Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Google redirect virus problem!


  • This topic is locked This topic is locked
40 replies to this topic

#1 cjtemp

cjtemp

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 08 January 2013 - 11:53 PM

Hi. I had intermittent problems with the Google redirect virus on Firefox and tried a whole variety of solutions, including TDSKiller and even redirecting my DNS. Nothing has worked. I am not prevented from accessing or running any programs, I just get redirected occasionally (not every time) I Google something. This only happens when I click a Google result --- I end up going to another page instead of the one I've clicked. I ended up uninstalling Firefox and switching to IE and didn't have problems for several days. Today it's back and acting up on IE.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_31
Run by HP at 21:45:41 on 2013-01-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.2848 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\HP\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\HP\AppData\Local\Apps\2.0\CJH6K8MV.ZBO\2RX6KCJ3.WC3\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\HP\AppData\Roaming\WindowsDatabase\lsql.exe
C:\Users\HP\Desktop\MBRCheck.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Spotify Web Helper] "C:\Users\HP\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [Apple] rundll32 "C:\Users\HP\AppData\Local\Apps\Apple\zslnvxnn.dll",DllRegisterServerW
uRun: [LightSQL] "C:\Users\HP\AppData\Roaming\WindowsDatabase\lsql.exe" 3
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
StartupFolder: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\HP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{F3E71077-E071-41F8-A66C-7703E3A19F62} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F3E71077-E071-41F8-A66C-7703E3A19F62} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-11 239616]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-6-13 287960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-16 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-16 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-16 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-30 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-01-09 04:40:53 208216 ----a-w- C:\Windows\System32\drivers\28570242.sys
2013-01-09 04:36:55 -------- d-----w- C:\Users\HP\AppData\Roaming\WindowsDatabase
2013-01-09 04:36:51 93184 ----a-w- C:\Users\HP\wgsdgsdgdsgsd.exe
2013-01-08 20:57:15 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90793A6E-0CAC-4382-8D5A-574F77B07A30}\mpengine.dll
2013-01-06 07:07:43 -------- d-----w- C:\Users\HP\AppData\Local\Chromium
2013-01-06 07:07:23 -------- d-----w- C:\ProgramData\Rockstar Games
2013-01-06 07:07:14 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2013-01-01 19:03:59 -------- d-----w- C:\Program Files\HitmanPro
2013-01-01 18:59:38 -------- d-----w- C:\Users\HP\AppData\Local\Programs
2013-01-01 18:35:20 -------- d-sh--w- C:\$RECYCLE.BIN
2012-12-31 07:53:09 -------- d-----w- C:\Program Files\Enigma Software Group
2012-12-31 07:52:32 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-12-21 10:00:34 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 10:00:34 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 10:00:34 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 10:00:34 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-18 17:15:47 -------- d-----w- C:\ProgramData\WD_SmartWareCommon
2012-12-18 04:31:43 -------- d-----w- C:\Users\HP\AppData\Local\Western_Digital
2012-12-18 04:28:42 -------- d-----w- C:\Users\HP\AppData\Roaming\Western Digital
2012-12-18 04:28:27 -------- d-----w- C:\ProgramData\Western Digital
2012-12-18 04:27:59 -------- d-----w- C:\Program Files\Western Digital
2012-12-18 04:27:59 -------- d-----w- C:\Program Files (x86)\Western Digital
2012-12-17 01:04:26 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-12-17 01:02:45 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-12-17 01:02:45 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-12-17 01:02:45 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-12-17 01:02:45 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-12-17 01:02:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-12-17 01:02:45 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-12-17 01:02:45 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-12-17 01:02:45 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-12-17 01:02:45 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-12-17 01:02:42 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-12-17 01:02:42 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-12-16 20:30:29 98816 ----a-w- C:\Windows\sed.exe
2012-12-16 20:30:29 256000 ----a-w- C:\Windows\PEV.exe
2012-12-16 20:30:29 208896 ----a-w- C:\Windows\MBR.exe
2012-12-16 20:07:06 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-12-16 20:05:23 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-12-16 20:05:23 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-12-16 20:05:10 -------- d-----w- C:\ProgramData\PC Tools
2012-12-16 20:05:09 -------- d-----w- C:\Users\HP\AppData\Roaming\TestApp
2012-12-15 06:17:05 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-12-15 04:24:33 917816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
2012-12-15 04:24:33 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-12-15 04:24:33 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-12-15 04:24:33 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2012-12-15 04:24:33 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2012-12-15 04:24:33 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2012-12-15 04:24:33 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2012-12-15 04:24:33 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2012-12-15 04:24:33 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2012-12-15 04:24:33 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2012-12-14 22:49:35 -------- d-----w- C:\Program Files\iPod
2012-12-14 22:49:33 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-14 22:49:33 -------- d-----w- C:\Program Files\iTunes
2012-12-14 22:43:31 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-14 22:43:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-14 22:43:23 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-14 22:34:27 -------- d-----w- C:\TEMP
2012-12-14 21:56:51 -------- d-----w- C:\ProgramData\AVAST Software
2012-12-14 21:56:51 -------- d-----w- C:\Program Files\AVAST Software
2012-12-12 06:03:45 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-11 15:26:11 -------- d-----w- C:\ProgramData\HitmanPro
2012-12-11 15:07:21 -------- d-----w- C:\ProgramData\0E462E269BCDC59F00000E461FE2C7EB
.
==================== Find3M ====================
.
2013-01-09 00:58:22 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 00:58:22 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-14 23:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-25 10:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 10:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
.
============= FINISH: 21:46:12.11 ===============

BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 09 January 2013 - 12:08 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, cjtemp

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 09 January 2013 - 12:08 AM

Hello,

I'd require further investigation.

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 cjtemp

cjtemp
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 09 January 2013 - 01:14 AM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-08 23:02:41
-----------------------------
23:02:41.670 OS Version: Windows x64 6.1.7601 Service Pack 1
23:02:41.670 Number of processors: 8 586 0x1A05
23:02:41.671 ComputerName: HP-PC UserName: HP
23:02:42.915 Initialize success
23:03:57.754 AVAST engine defs: 13010801
23:04:10.996 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:04:10.998 Disk 0 Vendor: WDC_WD75 15.0 Size: 715404MB BusType: 8
23:04:11.006 Disk 0 MBR read successfully
23:04:11.007 Disk 0 MBR scan
23:04:11.010 Disk 0 Windows 7 default MBR code
23:04:11.013 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:04:11.020 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848
23:04:11.048 Disk 0 scanning C:\Windows\system32\drivers
23:04:16.942 Service scanning
23:04:29.266 Modules scanning
23:04:29.270 Disk 0 trace - called modules:
23:04:29.280 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
23:04:29.283 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800628a790]
23:04:29.286 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005ffe050]
23:04:31.176 AVAST engine scan C:\Windows
23:04:34.009 AVAST engine scan C:\Windows\system32
23:06:29.748 AVAST engine scan C:\Windows\system32\drivers
23:06:36.981 AVAST engine scan C:\Users\HP
23:10:21.920 Disk 0 MBR has been saved successfully to "C:\Users\HP\Desktop\MBR.dat"
23:10:21.924 The log file has been saved successfully to "C:\Users\HP\Desktop\aswMBR.txt"



23:11:05.0207 8200 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:11:06.0014 8200 ============================================================
23:11:06.0014 8200 Current date / time: 2013/01/08 23:11:06.0014
23:11:06.0014 8200 SystemInfo:
23:11:06.0014 8200
23:11:06.0014 8200 OS Version: 6.1.7601 ServicePack: 1.0
23:11:06.0014 8200 Product type: Workstation
23:11:06.0014 8200 ComputerName: HP-PC
23:11:06.0014 8200 UserName: HP
23:11:06.0014 8200 Windows directory: C:\Windows
23:11:06.0014 8200 System windows directory: C:\Windows
23:11:06.0014 8200 Running under WOW64
23:11:06.0014 8200 Processor architecture: Intel x64
23:11:06.0014 8200 Number of processors: 8
23:11:06.0014 8200 Page size: 0x1000
23:11:06.0014 8200 Boot type: Normal boot
23:11:06.0014 8200 ============================================================
23:11:06.0985 8200 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:11:06.0998 8200 ============================================================
23:11:06.0998 8200 \Device\Harddisk0\DR0:
23:11:07.0000 8200 MBR partitions:
23:11:07.0001 8200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:11:07.0001 8200 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
23:11:07.0001 8200 ============================================================
23:11:07.0035 8200 C: <-> \Device\Harddisk0\DR0\Partition2
23:11:07.0035 8200 ============================================================
23:11:07.0035 8200 Initialize success
23:11:07.0035 8200 ============================================================
23:11:08.0586 6500 ============================================================
23:11:08.0586 6500 Scan started
23:11:08.0586 6500 Mode: Manual;
23:11:08.0586 6500 ============================================================
23:11:10.0130 6500 ================ Scan system memory ========================
23:11:10.0130 6500 System memory - ok
23:11:10.0130 6500 ================ Scan services =============================
23:11:10.0428 6500 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:11:10.0430 6500 1394ohci - ok
23:11:10.0444 6500 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:11:10.0447 6500 ACPI - ok
23:11:10.0459 6500 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:11:10.0459 6500 AcpiPmi - ok
23:11:10.0533 6500 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:11:10.0534 6500 AdobeARMservice - ok
23:11:10.0632 6500 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:11:10.0634 6500 AdobeFlashPlayerUpdateSvc - ok
23:11:10.0663 6500 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:11:10.0667 6500 adp94xx - ok
23:11:10.0682 6500 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:11:10.0685 6500 adpahci - ok
23:11:10.0701 6500 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:11:10.0702 6500 adpu320 - ok
23:11:10.0723 6500 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:11:10.0724 6500 AeLookupSvc - ok
23:11:10.0773 6500 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:11:10.0777 6500 AFD - ok
23:11:10.0789 6500 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:11:10.0790 6500 agp440 - ok
23:11:10.0805 6500 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:11:10.0806 6500 ALG - ok
23:11:10.0813 6500 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:11:10.0814 6500 aliide - ok
23:11:10.0854 6500 [ 9C616BA191B80F5CD1A1B9553E107100 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:11:10.0856 6500 AMD External Events Utility - ok
23:11:10.0859 6500 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:11:10.0859 6500 amdide - ok
23:11:10.0873 6500 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:11:10.0874 6500 AmdK8 - ok
23:11:11.0033 6500 [ 5165E83751B8FF40E5E4925996FCC506 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:11:11.0160 6500 amdkmdag - ok
23:11:11.0185 6500 [ 86AB3CF484260C4318F3A6E8B035F422 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:11:11.0188 6500 amdkmdap - ok
23:11:11.0203 6500 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:11:11.0204 6500 AmdPPM - ok
23:11:11.0221 6500 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:11:11.0222 6500 amdsata - ok
23:11:11.0232 6500 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:11:11.0234 6500 amdsbs - ok
23:11:11.0243 6500 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:11:11.0243 6500 amdxata - ok
23:11:11.0257 6500 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:11:11.0258 6500 AppID - ok
23:11:11.0260 6500 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:11:11.0260 6500 AppIDSvc - ok
23:11:11.0271 6500 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:11:11.0271 6500 Appinfo - ok
23:11:11.0353 6500 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:11:11.0354 6500 Apple Mobile Device - ok
23:11:11.0374 6500 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:11:11.0376 6500 AppMgmt - ok
23:11:11.0383 6500 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
23:11:11.0384 6500 arc - ok
23:11:11.0391 6500 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:11:11.0392 6500 arcsas - ok
23:11:11.0408 6500 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:11:11.0409 6500 AsyncMac - ok
23:11:11.0415 6500 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:11:11.0416 6500 atapi - ok
23:11:11.0451 6500 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:11:11.0456 6500 AudioEndpointBuilder - ok
23:11:11.0463 6500 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:11:11.0465 6500 AudioSrv - ok
23:11:11.0478 6500 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:11:11.0479 6500 AxInstSV - ok
23:11:11.0499 6500 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:11:11.0502 6500 b06bdrv - ok
23:11:11.0515 6500 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:11:11.0517 6500 b57nd60a - ok
23:11:11.0532 6500 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:11:11.0533 6500 BDESVC - ok
23:11:11.0539 6500 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:11:11.0539 6500 Beep - ok
23:11:11.0580 6500 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:11:11.0586 6500 BFE - ok
23:11:11.0648 6500 [ 8DC837789BBF0E1BEF252A8F7C101F7B ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
23:11:11.0649 6500 BingDesktopUpdate - ok
23:11:11.0686 6500 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
23:11:11.0694 6500 BITS - ok
23:11:11.0699 6500 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:11:11.0700 6500 blbdrive - ok
23:11:11.0773 6500 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:11:11.0776 6500 Bonjour Service - ok
23:11:11.0797 6500 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:11:11.0799 6500 bowser - ok
23:11:11.0807 6500 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:11:11.0807 6500 BrFiltLo - ok
23:11:11.0812 6500 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:11:11.0812 6500 BrFiltUp - ok
23:11:11.0815 6500 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:11:11.0816 6500 BridgeMP - ok
23:11:11.0840 6500 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:11:11.0841 6500 Browser - ok
23:11:11.0857 6500 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:11:11.0859 6500 Brserid - ok
23:11:11.0880 6500 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:11:11.0881 6500 BrSerWdm - ok
23:11:11.0889 6500 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:11:11.0889 6500 BrUsbMdm - ok
23:11:11.0895 6500 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:11:11.0895 6500 BrUsbSer - ok
23:11:11.0905 6500 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:11:11.0906 6500 BTHMODEM - ok
23:11:11.0918 6500 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:11:11.0919 6500 bthserv - ok
23:11:11.0947 6500 catchme - ok
23:11:11.0963 6500 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:11:11.0964 6500 cdfs - ok
23:11:11.0984 6500 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:11:11.0985 6500 cdrom - ok
23:11:12.0004 6500 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:11:12.0005 6500 CertPropSvc - ok
23:11:12.0016 6500 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
23:11:12.0017 6500 circlass - ok
23:11:12.0033 6500 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:11:12.0037 6500 CLFS - ok
23:11:12.0087 6500 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:11:12.0087 6500 clr_optimization_v2.0.50727_32 - ok
23:11:12.0123 6500 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:11:12.0124 6500 clr_optimization_v2.0.50727_64 - ok
23:11:12.0176 6500 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:11:12.0177 6500 clr_optimization_v4.0.30319_32 - ok
23:11:12.0200 6500 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:11:12.0201 6500 clr_optimization_v4.0.30319_64 - ok
23:11:12.0206 6500 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
23:11:12.0207 6500 CmBatt - ok
23:11:12.0222 6500 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:11:12.0222 6500 cmdide - ok
23:11:12.0251 6500 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
23:11:12.0255 6500 CNG - ok
23:11:12.0268 6500 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:11:12.0269 6500 Compbatt - ok
23:11:12.0280 6500 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:11:12.0281 6500 CompositeBus - ok
23:11:12.0294 6500 COMSysApp - ok
23:11:12.0305 6500 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:11:12.0306 6500 crcdisk - ok
23:11:12.0342 6500 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:11:12.0344 6500 CryptSvc - ok
23:11:12.0363 6500 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
23:11:12.0367 6500 CSC - ok
23:11:12.0382 6500 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
23:11:12.0387 6500 CscService - ok
23:11:12.0412 6500 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:11:12.0416 6500 DcomLaunch - ok
23:11:12.0438 6500 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:11:12.0440 6500 defragsvc - ok
23:11:12.0462 6500 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:11:12.0463 6500 DfsC - ok
23:11:12.0486 6500 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:11:12.0489 6500 Dhcp - ok
23:11:12.0495 6500 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:11:12.0496 6500 discache - ok
23:11:12.0499 6500 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
23:11:12.0499 6500 Disk - ok
23:11:12.0520 6500 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
23:11:12.0521 6500 dmvsc - ok
23:11:12.0542 6500 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:11:12.0544 6500 Dnscache - ok
23:11:12.0551 6500 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:11:12.0553 6500 dot3svc - ok
23:11:12.0561 6500 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:11:12.0563 6500 DPS - ok
23:11:12.0591 6500 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:11:12.0592 6500 drmkaud - ok
23:11:12.0610 6500 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:11:12.0617 6500 DXGKrnl - ok
23:11:12.0649 6500 [ 761B9EDD97A021AA1922501B7A056635 ] e1yexpress C:\Windows\system32\DRIVERS\e1y62x64.sys
23:11:12.0652 6500 e1yexpress - ok
23:11:12.0662 6500 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:11:12.0663 6500 EapHost - ok
23:11:12.0713 6500 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:11:12.0756 6500 ebdrv - ok
23:11:12.0786 6500 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:11:12.0787 6500 EFS - ok
23:11:12.0835 6500 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:11:12.0840 6500 ehRecvr - ok
23:11:12.0847 6500 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:11:12.0848 6500 ehSched - ok
23:11:12.0862 6500 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:11:12.0866 6500 elxstor - ok
23:11:12.0871 6500 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:11:12.0872 6500 ErrDev - ok
23:11:12.0919 6500 esgiguard - ok
23:11:12.0935 6500 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:11:12.0939 6500 EventSystem - ok
23:11:12.0953 6500 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:11:12.0955 6500 exfat - ok
23:11:12.0969 6500 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:11:12.0971 6500 fastfat - ok
23:11:12.0988 6500 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:11:12.0992 6500 Fax - ok
23:11:12.0995 6500 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
23:11:12.0995 6500 fdc - ok
23:11:13.0008 6500 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:11:13.0008 6500 fdPHost - ok
23:11:13.0017 6500 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:11:13.0017 6500 FDResPub - ok
23:11:13.0024 6500 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:11:13.0025 6500 FileInfo - ok
23:11:13.0027 6500 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:11:13.0028 6500 Filetrace - ok
23:11:13.0030 6500 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:11:13.0030 6500 flpydisk - ok
23:11:13.0046 6500 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:11:13.0049 6500 FltMgr - ok
23:11:13.0079 6500 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:11:13.0088 6500 FontCache - ok
23:11:13.0104 6500 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:11:13.0105 6500 FontCache3.0.0.0 - ok
23:11:13.0112 6500 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:11:13.0113 6500 FsDepends - ok
23:11:13.0125 6500 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:11:13.0125 6500 Fs_Rec - ok
23:11:13.0145 6500 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:11:13.0146 6500 fvevol - ok
23:11:13.0149 6500 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:11:13.0150 6500 gagp30kx - ok
23:11:13.0175 6500 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:11:13.0176 6500 GEARAspiWDM - ok
23:11:13.0197 6500 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:11:13.0204 6500 gpsvc - ok
23:11:13.0282 6500 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:11:13.0283 6500 gupdate - ok
23:11:13.0294 6500 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:11:13.0295 6500 gupdatem - ok
23:11:13.0334 6500 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:11:13.0335 6500 gusvc - ok
23:11:13.0338 6500 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:11:13.0338 6500 hcw85cir - ok
23:11:13.0370 6500 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:11:13.0373 6500 HdAudAddService - ok
23:11:13.0399 6500 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:11:13.0401 6500 HDAudBus - ok
23:11:13.0403 6500 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:11:13.0403 6500 HidBatt - ok
23:11:13.0406 6500 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:11:13.0407 6500 HidBth - ok
23:11:13.0415 6500 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
23:11:13.0416 6500 HidIr - ok
23:11:13.0434 6500 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
23:11:13.0435 6500 hidserv - ok
23:11:13.0458 6500 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:11:13.0458 6500 HidUsb - ok
23:11:13.0469 6500 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:11:13.0470 6500 hkmsvc - ok
23:11:13.0482 6500 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:11:13.0485 6500 HomeGroupListener - ok
23:11:13.0497 6500 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:11:13.0499 6500 HomeGroupProvider - ok
23:11:13.0505 6500 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:11:13.0506 6500 HpSAMD - ok
23:11:13.0527 6500 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:11:13.0533 6500 HTTP - ok
23:11:13.0539 6500 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:11:13.0540 6500 hwpolicy - ok
23:11:13.0553 6500 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:11:13.0554 6500 i8042prt - ok
23:11:13.0569 6500 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:11:13.0571 6500 iaStorV - ok
23:11:13.0604 6500 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:11:13.0611 6500 idsvc - ok
23:11:13.0620 6500 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:11:13.0620 6500 iirsp - ok
23:11:13.0638 6500 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:11:13.0645 6500 IKEEXT - ok
23:11:13.0704 6500 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:11:13.0738 6500 IntcAzAudAddService - ok
23:11:13.0745 6500 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:11:13.0745 6500 intelide - ok
23:11:13.0762 6500 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:11:13.0762 6500 intelppm - ok
23:11:13.0768 6500 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:11:13.0769 6500 IPBusEnum - ok
23:11:13.0782 6500 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:11:13.0783 6500 IpFilterDriver - ok
23:11:13.0819 6500 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:11:13.0823 6500 iphlpsvc - ok
23:11:13.0827 6500 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:11:13.0828 6500 IPMIDRV - ok
23:11:13.0831 6500 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:11:13.0832 6500 IPNAT - ok
23:11:13.0887 6500 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:11:13.0893 6500 iPod Service - ok
23:11:13.0922 6500 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:11:13.0923 6500 IRENUM - ok
23:11:13.0931 6500 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:11:13.0931 6500 isapnp - ok
23:11:13.0944 6500 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:11:13.0947 6500 iScsiPrt - ok
23:11:13.0996 6500 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
23:11:13.0996 6500 ivusb - ok
23:11:14.0017 6500 [ 79A55E8907F34AB569029505418C35EF ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
23:11:14.0018 6500 JRAID - ok
23:11:14.0025 6500 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:11:14.0026 6500 kbdclass - ok
23:11:14.0047 6500 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:11:14.0048 6500 kbdhid - ok
23:11:14.0052 6500 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:11:14.0053 6500 KeyIso - ok
23:11:14.0079 6500 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:11:14.0080 6500 KSecDD - ok
23:11:14.0101 6500 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:11:14.0103 6500 KSecPkg - ok
23:11:14.0122 6500 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:11:14.0122 6500 ksthunk - ok
23:11:14.0135 6500 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:11:14.0138 6500 KtmRm - ok
23:11:14.0160 6500 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:11:14.0163 6500 LanmanServer - ok
23:11:14.0169 6500 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:11:14.0171 6500 LanmanWorkstation - ok
23:11:14.0190 6500 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:11:14.0190 6500 lltdio - ok
23:11:14.0201 6500 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:11:14.0204 6500 lltdsvc - ok
23:11:14.0218 6500 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:11:14.0219 6500 lmhosts - ok
23:11:14.0235 6500 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:11:14.0236 6500 LSI_FC - ok
23:11:14.0245 6500 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:11:14.0245 6500 LSI_SAS - ok
23:11:14.0258 6500 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:11:14.0259 6500 LSI_SAS2 - ok
23:11:14.0273 6500 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:11:14.0274 6500 LSI_SCSI - ok
23:11:14.0286 6500 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:11:14.0287 6500 luafv - ok
23:11:14.0303 6500 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:11:14.0305 6500 Mcx2Svc - ok
23:11:14.0314 6500 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
23:11:14.0314 6500 megasas - ok
23:11:14.0327 6500 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:11:14.0329 6500 MegaSR - ok
23:11:14.0339 6500 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:11:14.0340 6500 MMCSS - ok
23:11:14.0354 6500 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:11:14.0355 6500 Modem - ok
23:11:14.0394 6500 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:11:14.0395 6500 monitor - ok
23:11:14.0400 6500 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:11:14.0401 6500 mouclass - ok
23:11:14.0410 6500 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:11:14.0411 6500 mouhid - ok
23:11:14.0417 6500 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:11:14.0418 6500 mountmgr - ok
23:11:14.0432 6500 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:11:14.0434 6500 mpio - ok
23:11:14.0449 6500 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:11:14.0450 6500 mpsdrv - ok
23:11:14.0463 6500 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:11:14.0470 6500 MpsSvc - ok
23:11:14.0500 6500 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:11:14.0502 6500 MRxDAV - ok
23:11:14.0516 6500 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:11:14.0518 6500 mrxsmb - ok
23:11:14.0526 6500 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:11:14.0529 6500 mrxsmb10 - ok
23:11:14.0545 6500 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:11:14.0547 6500 mrxsmb20 - ok
23:11:14.0549 6500 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:11:14.0550 6500 msahci - ok
23:11:14.0558 6500 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:11:14.0560 6500 msdsm - ok
23:11:14.0566 6500 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:11:14.0567 6500 MSDTC - ok
23:11:14.0581 6500 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:11:14.0582 6500 Msfs - ok
23:11:14.0602 6500 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:11:14.0603 6500 mshidkmdf - ok
23:11:14.0611 6500 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:11:14.0612 6500 msisadrv - ok
23:11:14.0623 6500 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:11:14.0625 6500 MSiSCSI - ok
23:11:14.0627 6500 msiserver - ok
23:11:14.0644 6500 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:11:14.0644 6500 MSKSSRV - ok
23:11:14.0655 6500 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:11:14.0655 6500 MSPCLOCK - ok
23:11:14.0661 6500 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:11:14.0662 6500 MSPQM - ok
23:11:14.0676 6500 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:11:14.0679 6500 MsRPC - ok
23:11:14.0696 6500 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:11:14.0696 6500 mssmbios - ok
23:11:14.0710 6500 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:11:14.0711 6500 MSTEE - ok
23:11:14.0717 6500 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:11:14.0717 6500 MTConfig - ok
23:11:14.0719 6500 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:11:14.0720 6500 Mup - ok
23:11:14.0752 6500 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:11:14.0757 6500 napagent - ok
23:11:14.0785 6500 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:11:14.0788 6500 NativeWifiP - ok
23:11:14.0826 6500 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:11:14.0833 6500 NDIS - ok
23:11:14.0850 6500 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:11:14.0851 6500 NdisCap - ok
23:11:14.0878 6500 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:11:14.0878 6500 NdisTapi - ok
23:11:14.0896 6500 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:11:14.0897 6500 Ndisuio - ok
23:11:14.0912 6500 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:11:14.0914 6500 NdisWan - ok
23:11:14.0925 6500 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:11:14.0926 6500 NDProxy - ok
23:11:14.0937 6500 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:11:14.0938 6500 NetBIOS - ok
23:11:14.0948 6500 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:11:14.0950 6500 NetBT - ok
23:11:14.0961 6500 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:11:14.0961 6500 Netlogon - ok
23:11:14.0991 6500 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:11:14.0995 6500 Netman - ok
23:11:15.0010 6500 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:11:15.0014 6500 netprofm - ok
23:11:15.0035 6500 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:11:15.0036 6500 NetTcpPortSharing - ok
23:11:15.0051 6500 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:11:15.0051 6500 nfrd960 - ok
23:11:15.0073 6500 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:11:15.0076 6500 NlaSvc - ok
23:11:15.0119 6500 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
23:11:15.0120 6500 NPF - ok
23:11:15.0126 6500 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:11:15.0127 6500 Npfs - ok
23:11:15.0148 6500 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:11:15.0149 6500 nsi - ok
23:11:15.0159 6500 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:11:15.0160 6500 nsiproxy - ok
23:11:15.0209 6500 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:11:15.0221 6500 Ntfs - ok
23:11:15.0230 6500 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:11:15.0230 6500 Null - ok
23:11:15.0264 6500 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:11:15.0265 6500 nvraid - ok
23:11:15.0281 6500 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:11:15.0282 6500 nvstor - ok
23:11:15.0289 6500 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:11:15.0290 6500 nv_agp - ok
23:11:15.0301 6500 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:11:15.0302 6500 ohci1394 - ok
23:11:15.0339 6500 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:11:15.0340 6500 ose - ok
23:11:15.0482 6500 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:11:15.0546 6500 osppsvc - ok
23:11:15.0557 6500 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:11:15.0560 6500 p2pimsvc - ok
23:11:15.0570 6500 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:11:15.0574 6500 p2psvc - ok
23:11:15.0582 6500 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
23:11:15.0583 6500 Parport - ok
23:11:15.0607 6500 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:11:15.0608 6500 partmgr - ok
23:11:15.0622 6500 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:11:15.0624 6500 PcaSvc - ok
23:11:15.0631 6500 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:11:15.0633 6500 pci - ok
23:11:15.0644 6500 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:11:15.0644 6500 pciide - ok
23:11:15.0658 6500 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:11:15.0660 6500 pcmcia - ok
23:11:15.0672 6500 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:11:15.0673 6500 pcw - ok
23:11:15.0693 6500 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:11:15.0698 6500 PEAUTH - ok
23:11:15.0733 6500 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:11:15.0744 6500 PeerDistSvc - ok
23:11:15.0803 6500 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:11:15.0804 6500 PerfHost - ok
23:11:15.0835 6500 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:11:15.0846 6500 pla - ok
23:11:15.0886 6500 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:11:15.0890 6500 PlugPlay - ok
23:11:15.0916 6500 PnkBstrA - ok
23:11:15.0928 6500 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:11:15.0929 6500 PNRPAutoReg - ok
23:11:15.0940 6500 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:11:15.0942 6500 PNRPsvc - ok
23:11:15.0973 6500 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:11:15.0977 6500 PolicyAgent - ok
23:11:15.0998 6500 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:11:16.0000 6500 Power - ok
23:11:16.0023 6500 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:11:16.0024 6500 PptpMiniport - ok
23:11:16.0039 6500 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
23:11:16.0040 6500 Processor - ok
23:11:16.0076 6500 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:11:16.0079 6500 ProfSvc - ok
23:11:16.0086 6500 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:11:16.0086 6500 ProtectedStorage - ok
23:11:16.0097 6500 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:11:16.0098 6500 Psched - ok
23:11:16.0125 6500 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:11:16.0137 6500 ql2300 - ok
23:11:16.0162 6500 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:11:16.0163 6500 ql40xx - ok
23:11:16.0178 6500 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:11:16.0181 6500 QWAVE - ok
23:11:16.0187 6500 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:11:16.0188 6500 QWAVEdrv - ok
23:11:16.0197 6500 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:11:16.0197 6500 RasAcd - ok
23:11:16.0228 6500 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:11:16.0229 6500 RasAgileVpn - ok
23:11:16.0237 6500 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:11:16.0239 6500 RasAuto - ok
23:11:16.0245 6500 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:11:16.0246 6500 Rasl2tp - ok
23:11:16.0256 6500 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:11:16.0259 6500 RasMan - ok
23:11:16.0262 6500 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:11:16.0263 6500 RasPppoe - ok
23:11:16.0281 6500 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:11:16.0282 6500 RasSstp - ok
23:11:16.0292 6500 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:11:16.0294 6500 rdbss - ok
23:11:16.0297 6500 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:11:16.0297 6500 rdpbus - ok
23:11:16.0304 6500 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:11:16.0305 6500 RDPCDD - ok
23:11:16.0326 6500 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:11:16.0328 6500 RDPDR - ok
23:11:16.0353 6500 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:11:16.0353 6500 RDPENCDD - ok
23:11:16.0367 6500 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:11:16.0367 6500 RDPREFMP - ok
23:11:16.0408 6500 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:11:16.0408 6500 RdpVideoMiniport - ok
23:11:16.0438 6500 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:11:16.0440 6500 RDPWD - ok
23:11:16.0456 6500 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:11:16.0458 6500 rdyboost - ok
23:11:16.0470 6500 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:11:16.0472 6500 RemoteAccess - ok
23:11:16.0480 6500 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:11:16.0482 6500 RemoteRegistry - ok
23:11:16.0541 6500 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
23:11:16.0542 6500 rpcapd - ok
23:11:16.0565 6500 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:11:16.0567 6500 RpcEptMapper - ok
23:11:16.0585 6500 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:11:16.0585 6500 RpcLocator - ok
23:11:16.0603 6500 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:11:16.0606 6500 RpcSs - ok
23:11:16.0618 6500 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:11:16.0619 6500 rspndr - ok
23:11:16.0637 6500 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:11:16.0637 6500 s3cap - ok
23:11:16.0639 6500 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:11:16.0640 6500 SamSs - ok
23:11:16.0651 6500 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:11:16.0652 6500 sbp2port - ok
23:11:16.0667 6500 SBRE - ok
23:11:16.0682 6500 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:11:16.0684 6500 SCardSvr - ok
23:11:16.0691 6500 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:11:16.0692 6500 scfilter - ok
23:11:16.0712 6500 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:11:16.0721 6500 Schedule - ok
23:11:16.0745 6500 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:11:16.0746 6500 SCPolicySvc - ok
23:11:16.0755 6500 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:11:16.0758 6500 SDRSVC - ok
23:11:16.0777 6500 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:11:16.0778 6500 secdrv - ok
23:11:16.0786 6500 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:11:16.0788 6500 seclogon - ok
23:11:16.0794 6500 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
23:11:16.0795 6500 SENS - ok
23:11:16.0802 6500 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:11:16.0803 6500 SensrSvc - ok
23:11:16.0810 6500 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
23:11:16.0810 6500 Serenum - ok
23:11:16.0820 6500 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
23:11:16.0821 6500 Serial - ok
23:11:16.0833 6500 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:11:16.0834 6500 sermouse - ok
23:11:16.0841 6500 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:11:16.0843 6500 SessionEnv - ok
23:11:16.0851 6500 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:11:16.0852 6500 sffdisk - ok
23:11:16.0859 6500 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:11:16.0860 6500 sffp_mmc - ok
23:11:16.0872 6500 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:11:16.0872 6500 sffp_sd - ok
23:11:16.0882 6500 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:11:16.0882 6500 sfloppy - ok
23:11:16.0904 6500 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:11:16.0907 6500 SharedAccess - ok
23:11:16.0917 6500 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:11:16.0921 6500 ShellHWDetection - ok
23:11:16.0944 6500 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:11:16.0944 6500 SiSRaid2 - ok
23:11:16.0959 6500 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:11:16.0960 6500 SiSRaid4 - ok
23:11:16.0984 6500 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:11:16.0985 6500 Smb - ok
23:11:16.0999 6500 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:11:17.0000 6500 SNMPTRAP - ok
23:11:17.0005 6500 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:11:17.0006 6500 spldr - ok
23:11:17.0035 6500 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:11:17.0040 6500 Spooler - ok
23:11:17.0096 6500 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:11:17.0139 6500 sppsvc - ok
23:11:17.0151 6500 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:11:17.0152 6500 sppuinotify - ok
23:11:17.0165 6500 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:11:17.0169 6500 srv - ok
23:11:17.0186 6500 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:11:17.0189 6500 srv2 - ok
23:11:17.0206 6500 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:11:17.0208 6500 srvnet - ok
23:11:17.0231 6500 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:11:17.0233 6500 SSDPSRV - ok
23:11:17.0246 6500 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:11:17.0248 6500 SstpSvc - ok
23:11:17.0266 6500 Steam Client Service - ok
23:11:17.0280 6500 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:11:17.0280 6500 stexstor - ok
23:11:17.0309 6500 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:11:17.0315 6500 stisvc - ok
23:11:17.0327 6500 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:11:17.0328 6500 storflt - ok
23:11:17.0340 6500 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
23:11:17.0341 6500 StorSvc - ok
23:11:17.0354 6500 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:11:17.0354 6500 storvsc - ok
23:11:17.0357 6500 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:11:17.0357 6500 swenum - ok
23:11:17.0371 6500 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:11:17.0376 6500 swprv - ok
23:11:17.0408 6500 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:11:17.0422 6500 SysMain - ok
23:11:17.0430 6500 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:11:17.0432 6500 TabletInputService - ok
23:11:17.0443 6500 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:11:17.0447 6500 TapiSrv - ok
23:11:17.0452 6500 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:11:17.0453 6500 TBS - ok
23:11:17.0507 6500 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:11:17.0530 6500 Tcpip - ok
23:11:17.0551 6500 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:11:17.0558 6500 TCPIP6 - ok
23:11:17.0586 6500 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:11:17.0587 6500 tcpipreg - ok
23:11:17.0599 6500 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:11:17.0599 6500 TDPIPE - ok
23:11:17.0621 6500 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:11:17.0622 6500 TDTCP - ok
23:11:17.0633 6500 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:11:17.0634 6500 tdx - ok
23:11:17.0644 6500 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:11:17.0645 6500 TermDD - ok
23:11:17.0664 6500 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:11:17.0670 6500 TermService - ok
23:11:17.0681 6500 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:11:17.0682 6500 Themes - ok
23:11:17.0689 6500 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:11:17.0689 6500 THREADORDER - ok
23:11:17.0697 6500 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:11:17.0699 6500 TrkWks - ok
23:11:17.0740 6500 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:11:17.0742 6500 TrustedInstaller - ok
23:11:17.0750 6500 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:11:17.0751 6500 tssecsrv - ok
23:11:17.0772 6500 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:11:17.0773 6500 TsUsbFlt - ok
23:11:17.0797 6500 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:11:17.0798 6500 TsUsbGD - ok
23:11:17.0824 6500 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:11:17.0825 6500 tunnel - ok
23:11:17.0834 6500 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:11:17.0835 6500 uagp35 - ok
23:11:17.0852 6500 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:11:17.0855 6500 udfs - ok
23:11:17.0860 6500 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:11:17.0861 6500 UI0Detect - ok
23:11:17.0868 6500 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:11:17.0869 6500 uliagpkx - ok
23:11:17.0880 6500 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:11:17.0881 6500 umbus - ok
23:11:17.0896 6500 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
23:11:17.0897 6500 UmPass - ok
23:11:17.0914 6500 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
23:11:17.0917 6500 UmRdpService - ok
23:11:17.0931 6500 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:11:17.0935 6500 upnphost - ok
23:11:17.0975 6500 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:11:17.0976 6500 USBAAPL64 - ok
23:11:18.0017 6500 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:11:18.0018 6500 usbaudio - ok
23:11:18.0043 6500 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:11:18.0045 6500 usbccgp - ok
23:11:18.0066 6500 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:11:18.0068 6500 usbcir - ok
23:11:18.0089 6500 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:11:18.0089 6500 usbehci - ok
23:11:18.0098 6500 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:11:18.0101 6500 usbhub - ok
23:11:18.0111 6500 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:11:18.0111 6500 usbohci - ok
23:11:18.0129 6500 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:11:18.0130 6500 usbprint - ok
23:11:18.0141 6500 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:11:18.0141 6500 usbscan - ok
23:11:18.0169 6500 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:11:18.0170 6500 USBSTOR - ok
23:11:18.0173 6500 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:11:18.0173 6500 usbuhci - ok
23:11:18.0178 6500 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:11:18.0179 6500 UxSms - ok
23:11:18.0185 6500 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:11:18.0186 6500 VaultSvc - ok
23:11:18.0192 6500 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:11:18.0192 6500 vdrvroot - ok
23:11:18.0209 6500 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:11:18.0214 6500 vds - ok
23:11:18.0239 6500 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:11:18.0240 6500 vga - ok
23:11:18.0247 6500 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:11:18.0248 6500 VgaSave - ok
23:11:18.0259 6500 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:11:18.0261 6500 vhdmp - ok
23:11:18.0276 6500 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:11:18.0277 6500 viaide - ok
23:11:18.0286 6500 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:11:18.0288 6500 vmbus - ok
23:11:18.0300 6500 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:11:18.0301 6500 VMBusHID - ok
23:11:18.0310 6500 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:11:18.0311 6500 volmgr - ok
23:11:18.0323 6500 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:11:18.0326 6500 volmgrx - ok
23:11:18.0333 6500 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:11:18.0336 6500 volsnap - ok
23:11:18.0356 6500 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:11:18.0357 6500 vsmraid - ok
23:11:18.0389 6500 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:11:18.0401 6500 VSS - ok
23:11:18.0409 6500 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:11:18.0409 6500 vwifibus - ok
23:11:18.0427 6500 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:11:18.0429 6500 W32Time - ok
23:11:18.0443 6500 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:11:18.0443 6500 WacomPen - ok
23:11:18.0463 6500 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:11:18.0464 6500 WANARP - ok
23:11:18.0475 6500 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:11:18.0475 6500 Wanarpv6 - ok
23:11:18.0516 6500 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:11:18.0525 6500 WatAdminSvc - ok
23:11:18.0553 6500 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:11:18.0566 6500 wbengine - ok
23:11:18.0574 6500 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:11:18.0577 6500 WbioSrvc - ok
23:11:18.0591 6500 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:11:18.0595 6500 wcncsvc - ok
23:11:18.0608 6500 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:11:18.0610 6500 WcsPlugInService - ok
23:11:18.0620 6500 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
23:11:18.0620 6500 Wd - ok
23:11:18.0661 6500 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
23:11:18.0662 6500 WDC_SAM - ok
23:11:18.0704 6500 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:11:18.0710 6500 Wdf01000 - ok
23:11:18.0716 6500 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:11:18.0718 6500 WdiServiceHost - ok
23:11:18.0720 6500 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:11:18.0721 6500 WdiSystemHost - ok
23:11:18.0734 6500 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:11:18.0738 6500 WebClient - ok
23:11:18.0748 6500 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:11:18.0751 6500 Wecsvc - ok
23:11:18.0763 6500 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:11:18.0765 6500 wercplsupport - ok
23:11:18.0783 6500 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:11:18.0784 6500 WerSvc - ok
23:11:18.0788 6500 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:11:18.0789 6500 WfpLwf - ok
23:11:18.0801 6500 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:11:18.0801 6500 WIMMount - ok
23:11:18.0812 6500 WinDefend - ok
23:11:18.0815 6500 WinHttpAutoProxySvc - ok
23:11:18.0850 6500 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:11:18.0852 6500 Winmgmt - ok
23:11:18.0880 6500 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:11:18.0902 6500 WinRM - ok
23:11:18.0941 6500 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:11:18.0942 6500 WinUsb - ok
23:11:18.0960 6500 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:11:18.0968 6500 Wlansvc - ok
23:11:18.0981 6500 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:11:18.0982 6500 WmiAcpi - ok
23:11:18.0993 6500 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:11:18.0995 6500 wmiApSrv - ok
23:11:19.0014 6500 WMPNetworkSvc - ok
23:11:19.0039 6500 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:11:19.0040 6500 WPCSvc - ok
23:11:19.0043 6500 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:11:19.0045 6500 WPDBusEnum - ok
23:11:19.0056 6500 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:11:19.0057 6500 ws2ifsl - ok
23:11:19.0069 6500 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
23:11:19.0071 6500 wscsvc - ok
23:11:19.0073 6500 WSearch - ok
23:11:19.0132 6500 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:11:19.0166 6500 wuauserv - ok
23:11:19.0190 6500 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:11:19.0191 6500 WudfPf - ok
23:11:19.0216 6500 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:11:19.0218 6500 WUDFRd - ok
23:11:19.0244 6500 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:11:19.0246 6500 wudfsvc - ok
23:11:19.0254 6500 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:11:19.0257 6500 WwanSvc - ok
23:11:19.0265 6500 ================ Scan global ===============================
23:11:19.0279 6500 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:11:19.0312 6500 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:11:19.0317 6500 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:11:19.0333 6500 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:11:19.0351 6500 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:11:19.0354 6500 [Global] - ok
23:11:19.0354 6500 ================ Scan MBR ==================================
23:11:19.0369 6500 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:11:19.0520 6500 \Device\Harddisk0\DR0 - ok
23:11:19.0520 6500 ================ Scan VBR ==================================
23:11:19.0522 6500 [ EC607865398A1AAF2AED3B6C5A205121 ] \Device\Harddisk0\DR0\Partition1
23:11:19.0523 6500 \Device\Harddisk0\DR0\Partition1 - ok
23:11:19.0533 6500 [ 3D6C137933C02B43B8ADF2466B3A178C ] \Device\Harddisk0\DR0\Partition2
23:11:19.0534 6500 \Device\Harddisk0\DR0\Partition2 - ok
23:11:19.0534 6500 ============================================================
23:11:19.0534 6500 Scan finished
23:11:19.0534 6500 ============================================================
23:11:19.0540 7764 Detected object count: 0
23:11:19.0540 7764 Actual detected object count: 0

#5 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 09 January 2013 - 03:16 AM

Can I have a look at ComboFix log please?

You should be able to find it at C:\ComboFix.txt
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#6 cjtemp

cjtemp
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 09 January 2013 - 10:45 AM

ComboFix 13-01-01.02 - HP 01/01/2013 11:27:48.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.4455 [GMT -7:00]
Running from: c:\users\HP\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP\AppData\Local\Temp\_MEI28242\_ctypes.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\_elementtree.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\_hashlib.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\_socket.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\_ssl.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\pyexpat.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\pysqlite2._sqlite.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\python26.dll
c:\users\HP\AppData\Local\Temp\_MEI28242\pythoncom26.dll
c:\users\HP\AppData\Local\Temp\_MEI28242\PyWinTypes26.dll
c:\users\HP\AppData\Local\Temp\_MEI28242\select.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\unicodedata.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\win32api.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\win32com.shell.shell.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\win32crypt.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\win32event.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\win32file.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\win32inet.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\win32pdh.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\win32process.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\win32profile.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\win32security.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\win32ts.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\windows._cacheinvalidation.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\wx._controls_.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\wx._core_.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\wx._gdi_.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\wx._html2.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\wx._misc_.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\wx._windows_.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\wx._wizard.pyd
c:\users\HP\AppData\Local\Temp\_MEI28242\wxbase293u_net_vc.dll
c:\users\HP\AppData\Local\Temp\_MEI28242\wxbase293u_vc.dll
c:\users\HP\AppData\Local\Temp\_MEI28242\wxmsw293u_adv_vc.dll
c:\users\HP\AppData\Local\Temp\_MEI28242\wxmsw293u_core_vc.dll
c:\users\HP\AppData\Local\Temp\_MEI28242\wxmsw293u_html_vc.dll
c:\users\HP\AppData\Local\Temp\_MEI28242\wxmsw293u_webview_vc.dll
c:\users\HP\AppData\Local\xtsgvgfu.exe
c:\users\HP\AppData\Roaming\psbad.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 )))))))))))))))))))))))))))))))
.
.
2013-01-01 18:33 . 2013-01-01 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-01 18:07 . 2013-01-01 18:07 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-01 12:13 . 2012-11-19 08:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6B13EC0-26F6-4F1A-AF8F-8A80D2AB70F5}\mpengine.dll
2012-12-31 17:36 . 2012-12-31 17:36 32152 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2012-12-31 07:53 . 2012-12-31 07:53 -------- d-----w- c:\program files\Enigma Software Group
2012-12-31 07:52 . 2012-12-31 16:38 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-12-21 10:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 10:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 10:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 10:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-18 17:15 . 2012-12-18 17:15 -------- d-----w- c:\programdata\WD_SmartWareCommon
2012-12-18 04:31 . 2012-12-18 04:31 -------- d-----w- c:\users\HP\AppData\Local\Western_Digital
2012-12-18 04:28 . 2012-12-18 04:28 -------- d-----w- c:\users\HP\AppData\Roaming\Western Digital
2012-12-18 04:28 . 2012-12-18 04:33 -------- d-----w- c:\programdata\Western Digital
2012-12-18 04:27 . 2012-12-18 04:27 -------- d-----w- c:\program files\Western Digital
2012-12-18 04:27 . 2012-12-18 04:27 -------- d-----w- c:\program files (x86)\Western Digital
2012-12-17 01:05 . 2012-12-17 01:05 -------- d-----w- c:\program files\Microsoft Silverlight
2012-12-17 01:04 . 2012-12-17 01:04 -------- d-----w- c:\program files (x86)\Microsoft
2012-12-17 01:02 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-17 01:02 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-17 01:02 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-12-17 01:02 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-17 01:02 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-17 01:02 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-12-17 01:02 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-12-17 01:02 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-12-17 01:02 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-12-17 01:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-12-17 01:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-12-16 20:07 . 2012-12-31 07:41 -------- d-----w- c:\program files (x86)\PC Tools
2012-12-16 20:05 . 2012-12-31 17:10 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-12-16 20:05 . 2012-11-01 22:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-12-16 20:05 . 2012-12-31 17:09 -------- d-----w- c:\programdata\PC Tools
2012-12-16 20:05 . 2012-12-16 20:05 -------- d-----w- c:\users\HP\AppData\Roaming\TestApp
2012-12-15 06:17 . 2012-12-15 06:17 -------- d-----w- c:\windows\Microsoft Antimalware
2012-12-14 22:49 . 2012-12-14 22:49 -------- d-----w- c:\program files\iPod
2012-12-14 22:49 . 2012-12-14 22:49 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-14 22:49 . 2012-12-14 22:49 -------- d-----w- c:\program files\iTunes
2012-12-14 22:43 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-14 22:43 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-14 22:43 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-14 22:34 . 2012-12-14 22:35 -------- d-----w- C:\TEMP
2012-12-14 21:57 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-14 21:56 . 2012-12-17 00:55 -------- d-----w- c:\programdata\AVAST Software
2012-12-14 21:56 . 2012-12-14 22:56 -------- d-----w- c:\program files\AVAST Software
2012-12-12 06:03 . 2012-10-04 17:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-12-11 15:26 . 2012-12-31 17:02 -------- d-----w- c:\programdata\HitmanPro
2012-12-11 15:07 . 2012-12-31 17:02 -------- d-----w- c:\programdata\0E462E269BCDC59F00000E461FE2C7EB
2012-12-04 03:54 . 2012-12-17 01:05 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 07:55 . 2011-12-30 22:47 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-14 23:58 . 2012-04-12 14:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 23:58 . 2011-12-30 23:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-25 10:12 . 2012-10-25 10:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 10:12 . 2012-10-25 10:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-12-14 22:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-14 22:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-14 22:42 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-16 02:16 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-16 02:16 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 02:16 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 02:16 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-14 22:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-14 1354736]
"Spotify Web Helper"="c:\users\HP\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-29 1199576]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-18 59872]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-12-18 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-11-22 2127896]
.
c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-5-23 0]
Dropbox.lnk - c:\users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2012-12-31 32152]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-30 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-13 287960]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 23:58]
.
2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18 02:38]
.
2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18 02:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 23:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 23:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 23:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 23:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{F3E71077-E071-41F8-A66C-7703E3A19F62}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\izgfhi8k.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-31 06:15; {d75728ec-d1d8-4819-ad40-8ca94ab02c4e}; c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\izgfhi8k.default\extensions\{d75728ec-d1d8-4819-ad40-8ca94ab02c4e}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-psbad - c:\users\HP\AppData\Roaming\psbad.dll
SafeBoot-62909481.sys
SafeBoot-69354105.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-01-01 11:38:42 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-01 18:38
ComboFix2.txt 2012-12-17 00:59
.
Pre-Run: 412,742,135,808 bytes free
Post-Run: 412,616,212,480 bytes free
.
- - End Of File - - 4FF08E3FABB1AF27B317D0C40ED5B562

#7 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 09 January 2013 - 11:37 AM

Hi,

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
===================================================

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
===================================================

On your next reply please post :
Adwcleaner log
JRT log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 cjtemp

cjtemp
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 09 January 2013 - 12:41 PM

# AdwCleaner v2.105 - Logfile created 01/09/2013 at 10:30:47
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : HP - HP-PC
# Boot Mode : Normal
# Running from : C:\Users\HP\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\izgfhi8k.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [805 octets] - [09/01/2013 10:30:47]

########## EOF - C:\AdwCleaner[S1].txt - [864 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows 7 Professional x64
Ran by HP on Wed 01/09/2013 at 10:36:20.10
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ Chrome

Dumping contents of C:\Users\HP\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\HP\appdata\local\Google\Chrome\User Data\Default\Default\aaggdggedhgfgfdgdfdcdgdjdedjgggb
C:\Users\HP\appdata\local\Google\Chrome\User Data\Default\Default\aaggdggedhgfgfdgdfdcdgdjdedjgggb\background.js
C:\Users\HP\appdata\local\Google\Chrome\User Data\Default\Default\aaggdggedhgfgfdgdfdcdgdjdedjgggb\ContentScript.js
C:\Users\HP\appdata\local\Google\Chrome\User Data\Default\Default\aaggdggedhgfgfdgdfdcdgdjdedjgggb\manifest.json

Successfully deleted: [Folder] C:\Users\HP\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/09/2013 at 10:40:18.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#9 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 09 January 2013 - 09:53 PM

Are you still having redirects?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#10 cjtemp

cjtemp
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 09 January 2013 - 09:55 PM

Not as far as I can tell but they were relatively infrequent to begin with. Do you think my computer is clean now?

#11 cjtemp

cjtemp
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 09 January 2013 - 09:58 PM

I am reinstalling Firefox and trying some Google searches there. The problem tends to go away for days at a time after running various antivirus programs, though, so I'm a little skeptical.

#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 10 January 2013 - 08:10 AM

Ok, try monitoring it for a few days. Meanwhile, please do this

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
===================================================

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Make sure you saved the log somewhere else. Select Uninstall application on close check box and push Posted Image
===================================================

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


===================================================

On your next reply please post :
ESET log
MBAM log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 cjtemp

cjtemp
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 10 January 2013 - 01:58 PM

The redirect reared its ugly head again last night while using IE. Here are the results of the scans:



Eset:

C:\Users\HP\wgsdgsdgdsgsd.exe a variant of MSIL/Kryptik.HJ trojan
C:\Users\HP\AppData\Local\Apps\Apple\zslnvxnn.dll Win32/Kryptik.ARWW.Gen trojan
C:\Users\HP\AppData\Roaming\WindowsDatabase\lsql.exe a variant of MSIL/Kryptik.HJ trojan
Operating memory multiple threats



Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.10.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HP :: HP-PC [administrator]

1/10/2013 11:54:03 AM
mbam-log-2013-01-10 (11-54-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212660
Time elapsed: 1 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\HP\AppData\Local\Apps\Apple\zslnvxnn.dll (Trojan.Tracur) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Apple (Trojan.Tracur) -> Data: rundll32 "C:\Users\HP\AppData\Local\Apps\Apple\zslnvxnn.dll",DllRegisterServerW -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\HP\AppData\Local\Apps\Apple\zslnvxnn.dll (Trojan.Tracur) -> Delete on reboot.
C:\Users\HP\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.

(end)

#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 10 January 2013 - 10:32 PM

Delete the existing copy and download a fresh one.

Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 cjtemp

cjtemp
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 10 January 2013 - 11:13 PM

I assume you want me to run it as well?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users