dll] from [FF plugins]


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Thu 11/01/2012 at 21:52:08.48
End of Report




CF Log below:

2012-11-01 23:13:56 . 2012-11-02 01:25:08 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-10-31 22:51:12 . 2012-10-31 22:51:12 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Skytel.reg.dat
2012-10-31 22:51:11 . 2012-10-31 22:51:11 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2012-10-31 22:51:01 . 2012-10-31 22:51:01 108 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-FAStartup.reg.dat
2012-10-31 22:51:00 . 2012-11-02 01:37:47 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2012-10-31 22:49:16 . 2012-11-02 01:29:33 3,977 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-10-31 22:44:54 . 2012-11-02 01:24:35 153 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-10-31 22:20:52 . 2012-10-31 22:20:52 8,362 ----a-w- C:\Qoobox\Quarantine\C\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseData.ini.vir
2012-10-31 22:20:46 . 2012-10-31 22:20:46 185,271 ----a-w- C:\Qoobox\Quarantine\C\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla31.dll.vir
2012-10-31 22:19:05 . 2012-10-31 22:20:46 190,092 ----a-w- C:\Qoobox\Quarantine\C\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla21.dll.vir
2012-10-31 22:19:05 . 2012-10-31 22:20:46 190,389 ----a-w- C:\Qoobox\Quarantine\C\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla36.dll.vir
2012-10-31 22:19:05 . 2012-10-31 22:20:46 176,035 ----a-w- C:\Qoobox\Quarantine\C\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla33.dll.vir
2012-10-31 22:19:05 . 2012-10-31 22:20:46 176,545 ----a-w- C:\Qoobox\Quarantine\C\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla32.dll.vir
2012-10-31 22:19:05 . 2012-10-31 22:20:46 179,687 ----a-w- C:\Qoobox\Quarantine\C\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla.dll.vir
2012-10-31 22:19:05 . 2012-10-31 22:19:05 185,271 ----a-w- C:\Qoobox\Quarantine\C\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla31.exe.vir
2012-10-31 22:19:05 . 2012-10-31 22:20:46 176,035 ----a-w- C:\Qoobox\Quarantine\C\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla2.dll.vir
2012-10-31 22:19:05 . 2012-10-31 22:20:46 175,992 ----a-w- C:\Qoobox\Quarantine\C\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla34.dll.vir
2012-10-31 22:19:05 . 2012-10-31 22:20:46 66,956 ----a-w- C:\Qoobox\Quarantine\C\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCall.dll.vir
2012-10-29 21:31:43 . 2009-03-05 20:07:20 2,260,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe.vir
2012-10-26 02:25:32 . 2012-10-26 02:25:32 190,389 ----a-w- C:\Qoobox\Quarantine\C\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP\WiseCustomCalla36.exe.vir
2012-10-02 23:32:14 . 2012-10-19 03:40:23 6,465 ----a-w- C:\Qoobox\Quarantine\C\Users\Bryan\AppData\Local\chromeupdate.crx.vir




Will take it for a spin and report back.

#14 Supe

Supe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 01 November 2012 - 09:21 PM

Very first Google search result in Firefox bounced me to a redirect site, so no luck thus far.

#15 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:35 PM

Posted 01 November 2012 - 09:24 PM

Let's look a bit deeper:

Posted Image Please download OTL.

  • Save it to your desktop.
  • Right mouse click on the OTL icon on your desktop and select Run as Administrator
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Change the setting of "Drivers" and "Services" to "All"
  • Copy the text in the code box below and paste it into the Posted Image text-field.

    baseservices
    
  • Now click the Posted Image button.
  • Two reports will be created:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Paste the contents of OTL.txt here for me to review but attach Extras.txt

Edited by thisisu, 01 November 2012 - 09:24 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users