Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Zero Access and browser redirect


  • This topic is locked This topic is locked
27 replies to this topic

#1 DaveM2

DaveM2

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 02 December 2012 - 10:47 AM

Hi,
I believe I have some remnants of the zero access (Recycler version) left on my computer.

System info: 64 bit Windows 7 - Home edition

Virus Protection SW: Avira Free, Malware Bytes

Symptoms:
1 - Every couple of days Avira would detect something (typically in AppData\Local). Tended to always be something different. Avira would remove it. I would also get spurious processes launched e.g. several Bingbar processes (I rarely use IE). I believe I've removed most of this problem - Avira hasn't detected anything for awhile, but I'm not certain because it was intermittent.

2 - Java would want to update every couple of seconds. I would select cancel, but it would pop up again - preventing me from doing anything. I uninstalled Java so I would inadvertently install something.

3 - Now, I'm getting browser redirects. Usually off of a google search. Doesn't happen every time, just once in awhile.

Done so far:
============
TDSS Killer
Roguekiller - shows 5 registry keys (I deleted one and I left the other registry keys alone. The one I deleted is below )

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3586692851-3427796397-2140572260-1010 \$6f11fb3f7872ae1099cf7817039dbe16\n.) -> FOUND


Ran ESET's ESETSirfefEVCleaner tool (Believe this resets some registry values)

Thanks for your help.



DDS LOG:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by David2 at 10:22:39 on 2012-12-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.12279.9497 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\David2\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxps://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{2A13106D-8F2D-4219-8CF2-C3CC5558A70A} : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
x64-DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} - hxxp://quickscan.bitdefender.com/qsax/qsax64.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\
FF - prefs.js: network.proxy.ftp - 23.20.1.5
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 23.20.1.5
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 23.20.1.5
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 23.20.1.5
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-09 22:49; foxyproxy@eric.h.jung; C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\extensions\foxyproxy@eric.h.jung
FF - ExtSQL: 2012-11-07 21:49; {e001c731-5e37-4538-a5cb-8168736a2360}; C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: 2012-11-08 18:17; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
FF - ExtSQL: 2012-11-08 18:17; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2012-11-27 19:40; {067aa365-7a5a-4c19-9464-8788e7ce9f8b}; C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\extensions\{067aa365-7a5a-4c19-9464-8788e7ce9f8b}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-4-8 55856]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2011-12-10 27760]
R1 Ext2Fsd;Linux ext2 file system driver;C:\Windows\System32\drivers\ext2fsd.sys [2010-5-3 744072]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-10 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-12-10 110032]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-12-10 98848]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-4-8 656624]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-8 216064]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-8 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-9 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-5 1255736]
.
=============== Created Last 30 ================
.
2012-12-02 09:20:57 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{17241FAA-9DE3-4453-93AD-44D489E46608}\offreg.dll
2012-12-01 13:55:46 -------- d-----w- C:\Users\David2\My Backup Files
2012-11-30 10:03:45 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{17241FAA-9DE3-4453-93AD-44D489E46608}\mpengine.dll
2012-11-29 21:59:12 -------- d-----w- C:\Windows\ERUNT
2012-11-29 21:58:43 -------- d-----w- C:\JRT
2012-11-29 02:32:35 -------- d-----w- C:\Program Files (x86)\ESET
2012-11-29 01:09:56 -------- d-----w- C:\FRST
2012-11-28 01:50:42 -------- d-----w- C:\Users\David2\AppData\Local\Google
2012-11-28 01:50:10 -------- d-----w- C:\ProgramData\AVAST Software
2012-11-28 00:58:28 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-28 00:58:28 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-28 00:54:04 0 ----a-w- C:\Windows\System32\RENFBD7.tmp
2012-11-28 00:54:04 0 ----a-w- C:\Windows\System32\RENFBD6.tmp
2012-11-28 00:54:04 0 ----a-w- C:\Windows\System32\RENFBD5.tmp
2012-11-25 21:17:25 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-25 21:17:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-11-25 21:16:49 -------- d-----w- C:\Users\David2\AppData\Local\Programs
2012-11-16 08:05:58 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-16 08:05:58 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-16 08:05:58 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-16 08:05:58 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-16 08:00:45 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-16 08:00:45 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-16 08:00:42 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-16 08:00:42 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-16 08:00:40 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 08:00:39 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-16 08:00:39 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-09 22:11:59 -------- d-----w- C:\Users\David2\AppData\Roaming\Malwarebytes
2012-11-09 22:03:03 -------- d-----w- C:\Users\David2\AppData\Roaming\Zaam
2012-11-09 22:03:03 -------- d-----w- C:\Users\David2\AppData\Roaming\Kareil
2012-11-09 22:03:03 -------- d-----w- C:\Users\David2\AppData\Roaming\Ahsa
2012-11-09 22:01:34 -------- d-----w- C:\Users\David2\AppData\Roaming\Huykel
2012-11-09 22:01:34 -------- d-----w- C:\Users\David2\AppData\Roaming\Diopac
2012-11-09 22:01:34 -------- d-----w- C:\Users\David2\AppData\Roaming\Abisu
2012-11-09 22:01:25 -------- d-----w- C:\Users\David2\AppData\Roaming\Alece
2012-11-09 22:01:25 -------- d-----w- C:\Users\David2\AppData\Roaming\Akfaa
2012-11-08 02:49:36 -------- d-----w- C:\Users\David2\AppData\Roaming\QuickScan
2012-11-04 17:17:04 -------- d-----w- C:\Users\David2\AppData\Local\PowerDVD DX
2012-11-04 15:48:09 -------- d-----w- C:\Users\David2\AppData\Roaming\AnvSoft
2012-11-04 15:47:56 -------- d-----w- C:\Program Files (x86)\AnvSoft
.
==================== Find3M ====================
.
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-11 02:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-11 02:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-11 02:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-11 02:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 02:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-11 02:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 02:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 02:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 18:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 10:23:05.37 ===============

Attached Files


Edited by DaveM2, 02 December 2012 - 11:02 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 AM

Posted 02 December 2012 - 02:19 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 DaveM2

DaveM2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 02 December 2012 - 03:41 PM

Hi Gringo, I'm Dave. Thanks for getting back to me.
Here's the results of SecurityCheck:

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Adobe Flash Player 11.5.502.110
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 15.0.1 Firefox out of Date!
Mozilla Thunderbird 12.0.1 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 AM

Posted 02 December 2012 - 04:02 PM

Let me have the other reports when they are ready



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 DaveM2

DaveM2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 02 December 2012 - 04:16 PM

AdwCleaner log:

***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\6744o1zc.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\6jjmv2cu.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m11f685r.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1619 octets] - [29/11/2012 19:10:24]
AdwCleaner[R2].txt - [1679 octets] - [29/11/2012 19:11:08]
AdwCleaner[R3].txt - [1602 octets] - [02/12/2012 10:08:11]
AdwCleaner[R4].txt - [1641 octets] - [02/12/2012 16:09:36]
AdwCleaner[S1].txt - [1743 octets] - [29/11/2012 19:13:24]
AdwCleaner[S2].txt - [1572 octets] - [02/12/2012 16:10:02]

########## EOF - C:\AdwCleaner[S2].txt - [1632 octets] ##########

#6 DaveM2

DaveM2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 02 December 2012 - 04:23 PM

Rogue Killer Log:
RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : David2 [Admin rights]
Mode : Remove -- Date : 12/02/2012 16:22:30

Bad processes : 0

Registry Entries : 4
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: WDC WD1001FALS-75J7B0 +++++
--- User ---
[MBR] a275bda5db665e4492586a2749794891
[BSP] 669822e4cb1e50932e6e1b06f35abf4f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9842 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20238336 | Size: 943986 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[9]_D_12022012_02d1622.txt >>
RKreport[1]_S_11282012_02d1950.txt ; RKreport[2]_D_11282012_02d2006.txt ; RKreport[3]_S_11282012_02d2008.txt ; RKreport[4]_S_11282012_02d2009.txt ; RKreport[5]_S_11282012_02d2246.txt ;
RKreport[6]_S_11292012_02d1655.txt ; RKreport[7]_S_12012012_02d1734.txt ; RKreport[8]_S_12022012_02d1616.txt ; RKreport[9]_D_12022012_02d1622.txt

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 AM

Posted 02 December 2012 - 05:39 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 DaveM2

DaveM2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 02 December 2012 - 08:28 PM

Hi,
Ran combofix with any problem. It rebooted, and I had to reboot afterwards.
It's hard to tell if it's fixed. The google redirection didn't occur all the time. Only occasionally - so I'll probably have to try it out for a couple of days to see if anything strange is happening.

BTW - Avira is scheduled to run a full scan later on tonight. I'll let you know if it reports anything.

Here's the combofix log. How does it look?

ComboFix 12-12-02.01 - David2 02/12/2012 19:45:58.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.12279.10335 [GMT -5:00]
Running from: c:\users\David2\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\David\AppData\Roaming\.#
c:\users\David\AppData\Roaming\Help\coredb\storage
c:\users\David2\AppData\Roaming\Abisu
c:\users\David2\AppData\Roaming\Abisu\ywby.ano
c:\users\David2\AppData\Roaming\Ahsa
c:\users\David2\AppData\Roaming\Ahsa\qiyh.myu
c:\users\David2\AppData\Roaming\Akfaa
c:\users\David2\AppData\Roaming\Akfaa\uxap.ryf
c:\users\David2\AppData\Roaming\Diopac
c:\users\David2\AppData\Roaming\Diopac\atip.diz
c:\users\David2\AppData\Roaming\Zaam
c:\users\David2\AppData\Roaming\Zaam\oxsa.icq
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 00:51 . 2012-12-03 00:51 -------- d-----w- c:\users\Rachel\AppData\Local\temp
2012-12-03 00:51 . 2012-12-03 00:51 -------- d-----w- c:\users\Hannah\AppData\Local\temp
2012-12-03 00:51 . 2012-12-03 00:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-03 00:51 . 2012-12-03 00:51 -------- d-----w- c:\users\David\AppData\Local\temp
2012-12-01 13:55 . 2012-12-01 13:55 -------- d-----w- c:\users\David2\My Backup Files
2012-11-30 10:03 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17241FAA-9DE3-4453-93AD-44D489E46608}\mpengine.dll
2012-11-29 21:59 . 2012-11-29 21:59 -------- d-----w- c:\windows\ERUNT
2012-11-29 21:58 . 2012-11-29 21:58 -------- d-----w- C:\JRT
2012-11-29 02:32 . 2012-11-29 02:32 -------- d-----w- c:\program files (x86)\ESET
2012-11-29 01:09 . 2012-11-29 01:10 -------- d-----w- C:\FRST
2012-11-28 01:50 . 2012-11-28 22:41 -------- d-----w- c:\users\David2\AppData\Local\Google
2012-11-28 01:50 . 2012-11-28 22:41 -------- d-----w- c:\program files (x86)\Google
2012-11-28 01:50 . 2012-11-28 22:47 -------- d-----w- c:\programdata\AVAST Software
2012-11-28 00:58 . 2012-11-28 00:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-28 00:58 . 2012-11-28 00:58 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-28 00:54 . 2012-11-28 00:54 0 ----a-w- c:\windows\system32\RENFBD7.tmp
2012-11-28 00:54 . 2012-11-28 00:54 0 ----a-w- c:\windows\system32\RENFBD6.tmp
2012-11-28 00:54 . 2012-11-28 00:54 0 ----a-w- c:\windows\system32\RENFBD5.tmp
2012-11-27 02:02 . 2012-11-27 02:02 -------- d-----w- c:\programdata\HP
2012-11-25 21:17 . 2012-11-28 12:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-25 21:17 . 2012-12-01 18:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-11-25 21:16 . 2012-11-25 21:16 -------- d-----w- c:\users\David2\AppData\Local\Programs
2012-11-18 08:02 . 2012-11-18 08:02 -------- d-----w- c:\users\UpdatusUser
2012-11-16 08:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 08:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 08:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 08:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 08:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 08:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 08:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 08:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 08:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 08:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 08:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-09 22:11 . 2012-11-09 22:11 -------- d-----w- c:\users\David2\AppData\Roaming\Malwarebytes
2012-11-09 22:03 . 2012-11-15 00:28 -------- d-----w- c:\users\David2\AppData\Roaming\Kareil
2012-11-09 22:01 . 2012-11-15 00:28 -------- d-----w- c:\users\David2\AppData\Roaming\Huykel
2012-11-09 22:01 . 2012-11-09 22:05 -------- d-----w- c:\users\David2\AppData\Roaming\Alece
2012-11-08 02:49 . 2012-11-08 03:06 -------- d-----w- c:\users\David2\AppData\Roaming\QuickScan
2012-11-04 17:17 . 2012-11-04 17:19 -------- d-----w- c:\users\David2\AppData\Local\PowerDVD DX
2012-11-04 15:48 . 2012-11-04 15:50 -------- d-----w- c:\users\David2\AppData\Roaming\AnvSoft
2012-11-04 15:47 . 2012-11-05 01:38 -------- d-----w- c:\program files (x86)\AnvSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 08:01 . 2010-09-15 11:16 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-04 17:18 . 2010-04-15 01:43 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-16 08:38 . 2012-11-28 05:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 05:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 05:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 02:23 . 2012-10-11 02:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 02:23 . 2012-10-04 00:10 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 02:23 . 2012-10-11 02:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 02:23 . 2012-10-11 02:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 02:23 . 2012-10-11 02:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:23 . 2012-10-11 02:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:23 . 2010-04-08 09:26 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 02:23 . 2010-04-08 09:26 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 02:23 . 2012-10-11 02:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:23 . 2011-02-23 06:58 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 02:22 . 2011-11-06 15:55 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 02:22 . 2012-10-11 02:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 02:22 . 2011-11-06 15:55 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 02:22 . 2012-10-11 02:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 02:22 . 2012-10-11 02:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:22 . 2012-10-11 02:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 02:22 . 2012-10-11 02:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:22 . 2012-10-11 02:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:51 . 2011-02-23 05:39 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-02-23 05:39 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-02-23 05:38 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-02-23 05:38 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2009-07-08 20:01 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2009-07-08 18:01 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-30 00:54 . 2010-08-09 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 11:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 11:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\David2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 144720]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-06-09 55856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-12-02 656624]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-02 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-11-30 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-23 21:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\
FF - prefs.js: network.proxy.ftp - 23.20.1.5
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 23.20.1.5
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 23.20.1.5
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 23.20.1.5
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-09 22:49; foxyproxy@eric.h.jung; c:\users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\extensions\foxyproxy@eric.h.jung
FF - ExtSQL: 2012-11-07 21:49; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: 2012-11-08 18:17; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
FF - ExtSQL: 2012-11-08 18:17; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2012-11-27 19:40; {067aa365-7a5a-4c19-9464-8788e7ce9f8b}; c:\users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\78fywoj1.default\extensions\{067aa365-7a5a-4c19-9464-8788e7ce9f8b}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-42515657.sys
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-12-02 20:07:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-03 01:07
.
Pre-Run: 523,330,895,872 bytes free
Post-Run: 523,436,789,760 bytes free
.
- - End Of File - - 2E0A2D692F380615D73A817E6FCCBA04

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 AM

Posted 02 December 2012 - 08:40 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 DaveM2

DaveM2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 03 December 2012 - 06:23 PM

Here's the TDSS report - note I didn't select any of the options:

18:20:20.0826 2776 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:20:21.0214 2776 ============================================================
18:20:21.0214 2776 Current date / time: 2012/12/03 18:20:21.0214
18:20:21.0214 2776 SystemInfo:
18:20:21.0214 2776
18:20:21.0214 2776 OS Version: 6.1.7601 ServicePack: 1.0
18:20:21.0214 2776 Product type: Workstation
18:20:21.0214 2776 ComputerName: CINDERELLA-PC
18:20:21.0214 2776 UserName: David2
18:20:21.0214 2776 Windows directory: C:\Windows
18:20:21.0214 2776 System windows directory: C:\Windows
18:20:21.0214 2776 Running under WOW64
18:20:21.0214 2776 Processor architecture: Intel x64
18:20:21.0214 2776 Number of processors: 8
18:20:21.0214 2776 Page size: 0x1000
18:20:21.0214 2776 Boot type: Normal boot
18:20:21.0214 2776 ============================================================
18:20:21.0676 2776 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:20:21.0683 2776 ============================================================
18:20:21.0683 2776 \Device\Harddisk0\DR0:
18:20:21.0683 2776 MBR partitions:
18:20:21.0683 2776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1339000
18:20:21.0683 2776 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x134D000, BlocksNum 0x733B9000
18:20:21.0683 2776 ============================================================
18:20:21.0713 2776 C: <-> \Device\Harddisk0\DR0\Partition2
18:20:21.0713 2776 ============================================================
18:20:21.0713 2776 Initialize success
18:20:21.0713 2776 ============================================================
18:20:53.0955 2076 ============================================================
18:20:53.0955 2076 Scan started
18:20:53.0955 2076 Mode: Manual;
18:20:53.0955 2076 ============================================================
18:20:54.0602 2076 ================ Scan system memory ========================
18:20:54.0602 2076 System memory - ok
18:20:54.0602 2076 ================ Scan services =============================
18:20:54.0734 2076 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:20:54.0736 2076 1394ohci - ok
18:20:54.0783 2076 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:20:54.0787 2076 ACPI - ok
18:20:54.0827 2076 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:20:54.0828 2076 AcpiPmi - ok
18:20:54.0864 2076 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:20:54.0869 2076 adp94xx - ok
18:20:54.0889 2076 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:20:54.0893 2076 adpahci - ok
18:20:54.0904 2076 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:20:54.0905 2076 adpu320 - ok
18:20:54.0944 2076 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:20:54.0945 2076 AeLookupSvc - ok
18:20:54.0999 2076 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:20:55.0004 2076 AFD - ok
18:20:55.0034 2076 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:20:55.0040 2076 agp440 - ok
18:20:55.0054 2076 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:20:55.0060 2076 ALG - ok
18:20:55.0079 2076 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:20:55.0080 2076 aliide - ok
18:20:55.0086 2076 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:20:55.0086 2076 amdide - ok
18:20:55.0101 2076 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:20:55.0102 2076 AmdK8 - ok
18:20:55.0114 2076 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:20:55.0115 2076 AmdPPM - ok
18:20:55.0148 2076 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:20:55.0149 2076 amdsata - ok
18:20:55.0161 2076 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:20:55.0163 2076 amdsbs - ok
18:20:55.0174 2076 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:20:55.0174 2076 amdxata - ok
18:20:55.0239 2076 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:20:55.0240 2076 AntiVirSchedulerService - ok
18:20:55.0250 2076 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:20:55.0251 2076 AntiVirService - ok
18:20:55.0289 2076 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:20:55.0294 2076 AppID - ok
18:20:55.0308 2076 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:20:55.0313 2076 AppIDSvc - ok
18:20:55.0351 2076 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:20:55.0352 2076 Appinfo - ok
18:20:55.0468 2076 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:20:55.0469 2076 Apple Mobile Device - ok
18:20:55.0488 2076 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:20:55.0489 2076 arc - ok
18:20:55.0495 2076 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:20:55.0497 2076 arcsas - ok
18:20:55.0521 2076 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:20:55.0525 2076 AsyncMac - ok
18:20:55.0575 2076 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:20:55.0576 2076 atapi - ok
18:20:55.0618 2076 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:20:55.0625 2076 AudioEndpointBuilder - ok
18:20:55.0636 2076 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:20:55.0640 2076 AudioSrv - ok
18:20:55.0660 2076 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:20:55.0661 2076 avgntflt - ok
18:20:55.0686 2076 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:20:55.0688 2076 avipbb - ok
18:20:55.0697 2076 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:20:55.0698 2076 avkmgr - ok
18:20:55.0750 2076 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:20:55.0757 2076 AxInstSV - ok
18:20:55.0784 2076 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:20:55.0789 2076 b06bdrv - ok
18:20:55.0815 2076 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:20:55.0817 2076 b57nd60a - ok
18:20:55.0831 2076 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:20:55.0836 2076 BDESVC - ok
18:20:55.0844 2076 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:20:55.0845 2076 Beep - ok
18:20:55.0902 2076 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:20:55.0908 2076 BFE - ok
18:20:55.0965 2076 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:20:55.0972 2076 BITS - ok
18:20:55.0990 2076 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:20:55.0991 2076 blbdrive - ok
18:20:56.0051 2076 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:20:56.0055 2076 Bonjour Service - ok
18:20:56.0096 2076 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:20:56.0097 2076 bowser - ok
18:20:56.0113 2076 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:20:56.0113 2076 BrFiltLo - ok
18:20:56.0124 2076 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:20:56.0124 2076 BrFiltUp - ok
18:20:56.0150 2076 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:20:56.0156 2076 BridgeMP - ok
18:20:56.0215 2076 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:20:56.0217 2076 Browser - ok
18:20:56.0232 2076 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:20:56.0234 2076 Brserid - ok
18:20:56.0242 2076 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:20:56.0242 2076 BrSerWdm - ok
18:20:56.0246 2076 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:20:56.0246 2076 BrUsbMdm - ok
18:20:56.0250 2076 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:20:56.0251 2076 BrUsbSer - ok
18:20:56.0258 2076 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:20:56.0259 2076 BTHMODEM - ok
18:20:56.0269 2076 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:20:56.0276 2076 bthserv - ok
18:20:56.0300 2076 catchme - ok
18:20:56.0325 2076 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:20:56.0331 2076 cdfs - ok
18:20:56.0367 2076 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:20:56.0376 2076 cdrom - ok
18:20:56.0427 2076 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:20:56.0433 2076 CertPropSvc - ok
18:20:56.0456 2076 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:20:56.0457 2076 circlass - ok
18:20:56.0494 2076 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:20:56.0498 2076 CLFS - ok
18:20:56.0571 2076 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:56.0572 2076 clr_optimization_v2.0.50727_32 - ok
18:20:56.0607 2076 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:20:56.0608 2076 clr_optimization_v2.0.50727_64 - ok
18:20:56.0668 2076 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:56.0670 2076 clr_optimization_v4.0.30319_32 - ok
18:20:56.0695 2076 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:20:56.0697 2076 clr_optimization_v4.0.30319_64 - ok
18:20:56.0708 2076 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:20:56.0708 2076 CmBatt - ok
18:20:56.0747 2076 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:20:56.0748 2076 cmdide - ok
18:20:56.0790 2076 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:20:56.0795 2076 CNG - ok
18:20:56.0805 2076 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:20:56.0805 2076 Compbatt - ok
18:20:56.0842 2076 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:20:56.0847 2076 CompositeBus - ok
18:20:56.0851 2076 COMSysApp - ok
18:20:56.0865 2076 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:20:56.0866 2076 crcdisk - ok
18:20:56.0912 2076 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:20:56.0914 2076 CryptSvc - ok
18:20:56.0957 2076 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:20:56.0962 2076 DcomLaunch - ok
18:20:56.0988 2076 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:20:56.0991 2076 defragsvc - ok
18:20:57.0037 2076 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:20:57.0039 2076 DfsC - ok
18:20:57.0092 2076 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:20:57.0095 2076 Dhcp - ok
18:20:57.0108 2076 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:20:57.0109 2076 discache - ok
18:20:57.0136 2076 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:20:57.0136 2076 Disk - ok
18:20:57.0178 2076 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:20:57.0180 2076 Dnscache - ok
18:20:57.0212 2076 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
18:20:57.0214 2076 DockLoginService - ok
18:20:57.0253 2076 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:20:57.0264 2076 dot3svc - ok
18:20:57.0311 2076 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:20:57.0313 2076 DPS - ok
18:20:57.0332 2076 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:20:57.0334 2076 drmkaud - ok
18:20:57.0384 2076 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:20:57.0404 2076 DXGKrnl - ok
18:20:57.0424 2076 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:20:57.0431 2076 EapHost - ok
18:20:57.0489 2076 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:20:57.0546 2076 ebdrv - ok
18:20:57.0607 2076 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:20:57.0608 2076 EFS - ok
18:20:57.0640 2076 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:20:57.0645 2076 ehRecvr - ok
18:20:57.0671 2076 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:20:57.0672 2076 ehSched - ok
18:20:57.0694 2076 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:20:57.0701 2076 elxstor - ok
18:20:57.0740 2076 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:20:57.0743 2076 ErrDev - ok
18:20:57.0767 2076 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:20:57.0770 2076 EventSystem - ok
18:20:57.0794 2076 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:20:57.0801 2076 exfat - ok
18:20:57.0868 2076 [ 77541BB9EA03008FF40035F2D3EF114E ] Ext2Fsd C:\Windows\system32\drivers\Ext2Fsd.sys
18:20:57.0877 2076 Ext2Fsd - ok
18:20:57.0916 2076 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:20:57.0919 2076 fastfat - ok
18:20:57.0976 2076 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:20:57.0990 2076 Fax - ok
18:20:58.0016 2076 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:20:58.0016 2076 fdc - ok
18:20:58.0034 2076 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:20:58.0035 2076 fdPHost - ok
18:20:58.0047 2076 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:20:58.0048 2076 FDResPub - ok
18:20:58.0062 2076 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:20:58.0063 2076 FileInfo - ok
18:20:58.0075 2076 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:20:58.0078 2076 Filetrace - ok
18:20:58.0092 2076 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:20:58.0092 2076 flpydisk - ok
18:20:58.0133 2076 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:20:58.0136 2076 FltMgr - ok
18:20:58.0186 2076 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:20:58.0198 2076 FontCache - ok
18:20:58.0251 2076 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:20:58.0252 2076 FontCache3.0.0.0 - ok
18:20:58.0264 2076 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:20:58.0269 2076 FsDepends - ok
18:20:58.0292 2076 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:20:58.0296 2076 Fs_Rec - ok
18:20:58.0325 2076 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:20:58.0328 2076 fvevol - ok
18:20:58.0345 2076 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:20:58.0346 2076 gagp30kx - ok
18:20:58.0400 2076 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:20:58.0401 2076 GEARAspiWDM - ok
18:20:58.0451 2076 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:20:58.0460 2076 gpsvc - ok
18:20:58.0468 2076 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:20:58.0469 2076 hcw85cir - ok
18:20:58.0502 2076 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:20:58.0503 2076 HDAudBus - ok
18:20:58.0507 2076 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:20:58.0508 2076 HidBatt - ok
18:20:58.0515 2076 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:20:58.0516 2076 HidBth - ok
18:20:58.0543 2076 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:20:58.0543 2076 HidIr - ok
18:20:58.0564 2076 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:20:58.0565 2076 hidserv - ok
18:20:58.0588 2076 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:20:58.0592 2076 HidUsb - ok
18:20:58.0633 2076 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:20:58.0640 2076 hkmsvc - ok
18:20:58.0676 2076 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:20:58.0679 2076 HomeGroupListener - ok
18:20:58.0689 2076 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:20:58.0692 2076 HomeGroupProvider - ok
18:20:58.0702 2076 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:20:58.0703 2076 HpSAMD - ok
18:20:58.0746 2076 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:20:58.0754 2076 HTTP - ok
18:20:58.0791 2076 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:20:58.0791 2076 hwpolicy - ok
18:20:58.0828 2076 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:20:58.0836 2076 i8042prt - ok
18:20:58.0891 2076 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:20:58.0894 2076 IAANTMON - ok
18:20:58.0915 2076 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:20:58.0918 2076 iaStor - ok
18:20:58.0939 2076 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:20:58.0943 2076 iaStorV - ok
18:20:58.0999 2076 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:20:59.0009 2076 idsvc - ok
18:20:59.0046 2076 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:20:59.0047 2076 iirsp - ok
18:20:59.0102 2076 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:20:59.0112 2076 IKEEXT - ok
18:20:59.0165 2076 [ 2A7CF87BE453241FE0BAA1C8651E7AA4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:20:59.0195 2076 IntcAzAudAddService - ok
18:20:59.0211 2076 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:20:59.0212 2076 intelide - ok
18:20:59.0236 2076 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:20:59.0236 2076 intelppm - ok
18:20:59.0248 2076 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:20:59.0255 2076 IPBusEnum - ok
18:20:59.0296 2076 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:20:59.0302 2076 IpFilterDriver - ok
18:20:59.0356 2076 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:20:59.0362 2076 iphlpsvc - ok
18:20:59.0392 2076 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:20:59.0393 2076 IPMIDRV - ok
18:20:59.0410 2076 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:20:59.0416 2076 IPNAT - ok
18:20:59.0476 2076 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:20:59.0483 2076 iPod Service - ok
18:20:59.0505 2076 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:20:59.0508 2076 IRENUM - ok
18:20:59.0514 2076 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:20:59.0518 2076 isapnp - ok
18:20:59.0557 2076 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:20:59.0567 2076 iScsiPrt - ok
18:20:59.0594 2076 [ 71235F7BAA7E5E79D38157DF7A0F806A ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
18:20:59.0595 2076 JRAID - ok
18:20:59.0615 2076 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:20:59.0620 2076 kbdclass - ok
18:20:59.0627 2076 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:20:59.0631 2076 kbdhid - ok
18:20:59.0648 2076 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:20:59.0649 2076 KeyIso - ok
18:20:59.0684 2076 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:20:59.0686 2076 KSecDD - ok
18:20:59.0724 2076 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:20:59.0725 2076 KSecPkg - ok
18:20:59.0734 2076 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:20:59.0738 2076 ksthunk - ok
18:20:59.0756 2076 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:20:59.0769 2076 KtmRm - ok
18:20:59.0815 2076 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:20:59.0819 2076 LanmanServer - ok
18:20:59.0862 2076 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:20:59.0865 2076 LanmanWorkstation - ok
18:20:59.0886 2076 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:20:59.0891 2076 lltdio - ok
18:20:59.0904 2076 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:20:59.0914 2076 lltdsvc - ok
18:20:59.0933 2076 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:20:59.0934 2076 lmhosts - ok
18:20:59.0954 2076 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:20:59.0955 2076 LSI_FC - ok
18:20:59.0975 2076 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:20:59.0976 2076 LSI_SAS - ok
18:20:59.0990 2076 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:20:59.0991 2076 LSI_SAS2 - ok
18:20:59.0995 2076 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:20:59.0996 2076 LSI_SCSI - ok
18:21:00.0006 2076 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:21:00.0007 2076 luafv - ok
18:21:00.0043 2076 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:21:00.0050 2076 Mcx2Svc - ok
18:21:00.0066 2076 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:21:00.0066 2076 megasas - ok
18:21:00.0081 2076 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:21:00.0084 2076 MegaSR - ok
18:21:00.0091 2076 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:21:00.0093 2076 MMCSS - ok
18:21:00.0108 2076 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:21:00.0111 2076 Modem - ok
18:21:00.0132 2076 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:21:00.0132 2076 monitor - ok
18:21:00.0174 2076 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:21:00.0179 2076 mouclass - ok
18:21:00.0205 2076 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:21:00.0209 2076 mouhid - ok
18:21:00.0250 2076 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:21:00.0251 2076 mountmgr - ok
18:21:00.0280 2076 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:21:00.0281 2076 MozillaMaintenance - ok
18:21:00.0321 2076 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:21:00.0329 2076 mpio - ok
18:21:00.0339 2076 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:21:00.0344 2076 mpsdrv - ok
18:21:00.0394 2076 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:21:00.0403 2076 MpsSvc - ok
18:21:00.0442 2076 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:21:00.0449 2076 MRxDAV - ok
18:21:00.0488 2076 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:21:00.0490 2076 mrxsmb - ok
18:21:00.0529 2076 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:21:00.0532 2076 mrxsmb10 - ok
18:21:00.0543 2076 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:21:00.0544 2076 mrxsmb20 - ok
18:21:00.0548 2076 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:21:00.0548 2076 msahci - ok
18:21:00.0566 2076 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:21:00.0573 2076 msdsm - ok
18:21:00.0585 2076 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:21:00.0591 2076 MSDTC - ok
18:21:00.0605 2076 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:21:00.0606 2076 Msfs - ok
18:21:00.0617 2076 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:21:00.0620 2076 mshidkmdf - ok
18:21:00.0655 2076 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:21:00.0655 2076 msisadrv - ok
18:21:00.0675 2076 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:21:00.0682 2076 MSiSCSI - ok
18:21:00.0686 2076 msiserver - ok
18:21:00.0700 2076 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:21:00.0702 2076 MSKSSRV - ok
18:21:00.0708 2076 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:21:00.0711 2076 MSPCLOCK - ok
18:21:00.0722 2076 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:21:00.0724 2076 MSPQM - ok
18:21:00.0765 2076 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:21:00.0769 2076 MsRPC - ok
18:21:00.0778 2076 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:21:00.0779 2076 mssmbios - ok
18:21:00.0783 2076 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:21:00.0785 2076 MSTEE - ok
18:21:00.0799 2076 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:21:00.0799 2076 MTConfig - ok
18:21:00.0815 2076 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:21:00.0816 2076 Mup - ok
18:21:00.0858 2076 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:21:00.0864 2076 napagent - ok
18:21:00.0892 2076 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:21:00.0902 2076 NativeWifiP - ok
18:21:00.0967 2076 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:21:00.0977 2076 NDIS - ok
18:21:00.0991 2076 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:21:00.0995 2076 NdisCap - ok
18:21:01.0011 2076 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:21:01.0014 2076 NdisTapi - ok
18:21:01.0049 2076 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:21:01.0054 2076 Ndisuio - ok
18:21:01.0097 2076 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:21:01.0105 2076 NdisWan - ok
18:21:01.0144 2076 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:21:01.0149 2076 NDProxy - ok
18:21:01.0162 2076 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:21:01.0163 2076 NetBIOS - ok
18:21:01.0205 2076 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:21:01.0208 2076 NetBT - ok
18:21:01.0215 2076 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:21:01.0216 2076 Netlogon - ok
18:21:01.0248 2076 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:21:01.0250 2076 Netman - ok
18:21:01.0262 2076 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:21:01.0266 2076 netprofm - ok
18:21:01.0295 2076 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:21:01.0296 2076 NetTcpPortSharing - ok
18:21:01.0307 2076 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:21:01.0307 2076 nfrd960 - ok
18:21:01.0346 2076 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:21:01.0350 2076 NlaSvc - ok
18:21:01.0363 2076 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:21:01.0363 2076 Npfs - ok
18:21:01.0370 2076 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:21:01.0371 2076 nsi - ok
18:21:01.0379 2076 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:21:01.0379 2076 nsiproxy - ok
18:21:01.0438 2076 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:21:01.0467 2076 Ntfs - ok
18:21:01.0477 2076 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:21:01.0480 2076 Null - ok
18:21:01.0528 2076 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
18:21:01.0530 2076 NVHDA - ok
18:21:01.0768 2076 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:21:01.0964 2076 nvlddmkm - ok
18:21:02.0010 2076 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:21:02.0010 2076 nvraid - ok
18:21:02.0021 2076 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:21:02.0023 2076 nvstor - ok
18:21:02.0070 2076 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
18:21:02.0077 2076 nvsvc - ok
18:21:02.0189 2076 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:21:02.0198 2076 nvUpdatusService - ok
18:21:02.0240 2076 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:21:02.0241 2076 nv_agp - ok
18:21:02.0279 2076 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:21:02.0286 2076 ohci1394 - ok
18:21:02.0310 2076 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:21:02.0314 2076 p2pimsvc - ok
18:21:02.0338 2076 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:21:02.0343 2076 p2psvc - ok
18:21:02.0356 2076 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:21:02.0357 2076 Parport - ok
18:21:02.0394 2076 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:21:02.0395 2076 partmgr - ok
18:21:02.0405 2076 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:21:02.0408 2076 PcaSvc - ok
18:21:02.0416 2076 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:21:02.0418 2076 pci - ok
18:21:02.0434 2076 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:21:02.0438 2076 pciide - ok
18:21:02.0453 2076 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:21:02.0454 2076 pcmcia - ok
18:21:02.0467 2076 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:21:02.0468 2076 pcw - ok
18:21:02.0489 2076 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:21:02.0507 2076 PEAUTH - ok
18:21:02.0586 2076 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:21:02.0588 2076 PerfHost - ok
18:21:02.0649 2076 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:21:02.0682 2076 pla - ok
18:21:02.0743 2076 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:21:02.0749 2076 PlugPlay - ok
18:21:02.0762 2076 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:21:02.0768 2076 PNRPAutoReg - ok
18:21:02.0776 2076 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:21:02.0780 2076 PNRPsvc - ok
18:21:02.0805 2076 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:21:02.0818 2076 PolicyAgent - ok
18:21:02.0849 2076 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:21:02.0852 2076 Power - ok
18:21:02.0903 2076 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:21:02.0910 2076 PptpMiniport - ok
18:21:02.0923 2076 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:21:02.0924 2076 Processor - ok
18:21:02.0966 2076 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:21:02.0969 2076 ProfSvc - ok
18:21:02.0973 2076 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:21:02.0974 2076 ProtectedStorage - ok
18:21:03.0023 2076 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:21:03.0025 2076 Psched - ok
18:21:03.0067 2076 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:21:03.0068 2076 PxHlpa64 - ok
18:21:03.0120 2076 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:21:03.0148 2076 ql2300 - ok
18:21:03.0167 2076 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:21:03.0168 2076 ql40xx - ok
18:21:03.0183 2076 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:21:03.0194 2076 QWAVE - ok
18:21:03.0204 2076 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:21:03.0208 2076 QWAVEdrv - ok
18:21:03.0224 2076 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:21:03.0226 2076 RasAcd - ok
18:21:03.0249 2076 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:21:03.0254 2076 RasAgileVpn - ok
18:21:03.0265 2076 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:21:03.0272 2076 RasAuto - ok
18:21:03.0315 2076 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:21:03.0321 2076 Rasl2tp - ok
18:21:03.0363 2076 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:21:03.0368 2076 RasMan - ok
18:21:03.0379 2076 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:21:03.0385 2076 RasPppoe - ok
18:21:03.0394 2076 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:21:03.0399 2076 RasSstp - ok
18:21:03.0444 2076 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:21:03.0446 2076 rdbss - ok
18:21:03.0458 2076 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:21:03.0459 2076 rdpbus - ok
18:21:03.0479 2076 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:21:03.0480 2076 RDPCDD - ok
18:21:03.0505 2076 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:21:03.0506 2076 RDPENCDD - ok
18:21:03.0520 2076 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:21:03.0522 2076 RDPREFMP - ok
18:21:03.0562 2076 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:21:03.0569 2076 RDPWD - ok
18:21:03.0604 2076 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:21:03.0606 2076 rdyboost - ok
18:21:03.0638 2076 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:21:03.0645 2076 RemoteAccess - ok
18:21:03.0651 2076 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:21:03.0661 2076 RemoteRegistry - ok
18:21:03.0778 2076 [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
18:21:03.0791 2076 RoxMediaDB10 - ok
18:21:03.0812 2076 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:21:03.0814 2076 RpcEptMapper - ok
18:21:03.0829 2076 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:21:03.0833 2076 RpcLocator - ok
18:21:03.0872 2076 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
18:21:03.0877 2076 RpcSs - ok
18:21:03.0890 2076 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:21:03.0896 2076 rspndr - ok
18:21:03.0927 2076 [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
18:21:03.0929 2076 RSUSBSTOR - ok
18:21:03.0953 2076 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:21:03.0955 2076 RTL8167 - ok
18:21:03.0964 2076 RxFilter - ok
18:21:03.0974 2076 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:21:03.0975 2076 SamSs - ok
18:21:04.0011 2076 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:21:04.0012 2076 sbp2port - ok
18:21:04.0021 2076 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:21:04.0029 2076 SCardSvr - ok
18:21:04.0069 2076 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:21:04.0074 2076 scfilter - ok
18:21:04.0133 2076 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:21:04.0144 2076 Schedule - ok
18:21:04.0186 2076 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:21:04.0187 2076 SCPolicySvc - ok
18:21:04.0232 2076 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:21:04.0243 2076 SDRSVC - ok
18:21:04.0259 2076 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:21:04.0260 2076 secdrv - ok
18:21:04.0296 2076 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:21:04.0298 2076 seclogon - ok
18:21:04.0318 2076 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:21:04.0320 2076 SENS - ok
18:21:04.0330 2076 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:21:04.0336 2076 SensrSvc - ok
18:21:04.0346 2076 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:21:04.0347 2076 Serenum - ok
18:21:04.0367 2076 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:21:04.0368 2076 Serial - ok
18:21:04.0389 2076 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:21:04.0393 2076 sermouse - ok
18:21:04.0434 2076 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:21:04.0439 2076 SessionEnv - ok
18:21:04.0526 2076 SessionLauncher - ok
18:21:04.0560 2076 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:21:04.0564 2076 sffdisk - ok
18:21:04.0573 2076 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:21:04.0577 2076 sffp_mmc - ok
18:21:04.0584 2076 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:21:04.0587 2076 sffp_sd - ok
18:21:04.0597 2076 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:21:04.0597 2076 sfloppy - ok
18:21:04.0638 2076 [ 16A5CC62F79A32A974B55110A898945C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:21:04.0642 2076 SftService - ok
18:21:04.0679 2076 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:21:04.0690 2076 SharedAccess - ok
18:21:04.0726 2076 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:21:04.0731 2076 ShellHWDetection - ok
18:21:04.0739 2076 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:21:04.0740 2076 SiSRaid2 - ok
18:21:04.0753 2076 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:21:04.0754 2076 SiSRaid4 - ok
18:21:04.0762 2076 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:21:04.0766 2076 Smb - ok
18:21:04.0791 2076 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:21:04.0795 2076 SNMPTRAP - ok
18:21:04.0807 2076 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:21:04.0807 2076 spldr - ok
18:21:04.0847 2076 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:21:04.0853 2076 Spooler - ok
18:21:04.0939 2076 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:21:04.0990 2076 sppsvc - ok
18:21:05.0008 2076 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:21:05.0012 2076 sppuinotify - ok
18:21:05.0050 2076 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
18:21:05.0052 2076 sprtsvc_DellSupportCenter - ok
18:21:05.0093 2076 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:21:05.0098 2076 srv - ok
18:21:05.0134 2076 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:21:05.0137 2076 srv2 - ok
18:21:05.0149 2076 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:21:05.0151 2076 srvnet - ok
18:21:05.0170 2076 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:21:05.0173 2076 SSDPSRV - ok
18:21:05.0185 2076 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:21:05.0187 2076 SstpSvc - ok
18:21:05.0258 2076 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:21:05.0261 2076 Stereo Service - ok
18:21:05.0281 2076 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:21:05.0282 2076 stexstor - ok
18:21:05.0335 2076 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:21:05.0343 2076 stisvc - ok
18:21:05.0395 2076 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:21:05.0396 2076 stllssvr - ok
18:21:05.0427 2076 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:21:05.0428 2076 swenum - ok
18:21:05.0444 2076 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:21:05.0451 2076 swprv - ok
18:21:05.0516 2076 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:21:05.0546 2076 SysMain - ok
18:21:05.0589 2076 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:21:05.0597 2076 TabletInputService - ok
18:21:05.0640 2076 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:21:05.0645 2076 TapiSrv - ok
18:21:05.0659 2076 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:21:05.0661 2076 TBS - ok
18:21:05.0728 2076 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:21:05.0738 2076 Tcpip - ok
18:21:05.0778 2076 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:21:05.0791 2076 TCPIP6 - ok
18:21:05.0829 2076 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:21:05.0834 2076 tcpipreg - ok
18:21:05.0849 2076 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:21:05.0852 2076 TDPIPE - ok
18:21:05.0891 2076 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:21:05.0895 2076 TDTCP - ok
18:21:05.0935 2076 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:21:05.0941 2076 tdx - ok
18:21:05.0961 2076 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:21:05.0966 2076 TermDD - ok
18:21:06.0018 2076 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:21:06.0024 2076 TermService - ok
18:21:06.0035 2076 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:21:06.0037 2076 Themes - ok
18:21:06.0058 2076 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:21:06.0060 2076 THREADORDER - ok
18:21:06.0074 2076 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:21:06.0076 2076 TrkWks - ok
18:21:06.0123 2076 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:21:06.0125 2076 TrustedInstaller - ok
18:21:06.0158 2076 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:21:06.0161 2076 tssecsrv - ok
18:21:06.0210 2076 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:21:06.0216 2076 TsUsbFlt - ok
18:21:06.0265 2076 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:21:06.0271 2076 tunnel - ok
18:21:06.0279 2076 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:21:06.0280 2076 uagp35 - ok
18:21:06.0322 2076 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:21:06.0325 2076 udfs - ok
18:21:06.0353 2076 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:21:06.0360 2076 UI0Detect - ok
18:21:06.0382 2076 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:21:06.0383 2076 uliagpkx - ok
18:21:06.0423 2076 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:21:06.0428 2076 umbus - ok
18:21:06.0441 2076 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:21:06.0442 2076 UmPass - ok
18:21:06.0463 2076 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:21:06.0468 2076 upnphost - ok
18:21:06.0508 2076 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:21:06.0509 2076 USBAAPL64 - ok
18:21:06.0547 2076 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:21:06.0553 2076 usbccgp - ok
18:21:06.0595 2076 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:21:06.0596 2076 usbcir - ok
18:21:06.0634 2076 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:21:06.0639 2076 usbehci - ok
18:21:06.0685 2076 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:21:06.0695 2076 usbhub - ok
18:21:06.0712 2076 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:21:06.0713 2076 usbohci - ok
18:21:06.0729 2076 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:21:06.0732 2076 usbprint - ok
18:21:06.0766 2076 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:21:06.0772 2076 USBSTOR - ok
18:21:06.0793 2076 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:21:06.0797 2076 usbuhci - ok
18:21:06.0805 2076 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:21:06.0807 2076 UxSms - ok
18:21:06.0815 2076 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:21:06.0817 2076 VaultSvc - ok
18:21:06.0873 2076 [ 47499FE912F0B4E7664F8498F2906F0E ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
18:21:06.0874 2076 VBoxNetAdp - ok
18:21:06.0887 2076 VBoxNetFlt - ok
18:21:06.0899 2076 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:21:06.0899 2076 vdrvroot - ok
18:21:06.0943 2076 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:21:06.0958 2076 vds - ok
18:21:06.0994 2076 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:21:06.0995 2076 vga - ok
18:21:06.0999 2076 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:21:07.0003 2076 VgaSave - ok
18:21:07.0019 2076 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:21:07.0027 2076 vhdmp - ok
18:21:07.0065 2076 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:21:07.0066 2076 viaide - ok
18:21:07.0069 2076 VMnetAdapter - ok
18:21:07.0088 2076 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:21:07.0089 2076 volmgr - ok
18:21:07.0132 2076 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:21:07.0136 2076 volmgrx - ok
18:21:07.0151 2076 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:21:07.0152 2076 volsnap - ok
18:21:07.0176 2076 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:21:07.0178 2076 vsmraid - ok
18:21:07.0235 2076 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:21:07.0250 2076 VSS - ok
18:21:07.0261 2076 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:21:07.0264 2076 vwifibus - ok
18:21:07.0284 2076 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:21:07.0287 2076 W32Time - ok
18:21:07.0294 2076 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:21:07.0295 2076 WacomPen - ok
18:21:07.0335 2076 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:21:07.0341 2076 WANARP - ok
18:21:07.0345 2076 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:21:07.0346 2076 Wanarpv6 - ok
18:21:07.0426 2076 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:21:07.0440 2076 WatAdminSvc - ok
18:21:07.0494 2076 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:21:07.0527 2076 wbengine - ok
18:21:07.0557 2076 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:21:07.0565 2076 WbioSrvc - ok
18:21:07.0611 2076 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:21:07.0622 2076 wcncsvc - ok
18:21:07.0633 2076 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:21:07.0640 2076 WcsPlugInService - ok
18:21:07.0652 2076 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:21:07.0653 2076 Wd - ok
18:21:07.0701 2076 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:21:07.0710 2076 Wdf01000 - ok
18:21:07.0718 2076 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:21:07.0721 2076 WdiServiceHost - ok
18:21:07.0724 2076 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:21:07.0726 2076 WdiSystemHost - ok
18:21:07.0760 2076 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:21:07.0772 2076 WebClient - ok
18:21:07.0782 2076 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:21:07.0791 2076 Wecsvc - ok
18:21:07.0803 2076 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:21:07.0805 2076 wercplsupport - ok
18:21:07.0826 2076 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:21:07.0834 2076 WerSvc - ok
18:21:07.0846 2076 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:21:07.0848 2076 WfpLwf - ok
18:21:07.0868 2076 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
18:21:07.0870 2076 WimFltr - ok
18:21:07.0882 2076 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:21:07.0886 2076 WIMMount - ok
18:21:07.0894 2076 WinDefend - ok
18:21:07.0897 2076 WinHttpAutoProxySvc - ok
18:21:07.0948 2076 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:21:07.0950 2076 Winmgmt - ok
18:21:08.0022 2076 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:21:08.0081 2076 WinRM - ok
18:21:08.0112 2076 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:21:08.0118 2076 WinUsb - ok
18:21:08.0151 2076 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:21:08.0170 2076 Wlansvc - ok
18:21:08.0287 2076 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:21:08.0302 2076 wlidsvc - ok
18:21:08.0313 2076 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:21:08.0313 2076 WmiAcpi - ok
18:21:08.0325 2076 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:21:08.0330 2076 wmiApSrv - ok
18:21:08.0333 2076 WMPNetworkSvc - ok
18:21:08.0356 2076 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:21:08.0359 2076 WPCSvc - ok
18:21:08.0398 2076 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:21:08.0408 2076 WPDBusEnum - ok
18:21:08.0433 2076 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:21:08.0435 2076 ws2ifsl - ok
18:21:08.0445 2076 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:21:08.0447 2076 wscsvc - ok
18:21:08.0449 2076 WSearch - ok
18:21:08.0526 2076 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:21:08.0569 2076 wuauserv - ok
18:21:08.0605 2076 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:21:08.0609 2076 WudfPf - ok
18:21:08.0637 2076 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:21:08.0644 2076 WUDFRd - ok
18:21:08.0674 2076 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:21:08.0676 2076 wudfsvc - ok
18:21:08.0687 2076 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:21:08.0695 2076 WwanSvc - ok
18:21:08.0700 2076 ================ Scan global ===============================
18:21:08.0725 2076 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:21:08.0758 2076 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:21:08.0766 2076 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:21:08.0791 2076 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:21:08.0810 2076 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:21:08.0815 2076 [Global] - ok
18:21:08.0815 2076 ================ Scan MBR ==================================
18:21:08.0826 2076 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
18:21:09.0029 2076 \Device\Harddisk0\DR0 - ok
18:21:09.0030 2076 ================ Scan VBR ==================================
18:21:09.0032 2076 [ 8A63B87ED473C79F27B379BA6378840E ] \Device\Harddisk0\DR0\Partition1
18:21:09.0033 2076 \Device\Harddisk0\DR0\Partition1 - ok
18:21:09.0050 2076 [ 3B5D23026F273D3A2954FE03E1393209 ] \Device\Harddisk0\DR0\Partition2
18:21:09.0052 2076 \Device\Harddisk0\DR0\Partition2 - ok
18:21:09.0052 2076 ============================================================
18:21:09.0052 2076 Scan finished
18:21:09.0052 2076 ============================================================
18:21:09.0061 4100 Detected object count: 0
18:21:09.0061 4100 Actual detected object count: 0

#11 DaveM2

DaveM2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 03 December 2012 - 06:58 PM

A couple of notes:
The Avira scan finished with zero detections.

I still have the redirection on google searches. My default browser is FF. I don't know if it also happens on IE. I was looking at my FF addons - One of them looks suspicious (Mozilla Framework Assistant) I don't recall installing this and is has a recent date (atleast what I can tell from looking in the extensions directory)

Here's the ASWMBR log:
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-03 18:25:40
-----------------------------
18:25:40.111 OS Version: Windows x64 6.1.7601 Service Pack 1
18:25:40.111 Number of processors: 8 586 0x1A05
18:25:40.112 ComputerName: CINDERELLA-PC UserName: David2
18:25:42.253 Initialize success
18:27:43.877 AVAST engine defs: 12120300
18:28:01.997 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:28:02.000 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
18:28:02.016 Disk 0 MBR read successfully
18:28:02.020 Disk 0 MBR scan
18:28:02.036 Disk 0 Windows VISTA default MBR code
18:28:02.041 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:28:02.059 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9842 MB offset 81920
18:28:02.073 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 943986 MB offset 20238336
18:28:02.093 Disk 0 scanning C:\Windows\system32\drivers
18:28:11.625 Service scanning
18:28:30.523 Modules scanning
18:28:30.535 Disk 0 trace - called modules:
18:28:30.549 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:28:30.554 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800adc0790]
18:28:30.557 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800ab79050]
18:28:33.381 AVAST engine scan C:\Windows
18:28:37.551 AVAST engine scan C:\Windows\system32
18:31:44.146 AVAST engine scan C:\Windows\system32\drivers
18:32:01.089 AVAST engine scan C:\Users\David2
18:40:15.701 AVAST engine scan C:\ProgramData
18:41:42.044 Scan finished successfully
18:54:00.339 Disk 0 MBR has been saved successfully to "C:\Users\David2\Desktop\MBR.dat"
18:54:00.343 The log file has been saved successfully to "C:\Users\David2\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 AM

Posted 04 December 2012 - 12:18 AM

Hello

I want you to reset firefox back to defaults, to do this I need you to do this

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 DaveM2

DaveM2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 04 December 2012 - 07:43 AM

I removed the suspicious extension, and that appears to have fixed the browser redirect. Atleast I didn't get any for quite some time. For reference the extension was called "Mozilla Web Framework".

I have reset Firefox - there is still the Divx web player installed as an extension (it is currently disabled). I'm looking into how to remove it. Any suggestions?

I'll keep an eye out for any more browser redirects.

Cheers.
Dave

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 AM

Posted 04 December 2012 - 04:04 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 DaveM2

DaveM2
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 04 December 2012 - 09:00 PM

Hi,
I haven't removed the Divx extension. So far, I haven't had any google redirects.

Ran the combofix script, here's the log:

ComboFix 12-12-02.01 - David2 04/12/2012 17:10:06.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.12279.10627 [GMT -5:00]
Running from: c:\users\David2\Desktop\ComboFix.exe
Command switches used :: c:\users\David2\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-04 22:15 . 2012-12-04 22:15 -------- d-----w- c:\users\Rachel\AppData\Local\temp
2012-12-04 22:15 . 2012-12-04 22:15 -------- d-----w- c:\users\Hannah\AppData\Local\temp
2012-12-04 22:15 . 2012-12-04 22:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-04 22:15 . 2012-12-04 22:15 -------- d-----w- c:\users\David\AppData\Local\temp
2012-12-04 22:15 . 2012-12-04 22:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-12-04 09:30 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94361475-A507-446C-8FCB-43C7A2E6C0FD}\mpengine.dll
2012-12-01 13:55 . 2012-12-01 13:55 -------- d-----w- c:\users\David2\My Backup Files
2012-11-29 21:59 . 2012-11-29 21:59 -------- d-----w- c:\windows\ERUNT
2012-11-29 21:58 . 2012-11-29 21:58 -------- d-----w- C:\JRT
2012-11-29 02:32 . 2012-11-29 02:32 -------- d-----w- c:\program files (x86)\ESET
2012-11-29 01:09 . 2012-11-29 01:10 -------- d-----w- C:\FRST
2012-11-28 01:50 . 2012-11-28 22:41 -------- d-----w- c:\users\David2\AppData\Local\Google
2012-11-28 01:50 . 2012-11-28 22:41 -------- d-----w- c:\program files (x86)\Google
2012-11-28 01:50 . 2012-11-28 22:47 -------- d-----w- c:\programdata\AVAST Software
2012-11-28 00:58 . 2012-11-28 00:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-28 00:58 . 2012-11-28 00:58 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-28 00:54 . 2012-11-28 00:54 0 ----a-w- c:\windows\system32\RENFBD7.tmp
2012-11-28 00:54 . 2012-11-28 00:54 0 ----a-w- c:\windows\system32\RENFBD6.tmp
2012-11-28 00:54 . 2012-11-28 00:54 0 ----a-w- c:\windows\system32\RENFBD5.tmp
2012-11-27 02:02 . 2012-11-27 02:02 -------- d-----w- c:\programdata\HP
2012-11-25 21:17 . 2012-11-28 12:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-25 21:17 . 2012-12-01 18:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-11-25 21:16 . 2012-11-25 21:16 -------- d-----w- c:\users\David2\AppData\Local\Programs
2012-11-18 08:02 . 2012-11-18 08:02 -------- d-----w- c:\users\UpdatusUser
2012-11-16 08:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 08:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 08:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 08:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 08:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 08:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 08:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 08:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 08:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 08:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 08:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-09 22:11 . 2012-11-09 22:11 -------- d-----w- c:\users\David2\AppData\Roaming\Malwarebytes
2012-11-09 22:03 . 2012-11-15 00:28 -------- d-----w- c:\users\David2\AppData\Roaming\Kareil
2012-11-09 22:01 . 2012-11-15 00:28 -------- d-----w- c:\users\David2\AppData\Roaming\Huykel
2012-11-09 22:01 . 2012-11-09 22:05 -------- d-----w- c:\users\David2\AppData\Roaming\Alece
2012-11-08 02:49 . 2012-11-08 03:06 -------- d-----w- c:\users\David2\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 08:01 . 2010-09-15 11:16 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-04 17:18 . 2010-04-15 01:43 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-16 08:38 . 2012-11-28 05:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 05:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 05:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 02:23 . 2012-10-11 02:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 02:23 . 2012-10-04 00:10 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 02:23 . 2012-10-11 02:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 02:23 . 2012-10-11 02:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 02:23 . 2012-10-11 02:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:23 . 2012-10-11 02:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:23 . 2010-04-08 09:26 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 02:23 . 2010-04-08 09:26 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 02:23 . 2012-10-11 02:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:23 . 2011-02-23 06:58 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 02:22 . 2011-11-06 15:55 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 02:22 . 2012-10-11 02:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 02:22 . 2011-11-06 15:55 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 02:22 . 2012-10-11 02:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 02:22 . 2012-10-11 02:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:22 . 2012-10-11 02:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 02:22 . 2012-10-11 02:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:22 . 2012-10-11 02:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:51 . 2011-02-23 05:39 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-02-23 05:39 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-02-23 05:38 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-02-23 05:38 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2009-07-08 20:01 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2009-07-08 18:01 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-30 00:54 . 2010-08-09 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 11:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 11:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\David2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 144720]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-06-09 55856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-12-02 656624]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-02 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-11-30 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-23 21:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\2s4siev1.default-1354622498778\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-04 17:16:59
ComboFix-quarantined-files.txt 2012-12-04 22:16
ComboFix2.txt 2012-12-03 01:07
.
Pre-Run: 522,837,315,584 bytes free
Post-Run: 522,726,486,016 bytes free
.
- - End Of File - - EFA77AF54366D4D10481F32C89307CC4




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users