Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

audio ads in background, random restarts, sluggish performance


  • This topic is locked This topic is locked
31 replies to this topic

#1 rr716

rr716

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 05 January 2014 - 08:31 PM

Good evening,

looks like i am experiencing what alot of others have on my girlfriends computer, random audio ads in the backgroind that do not require any apps or browsers open.  Also have sluggish performance.  I was experiencing random restarts due supposedly to something about DCOM service being ended or plug and play service ending.  Those have ceased and i do not know what fixed it since but i suspect TDSSkiler fixed it.  Malwarebytes, spybot sd found nothing since day one.  TDSSkiller still finds the following results.

 

unsigned file

service: DcomLaunch

suspicious object medium risk

service start auto (ox2)

file: c:\windows\system32\rpcss.dll

 

unsigned file

sercvice:RpcSs

same as above

same as above

same as above

 

sorry TDSSkiller wont let me copy and paste.  the onyl options are to skip or copy to quarantine and it doesnt matter which i select, these results come back each time i scan.

 

TCPview shows lots of connections to the internet from svchost.exe

 

here is text from rkill

 

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/05/2014 06:21:48 PM in x64 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Rosanna\Desktop\farbar recovery scan tool 64.exe (PID: 10684) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Users\Rosanna\AppData\Local\{e52fd398-1d74-ee88-1c48-97d39a6edae1}\ [ZA Dir]
     * C:\Users\Rosanna\AppData\Local\{e52fd398-1d74-ee88-1c48-97d39a6edae1}\L\ [ZA Dir]
     * C:\Users\Rosanna\AppData\Local\{e52fd398-1d74-ee88-1c48-97d39a6edae1}\U\ [ZA Dir]

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * C:\Windows\System32\rpcss.dll : 509,952 : 07/13/2009 06:41 PM : 3163abd2a4ff5c1a3ba2fc38d8a1c649 [NoSig]
 +-> C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll : 512,000 : 11/20/2010 06:27 AM : 5c627d1b1138676c0a7ab2c2c190d123 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll : 509,440 : 07/13/2009 06:41 PM : 7266972e86890e2b30c0c322e906b027 [Pos Repl]

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com

  20 out of 15490 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 01/05/2014 06:27:33 PM
Execution time: 0 hours(s), 5 minute(s), and 45 seconds(s)

 

 

i will also post results from other scan as soon as i can post them. 



BC AdBot (Login to Remove)

 


#2 rr716

rr716
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 05 January 2014 - 08:35 PM

here is the fixlist

 

start
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1719944 2013-04-01] (Ask)
C:\Program Files (x86)\Ask.com
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={2BF72CEA-DAB1-11E2-A621-3085A93C9922}
SearchScopes: HKCU - DefaultScope {9D889B76-8A13-45E7-8AC7-890432B7B43A} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3318920&CUI=UN31770359721571121&UM=2
SearchScopes: HKCU - {9D889B76-8A13-45E7-8AC7-890432B7B43A} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3318920&CUI=UN31770359721571121&UM=2
BHO-x32: ooVoo toolbar, powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - ooVoo toolbar, powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
FF Extension: No Name - C:\Users\Ian McQuilkin\AppData\Roaming\Mozilla\Firefox\Profiles\cwhr6fj0.default-1375502143584\Extensions\{ed541409-a451-4021-921f-0b66f3196e57}
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
CHR HKLM-x32\...\Chrome\Extension: [gddejphgogdngaihfpebjpmlkjjhmikc] - C:\Users\Ian McQuilkin\AppData\Local\CRE\gddejphgogdngaihfpebjpmlkjjhmikc.crx
2014-01-02 18:02 - 2014-01-02 18:02 - 00037376 _____ C:\Windows\system32\ohjd.jci
2014-01-02 17:51 - 2014-01-04 22:01 - 00000080 _____ C:\Windows\system32\pssvvzt.zjj
2014-01-02 17:50 - 2014-01-02 18:02 - 00000096 _____ C:\Windows\system32\eloevi.gdp
2014-01-02 17:50 - 2014-01-02 17:50 - 00000064 _____ C:\Windows\system32\mosh.dnb
2014-01-02 17:34 - 2014-01-02 17:34 - 00219314 ____S C:\Windows\system32\sygh.jtc
Task: {609A2B6E-72BF-43EE-8C16-578A551E8C9D} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-01] ()
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
C:\Users\Ian McQuilkin\AppData\Local\Temp
end



#3 rr716

rr716
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 05 January 2014 - 08:36 PM

Here is text from the FRST file from the farbar recovery scan tool.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Rosanna (administrator) on ROSANNA-PC on 05-01-2014 17:03:22
Running from C:\Users\Rosanna\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Farbar) C:\Users\Rosanna\Desktop\farbar recovery scan tool 64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [Microsoft Forefront Client Security Antimalware Service] - C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe [1636736 2010-07-20] (Microsoft Corporation)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1125504 2011-07-25] (Check Point Software Technologies)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [72336 2011-07-22] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [198160 2012-07-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-18] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NWEReboot] - [x]
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [486856 2008-04-01] (DT Soft Ltd)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Rosanna\AppData\Local\Temp\sbsiiip\syqdvut\wow64.dll ATTENTION! ====> ZeroAccess?
MountPoints2: {2b9475f0-17b3-11e1-8cb0-00266c67b757} - F:\Setupx.exe
MountPoints2: {4a8ea589-f808-11e0-b404-00266c67b757} - F:\SETUP.EXE
MountPoints2: {806960be-0181-11e1-a223-00266c67b757} - G:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6A4416EC2194CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKLM-x32 - ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
URLSearchHook: HKCU - ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3015261
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3015261
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {165B3239-2565-49DB-8A82-F28631CE44ED} http://quotes.computervoice.com/webstart/webstart.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{30D76A84-55B2-4096-9941-149329BFFF77}: [NameServer]198.224.160.135 198.224.164.135

FireFox:
========
FF ProfilePath: C:\Users\Rosanna\AppData\Roaming\Mozilla\Firefox\Profiles\71ifm5tp.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.448 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Greasemonkey - C:\Users\Rosanna\AppData\Roaming\Mozilla\Firefox\Profiles\71ifm5tp.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext

==================== Services (Whitelisted) =================

R2 FCSAM; c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [16384 2010-07-20] (Microsoft Corporation)
R2 FcsSas; C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [77216 2007-04-05] (Microsoft Corporation)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827520 2011-07-25] (Check Point Software Technologies)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2413936 2011-07-22] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2011-07-25] (Check Point Software Technologies)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [89304 2014-01-02] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [91520 2010-07-18] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-10-16] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
U3 a9j490vl; C:\Windows\System32\Drivers\a9j490vl.sys [0 ] (Microsoft Corporation)
U3 atb5uyuz; No ImagePath
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-05 17:03 - 2014-01-05 17:07 - 00014728 _____ C:\Users\Rosanna\Desktop\FRST.txt
2014-01-05 16:57 - 2014-01-05 16:57 - 00000000 ____D C:\FRST
2014-01-05 16:46 - 2014-01-05 16:46 - 01931762 _____ (Farbar) C:\Users\Rosanna\Desktop\farbar recovery scan tool 64.exe
2014-01-05 16:39 - 2014-01-05 16:47 - 00000038 _____ C:\Users\Rosanna\Desktop\passwords.txt
2014-01-04 19:51 - 2014-01-04 20:01 - 00000000 ____D C:\AdwCleaner
2014-01-03 21:04 - 2014-01-03 21:04 - 00000000 ____D C:\Users\Rosanna\Desktop\rkill
2014-01-03 21:01 - 2014-01-04 19:49 - 00005952 _____ C:\Users\Rosanna\Desktop\Rkill.txt
2014-01-03 19:31 - 2014-01-03 20:36 - 00000000 ____D C:\ProgramData\Oracle
2014-01-03 19:31 - 2014-01-03 20:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-03 19:30 - 2014-01-03 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-03 19:30 - 2014-01-03 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-03 19:30 - 2014-01-03 19:30 - 00000000 ____D C:\Program Files\Java
2014-01-03 19:29 - 2014-01-03 19:29 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Macromedia
2014-01-03 17:30 - 2014-01-03 20:47 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-03 16:43 - 2014-01-03 16:43 - 00011024 _____ C:\Users\Rosanna\Documents\cc_20140103_164315.reg
2014-01-03 16:34 - 2014-01-03 16:34 - 00005730 _____ C:\Windows\PFRO.log
2014-01-03 10:07 - 2014-01-03 10:29 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Mozilla
2014-01-03 10:07 - 2014-01-03 10:29 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Mozilla
2014-01-03 10:06 - 2014-01-03 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-02 21:06 - 2014-01-02 21:09 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-02 21:04 - 2014-01-03 15:43 - 00000000 ____D C:\Users\Rosanna\Desktop\malwarebytes root kit scanner
2014-01-02 12:43 - 2014-01-02 12:43 - 00037376 _____ C:\Windows\system32\weknu.drw
2014-01-02 12:29 - 2014-01-02 12:29 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Xilisoft
2014-01-02 12:26 - 2014-01-02 21:53 - 00000000 ____D C:\ProgramData\Xilisoft
2014-01-02 12:26 - 2014-01-02 12:26 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2014-01-02 12:23 - 2014-01-05 16:42 - 00000089 _____ C:\Windows\system32\awmxy.fqj
2014-01-02 12:21 - 2014-01-02 12:43 - 00000097 _____ C:\Windows\system32\doyqswk.can
2014-01-02 12:21 - 2014-01-02 12:21 - 00000064 _____ C:\Windows\system32\rhblb.baj
2014-01-02 12:07 - 2014-01-02 12:07 - 00219314 ____S C:\Windows\system32\rivq.nsf
2014-01-02 11:59 - 2014-01-02 11:59 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Boilsoft
2014-01-02 11:59 - 2014-01-02 11:59 - 00000000 ____D C:\Program Files (x86)\Boilsoft
2014-01-02 11:17 - 2014-01-02 11:17 - 00003584 _____ C:\Users\Rosanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-01 20:26 - 2014-01-01 20:26 - 00000000 ____D C:\Users\Rosanna\Desktop\bacjup rosanna usb stick
2013-12-30 17:55 - 2013-12-30 17:55 - 00275120 _____ C:\Windows\Minidump\123013-28922-01.dmp
2013-12-29 12:17 - 2013-12-29 12:17 - 00275120 _____ C:\Windows\Minidump\122913-30700-01.dmp
2013-12-20 16:42 - 2013-12-20 16:42 - 00002406 _____ C:\Users\Rosanna\Desktop\Complex 9.0.1.lnk
2013-12-18 12:30 - 2013-12-20 16:34 - 00000000 ____D C:\Users\Rosanna\Desktop\homeworld 2 mods
2013-12-17 21:46 - 2013-12-30 17:55 - 384970222 _____ C:\Windows\MEMORY.DMP
2013-12-17 21:46 - 2013-12-17 21:46 - 00275120 _____ C:\Windows\Minidump\121713-22635-01.dmp
2013-12-12 20:42 - 2013-12-12 21:37 - 00000030 _____ C:\Users\Rosanna\Desktop\downlod.txt
2013-12-11 21:02 - 2014-01-05 14:40 - 00005544 _____ C:\Windows\setupact.log
2013-12-11 21:02 - 2013-12-11 21:02 - 00000000 _____ C:\Windows\setuperr.log
2013-12-08 18:52 - 2013-12-08 18:52 - 00040018 _____ C:\Users\Rosanna\Documents\cc_20131208_185212.reg

==================== One Month Modified Files and Folders =======

2014-01-05 17:07 - 2014-01-05 17:03 - 00014728 _____ C:\Users\Rosanna\Desktop\FRST.txt
2014-01-05 17:07 - 2011-11-12 10:37 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\tixati
2014-01-05 17:04 - 2013-07-07 12:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-05 16:57 - 2014-01-05 16:57 - 00000000 ____D C:\FRST
2014-01-05 16:47 - 2014-01-05 16:39 - 00000038 _____ C:\Users\Rosanna\Desktop\passwords.txt
2014-01-05 16:46 - 2014-01-05 16:46 - 01931762 _____ (Farbar) C:\Users\Rosanna\Desktop\farbar recovery scan tool 64.exe
2014-01-05 16:42 - 2014-01-02 12:23 - 00000089 _____ C:\Windows\system32\awmxy.fqj
2014-01-05 14:54 - 2013-06-19 16:49 - 01626129 _____ C:\Windows\WindowsUpdate.log
2014-01-05 14:48 - 2009-07-13 21:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 14:48 - 2009-07-13 21:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 14:41 - 2013-11-28 12:05 - 00000384 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Rosanna.job
2014-01-05 14:41 - 2013-07-07 12:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 14:40 - 2013-12-11 21:02 - 00005544 _____ C:\Windows\setupact.log
2014-01-05 14:40 - 2013-06-19 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 20:01 - 2014-01-04 19:51 - 00000000 ____D C:\AdwCleaner
2014-01-04 19:49 - 2014-01-03 21:01 - 00005952 _____ C:\Users\Rosanna\Desktop\Rkill.txt
2014-01-03 21:20 - 2009-07-13 22:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 21:04 - 2014-01-03 21:04 - 00000000 ____D C:\Users\Rosanna\Desktop\rkill
2014-01-03 20:47 - 2014-01-03 17:30 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-03 20:36 - 2014-01-03 19:31 - 00000000 ____D C:\ProgramData\Oracle
2014-01-03 20:02 - 2014-01-03 19:31 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-03 19:30 - 2014-01-03 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-03 19:30 - 2014-01-03 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-03 19:30 - 2014-01-03 19:30 - 00000000 ____D C:\Program Files\Java
2014-01-03 19:29 - 2014-01-03 19:29 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Macromedia
2014-01-03 19:26 - 2014-01-03 10:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-03 17:53 - 2011-10-11 10:40 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Adobe
2014-01-03 17:51 - 2013-02-22 19:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-03 17:51 - 2011-10-11 12:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-03 16:43 - 2014-01-03 16:43 - 00011024 _____ C:\Users\Rosanna\Documents\cc_20140103_164315.reg
2014-01-03 16:34 - 2014-01-03 16:34 - 00005730 _____ C:\Windows\PFRO.log
2014-01-03 16:34 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Offline Web Pages
2014-01-03 15:43 - 2014-01-02 21:04 - 00000000 ____D C:\Users\Rosanna\Desktop\malwarebytes root kit scanner
2014-01-03 10:29 - 2014-01-03 10:07 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Mozilla
2014-01-03 10:29 - 2014-01-03 10:07 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Mozilla
2014-01-02 22:31 - 2012-02-24 21:38 - 00426496 ___SH C:\Users\Rosanna\Desktop\Thumbs.db
2014-01-02 21:53 - 2014-01-02 12:26 - 00000000 ____D C:\ProgramData\Xilisoft
2014-01-02 21:53 - 2013-07-14 20:52 - 00000000 ____D C:\Program Files (x86)\Port Explorer
2014-01-02 21:53 - 2011-10-16 19:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 21:53 - 2011-10-16 19:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-02 21:52 - 2011-11-06 06:40 - 00000000 ____D C:\Windows\Minidump
2014-01-02 21:52 - 2011-10-10 16:33 - 00000000 ____D C:\Users\Rosanna
2014-01-02 21:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2014-01-02 21:09 - 2014-01-02 21:06 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-02 12:43 - 2014-01-02 12:43 - 00037376 _____ C:\Windows\system32\weknu.drw
2014-01-02 12:43 - 2014-01-02 12:21 - 00000097 _____ C:\Windows\system32\doyqswk.can
2014-01-02 12:29 - 2014-01-02 12:29 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Xilisoft
2014-01-02 12:26 - 2014-01-02 12:26 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2014-01-02 12:21 - 2014-01-02 12:21 - 00000064 _____ C:\Windows\system32\rhblb.baj
2014-01-02 12:07 - 2014-01-02 12:07 - 00219314 ____S C:\Windows\system32\rivq.nsf
2014-01-02 11:59 - 2014-01-02 11:59 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Boilsoft
2014-01-02 11:59 - 2014-01-02 11:59 - 00000000 ____D C:\Program Files (x86)\Boilsoft
2014-01-02 11:39 - 2013-08-31 09:12 - 00000000 ____D C:\Program Files (x86)\Blaze Media Pro
2014-01-02 11:37 - 2013-08-30 21:07 - 00000116 _____ C:\Windows\NeroDigital.ini
2014-01-02 11:17 - 2014-01-02 11:17 - 00003584 _____ C:\Users\Rosanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-01 20:26 - 2014-01-01 20:26 - 00000000 ____D C:\Users\Rosanna\Desktop\bacjup rosanna usb stick
2013-12-30 17:55 - 2013-12-30 17:55 - 00275120 _____ C:\Windows\Minidump\123013-28922-01.dmp
2013-12-30 17:55 - 2013-12-17 21:46 - 384970222 _____ C:\Windows\MEMORY.DMP
2013-12-29 12:17 - 2013-12-29 12:17 - 00275120 _____ C:\Windows\Minidump\122913-30700-01.dmp
2013-12-23 23:24 - 2013-11-28 12:05 - 00002980 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Rosanna
2013-12-23 23:24 - 2013-11-28 12:05 - 00000378 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Rosanna.job
2013-12-23 23:08 - 2013-11-28 12:05 - 00002976 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Rosanna
2013-12-23 23:08 - 2013-11-28 12:05 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Rosanna.job
2013-12-20 16:42 - 2013-12-20 16:42 - 00002406 _____ C:\Users\Rosanna\Desktop\Complex 9.0.1.lnk
2013-12-20 16:34 - 2013-12-18 12:30 - 00000000 ____D C:\Users\Rosanna\Desktop\homeworld 2 mods
2013-12-20 16:24 - 2013-05-27 14:13 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2013-12-18 12:43 - 2013-05-25 19:10 - 00002428 _____ C:\Users\Rosanna\Desktop\R.E.A.R.M..lnk
2013-12-18 12:43 - 2013-05-25 19:10 - 00002352 _____ C:\Users\Public\Desktop\R.A.D.A.R..lnk
2013-12-17 21:46 - 2013-12-17 21:46 - 00275120 _____ C:\Windows\Minidump\121713-22635-01.dmp
2013-12-15 12:40 - 2013-08-16 11:54 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 12:38 - 2011-10-11 11:57 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 21:37 - 2013-12-12 20:42 - 00000030 _____ C:\Users\Rosanna\Desktop\downlod.txt
2013-12-11 22:07 - 2011-10-16 08:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 21:07 - 2012-12-23 13:48 - 00000000 ____D C:\Users\Rosanna\Desktop\fitness stuff
2013-12-11 21:02 - 2013-12-11 21:02 - 00000000 _____ C:\Windows\setuperr.log
2013-12-08 18:52 - 2013-12-08 18:52 - 00040018 _____ C:\Users\Rosanna\Documents\cc_20131208_185212.reg
2013-12-07 22:59 - 2011-12-10 20:35 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-07 22:59 - 2011-12-10 20:35 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
ZeroAccess:
C:\Users\Rosanna\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

ZeroAccess:
C:\Users\Rosanna\AppData\Local\{e52fd398-1d74-ee88-1c48-97d39a6edae1}

Alureon:
C:\Users\Rosanna\AppData\Local\Temp\sbsiiip\syqdvut\wow64.dll

Some content of TEMP:
====================
C:\Users\Rosanna\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\Rosanna\AppData\Local\Temp\{1A7D669D-4123-4D39-880F-CABC37226695}.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 17:00] - [2009-07-13 18:41] - 0509952 ____A (Microsoft Corporation) 3163ABD2A4FF5C1A3BA2FC38D8A1C649

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-29 12:48

==================== End Of Log ============================



#4 rr716

rr716
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 05 January 2014 - 08:38 PM

here is the text from the addition file from Farbar

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014
Ran by Rosanna at 2014-01-05 17:10:06
Running from C:\Users\Rosanna\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Forefront Client Security (Enabled - Up to date) {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AS: Microsoft Forefront Client Security (Enabled - Up to date) {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
Adobe AIR (x32 Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.168 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.27 - Atheros Communications Inc.)
ATI Catalyst Install Manager (Version: 3.0.765.0 - ATI Technologies, Inc.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.32 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.32 - Research In Motion Ltd.) Hidden
Blaze Media Pro (x32 Version:  - Mystik Media)
Blaze Media Pro (x32 Version: 6.0 - Mystik Media) Hidden
Boilsoft Video Splitter 6.34 (x32 Version:  - Boilsoft, Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (x32 Version: 2.62.1068 - AB Team, d.o.o.)
Canon Inkjet Printer Driver Add-On Module V2.00 (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0315.1050.17562 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help English (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help French (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help German (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
ccc-utility64 (Version: 2010.0315.1050.17562 - ATI) Hidden
CCleaner (Version: 3.13 - Piriform)
DiamondCS Port Explorer v2.200 (x32 Version:  - DiamondCS)
DivX Codec (x32 Version:  - )
Excel Adapter API v1.2 (x32 Version:  - Quick Screen Trading)
Excel Adapter v1.2 (HKCU Version:  - Quick Screen Trading)
Futures Trading Kit 2013 (x32 Version:  - )
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hearts of Iron III - Their Finest Hour version 4.02 (x32 Version: 4.02 - Paradox Interactive)
Hearts of Iron III (x32 Version:  - )
Hearts of Iron III: For the Motherland Version 3.05 (x32 Version: 3.05 - Paradox Interactive)
Homeworld2 (x32 Version:  - Sierra)
HW2 Mod Manager (x32 Version:  - )
iTunes (Version: 11.0.2.25 - Apple Inc.)
LGP-IraCharts (HKCU Version:  - Linn Group Platform)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Forefront Client Security Antimalware Service (Version: 1.5.1993.0 - Microsoft Corporation)
Microsoft Forefront Client Security State Assessment Service (Version: 1.0.1703.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Naval War Arctic Circle (x32 Version:  - )
Nero 7 Premium (x32 Version: 7.00.0087 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA PhysX (x32 Version: 9.10.0129 - NVIDIA Corporation)
RealPlayer (x32 Version:  - RealNetworks)
Semper Fi 1.0 (x32 Version:  - Paradox Interactive)
Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)
Star Wars Empire at War (x32 Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (x32 Version: 1.0 - LucasArts)
Synaptics Pointing Device Driver (Version: 11.2.4.0 - Synaptics)
thinkorswim from TD AMERITRADE (x32 Version:  - TD AMERITRADE, Inc.)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Version 3.0 (x32 Version:  - )
VLC media player 2.0.0 (x32 Version: 2.0.0 - VideoLAN)
Widevine Media Transformer Plugin 5.0.0 (x32 Version: 5.0.0.4679 - Widevine Technologies)
WinRAR archiver (x32 Version:  - )
Xilisoft Video Editor 2 (x32 Version: 2.1.1.0901 - Xilisoft)
ZoneAlarm Firewall (x32 Version: 10.0.250.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Pro (x32 Version: 10.0.250.000 - Check Point)
ZoneAlarm Security (x32 Version: 10.0.250.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Toolbar (Version:  - Check Point Software Technologies) Hidden

==================== Restore Points  =========================

03-01-2014 04:30:44 Restore Operation
03-01-2014 05:59:22 Malwarebytes Anti-Rootkit Restore Point
03-01-2014 06:05:23 Malwarebytes Anti-Rootkit Restore Point
03-01-2014 18:29:47 Microsoft Forefront Client Security Checkpoint
03-01-2014 22:39:22 Malwarebytes Anti-Rootkit Restore Point
04-01-2014 02:23:57 Removed Java™ 6 Update 27
04-01-2014 02:30:16 Installed Java 7 Update 45 (64-bit)
04-01-2014 03:01:32 Installed Java 7 Update 45 (64-bit)
05-01-2014 21:48:05 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2014-01-02 19:48 - 00450660 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {3958C648-7E5F-4FEE-8302-56D07DF9F655} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10] (Google Inc.)
Task: {535FECF6-51A2-47C8-930A-94305314B8FD} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Quick Scan => C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-07-20] (Microsoft Corporation)
Task: {83CCCE92-643D-4461-BBDA-2A620B74CEEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10] (Google Inc.)
Task: {8C37ECE2-6B03-4C95-A153-53D8DB4584D7} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Signature Update => C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-07-20] (Microsoft Corporation)
Task: {B4023DF7-5489-4626-B8AE-BE26B7122A7B} - System32\Tasks\ReclaimerUpdateFiles_Rosanna => C:\Users\Rosanna\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27] (RealNetworks, Inc.)
Task: {B908D2E3-BAB9-472F-A1F9-073ECD71BA68} - System32\Tasks\RNUpgradeHelperResumePrompt_Rosanna => C:\Users\Rosanna\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27] (RealNetworks, Inc.)
Task: {C0665ABB-2A64-45B3-8F92-692F1D841E2B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CF8290F3-A840-430E-BFC2-C72AC9427951} - System32\Tasks\RNUpgradeHelperLogonPrompt_Rosanna => C:\Users\Rosanna\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27] (RealNetworks, Inc.)
Task: {E2F79377-33DA-4D6E-88B1-928DB6BC40A5} - System32\Tasks\ReclaimerUpdateXML_Rosanna => C:\Users\Rosanna\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27] (RealNetworks, Inc.)
Task: {EAEBF490-B1DA-4DB2-951F-53F9AB033374} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F190B437-EA1F-408B-B299-30D7E22FA13C} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Scan => C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-07-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Rosanna.job => C:\Users\Rosanna\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Rosanna.job => C:\Users\Rosanna\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Rosanna.job => C:\Users\Rosanna\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2011-11-25 15:09 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2009-10-13 09:00 - 2009-10-13 09:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-10-10 17:09 - 2011-10-10 17:09 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-03 10:07 - 2013-12-05 12:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-03 17:51 - 2014-01-03 17:51 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86123326.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90524512.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86123326.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90524512.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FCSAM => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============

Name: ATUL6283 IDE Controller
Description: ATUL6283 IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: atb5uyuz
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/03/2014 08:36:07 PM) (Source: MsiInstaller) (User: Rosanna-PC)
Description: Product: Java 7 Update 45 (64-bit) -- Error 25025.  A previous Java uninstallation was never completed.  You need to restart your computer before installing Java.

Error: (01/03/2014 11:29:20 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {026a0a62-46ce-46c5-8f80-23242602d8c1}

Error: (01/03/2014 11:11:16 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_11_6_602_168.ocx, version: 11.6.602.168, time stamp: 0x51116d6e
Exception code: 0xc0000005
Fault offset: 0x00000000006502eb
Faulting process id: 0x294
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/02/2014 10:48:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 9.0.8112.16476, time stamp: 0x5127144f
Exception code: 0xc0000005
Fault offset: 0x00000000003bda04
Faulting process id: 0x2a8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/02/2014 09:55:26 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Backup). Additional information: 0x80070005.

Error: (01/02/2014 09:47:03 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (01/02/2014 09:39:49 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (01/02/2014 08:06:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000008
Fault offset: 0x00000000000d0108
Faulting process id: 0x284
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/02/2014 00:52:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000000000b
Faulting process id: 0x2a0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/02/2014 00:27:39 PM) (Source: MsiInstaller) (User: Rosanna-PC)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070216. assembly interface: IAssemblyCacheItem, function: Commit, component: {76C3F0F6-9B9D-35DA-81C6-CA8A88CC93CA}

System errors:
=============
Error: (01/05/2014 05:10:38 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (01/05/2014 05:07:03 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (01/05/2014 05:01:41 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (01/05/2014 04:51:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (01/05/2014 04:49:28 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (01/05/2014 04:44:59 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (01/05/2014 04:26:32 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (01/05/2014 04:22:38 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (01/05/2014 03:51:53 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (01/05/2014 02:46:06 PM) (Source: FcsSas) (User: )
Description: Forefront Client Security State Assessment Service policy applied with errors.

Reverted to the following settings:

Schedule Type: Interval
Time: 12
Parameter:

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-01-04 20:01:37.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 13:41:51.831
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 13:27:42.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 13:11:51.417
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 12:20:32.851
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 12:06:37.782
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 11:55:08.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-01 23:40:55.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-31 19:32:31.742
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-31 19:19:59.305
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 74%
Total physical RAM: 2810.9 MB
Available physical RAM: 730.69 MB
Total Pagefile: 5619.94 MB
Available Pagefile: 2747.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.79 GB) (Free:11.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 0B447886)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=224 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

==================== End Of Log ============================



#5 rr716

rr716
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 05 January 2014 - 08:46 PM

sorry if i am jumping the gun but i saw what others have done and i figured i could get some of these out of the way.  nothing fixes it and i run rkill and TDSSKiller mulitple times and still i get the same results. 


Edited by rr716, 06 January 2014 - 10:57 AM.


#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 08 January 2014 - 11:44 PM

 

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)

 


Hello there, rr716

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:

  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Do note that it is extremely important to NOT copy any fixes from other computer. Those fixes are specific to the machine itself and does not offer general fixes.
 
Please delete the existing copy of FRST to get latest update for the tool and I would need the latest log as the one we have here is a few days old. Things might have changed. Run it again to follow the steps below.

---------------------------------------------------------------------------------------------------
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 rr716

rr716
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 09 January 2014 - 08:07 PM

Here we go, deleted the old version of FRST and downloaded the new one.  Here are the results from the scan.

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-01-2014
Ran by Rosanna (administrator) on ROSANNA-PC on 09-01-2014 17:51:22
Running from C:\Users\Rosanna\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [Microsoft Forefront Client Security Antimalware Service] - C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe [1636736 2010-07-20] (Microsoft Corporation)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1125504 2011-07-25] (Check Point Software Technologies)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [72336 2011-07-22] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [198160 2012-07-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-18] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NWEReboot] - [x]
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [486856 2008-04-01] (DT Soft Ltd)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Rosanna\AppData\Local\Temp\sbsiiip\syqdvut\wow64.dll ATTENTION! ====> ZeroAccess?
MountPoints2: {2b9475f0-17b3-11e1-8cb0-00266c67b757} - F:\Setupx.exe
MountPoints2: {4a8ea589-f808-11e0-b404-00266c67b757} - F:\SETUP.EXE
MountPoints2: {806960be-0181-11e1-a223-00266c67b757} - G:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6A4416EC2194CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKLM-x32 - ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
URLSearchHook: HKCU - ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3015261
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3015261
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {165B3239-2565-49DB-8A82-F28631CE44ED} http://quotes.computervoice.com/webstart/webstart.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{30D76A84-55B2-4096-9941-149329BFFF77}: [NameServer]198.224.160.135 198.224.164.135

FireFox:
========
FF ProfilePath: C:\Users\Rosanna\AppData\Roaming\Mozilla\Firefox\Profiles\71ifm5tp.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.448 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Greasemonkey - C:\Users\Rosanna\AppData\Roaming\Mozilla\Firefox\Profiles\71ifm5tp.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext

==================== Services (Whitelisted) =================

R2 FCSAM; c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [16384 2010-07-20] (Microsoft Corporation)
R2 FcsSas; C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [77216 2007-04-05] (Microsoft Corporation)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827520 2011-07-25] (Check Point Software Technologies)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2413936 2011-07-22] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2011-07-25] (Check Point Software Technologies)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [89304 2014-01-02] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [91520 2010-07-18] (Microsoft Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-10-16] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
U3 au1oxifk; C:\Windows\System32\Drivers\au1oxifk.sys [0 ] (Microsoft Corporation)
U3 auo5wnev; No ImagePath
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-09 17:51 - 2014-01-09 17:51 - 00015064 _____ C:\Users\Rosanna\Desktop\FRST.txt
2014-01-09 17:47 - 2014-01-09 17:48 - 01931772 _____ (Farbar) C:\Users\Rosanna\Desktop\FRST64.exe
2014-01-06 09:16 - 2014-01-06 09:14 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-06 09:15 - 2014-01-06 09:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-06 09:15 - 2014-01-06 09:14 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-06 09:15 - 2014-01-06 09:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-06 09:14 - 2014-01-06 09:35 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\mIRC
2014-01-06 09:14 - 2014-01-06 09:15 - 00000000 ____D C:\Program Files (x86)\mIRC
2014-01-06 09:13 - 2014-01-06 09:13 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-06 09:12 - 2014-01-06 09:12 - 01944960 _____ (mIRC Co. Ltd.) C:\Users\Rosanna\Desktop\mirc732.exe
2014-01-06 09:08 - 2014-01-06 09:08 - 00000000 ____D C:\ProgramData\McAfee
2014-01-06 09:07 - 2014-01-06 09:07 - 00915368 _____ (Oracle Corporation) C:\Users\Rosanna\Downloads\jxpiinstall(1).exe
2014-01-06 09:05 - 2014-01-06 09:05 - 00915368 _____ (Oracle Corporation) C:\Users\Rosanna\Downloads\jxpiinstall.exe
2014-01-05 18:06 - 2014-01-05 18:06 - 00000000 ____D C:\Users\Rosanna\Desktop\virus stuff
2014-01-05 16:57 - 2014-01-05 16:57 - 00000000 ____D C:\FRST
2014-01-05 16:39 - 2014-01-05 16:47 - 00000038 _____ C:\Users\Rosanna\Desktop\passwords.txt
2014-01-04 19:51 - 2014-01-04 20:01 - 00000000 ____D C:\AdwCleaner
2014-01-03 21:04 - 2014-01-03 21:04 - 00000000 ____D C:\Users\Rosanna\Desktop\rkill
2014-01-03 21:01 - 2014-01-05 18:27 - 00006094 _____ C:\Users\Rosanna\Desktop\Rkill.txt
2014-01-03 19:31 - 2014-01-06 09:16 - 00000000 ____D C:\ProgramData\Oracle
2014-01-03 19:31 - 2014-01-03 20:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-03 19:30 - 2014-01-03 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-03 19:30 - 2014-01-03 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-03 19:30 - 2014-01-03 19:30 - 00000000 ____D C:\Program Files\Java
2014-01-03 19:29 - 2014-01-03 19:29 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Macromedia
2014-01-03 17:30 - 2014-01-03 20:47 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-03 16:43 - 2014-01-03 16:43 - 00011024 _____ C:\Users\Rosanna\Documents\cc_20140103_164315.reg
2014-01-03 16:34 - 2014-01-03 16:34 - 00005730 _____ C:\Windows\PFRO.log
2014-01-03 10:07 - 2014-01-03 10:29 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Mozilla
2014-01-03 10:07 - 2014-01-03 10:29 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Mozilla
2014-01-03 10:06 - 2014-01-03 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-02 21:06 - 2014-01-02 21:09 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-02 21:04 - 2014-01-03 15:43 - 00000000 ____D C:\Users\Rosanna\Desktop\malwarebytes root kit scanner
2014-01-02 12:43 - 2014-01-02 12:43 - 00037376 _____ C:\Windows\system32\weknu.drw
2014-01-02 12:29 - 2014-01-02 12:29 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Xilisoft
2014-01-02 12:26 - 2014-01-02 21:53 - 00000000 ____D C:\ProgramData\Xilisoft
2014-01-02 12:26 - 2014-01-02 12:26 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2014-01-02 12:23 - 2014-01-09 17:27 - 00000085 _____ C:\Windows\system32\awmxy.fqj
2014-01-02 12:21 - 2014-01-02 12:43 - 00000097 _____ C:\Windows\system32\doyqswk.can
2014-01-02 12:21 - 2014-01-02 12:21 - 00000064 _____ C:\Windows\system32\rhblb.baj
2014-01-02 12:07 - 2014-01-02 12:07 - 00219314 ____S C:\Windows\system32\rivq.nsf
2014-01-02 11:59 - 2014-01-02 11:59 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Boilsoft
2014-01-02 11:59 - 2014-01-02 11:59 - 00000000 ____D C:\Program Files (x86)\Boilsoft
2014-01-02 11:17 - 2014-01-08 20:05 - 00004608 _____ C:\Users\Rosanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-01 20:26 - 2014-01-01 20:26 - 00000000 ____D C:\Users\Rosanna\Desktop\bacjup rosanna usb stick
2013-12-30 17:55 - 2013-12-30 17:55 - 00275120 _____ C:\Windows\Minidump\123013-28922-01.dmp
2013-12-29 12:17 - 2013-12-29 12:17 - 00275120 _____ C:\Windows\Minidump\122913-30700-01.dmp
2013-12-20 16:42 - 2013-12-20 16:42 - 00002406 _____ C:\Users\Rosanna\Desktop\Complex 9.0.1.lnk
2013-12-18 12:30 - 2013-12-20 16:34 - 00000000 ____D C:\Users\Rosanna\Desktop\homeworld 2 mods
2013-12-17 21:46 - 2013-12-30 17:55 - 384970222 _____ C:\Windows\MEMORY.DMP
2013-12-17 21:46 - 2013-12-17 21:46 - 00275120 _____ C:\Windows\Minidump\121713-22635-01.dmp
2013-12-12 20:42 - 2014-01-08 18:23 - 00000042 _____ C:\Users\Rosanna\Desktop\downlod.txt
2013-12-11 21:02 - 2014-01-09 17:39 - 00006608 _____ C:\Windows\setupact.log
2013-12-11 21:02 - 2013-12-11 21:02 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2014-01-09 17:53 - 2014-01-09 17:51 - 00015064 _____ C:\Users\Rosanna\Desktop\FRST.txt
2014-01-09 17:48 - 2014-01-09 17:47 - 01931772 _____ (Farbar) C:\Users\Rosanna\Desktop\FRST64.exe
2014-01-09 17:48 - 2009-07-13 21:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-09 17:48 - 2009-07-13 21:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-09 17:44 - 2013-06-19 16:49 - 01255082 _____ C:\Windows\WindowsUpdate.log
2014-01-09 17:40 - 2013-11-28 12:05 - 00000384 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Rosanna.job
2014-01-09 17:40 - 2013-07-07 12:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-09 17:40 - 2013-06-19 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-09 17:39 - 2013-12-11 21:02 - 00006608 _____ C:\Windows\setupact.log
2014-01-09 17:27 - 2014-01-02 12:23 - 00000085 _____ C:\Windows\system32\awmxy.fqj
2014-01-09 12:04 - 2013-07-07 12:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-09 11:27 - 2009-07-13 22:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 06:46 - 2012-02-24 21:38 - 00454656 ___SH C:\Users\Rosanna\Desktop\Thumbs.db
2014-01-08 20:07 - 2013-08-31 09:12 - 00000000 ____D C:\Program Files (x86)\Blaze Media Pro
2014-01-08 20:05 - 2014-01-02 11:17 - 00004608 _____ C:\Users\Rosanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-08 20:05 - 2013-08-30 21:07 - 00000116 _____ C:\Windows\NeroDigital.ini
2014-01-08 18:23 - 2013-12-12 20:42 - 00000042 _____ C:\Users\Rosanna\Desktop\downlod.txt
2014-01-06 09:35 - 2014-01-06 09:14 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\mIRC
2014-01-06 09:16 - 2014-01-03 19:31 - 00000000 ____D C:\ProgramData\Oracle
2014-01-06 09:15 - 2014-01-06 09:14 - 00000000 ____D C:\Program Files (x86)\mIRC
2014-01-06 09:14 - 2014-01-06 09:16 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-06 09:14 - 2014-01-06 09:15 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-06 09:14 - 2014-01-06 09:15 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-06 09:14 - 2014-01-06 09:15 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-06 09:13 - 2014-01-06 09:13 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-06 09:12 - 2014-01-06 09:12 - 01944960 _____ (mIRC Co. Ltd.) C:\Users\Rosanna\Desktop\mirc732.exe
2014-01-06 09:08 - 2014-01-06 09:08 - 00000000 ____D C:\ProgramData\McAfee
2014-01-06 09:07 - 2014-01-06 09:07 - 00915368 _____ (Oracle Corporation) C:\Users\Rosanna\Downloads\jxpiinstall(1).exe
2014-01-06 09:05 - 2014-01-06 09:05 - 00915368 _____ (Oracle Corporation) C:\Users\Rosanna\Downloads\jxpiinstall.exe
2014-01-05 18:27 - 2014-01-03 21:01 - 00006094 _____ C:\Users\Rosanna\Desktop\Rkill.txt
2014-01-05 18:06 - 2014-01-05 18:06 - 00000000 ____D C:\Users\Rosanna\Desktop\virus stuff
2014-01-05 16:57 - 2014-01-05 16:57 - 00000000 ____D C:\FRST
2014-01-05 16:47 - 2014-01-05 16:39 - 00000038 _____ C:\Users\Rosanna\Desktop\passwords.txt
2014-01-04 20:01 - 2014-01-04 19:51 - 00000000 ____D C:\AdwCleaner
2014-01-03 21:04 - 2014-01-03 21:04 - 00000000 ____D C:\Users\Rosanna\Desktop\rkill
2014-01-03 20:47 - 2014-01-03 17:30 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-03 20:02 - 2014-01-03 19:31 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-03 19:30 - 2014-01-03 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-03 19:30 - 2014-01-03 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-03 19:30 - 2014-01-03 19:30 - 00000000 ____D C:\Program Files\Java
2014-01-03 19:29 - 2014-01-03 19:29 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Macromedia
2014-01-03 19:26 - 2014-01-03 10:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-03 17:53 - 2011-10-11 10:40 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Adobe
2014-01-03 17:51 - 2013-02-22 19:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-03 17:51 - 2011-10-11 12:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-03 16:43 - 2014-01-03 16:43 - 00011024 _____ C:\Users\Rosanna\Documents\cc_20140103_164315.reg
2014-01-03 16:34 - 2014-01-03 16:34 - 00005730 _____ C:\Windows\PFRO.log
2014-01-03 16:34 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Offline Web Pages
2014-01-03 15:43 - 2014-01-02 21:04 - 00000000 ____D C:\Users\Rosanna\Desktop\malwarebytes root kit scanner
2014-01-03 10:29 - 2014-01-03 10:07 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Mozilla
2014-01-03 10:29 - 2014-01-03 10:07 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Mozilla
2014-01-02 21:53 - 2014-01-02 12:26 - 00000000 ____D C:\ProgramData\Xilisoft
2014-01-02 21:53 - 2013-07-14 20:52 - 00000000 ____D C:\Program Files (x86)\Port Explorer
2014-01-02 21:53 - 2011-10-16 19:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 21:53 - 2011-10-16 19:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-02 21:52 - 2011-11-06 06:40 - 00000000 ____D C:\Windows\Minidump
2014-01-02 21:52 - 2011-10-10 16:33 - 00000000 ____D C:\Users\Rosanna
2014-01-02 21:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2014-01-02 21:09 - 2014-01-02 21:06 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-02 19:48 - 2009-07-13 19:34 - 00450660 ____R C:\Windows\system32\Drivers\etc\hosts.20140108-173817.backup
2014-01-02 12:43 - 2014-01-02 12:43 - 00037376 _____ C:\Windows\system32\weknu.drw
2014-01-02 12:43 - 2014-01-02 12:21 - 00000097 _____ C:\Windows\system32\doyqswk.can
2014-01-02 12:29 - 2014-01-02 12:29 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Xilisoft
2014-01-02 12:26 - 2014-01-02 12:26 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2014-01-02 12:21 - 2014-01-02 12:21 - 00000064 _____ C:\Windows\system32\rhblb.baj
2014-01-02 12:07 - 2014-01-02 12:07 - 00219314 ____S C:\Windows\system32\rivq.nsf
2014-01-02 11:59 - 2014-01-02 11:59 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Boilsoft
2014-01-02 11:59 - 2014-01-02 11:59 - 00000000 ____D C:\Program Files (x86)\Boilsoft
2014-01-01 20:26 - 2014-01-01 20:26 - 00000000 ____D C:\Users\Rosanna\Desktop\bacjup rosanna usb stick
2013-12-30 17:55 - 2013-12-30 17:55 - 00275120 _____ C:\Windows\Minidump\123013-28922-01.dmp
2013-12-30 17:55 - 2013-12-17 21:46 - 384970222 _____ C:\Windows\MEMORY.DMP
2013-12-29 12:17 - 2013-12-29 12:17 - 00275120 _____ C:\Windows\Minidump\122913-30700-01.dmp
2013-12-23 23:24 - 2013-11-28 12:05 - 00002980 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Rosanna
2013-12-23 23:24 - 2013-11-28 12:05 - 00000378 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Rosanna.job
2013-12-23 23:08 - 2013-11-28 12:05 - 00002976 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Rosanna
2013-12-23 23:08 - 2013-11-28 12:05 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Rosanna.job
2013-12-20 16:42 - 2013-12-20 16:42 - 00002406 _____ C:\Users\Rosanna\Desktop\Complex 9.0.1.lnk
2013-12-20 16:34 - 2013-12-18 12:30 - 00000000 ____D C:\Users\Rosanna\Desktop\homeworld 2 mods
2013-12-20 16:24 - 2013-05-27 14:13 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2013-12-18 12:43 - 2013-05-25 19:10 - 00002428 _____ C:\Users\Rosanna\Desktop\R.E.A.R.M..lnk
2013-12-18 12:43 - 2013-05-25 19:10 - 00002352 _____ C:\Users\Public\Desktop\R.A.D.A.R..lnk
2013-12-17 21:46 - 2013-12-17 21:46 - 00275120 _____ C:\Windows\Minidump\121713-22635-01.dmp
2013-12-15 12:40 - 2013-08-16 11:54 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 12:38 - 2011-10-11 11:57 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-11 22:07 - 2011-10-16 08:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 21:07 - 2012-12-23 13:48 - 00000000 ____D C:\Users\Rosanna\Desktop\fitness stuff
2013-12-11 21:02 - 2013-12-11 21:02 - 00000000 _____ C:\Windows\setuperr.log
ZeroAccess:
C:\Users\Rosanna\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

ZeroAccess:
C:\Users\Rosanna\AppData\Local\{e52fd398-1d74-ee88-1c48-97d39a6edae1}

Alureon:
C:\Users\Rosanna\AppData\Local\Temp\sbsiiip\syqdvut\wow64.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 17:00] - [2009-07-13 18:41] - 0509952 ____A (Microsoft Corporation) 3163ABD2A4FF5C1A3BA2FC38D8A1C649

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-29 12:48

==================== End Of Log ============================



#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 09 January 2014 - 10:29 PM

Let's see if we have more inside.

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 rr716

rr716
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 11 January 2014 - 12:10 AM

Ok here are the results.

 

 

21:50:21.0947 0x0f8c TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50

21:50:26.0313 0x0f8c ============================================================

21:50:26.0313 0x0f8c Current date / time: 2014/01/10 21:50:26.0313

21:50:26.0313 0x0f8c SystemInfo:

21:50:26.0313 0x0f8c

21:50:26.0313 0x0f8c OS Version: 6.1.7600 ServicePack: 0.0

21:50:26.0313 0x0f8c Product type: Workstation

21:50:26.0313 0x0f8c ComputerName: ROSANNA-PC

21:50:26.0373 0x0f8c UserName: Rosanna

21:50:26.0373 0x0f8c Windows directory: C:\Windows

21:50:26.0373 0x0f8c System windows directory: C:\Windows

21:50:26.0373 0x0f8c Running under WOW64

21:50:26.0373 0x0f8c Processor architecture: Intel x64

21:50:26.0373 0x0f8c Number of processors: 2

21:50:26.0373 0x0f8c Page size: 0x1000

21:50:26.0373 0x0f8c Boot type: Normal boot

21:50:26.0373 0x0f8c ============================================================

21:50:33.0985 0x0f8c KLMD registered as C:\Windows\system32\drivers\99663733.sys

21:50:34.0690 0x0f8c System UUID: {F29973D8-771F-AB5E-2B0D-270A85BD04AD}

21:50:36.0616 0x0f8c Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:50:36.0641 0x0f8c ============================================================

21:50:36.0641 0x0f8c \Device\Harddisk0\DR0:

21:50:36.0841 0x0f8c MBR partitions:

21:50:36.0841 0x0f8c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

21:50:36.0841 0x0f8c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BF95000

21:50:36.0841 0x0f8c ============================================================

21:50:37.0466 0x0f8c C: <-> \Device\Harddisk0\DR0\Partition2

21:50:37.0546 0x0f8c ============================================================

21:50:37.0546 0x0f8c Initialize success

21:50:37.0546 0x0f8c ============================================================

21:53:21.0193 0x09dc ============================================================

21:53:21.0193 0x09dc Scan started

21:53:21.0193 0x09dc Mode: Manual; SigCheck; TDLFS;

21:53:21.0193 0x09dc ============================================================

21:53:21.0193 0x09dc KSN ping started

21:53:36.0215 0x09dc KSN ping finished: true

21:53:38.0744 0x09dc ================ Scan system memory ========================

21:53:38.0744 0x09dc System memory - ok

21:53:38.0749 0x09dc ================ Scan services =============================

21:53:39.0781 0x09dc [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

21:53:40.0316 0x09dc 1394ohci - ok

21:53:40.0467 0x09dc [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

21:53:40.0522 0x09dc ACPI - ok

21:53:40.0631 0x09dc [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

21:53:40.0745 0x09dc AcpiPmi - ok

21:53:40.0947 0x09dc [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

21:53:41.0065 0x09dc AdobeARMservice - ok

21:53:41.0309 0x09dc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

21:53:41.0437 0x09dc adp94xx - ok

21:53:41.0562 0x09dc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

21:53:41.0613 0x09dc adpahci - ok

21:53:41.0761 0x09dc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

21:53:41.0830 0x09dc adpu320 - ok

21:53:41.0873 0x09dc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

21:53:43.0191 0x09dc AeLookupSvc - ok

21:53:43.0367 0x09dc [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD C:\Windows\system32\drivers\afd.sys

21:53:43.0731 0x09dc AFD - ok

21:53:43.0803 0x09dc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

21:53:43.0858 0x09dc agp440 - ok

21:53:43.0927 0x09dc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe

21:53:44.0189 0x09dc ALG - ok

21:53:44.0315 0x09dc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

21:53:44.0461 0x09dc aliide - ok

21:53:44.0661 0x09dc [ D696F317BD465A602566F8E1DCCE15F7, 6CE77CD4221C0854986F760D1944DF9F4255192D99630D43A0527A6D58D83406 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

21:53:44.0967 0x09dc AMD External Events Utility - ok

21:53:45.0234 0x09dc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\DRIVERS\amdide.sys

21:53:45.0404 0x09dc amdide - ok

21:53:45.0606 0x09dc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

21:53:45.0760 0x09dc AmdK8 - ok

21:53:45.0813 0x09dc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

21:53:45.0895 0x09dc AmdPPM - ok

21:53:45.0948 0x09dc [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata C:\Windows\system32\drivers\amdsata.sys

21:53:46.0038 0x09dc amdsata - ok

21:53:46.0110 0x09dc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

21:53:46.0179 0x09dc amdsbs - ok

21:53:46.0214 0x09dc [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata C:\Windows\system32\drivers\amdxata.sys

21:53:46.0324 0x09dc amdxata - ok

21:53:46.0401 0x09dc [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID C:\Windows\system32\drivers\appid.sys

21:53:46.0602 0x09dc AppID - ok

21:53:46.0675 0x09dc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll

21:53:46.0802 0x09dc AppIDSvc - ok

21:53:46.0887 0x09dc [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo C:\Windows\System32\appinfo.dll

21:53:47.0038 0x09dc Appinfo - ok

21:53:47.0201 0x09dc [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:53:47.0304 0x09dc Apple Mobile Device - ok

21:53:47.0360 0x09dc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys

21:53:47.0411 0x09dc arc - ok

21:53:47.0529 0x09dc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

21:53:47.0698 0x09dc arcsas - ok

21:53:47.0776 0x09dc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

21:53:47.0895 0x09dc AsyncMac - ok

21:53:47.0929 0x09dc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\DRIVERS\atapi.sys

21:53:47.0976 0x09dc atapi - ok

21:53:48.0106 0x09dc [ 88A02B6046356E6BE4E387FAA7451439, 6F9ADE0F5278191EE2A46F8517BB7CB5AB3D279D248E39BB6060B8FE3E52DF30 ] athr C:\Windows\system32\DRIVERS\athrx.sys

21:53:48.0384 0x09dc athr - ok

21:53:48.0897 0x09dc [ 52BD95CAA9CAE8977FE043E9AD6D2D0E, E96DD29A2FCE1403340CB29D34F657DF17F483F62A2E8E24890F9BC4812B2971 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

21:53:49.0983 0x09dc atikmdag - ok

21:53:50.0064 0x09dc [ 7C5D273E29DCC5505469B299C6F29163, 206CAB85CE12A3953F0861C811575DC7FD000147436219EEE334584A33370B3A ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

21:53:50.0188 0x09dc AtiPcie - ok

21:53:50.0329 0x09dc [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:53:50.0531 0x09dc AudioEndpointBuilder - ok

21:53:50.0591 0x09dc [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv C:\Windows\System32\Audiosrv.dll

21:53:50.0712 0x09dc AudioSrv - ok

21:53:50.0776 0x09dc [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV C:\Windows\System32\AxInstSV.dll

21:53:50.0999 0x09dc AxInstSV - ok

21:53:51.0073 0x09dc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

21:53:51.0181 0x09dc b06bdrv - ok

21:53:51.0250 0x09dc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

21:53:51.0363 0x09dc b57nd60a - ok

21:53:51.0440 0x09dc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll

21:53:52.0016 0x09dc BDESVC - ok

21:53:52.0125 0x09dc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys

21:53:52.0222 0x09dc Beep - ok

21:53:52.0322 0x09dc [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE C:\Windows\System32\bfe.dll

21:53:52.0539 0x09dc BFE - ok

21:53:52.0667 0x09dc [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS C:\Windows\System32\qmgr.dll

21:53:52.0850 0x09dc BITS - ok

21:53:52.0907 0x09dc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

21:53:52.0966 0x09dc blbdrive - ok

21:53:53.0111 0x09dc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

21:53:53.0213 0x09dc Bonjour Service - ok

21:53:53.0253 0x09dc [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser C:\Windows\system32\DRIVERS\bowser.sys

21:53:53.0347 0x09dc bowser - ok

21:53:53.0370 0x09dc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

21:53:53.0480 0x09dc BrFiltLo - ok

21:53:53.0779 0x09dc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

21:53:53.0913 0x09dc BrFiltUp - ok

21:53:53.0961 0x09dc [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser C:\Windows\System32\browser.dll

21:53:54.0067 0x09dc Browser - ok

21:53:54.0100 0x09dc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys

21:53:54.0272 0x09dc Brserid - ok

21:53:54.0332 0x09dc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

21:53:54.0429 0x09dc BrSerWdm - ok

21:53:54.0449 0x09dc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

21:53:54.0551 0x09dc BrUsbMdm - ok

21:53:54.0586 0x09dc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

21:53:54.0648 0x09dc BrUsbSer - ok

21:53:54.0663 0x09dc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

21:53:54.0770 0x09dc BTHMODEM - ok

21:53:54.0822 0x09dc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll

21:53:54.0948 0x09dc bthserv - ok

21:53:54.0968 0x09dc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

21:53:55.0100 0x09dc cdfs - ok

21:53:55.0258 0x09dc [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

21:53:55.0365 0x09dc cdrom - ok

21:53:55.0560 0x09dc [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc C:\Windows\System32\certprop.dll

21:53:55.0971 0x09dc CertPropSvc - ok

21:53:56.0031 0x09dc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

21:53:56.0191 0x09dc circlass - ok

21:53:56.0280 0x09dc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys

21:53:56.0348 0x09dc CLFS - ok

21:53:56.0599 0x09dc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:53:56.0892 0x09dc clr_optimization_v2.0.50727_32 - ok

21:53:57.0137 0x09dc [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:53:57.0327 0x09dc clr_optimization_v2.0.50727_64 - ok

21:53:57.0584 0x09dc [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:53:58.0014 0x09dc clr_optimization_v4.0.30319_32 - ok

21:53:58.0151 0x09dc [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:53:58.0370 0x09dc clr_optimization_v4.0.30319_64 - ok

21:53:58.0447 0x09dc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

21:53:59.0048 0x09dc CmBatt - ok

21:53:59.0083 0x09dc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

21:53:59.0129 0x09dc cmdide - ok

21:53:59.0180 0x09dc [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG C:\Windows\system32\Drivers\cng.sys

21:53:59.0330 0x09dc CNG - ok

21:53:59.0408 0x09dc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

21:53:59.0524 0x09dc Compbatt - ok

21:53:59.0602 0x09dc [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

21:53:59.0839 0x09dc CompositeBus - ok

21:53:59.0860 0x09dc COMSysApp - ok

21:53:59.0892 0x09dc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

21:53:59.0938 0x09dc crcdisk - ok

21:54:00.0023 0x09dc [ BAF19B633933A9FB4883D27D66C39E9A, 2D8ABB5161736CCCADA67B3E6A8D70B0B5E1E3FE6084561891F394DA191B3439 ] CryptSvc C:\Windows\system32\cryptsvc.dll

21:54:00.0365 0x09dc CryptSvc - ok

21:54:00.0575 0x09dc [ 3163ABD2A4FF5C1A3BA2FC38D8A1C649, 9D1864B59B32E03AE35AB8093BF12D184B7AA3630B86FB280A38F31661440E3E ] DcomLaunch C:\Windows\system32\rpcss.dll

21:54:00.0683 0x09dc DcomLaunch - detected UnsignedFile.Multi.Generic ( 1 )

21:54:03.0786 0x09dc Object is SCO, delete is not allowed

21:54:03.0786 0x09dc DcomLaunch ( UnsignedFile.Multi.Generic ) - warning

21:54:06.0783 0x09dc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll

21:54:06.0930 0x09dc defragsvc - ok

21:54:06.0992 0x09dc [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC C:\Windows\system32\Drivers\dfsc.sys

21:54:07.0169 0x09dc DfsC - ok

21:54:07.0244 0x09dc [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp C:\Windows\system32\dhcpcore.dll

21:54:07.0376 0x09dc Dhcp - ok

21:54:07.0401 0x09dc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys

21:54:07.0557 0x09dc discache - ok

21:54:07.0598 0x09dc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys

21:54:07.0663 0x09dc Disk - ok

21:54:07.0718 0x09dc [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache C:\Windows\System32\dnsrslvr.dll

21:54:07.0800 0x09dc Dnscache - ok

21:54:07.0840 0x09dc [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc C:\Windows\System32\dot3svc.dll

21:54:07.0983 0x09dc dot3svc - ok

21:54:08.0124 0x09dc [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS C:\Windows\system32\dps.dll

21:54:08.0329 0x09dc DPS - ok

21:54:08.0398 0x09dc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

21:54:08.0561 0x09dc drmkaud - ok

21:54:08.0632 0x09dc [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

21:54:08.0816 0x09dc DXGKrnl - ok

21:54:08.0899 0x09dc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll

21:54:08.0993 0x09dc EapHost - ok

21:54:09.0200 0x09dc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

21:54:09.0559 0x09dc ebdrv - ok

21:54:09.0607 0x09dc [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS C:\Windows\System32\lsass.exe

21:54:09.0735 0x09dc EFS - ok

21:54:09.0896 0x09dc [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

21:54:10.0147 0x09dc ehRecvr - ok

21:54:10.0179 0x09dc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe

21:54:10.0306 0x09dc ehSched - ok

21:54:10.0406 0x09dc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

21:54:10.0520 0x09dc elxstor - ok

21:54:10.0544 0x09dc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

21:54:10.0618 0x09dc ErrDev - ok

21:54:10.0708 0x09dc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll

21:54:10.0827 0x09dc EventSystem - ok

21:54:10.0865 0x09dc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys

21:54:10.0977 0x09dc exfat - ok

21:54:11.0007 0x09dc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys

21:54:11.0217 0x09dc fastfat - ok

21:54:11.0309 0x09dc [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax C:\Windows\system32\fxssvc.exe

21:54:11.0543 0x09dc Fax - ok

21:54:11.0618 0x09dc [ 1B022917A416D41800F7AEB89B453D33, E09766B9EC30B1B13711001AC43F3643A8A7AFA91E609A72290356B02455224D ] FCSAM c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe

21:54:11.0658 0x09dc FCSAM - ok

21:54:11.0715 0x09dc [ 7C9CB154260DA35D8925A11945E7015B, F441AA2B55326B524B345CBB2C33B3A18FBF9432230A5295E52086B1910AA7ED ] FcsSas C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe

21:54:11.0780 0x09dc FcsSas - ok

21:54:11.0820 0x09dc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys

21:54:11.0920 0x09dc fdc - ok

21:54:12.0027 0x09dc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll

21:54:12.0136 0x09dc fdPHost - ok

21:54:12.0157 0x09dc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll

21:54:12.0289 0x09dc FDResPub - ok

21:54:12.0317 0x09dc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

21:54:12.0375 0x09dc FileInfo - ok

21:54:12.0393 0x09dc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

21:54:12.0540 0x09dc Filetrace - ok

21:54:12.0581 0x09dc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

21:54:12.0655 0x09dc flpydisk - ok

21:54:12.0774 0x09dc [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

21:54:12.0841 0x09dc FltMgr - ok

21:54:13.0185 0x09dc [ CB5E4B9C319E3C6BB363EB7E58A4A051, C9DCF2C2A6AFE0A0F3E23A265843D0C423C08B2E54702C5B389CF293D9A6BAC5 ] FontCache C:\Windows\system32\FntCache.dll

21:54:13.0848 0x09dc FontCache - ok

21:54:14.0033 0x09dc [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:54:14.0854 0x09dc FontCache3.0.0.0 - ok

21:54:15.0013 0x09dc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

21:54:15.0378 0x09dc FsDepends - ok

21:54:15.0421 0x09dc [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

21:54:15.0563 0x09dc Fs_Rec - ok

21:54:15.0673 0x09dc [ 1F44F8559E61A8306ECC67BB1E168B7C, 5B7CDD4EDF128B48817145357BB36E2107F0D081C26004B44BFF7C63AD29D99B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

21:54:16.0250 0x09dc fvevol - ok

21:54:16.0381 0x09dc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

21:54:16.0485 0x09dc gagp30kx - ok

21:54:16.0581 0x09dc [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:54:16.0686 0x09dc GEARAspiWDM - ok

21:54:16.0764 0x09dc [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc C:\Windows\System32\gpsvc.dll

21:54:17.0103 0x09dc gpsvc - ok

21:54:17.0349 0x09dc [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:54:17.0575 0x09dc gupdate - ok

21:54:17.0684 0x09dc [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:54:17.0945 0x09dc gupdatem - ok

21:54:18.0313 0x09dc [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

21:54:18.0601 0x09dc gusvc - ok

21:54:18.0633 0x09dc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

21:54:19.0016 0x09dc hcw85cir - ok

21:54:19.0110 0x09dc [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

21:54:19.0395 0x09dc HdAudAddService - ok

21:54:19.0509 0x09dc [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

21:54:19.0784 0x09dc HDAudBus - ok

21:54:19.0860 0x09dc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

21:54:20.0232 0x09dc HidBatt - ok

21:54:20.0416 0x09dc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

21:54:20.0683 0x09dc HidBth - ok

21:54:20.0734 0x09dc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

21:54:20.0934 0x09dc HidIr - ok

21:54:20.0980 0x09dc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll

21:54:21.0160 0x09dc hidserv - ok

21:54:21.0236 0x09dc [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

21:54:21.0340 0x09dc HidUsb - ok

21:54:21.0403 0x09dc [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc C:\Windows\system32\kmsvc.dll

21:54:21.0569 0x09dc hkmsvc - ok

21:54:21.0718 0x09dc [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll

21:54:21.0870 0x09dc HomeGroupListener - ok

21:54:21.0902 0x09dc [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

21:54:22.0055 0x09dc HomeGroupProvider - ok

21:54:22.0117 0x09dc [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

21:54:22.0185 0x09dc HpSAMD - ok

21:54:22.0247 0x09dc [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP C:\Windows\system32\drivers\HTTP.sys

21:54:22.0416 0x09dc HTTP - ok

21:54:22.0463 0x09dc [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

21:54:22.0568 0x09dc hwpolicy - ok

21:54:22.0637 0x09dc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

21:54:22.0717 0x09dc i8042prt - ok

21:54:22.0782 0x09dc [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

21:54:23.0023 0x09dc iaStorV - ok

21:54:23.0147 0x09dc [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:54:23.0288 0x09dc idsvc - ok

21:54:23.0355 0x09dc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

21:54:23.0441 0x09dc iirsp - ok

21:54:23.0554 0x09dc [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT C:\Windows\System32\ikeext.dll

21:54:23.0749 0x09dc IKEEXT - ok

21:54:23.0816 0x09dc InCDFs - ok

21:54:23.0854 0x09dc InCDPass - ok

21:54:23.0860 0x09dc InCDRm - ok

21:54:23.0913 0x09dc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\DRIVERS\intelide.sys

21:54:23.0962 0x09dc intelide - ok

21:54:24.0030 0x09dc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

21:54:24.0263 0x09dc intelppm - ok

21:54:24.0327 0x09dc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll

21:54:24.0514 0x09dc IPBusEnum - ok

21:54:24.0570 0x09dc [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:54:24.0796 0x09dc IpFilterDriver - ok

21:54:24.0913 0x09dc [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

21:54:25.0155 0x09dc iphlpsvc - ok

21:54:25.0308 0x09dc [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

21:54:25.0416 0x09dc IPMIDRV - ok

21:54:25.0447 0x09dc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys

21:54:25.0580 0x09dc IPNAT - ok

21:54:25.0644 0x09dc [ 44886233135241F3990724082EB104EE, B30FB6D5B4FABAE5D8854E9C32114DA56E71DF9CECC628C6BF54FB66FFC3D2E2 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

21:54:25.0778 0x09dc iPod Service - ok

21:54:25.0834 0x09dc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys

21:54:25.0972 0x09dc IRENUM - ok

21:54:25.0998 0x09dc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

21:54:26.0098 0x09dc isapnp - ok

21:54:26.0140 0x09dc [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

21:54:26.0192 0x09dc iScsiPrt - ok

21:54:26.0273 0x09dc [ 5435C2A54C64D6806644405C529D25E3, 72F71EC3CAB6DB62FDFC2E3CE4B49C5F021BAAC44CA521C32FE8EE359AFA554E ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

21:54:26.0366 0x09dc ISWKL - ok

21:54:26.0462 0x09dc [ A9481F668AC9EEC6E45D2F6059A9FD7D, 1343A81AD293155435401753AB1AEC752374B4C6EBC6898EC00EF42FC27D92B6 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

21:54:26.0531 0x09dc IswSvc - ok

21:54:26.0591 0x09dc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

21:54:26.0684 0x09dc kbdclass - ok

21:54:26.0750 0x09dc [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

21:54:26.0882 0x09dc kbdhid - ok

21:54:26.0922 0x09dc [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso C:\Windows\system32\lsass.exe

21:54:27.0112 0x09dc KeyIso - ok

21:54:27.0152 0x09dc [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

21:54:27.0217 0x09dc KSecDD - ok

21:54:27.0280 0x09dc [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

21:54:27.0401 0x09dc KSecPkg - ok

21:54:27.0450 0x09dc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

21:54:27.0680 0x09dc ksthunk - ok

21:54:27.0732 0x09dc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll

21:54:28.0077 0x09dc KtmRm - ok

21:54:28.0155 0x09dc [ 655A5D8E80869781CCE23760ADA7E695, 86DA2FC5DBA28762A89BC70D9DA0F370FC4A9F4F28E6802AD5972C387F4EEFD3 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

21:54:28.0226 0x09dc L1C - ok

21:54:28.0294 0x09dc [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer C:\Windows\system32\srvsvc.dll

21:54:28.0436 0x09dc LanmanServer - ok

21:54:28.0506 0x09dc [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:54:28.0643 0x09dc LanmanWorkstation - ok

21:54:28.0731 0x09dc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

21:54:28.0827 0x09dc lltdio - ok

21:54:28.0874 0x09dc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll

21:54:29.0092 0x09dc lltdsvc - ok

21:54:29.0122 0x09dc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll

21:54:29.0226 0x09dc lmhosts - ok

21:54:29.0284 0x09dc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

21:54:29.0331 0x09dc LSI_FC - ok

21:54:29.0366 0x09dc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

21:54:29.0413 0x09dc LSI_SAS - ok

21:54:29.0435 0x09dc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

21:54:29.0518 0x09dc LSI_SAS2 - ok

21:54:29.0580 0x09dc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

21:54:29.0620 0x09dc LSI_SCSI - ok

21:54:29.0665 0x09dc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys

21:54:29.0876 0x09dc luafv - ok

21:54:29.0961 0x09dc [ 90AA9E273410AD7A41D2D06E0FB46022, DE8D57149D503F9D5B3B6D4133482C9A19F8BB1FF0FCCADBB0F5B4E64121F92C ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys

21:54:30.0152 0x09dc mbamchameleon - ok

21:54:30.0416 0x09dc [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

21:54:30.0519 0x09dc MBAMProtector - ok

21:54:30.0691 0x09dc [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

21:54:30.0798 0x09dc MBAMScheduler - ok

21:54:31.0014 0x09dc [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

21:54:31.0173 0x09dc MBAMService - ok

21:54:31.0238 0x09dc [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

21:54:31.0313 0x09dc Mcx2Svc - ok

21:54:31.0372 0x09dc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

21:54:31.0459 0x09dc megasas - ok

21:54:31.0514 0x09dc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

21:54:31.0608 0x09dc MegaSR - ok

21:54:31.0677 0x09dc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll

21:54:31.0894 0x09dc MMCSS - ok

21:54:31.0975 0x09dc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys

21:54:32.0124 0x09dc Modem - ok

21:54:32.0176 0x09dc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

21:54:32.0236 0x09dc monitor - ok

21:54:32.0286 0x09dc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

21:54:32.0351 0x09dc mouclass - ok

21:54:32.0396 0x09dc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

21:54:32.0461 0x09dc mouhid - ok

21:54:32.0498 0x09dc [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

21:54:32.0660 0x09dc mountmgr - ok

21:54:32.0736 0x09dc [ 3CF4CC81DF38E7B476F6C4AAB4194206, 58107CFC33B686388EC20D283D9B79672CE3999429D7FCB3C468E9B610AFC1B3 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

21:54:32.0830 0x09dc MpFilter - ok

21:54:32.0885 0x09dc [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio C:\Windows\system32\DRIVERS\mpio.sys

21:54:32.0945 0x09dc mpio - ok

21:54:33.0018 0x09dc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

21:54:33.0273 0x09dc mpsdrv - ok

21:54:33.0567 0x09dc [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc C:\Windows\system32\mpssvc.dll

21:54:34.0111 0x09dc MpsSvc - ok

21:54:34.0153 0x09dc [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

21:54:34.0330 0x09dc MRxDAV - ok

21:54:34.0391 0x09dc [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

21:54:34.0599 0x09dc mrxsmb - ok

21:54:34.0833 0x09dc [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:54:35.0393 0x09dc mrxsmb10 - ok

21:54:35.0479 0x09dc [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:54:36.0582 0x09dc mrxsmb20 - ok

21:54:36.0629 0x09dc [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci C:\Windows\system32\DRIVERS\msahci.sys

21:54:36.0722 0x09dc msahci - ok

21:54:36.0816 0x09dc [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

21:54:36.0866 0x09dc msdsm - ok

21:54:36.0890 0x09dc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe

21:54:37.0401 0x09dc MSDTC - ok

21:54:37.0472 0x09dc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys

21:54:37.0715 0x09dc Msfs - ok

21:54:37.0772 0x09dc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

21:54:38.0065 0x09dc mshidkmdf - ok

21:54:38.0090 0x09dc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

21:54:38.0237 0x09dc msisadrv - ok

21:54:38.0287 0x09dc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

21:54:38.0622 0x09dc MSiSCSI - ok

21:54:38.0630 0x09dc msiserver - ok

21:54:38.0691 0x09dc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

21:54:38.0870 0x09dc MSKSSRV - ok

21:54:38.0943 0x09dc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

21:54:39.0079 0x09dc MSPCLOCK - ok

21:54:39.0100 0x09dc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

21:54:39.0196 0x09dc MSPQM - ok

21:54:39.0267 0x09dc [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

21:54:39.0338 0x09dc MsRPC - ok

21:54:39.0393 0x09dc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

21:54:39.0495 0x09dc mssmbios - ok

21:54:39.0572 0x09dc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

21:54:39.0991 0x09dc MSTEE - ok

21:54:40.0073 0x09dc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

21:54:40.0307 0x09dc MTConfig - ok

21:54:40.0333 0x09dc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys

21:54:40.0377 0x09dc Mup - ok

21:54:40.0438 0x09dc [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent C:\Windows\system32\qagentRT.dll

21:54:40.0561 0x09dc napagent - ok

21:54:40.0780 0x09dc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

21:54:40.0986 0x09dc NativeWifiP - ok

21:54:41.0241 0x09dc [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS C:\Windows\system32\drivers\ndis.sys

21:54:41.0353 0x09dc NDIS - ok

21:54:41.0437 0x09dc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

21:54:41.0648 0x09dc NdisCap - ok

21:54:41.0688 0x09dc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

21:54:41.0899 0x09dc NdisTapi - ok

21:54:41.0946 0x09dc [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

21:54:42.0020 0x09dc Ndisuio - ok

21:54:42.0067 0x09dc [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

21:54:42.0192 0x09dc NdisWan - ok

21:54:42.0235 0x09dc [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

21:54:42.0355 0x09dc NDProxy - ok

21:54:42.0404 0x09dc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

21:54:42.0626 0x09dc NetBIOS - ok

21:54:42.0765 0x09dc [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

21:54:43.0151 0x09dc NetBT - ok

21:54:43.0216 0x09dc [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon C:\Windows\system32\lsass.exe

21:54:43.0278 0x09dc Netlogon - ok

21:54:43.0349 0x09dc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll

21:54:43.0470 0x09dc Netman - ok

21:54:43.0534 0x09dc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll

21:54:43.0692 0x09dc netprofm - ok

21:54:43.0742 0x09dc [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:54:43.0798 0x09dc NetTcpPortSharing - ok

21:54:43.0866 0x09dc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

21:54:43.0922 0x09dc nfrd960 - ok

21:54:43.0993 0x09dc [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc C:\Windows\System32\nlasvc.dll

21:54:44.0154 0x09dc NlaSvc - ok

21:54:44.0195 0x09dc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys

21:54:44.0444 0x09dc Npfs - ok

21:54:44.0509 0x09dc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll

21:54:44.0828 0x09dc nsi - ok

21:54:44.0957 0x09dc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

21:54:45.0056 0x09dc nsiproxy - ok

21:54:45.0602 0x09dc [ 9A6089B056EA1B83B36424FC9D0A300E, EA60282C5A32B497921B568C1FE735F5BDB9D954DDC4E609F7F3CAE5ED823CEC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

21:54:45.0894 0x09dc Ntfs - ok

21:54:45.0932 0x09dc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys

21:54:46.0040 0x09dc Null - ok

21:54:46.0085 0x09dc [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid C:\Windows\system32\drivers\nvraid.sys

21:54:46.0153 0x09dc nvraid - ok

21:54:46.0184 0x09dc [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor C:\Windows\system32\drivers\nvstor.sys

21:54:46.0262 0x09dc nvstor - ok

21:54:46.0335 0x09dc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

21:54:46.0601 0x09dc nv_agp - ok

21:54:47.0022 0x09dc [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

21:54:47.0626 0x09dc odserv - ok

21:54:47.0712 0x09dc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

21:54:48.0011 0x09dc ohci1394 - ok

21:54:48.0081 0x09dc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:54:48.0330 0x09dc ose - ok

21:54:48.0899 0x09dc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys

21:54:49.0117 0x09dc Parport - ok

21:54:49.0182 0x09dc [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr C:\Windows\system32\drivers\partmgr.sys

21:54:49.0260 0x09dc partmgr - ok

21:54:49.0495 0x09dc [ 7C0582921913D00180EC2B8518BA135C, E44FA5FF498CC5C7E7CE120A6C5E1AAE206A450963335379FBE67C6B9E6F64B2 ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys

21:54:49.0622 0x09dc pbfilter - ok

21:54:49.0723 0x09dc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll

21:54:50.0578 0x09dc PcaSvc - ok

21:54:50.0689 0x09dc [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci C:\Windows\system32\DRIVERS\pci.sys

21:54:50.0809 0x09dc pci - ok

21:54:50.0837 0x09dc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\DRIVERS\pciide.sys

21:54:51.0225 0x09dc pciide - ok

21:54:51.0420 0x09dc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

21:54:51.0645 0x09dc pcmcia - ok

21:54:51.0737 0x09dc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys

21:54:51.0803 0x09dc pcw - ok

21:54:51.0947 0x09dc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys

21:54:52.0336 0x09dc PEAUTH - ok

21:54:52.0445 0x09dc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe

21:54:52.0698 0x09dc PerfHost - ok

21:54:52.0933 0x09dc [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla C:\Windows\system32\pla.dll

21:54:53.0403 0x09dc pla - ok

21:54:53.0474 0x09dc [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay C:\Windows\system32\umpnpmgr.dll

21:54:53.0744 0x09dc PlugPlay - ok

21:54:53.0840 0x09dc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

21:54:53.0982 0x09dc PNRPAutoReg - ok

21:54:54.0148 0x09dc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

21:54:54.0272 0x09dc PNRPsvc - ok

21:54:54.0364 0x09dc [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

21:54:54.0627 0x09dc PolicyAgent - ok

21:54:54.0744 0x09dc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll

21:54:54.0905 0x09dc Power - ok

21:54:55.0057 0x09dc [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

21:54:55.0221 0x09dc PptpMiniport - ok

21:54:55.0268 0x09dc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys

21:54:55.0411 0x09dc Processor - ok

21:54:55.0501 0x09dc [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc C:\Windows\system32\profsvc.dll

21:54:55.0655 0x09dc ProfSvc - ok

21:54:55.0676 0x09dc [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\Windows\system32\lsass.exe

21:54:55.0711 0x09dc ProtectedStorage - ok

21:54:55.0778 0x09dc [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

21:54:55.0969 0x09dc Psched - ok

21:54:56.0078 0x09dc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

21:54:56.0324 0x09dc ql2300 - ok

21:54:56.0402 0x09dc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

21:54:56.0507 0x09dc ql40xx - ok

21:54:56.0580 0x09dc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll

21:54:56.0935 0x09dc QWAVE - ok

21:54:56.0957 0x09dc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

21:54:57.0077 0x09dc QWAVEdrv - ok

21:54:57.0134 0x09dc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

21:54:57.0279 0x09dc RasAcd - ok

21:54:57.0334 0x09dc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

21:54:57.0425 0x09dc RasAgileVpn - ok

21:54:57.0467 0x09dc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll

21:54:57.0613 0x09dc RasAuto - ok

21:54:57.0739 0x09dc [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

21:54:57.0911 0x09dc Rasl2tp - ok

21:54:57.0983 0x09dc [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan C:\Windows\System32\rasmans.dll

21:54:58.0076 0x09dc RasMan - ok

21:54:58.0120 0x09dc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

21:54:58.0231 0x09dc RasPppoe - ok

21:54:58.0279 0x09dc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

21:54:58.0384 0x09dc RasSstp - ok

21:54:58.0508 0x09dc [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

21:54:58.0805 0x09dc rdbss - ok

21:54:58.0845 0x09dc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

21:54:58.0922 0x09dc rdpbus - ok

21:54:58.0950 0x09dc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

21:54:59.0066 0x09dc RDPCDD - ok

21:54:59.0134 0x09dc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

21:54:59.0293 0x09dc RDPENCDD - ok

21:54:59.0320 0x09dc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

21:54:59.0474 0x09dc RDPREFMP - ok

21:54:59.0599 0x09dc [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

21:54:59.0714 0x09dc RDPWD - ok

21:55:00.0171 0x09dc [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

21:55:00.0265 0x09dc rdyboost - ok

21:55:00.0332 0x09dc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll

21:55:00.0440 0x09dc RemoteAccess - ok

21:55:00.0719 0x09dc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll

21:55:00.0836 0x09dc RemoteRegistry - ok

21:55:00.0897 0x09dc [ AD42432D22940B4215177BE113E4919C, BF04E1F942846B928E523727EB03BBFA83FCE535CF7C0A4E787A5CBA46D5BF8D ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

21:55:01.0029 0x09dc RimUsb - ok

21:55:01.0144 0x09dc [ 4AAFFFA67AC4DFA3D9985D78573887E2, A2A4623A1DFA3C1BF0B09390F3731AFF5616BF9E9144F5DEEAA89B37E445D834 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

21:55:01.0339 0x09dc RimVSerPort - ok

21:55:01.0472 0x09dc [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

21:55:01.0729 0x09dc ROOTMODEM - ok

21:55:01.0812 0x09dc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

21:55:01.0978 0x09dc RpcEptMapper - ok

21:55:02.0019 0x09dc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe

21:55:02.0267 0x09dc RpcLocator - ok

21:55:02.0323 0x09dc [ 3163ABD2A4FF5C1A3BA2FC38D8A1C649, 9D1864B59B32E03AE35AB8093BF12D184B7AA3630B86FB280A38F31661440E3E ] RpcSs C:\Windows\system32\rpcss.dll

21:55:02.0458 0x09dc RpcSs - detected UnsignedFile.Multi.Generic ( 1 )

21:55:02.0458 0x09dc Object is SCO, delete is not allowed

21:55:02.0458 0x09dc RpcSs ( UnsignedFile.Multi.Generic ) - warning

21:55:18.0355 0x09dc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

21:55:18.0479 0x09dc rspndr - ok

21:55:18.0521 0x09dc [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs C:\Windows\system32\lsass.exe

21:55:18.0556 0x09dc SamSs - ok

21:55:18.0595 0x09dc [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

21:55:18.0634 0x09dc sbp2port - ok

21:55:18.0709 0x09dc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll

21:55:18.0863 0x09dc SCardSvr - ok

21:55:18.0892 0x09dc [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

21:55:18.0972 0x09dc scfilter - ok

21:55:19.0101 0x09dc [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule C:\Windows\system32\schedsvc.dll

21:55:19.0273 0x09dc Schedule - ok

21:55:19.0315 0x09dc [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc C:\Windows\System32\certprop.dll

21:55:19.0422 0x09dc SCPolicySvc - ok

21:55:19.0452 0x09dc [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC C:\Windows\System32\SDRSVC.dll

21:55:19.0703 0x09dc SDRSVC - ok

21:55:19.0809 0x09dc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys

21:55:19.0991 0x09dc secdrv - ok

21:55:20.0019 0x09dc [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon C:\Windows\system32\seclogon.dll

21:55:20.0236 0x09dc seclogon - ok

21:55:20.0272 0x09dc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll

21:55:20.0377 0x09dc SENS - ok

21:55:20.0482 0x09dc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll

21:55:20.0633 0x09dc SensrSvc - ok

21:55:20.0674 0x09dc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

21:55:20.0744 0x09dc Serenum - ok

21:55:20.0846 0x09dc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys

21:55:20.0926 0x09dc Serial - ok

21:55:20.0966 0x09dc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

21:55:21.0093 0x09dc sermouse - ok

21:55:21.0167 0x09dc [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv C:\Windows\system32\sessenv.dll

21:55:21.0257 0x09dc SessionEnv - ok

21:55:21.0329 0x09dc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

21:55:21.0479 0x09dc sffdisk - ok

21:55:21.0551 0x09dc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

21:55:21.0629 0x09dc sffp_mmc - ok

21:55:21.0648 0x09dc [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

21:55:21.0718 0x09dc sffp_sd - ok

21:55:21.0758 0x09dc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

21:55:21.0850 0x09dc sfloppy - ok

21:55:21.0896 0x09dc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll

21:55:22.0068 0x09dc SharedAccess - ok

21:55:22.0124 0x09dc [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:55:22.0227 0x09dc ShellHWDetection - ok

21:55:22.0279 0x09dc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

21:55:22.0364 0x09dc SiSRaid2 - ok

21:55:22.0406 0x09dc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

21:55:22.0456 0x09dc SiSRaid4 - ok

21:55:22.0543 0x09dc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys

21:55:22.0676 0x09dc Smb - ok

21:55:22.0748 0x09dc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

21:55:22.0917 0x09dc SNMPTRAP - ok

21:55:22.0952 0x09dc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys

21:55:23.0008 0x09dc spldr - ok

21:55:23.0078 0x09dc [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler C:\Windows\System32\spoolsv.exe

21:55:23.0208 0x09dc Spooler - ok

21:55:23.0419 0x09dc [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc C:\Windows\system32\sppsvc.exe

21:55:23.0976 0x09dc sppsvc - ok

21:55:24.0016 0x09dc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll

21:55:24.0122 0x09dc sppuinotify - ok

21:55:24.0252 0x09dc [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd C:\Windows\system32\Drivers\sptd.sys

21:55:24.0252 0x09dc Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB, sha256: C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA

21:55:24.0277 0x09dc sptd - detected LockedFile.Multi.Generic ( 1 )

21:55:27.0258 0x09dc Detect skipped due to KSN trusted

21:55:27.0258 0x09dc sptd - ok

21:55:27.0320 0x09dc [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv C:\Windows\system32\DRIVERS\srv.sys

21:55:27.0381 0x09dc srv - ok

21:55:27.0433 0x09dc [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

21:55:27.0515 0x09dc srv2 - ok

21:55:27.0566 0x09dc [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

21:55:27.0643 0x09dc srvnet - ok

21:55:27.0699 0x09dc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

21:55:27.0826 0x09dc SSDPSRV - ok

21:55:27.0881 0x09dc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll

21:55:27.0978 0x09dc SstpSvc - ok

21:55:28.0029 0x09dc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

21:55:28.0075 0x09dc stexstor - ok

21:55:28.0161 0x09dc [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc C:\Windows\System32\wiaservc.dll

21:55:28.0263 0x09dc stisvc - ok

21:55:28.0303 0x09dc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

21:55:28.0343 0x09dc swenum - ok

21:55:28.0435 0x09dc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll

21:55:28.0627 0x09dc swprv - ok

21:55:28.0719 0x09dc [ D8EDB37F6E235A47E12F1EAFD85C2B6F, 794F0D57ED175355C7A52F9047FDB8BF43655B450BC2120335AF98F0D8AC5830 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

21:55:28.0797 0x09dc SynTP - ok

21:55:28.0922 0x09dc [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain C:\Windows\system32\sysmain.dll

21:55:29.0103 0x09dc SysMain - ok

21:55:29.0157 0x09dc [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:55:29.0249 0x09dc TabletInputService - ok

21:55:29.0306 0x09dc [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv C:\Windows\System32\tapisrv.dll

21:55:29.0446 0x09dc TapiSrv - ok

21:55:29.0820 0x09dc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll

21:55:29.0917 0x09dc TBS - ok

21:55:30.0114 0x09dc [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

21:55:30.0516 0x09dc Tcpip - ok

21:55:30.0718 0x09dc [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

21:55:30.0823 0x09dc TCPIP6 - ok

21:55:30.0855 0x09dc [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

21:55:30.0921 0x09dc tcpipreg - ok

21:55:30.0948 0x09dc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

21:55:31.0047 0x09dc TDPIPE - ok

21:55:31.0075 0x09dc [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

21:55:31.0154 0x09dc TDTCP - ok

21:55:31.0216 0x09dc [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

21:55:31.0310 0x09dc tdx - ok

21:55:31.0349 0x09dc [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

21:55:31.0445 0x09dc TermDD - ok

21:55:31.0554 0x09dc [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService C:\Windows\System32\termsrv.dll

21:55:31.0661 0x09dc TermService - ok

21:55:31.0704 0x09dc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll

21:55:31.0804 0x09dc Themes - ok

21:55:31.0854 0x09dc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll

21:55:31.0914 0x09dc THREADORDER - ok

21:55:31.0991 0x09dc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll

21:55:32.0086 0x09dc TrkWks - ok

21:55:32.0183 0x09dc [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:55:32.0270 0x09dc TrustedInstaller - ok

21:55:32.0310 0x09dc [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

21:55:32.0400 0x09dc tssecsrv - ok

21:55:32.0447 0x09dc [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

21:55:32.0522 0x09dc tunnel - ok

21:55:32.0571 0x09dc [ 9A744CC3D804EC38A6C2C65BC3C6FCD8, 28CDF1A8614444F4A7249FB7189B423579CA91D1373138CD3E6C048CE6D2799F ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS

21:55:32.0609 0x09dc TVALZ - ok

21:55:32.0634 0x09dc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

21:55:32.0677 0x09dc uagp35 - ok

21:55:32.0711 0x09dc [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

21:55:32.0828 0x09dc udfs - ok

21:55:32.0868 0x09dc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe

21:55:32.0928 0x09dc UI0Detect - ok

21:55:32.0978 0x09dc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

21:55:33.0018 0x09dc uliagpkx - ok

21:55:33.0053 0x09dc [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

21:55:33.0113 0x09dc umbus - ok

21:55:33.0148 0x09dc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

21:55:33.0210 0x09dc UmPass - ok

21:55:33.0250 0x09dc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll

21:55:33.0340 0x09dc upnphost - ok

21:55:33.0410 0x09dc [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

21:55:33.0500 0x09dc USBAAPL64 - ok

21:55:33.0547 0x09dc [ 7B6A127C93EE590E4D79A5F2A76FE46F, 6F178916EF6D58D1E5B26C0D9D95C276B776505BFC9F716BB1E3ABD3B2B72FCE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

21:55:33.0652 0x09dc usbccgp - ok

21:55:33.0734 0x09dc [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

21:55:33.0804 0x09dc usbcir - ok

21:55:33.0836 0x09dc [ 92969BA5AC44E229C55A332864F79677, 4ED1E1049E7641D3FFF5D296F2D59060225CE52AB9F7B5CA618898B46A772F98 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

21:55:33.0876 0x09dc usbehci - ok

21:55:33.0951 0x09dc [ E7DF1CFD28CA86B35EF5ADD0735CEEF3, AA751288EC34D61D934D7E8C036B60BBCEDC2A746815623478BB015D87D6A998 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

21:55:34.0073 0x09dc usbhub - ok

21:55:34.0150 0x09dc [ F1BB1E55F1E7A65C5839CCC7B36D773E, 4F517F81FA5688D78D3627EA7D2EA16AD4EB410D7624FE483C7AF26951E579A9 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

21:55:34.0267 0x09dc usbohci - ok

21:55:34.0309 0x09dc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

21:55:34.0413 0x09dc usbprint - ok

21:55:34.0449 0x09dc [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:55:34.0556 0x09dc USBSTOR - ok

21:55:34.0599 0x09dc [ BC3070350A491D84B518D7CCA9ABD36F, 96FFF9F76A93CF4806297AE7C11A5C6D1E7A9980260E6CFC960F8247D5032161 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

21:55:34.0675 0x09dc usbuhci - ok

21:55:34.0747 0x09dc [ 7CB8C573C6E4A2714402CC0A36EAB4FE, FCD65AA3723617F58F77C4DA93CE910C712B8AA9411B5C4A60DC6C684EA53C1B ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

21:55:34.0867 0x09dc usbvideo - ok

21:55:34.0939 0x09dc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll

21:55:35.0080 0x09dc UxSms - ok

21:55:35.0122 0x09dc [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc C:\Windows\system32\lsass.exe

21:55:35.0178 0x09dc VaultSvc - ok

21:55:35.0242 0x09dc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

21:55:35.0377 0x09dc vdrvroot - ok

21:55:35.0686 0x09dc [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds C:\Windows\System32\vds.exe

21:55:35.0924 0x09dc vds - ok

21:55:35.0981 0x09dc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

21:55:36.0021 0x09dc vga - ok

21:55:36.0036 0x09dc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys

21:55:36.0181 0x09dc VgaSave - ok

21:55:36.0239 0x09dc [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

21:55:36.0295 0x09dc vhdmp - ok

21:55:36.0327 0x09dc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\DRIVERS\viaide.sys

21:55:36.0367 0x09dc viaide - ok

21:55:36.0410 0x09dc [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

21:55:36.0453 0x09dc volmgr - ok

21:55:36.0498 0x09dc [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

21:55:36.0562 0x09dc volmgrx - ok

21:55:36.0612 0x09dc [ 9E425AC5C9A5A973273D169F43B4F5E1, 64C9A9D4A39865E56F01B4FDE1B56034C4B2A2AEF2ABE15EC1C37911C59595B0 ] volsnap C:\Windows\system32\drivers\volsnap.sys

21:55:36.0714 0x09dc volsnap - ok

21:55:36.0851 0x09dc [ 239D8D72730226CD460BDC8CA0A23D43, B38AE7D21C227DA55A1E8FAAA7383F2DB45BD80206A4BAC9FCF76727480150ED ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys

21:55:36.0910 0x09dc Vsdatant - ok

21:55:36.0957 0x09dc vsmon - ok

21:55:37.0036 0x09dc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

21:55:37.0077 0x09dc vsmraid - ok

21:55:37.0246 0x09dc [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS C:\Windows\system32\vssvc.exe

21:55:37.0459 0x09dc VSS - ok

21:55:37.0541 0x09dc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

21:55:37.0616 0x09dc vwifibus - ok

21:55:37.0663 0x09dc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

21:55:37.0709 0x09dc vwififlt - ok

21:55:37.0785 0x09dc [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

21:55:37.0856 0x09dc vwifimp - ok

21:55:38.0139 0x09dc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll

21:55:38.0395 0x09dc W32Time - ok

21:55:38.0464 0x09dc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

21:55:38.0529 0x09dc WacomPen - ok

21:55:38.0574 0x09dc [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

21:55:38.0676 0x09dc WANARP - ok

21:55:38.0750 0x09dc [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

21:55:39.0017 0x09dc Wanarpv6 - ok

21:55:39.0346 0x09dc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

21:55:41.0200 0x09dc WatAdminSvc - ok

21:55:41.0569 0x09dc [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine C:\Windows\system32\wbengine.exe

21:55:42.0028 0x09dc wbengine - ok

21:55:42.0081 0x09dc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

21:55:42.0257 0x09dc WbioSrvc - ok

21:55:42.0405 0x09dc [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc C:\Windows\System32\wcncsvc.dll

21:55:42.0638 0x09dc wcncsvc - ok

21:55:42.0719 0x09dc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:55:43.0220 0x09dc WcsPlugInService - ok

21:55:43.0269 0x09dc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys

21:55:43.0311 0x09dc Wd - ok

21:55:43.0398 0x09dc [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

21:55:43.0669 0x09dc WDC_SAM - ok

21:55:43.0774 0x09dc [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

21:55:43.0917 0x09dc Wdf01000 - ok

21:55:43.0978 0x09dc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll

21:55:44.0188 0x09dc WdiServiceHost - ok

21:55:44.0233 0x09dc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll

21:55:44.0348 0x09dc WdiSystemHost - ok

21:55:44.0385 0x09dc [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient C:\Windows\System32\webclnt.dll

21:55:44.0691 0x09dc WebClient - ok

21:55:44.0767 0x09dc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll

21:55:44.0945 0x09dc Wecsvc - ok

21:55:45.0047 0x09dc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll

21:55:45.0129 0x09dc wercplsupport - ok

21:55:45.0292 0x09dc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll

21:55:45.0455 0x09dc WerSvc - ok

21:55:45.0516 0x09dc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

21:55:45.0593 0x09dc WfpLwf - ok

21:55:45.0638 0x09dc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys

21:55:45.0715 0x09dc WIMMount - ok

21:55:45.0733 0x09dc WinDefend - ok

21:55:45.0755 0x09dc WinHttpAutoProxySvc - ok

21:55:45.0980 0x09dc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

21:55:46.0119 0x09dc Winmgmt - ok

21:55:46.0258 0x09dc [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM C:\Windows\system32\WsmSvc.dll

21:55:46.0628 0x09dc WinRM - ok

21:55:46.0763 0x09dc [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

21:55:46.0871 0x09dc WinUsb - ok

21:55:46.0946 0x09dc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll

21:55:47.0197 0x09dc Wlansvc - ok

21:55:47.0286 0x09dc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

21:55:47.0440 0x09dc WmiAcpi - ok

21:55:47.0488 0x09dc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

21:55:47.0668 0x09dc wmiApSrv - ok

21:55:47.0749 0x09dc WMPNetworkSvc - ok

21:55:47.0783 0x09dc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll

21:55:48.0087 0x09dc WPCSvc - ok

21:55:48.0111 0x09dc [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

21:55:48.0210 0x09dc WPDBusEnum - ok

21:55:48.0261 0x09dc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

21:55:48.0395 0x09dc ws2ifsl - ok

21:55:48.0435 0x09dc [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc C:\Windows\System32\wscsvc.dll

21:55:48.0740 0x09dc wscsvc - ok

21:55:48.0752 0x09dc WSearch - ok

21:55:48.0905 0x09dc [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll

21:55:49.0138 0x09dc wuauserv - ok

21:55:49.0196 0x09dc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

21:55:49.0360 0x09dc WudfPf - ok

21:55:49.0409 0x09dc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

21:55:49.0758 0x09dc WUDFRd - ok

21:55:49.0852 0x09dc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

21:55:50.0050 0x09dc wudfsvc - ok

21:55:50.0142 0x09dc [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll

21:55:50.0360 0x09dc WwanSvc - ok

21:55:50.0478 0x09dc [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys

21:55:51.0032 0x09dc xnacc - ok

21:55:51.0090 0x09dc ================ Scan global ===============================

21:55:51.0152 0x09dc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll

21:55:51.0219 0x09dc [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll

21:55:51.0242 0x09dc [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll

21:55:51.0280 0x09dc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll

21:55:51.0331 0x09dc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe

21:55:51.0343 0x09dc [ Global ] - ok

21:55:51.0343 0x09dc ================ Scan MBR ==================================

21:55:51.0360 0x09dc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

21:55:55.0013 0x09dc \Device\Harddisk0\DR0 - ok

21:55:55.0021 0x09dc ================ Scan VBR ==================================

21:55:55.0079 0x09dc [ 64DAEDDF4BFB30BEA4F9988D221EF3E7 ] \Device\Harddisk0\DR0\Partition1

21:55:55.0102 0x09dc \Device\Harddisk0\DR0\Partition1 - ok

21:55:55.0150 0x09dc [ 0E74442F550F7F88A068C5B4E7445E39 ] \Device\Harddisk0\DR0\Partition2

21:55:55.0152 0x09dc \Device\Harddisk0\DR0\Partition2 - ok

21:55:55.0160 0x09dc Waiting for KSN requests completion. In queue: 125

21:55:56.0160 0x09dc Waiting for KSN requests completion. In queue: 125

21:55:57.0174 0x09dc Waiting for KSN requests completion. In queue: 125

21:55:58.0174 0x09dc Waiting for KSN requests completion. In queue: 125

21:55:59.0180 0x09dc Waiting for KSN requests completion. In queue: 125

21:56:00.0222 0x09dc Waiting for KSN requests completion. In queue: 125

21:56:01.0222 0x09dc Waiting for KSN requests completion. In queue: 125

21:56:02.0241 0x09dc Waiting for KSN requests completion. In queue: 125

21:56:03.0242 0x09dc Waiting for KSN requests completion. In queue: 125

21:56:04.0347 0x09dc Waiting for KSN requests completion. In queue: 125

21:56:05.0358 0x09dc Waiting for KSN requests completion. In queue: 125

21:56:06.0362 0x09dc Waiting for KSN requests completion. In queue: 125

21:56:07.0906 0x09dc AV detected via SS2: Microsoft Forefront Client Security, c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\msascui.exe ( 1.5.1993.0 ), 0x61000 ( enabled : updated )

21:56:08.0010 0x09dc FW detected via SS2: ZoneAlarm Firewall, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 10.0.250.0 ), 0x41010 ( enabled )

21:56:11.0029 0x09dc ============================================================

21:56:11.0029 0x09dc Scan finished

21:56:11.0029 0x09dc ============================================================

21:56:11.0047 0x12f4 Detected object count: 2

21:56:11.0047 0x12f4 Actual detected object count: 2

21:56:30.0426 0x12f4 DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user

21:56:30.0426 0x12f4 DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:56:30.0431 0x12f4 RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user

21:56:30.0431 0x12f4 RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip



#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 11 January 2014 - 05:30 AM

Hi,

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 rr716

rr716
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 12 January 2014 - 10:15 PM

ok here is the log.  At first combofix got stuck on stage 4 for over an hour and i restarted it.  Then it ran fine and created the log.  Also in both instances combofix was not happy that microsoft forefront security was running even though i turned it off both times prior to the scan.  I ran the scans anyways. 

 

ComboFix 14-01-12.01 - Rosanna 01/12/2014  19:30:00.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2811.1630 [GMT -7:00]
Running from: c:\users\Rosanna\Desktop\ComboFix.exe
AV: Microsoft Forefront Client Security *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Microsoft Forefront Client Security *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\users\Rosanna\AppData\Roaming\Roaming
c:\users\Rosanna\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\windows\PFRO.log
c:\windows\SysWow64\Memman.vxd
c:\windows\SysWow64\skinboxer43.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-13 to 2014-01-13  )))))))))))))))))))))))))))))))
.
.
2014-01-13 02:40 . 2014-01-13 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-13 00:10 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{B6635A74-D836-4FAA-BC80-417DF265FE5E}\mpengine.dll
2014-01-06 16:16 . 2014-01-06 16:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-06 16:15 . 2014-01-06 16:14 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-06 16:14 . 2014-01-06 16:35 -------- d-----w- c:\users\Rosanna\AppData\Roaming\mIRC
2014-01-06 16:14 . 2014-01-06 16:15 -------- d-----w- c:\program files (x86)\mIRC
2014-01-06 16:13 . 2014-01-06 16:13 -------- d-----w- c:\program files (x86)\Java
2014-01-06 16:08 . 2014-01-06 16:08 -------- d-----w- c:\programdata\McAfee
2014-01-05 23:57 . 2014-01-05 23:57 -------- d-----w- C:\FRST
2014-01-05 02:51 . 2014-01-05 03:01 -------- d-----w- C:\AdwCleaner
2014-01-04 02:31 . 2014-01-06 16:16 -------- d-----w- c:\programdata\Oracle
2014-01-04 02:31 . 2014-01-04 03:02 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-04 02:30 . 2014-01-04 02:30 189352 ----a-w- c:\windows\system32\javaw.exe
2014-01-04 02:30 . 2014-01-04 02:30 189352 ----a-w- c:\windows\system32\java.exe
2014-01-04 02:30 . 2014-01-04 02:30 -------- d-----w- c:\program files\Java
2014-01-04 02:29 . 2014-01-04 02:29 -------- d-----w- c:\users\Rosanna\AppData\Local\Macromedia
2014-01-04 00:30 . 2014-01-04 03:47 -------- d-----w- C:\TDSSKiller_Quarantine
2014-01-03 17:07 . 2014-01-03 17:29 -------- d-----w- c:\users\Rosanna\AppData\Local\Mozilla
2014-01-03 04:06 . 2014-01-03 04:09 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-02 19:29 . 2014-01-02 19:29 -------- d-----w- c:\users\Rosanna\AppData\Roaming\Xilisoft
2014-01-02 19:26 . 2014-01-03 04:53 -------- d-----w- c:\programdata\Xilisoft
2014-01-02 19:26 . 2014-01-02 19:26 -------- d-----w- c:\program files (x86)\Xilisoft
2014-01-02 18:59 . 2014-01-02 18:59 -------- d-----w- c:\users\Rosanna\AppData\Roaming\Boilsoft
2014-01-02 18:59 . 2014-01-02 18:59 -------- d-----w- c:\program files (x86)\Boilsoft
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-04 00:51 . 2013-02-23 02:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-04 00:51 . 2011-10-11 19:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-15 19:38 . 2011-10-11 18:57 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-04 03:28 . 2011-10-11 17:17 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-19 10:21 . 2011-10-10 23:58 267936 ------w- c:\windows\system32\MpSigStub.exe
2009-12-06 09:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[-] 2009-07-14 . 3163ABD2A4FF5C1A3BA2FC38D8A1C649 . 509952 . . [6.1.7600.16385] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-22 72336]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2012-07-31 198160]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-18 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"NeroFilterCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [x]
S2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [x]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-11 03:35]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-11 03:35]
.
2013-12-24 c:\windows\Tasks\ReclaimerUpdateFiles_Rosanna.job
- c:\users\Rosanna\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28 03:42]
.
2013-12-24 c:\windows\Tasks\ReclaimerUpdateXML_Rosanna.job
- c:\users\Rosanna\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28 03:42]
.
2014-01-13 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Rosanna.job
- c:\users\Rosanna\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28 03:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2010-07-20 1636736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{30D76A84-55B2-4096-9941-149329BFFF77}: NameServer = 198.224.160.135 198.224.164.135
DPF: {165B3239-2565-49DB-8A82-F28631CE44ED} - hxxp://quotes.computervoice.com/webstart/webstart.cab
FF - ProfilePath - c:\users\Rosanna\AppData\Roaming\Mozilla\Firefox\Profiles\71ifm5tp.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NWEReboot - (no file)
SafeBoot-09647689.sys
SafeBoot-86123326.sys
SafeBoot-90524512.sys
SafeBoot-mbamchameleon
HKLM-Run-ISW - (no file)
AddRemove-LGP-IraCharts - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-12  19:57:18
ComboFix-quarantined-files.txt  2014-01-13 02:57
.
Pre-Run: 25,214,169,088 bytes free
Post-Run: 25,147,019,264 bytes free
.
- - End Of File - - 9BF3BD91EE088321469D0FBDB30F24EC
A36C5E4F47E84449FF07ED3517B43A31



#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 13 January 2014 - 12:58 AM

Hi,

Thanks for the log.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
FCopy::
c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll | c:\windows\system32\rpcss.dll

Folder::
C:\Users\Rosanna\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Rosanna\AppData\Local\{e52fd398-1d74-ee88-1c48-97d39a6edae1}
C:\Users\Rosanna\AppData\Local\Temp\sbsiiip

FileLook::
C:\Windows\System32\Drivers\au1oxifk.sys

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 rr716

rr716
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 13 January 2014 - 10:27 PM

still getting random restarts due to DCOM process stopping unexpectedly or something like that.  However it seems that it doesnt happen if i disconnect from wifi internet.  That also stops the background audio. 

 

ComboFix 14-01-12.01 - Rosanna 01/13/2014  19:53:42.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2811.1550 [GMT -7:00]
Running from: c:\users\Rosanna\Desktop\ComboFix.exe
Command switches used :: c:\users\Rosanna\Desktop\CFScript.txt
AV: Microsoft Forefront Client Security *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Microsoft Forefront Client Security *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Desktop\Install
c:\users\Rosanna\AppData\Local\{e52fd398-1d74-ee88-1c48-97d39a6edae1}
c:\users\Rosanna\AppData\Local\Google\Desktop\Install
.
.
--------------- FCopy ---------------
.
c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --> c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((   Files Created from 2013-12-14 to 2014-01-14  )))))))))))))))))))))))))))))))
.
.
2014-01-14 03:02 . 2014-01-14 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-14 02:32 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{0D34E3AF-6F67-4013-8741-7D7E2B7794D9}\mpengine.dll
2014-01-06 16:16 . 2014-01-06 16:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-06 16:15 . 2014-01-06 16:14 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-06 16:14 . 2014-01-06 16:35 -------- d-----w- c:\users\Rosanna\AppData\Roaming\mIRC
2014-01-06 16:14 . 2014-01-06 16:15 -------- d-----w- c:\program files (x86)\mIRC
2014-01-06 16:13 . 2014-01-06 16:13 -------- d-----w- c:\program files (x86)\Java
2014-01-06 16:08 . 2014-01-06 16:08 -------- d-----w- c:\programdata\McAfee
2014-01-05 23:57 . 2014-01-05 23:57 -------- d-----w- C:\FRST
2014-01-05 02:51 . 2014-01-05 03:01 -------- d-----w- C:\AdwCleaner
2014-01-04 02:31 . 2014-01-06 16:16 -------- d-----w- c:\programdata\Oracle
2014-01-04 02:31 . 2014-01-04 03:02 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-04 02:30 . 2014-01-04 02:30 189352 ----a-w- c:\windows\system32\javaw.exe
2014-01-04 02:30 . 2014-01-04 02:30 189352 ----a-w- c:\windows\system32\java.exe
2014-01-04 02:30 . 2014-01-04 02:30 -------- d-----w- c:\program files\Java
2014-01-04 02:29 . 2014-01-04 02:29 -------- d-----w- c:\users\Rosanna\AppData\Local\Macromedia
2014-01-04 00:30 . 2014-01-04 03:47 -------- d-----w- C:\TDSSKiller_Quarantine
2014-01-03 17:07 . 2014-01-03 17:29 -------- d-----w- c:\users\Rosanna\AppData\Local\Mozilla
2014-01-03 04:06 . 2014-01-03 04:09 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-02 19:29 . 2014-01-02 19:29 -------- d-----w- c:\users\Rosanna\AppData\Roaming\Xilisoft
2014-01-02 19:26 . 2014-01-03 04:53 -------- d-----w- c:\programdata\Xilisoft
2014-01-02 19:26 . 2014-01-02 19:26 -------- d-----w- c:\program files (x86)\Xilisoft
2014-01-02 18:59 . 2014-01-02 18:59 -------- d-----w- c:\users\Rosanna\AppData\Roaming\Boilsoft
2014-01-02 18:59 . 2014-01-02 18:59 -------- d-----w- c:\program files (x86)\Boilsoft
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-04 00:51 . 2013-02-23 02:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-04 00:51 . 2011-10-11 19:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-15 19:38 . 2011-10-11 18:57 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-04 03:28 . 2011-10-11 17:17 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-19 10:21 . 2011-10-10 23:58 267936 ------w- c:\windows\system32\MpSigStub.exe
2009-12-06 09:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-22 72336]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2012-07-31 198160]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-18 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"NeroFilterCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\09647689.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86123326.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90524512.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [x]
S2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [x]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - pbfilter
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-11 03:35]
.
2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-11 03:35]
.
2013-12-24 c:\windows\Tasks\ReclaimerUpdateFiles_Rosanna.job
- c:\users\Rosanna\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28 03:42]
.
2013-12-24 c:\windows\Tasks\ReclaimerUpdateXML_Rosanna.job
- c:\users\Rosanna\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28 03:42]
.
2014-01-14 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Rosanna.job
- c:\users\Rosanna\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28 03:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2010-07-20 1636736]
"ISW"="" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{30D76A84-55B2-4096-9941-149329BFFF77}: NameServer = 198.224.160.135 198.224.164.135
DPF: {165B3239-2565-49DB-8A82-F28631CE44ED} - hxxp://quotes.computervoice.com/webstart/webstart.cab
FF - ProfilePath - c:\users\Rosanna\AppData\Roaming\Mozilla\Firefox\Profiles\71ifm5tp.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-13  20:07:10
ComboFix-quarantined-files.txt  2014-01-14 03:07
ComboFix2.txt  2014-01-13 02:57
.
Pre-Run: 24,922,099,712 bytes free
Post-Run: 24,904,552,448 bytes free
.
- - End Of File - - 0DC8BD85446A78940DE4FB6909D73734
A36C5E4F47E84449FF07ED3517B43A31
 



#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 14 January 2014 - 04:00 AM

At least we are making a little bit of progress here. That's one thing good to hear.

Please run FRST again for fresh review. Thanks.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 rr716

rr716
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 14 January 2014 - 09:53 PM

ok, here are the results. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by Rosanna (administrator) on ROSANNA-PC on 14-01-2014 19:38:24
Running from C:\Users\Rosanna\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official downoad link fo FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [Microsoft Forefront Client Security Antimalware Service] - c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe [1636736 2010-07-20] (Microsoft Corporation)
HKLM\...\Run: [ISW] - [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [72336 2011-07-22] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [198160 2012-07-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-18] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [486856 2008-04-01] (DT Soft Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6A4416EC2194CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKLM-x32 - ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
URLSearchHook: HKCU - ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3015261
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3015261
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {165B3239-2565-49DB-8A82-F28631CE44ED} http://quotes.computervoice.com/webstart/webstart.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{30D76A84-55B2-4096-9941-149329BFFF77}: [NameServer]198.224.160.135 198.224.164.135

FireFox:
========
FF ProfilePath: C:\Users\Rosanna\AppData\Roaming\Mozilla\Firefox\Profiles\71ifm5tp.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.448 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Greasemonkey - C:\Users\Rosanna\AppData\Roaming\Mozilla\Firefox\Profiles\71ifm5tp.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-03]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011-11-05]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011-11-05]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext [2012-07-30]

==================== Services (Whitelisted) =================

R2 FCSAM; c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [16384 2010-07-20] (Microsoft Corporation)
R2 FcsSas; C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [77216 2007-04-05] (Microsoft Corporation)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827520 2011-07-25] (Check Point Software Technologies)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2413936 2011-07-22] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2011-07-25] (Check Point Software Technologies)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [89304 2014-01-02] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [91520 2010-07-18] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-10-16] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
U3 a53929lr; No ImagePath
U3 aauqdgvl; C:\Windows\System32\Drivers\aauqdgvl.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 88A02B6046356E6BE4E387FAA7451439
C:\Windows\System32\DRIVERS\atikmdag.sys 52BD95CAA9CAE8977FE043E9AD6D2D0E
C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys 1F44F8559E61A8306ECC67BB1E168B7C
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 5435C2A54C64D6806644405C529D25E3
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5
C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 655A5D8E80869781CCE23760ADA7E695
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbamchameleon.sys 90AA9E273410AD7A41D2D06E0FB46022
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 3CF4CC81DF38E7B476F6C4AAB4194206
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Program Files\PeerBlock\pbfilter.sys 7C0582921913D00180EC2B8518BA135C
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb_AMD64.sys AD42432D22940B4215177BE113E4919C
C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys 4AAFFFA67AC4DFA3D9985D78573887E2
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys D8EDB37F6E235A47E12F1EAFD85C2B6F
C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS 9A744CC3D804EC38A6C2C65BC3C6FCD8
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1
C:\Windows\System32\DRIVERS\vsdatant.sys 239D8D72730226CD460BDC8CA0A23D43
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xnacc.sys 4A5CE13408945E525503B5F73D29B9C5
C:\Windows\System32\Drivers\aauqdgvl.sys

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-14 19:37 - 2014-01-14 19:37 - 00000000 ____D C:\Users\Rosanna\Desktop\FRST-OlderVersion
2014-01-13 20:07 - 2014-01-13 20:07 - 00017207 _____ C:\ComboFix.txt
2014-01-13 19:52 - 2014-01-13 20:07 - 00000000 ____D C:\ComboFix
2014-01-13 19:18 - 2014-01-13 20:21 - 00001544 _____ C:\Windows\PFRO.log
2014-01-12 20:00 - 2014-01-12 20:11 - 00017334 _____ C:\Users\Rosanna\Desktop\combo.txt
2014-01-12 18:48 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-12 18:48 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-12 18:48 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-12 18:48 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-12 18:48 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-12 18:48 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-12 18:48 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-12 18:48 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-12 18:34 - 2014-01-13 20:07 - 00000000 ____D C:\Qoobox
2014-01-12 18:32 - 2014-01-12 19:52 - 00000000 ____D C:\Windows\erdnt
2014-01-12 17:09 - 2014-01-12 17:09 - 05164834 ____R (Swearware) C:\Users\Rosanna\Desktop\ComboFix.exe
2014-01-09 17:51 - 2014-01-14 19:39 - 00030043 _____ C:\Users\Rosanna\Desktop\FRST.txt
2014-01-09 17:47 - 2014-01-14 19:37 - 02076160 _____ (Farbar) C:\Users\Rosanna\Desktop\FRST64.exe
2014-01-06 09:16 - 2014-01-06 09:14 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-06 09:15 - 2014-01-06 09:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-06 09:15 - 2014-01-06 09:14 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-06 09:15 - 2014-01-06 09:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-06 09:14 - 2014-01-06 09:35 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\mIRC
2014-01-06 09:14 - 2014-01-06 09:15 - 00000000 ____D C:\Program Files (x86)\mIRC
2014-01-06 09:13 - 2014-01-06 09:13 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-06 09:12 - 2014-01-06 09:12 - 01944960 _____ (mIRC Co. Ltd.) C:\Users\Rosanna\Desktop\mirc732.exe
2014-01-06 09:08 - 2014-01-06 09:08 - 00000000 ____D C:\ProgramData\McAfee
2014-01-06 09:07 - 2014-01-06 09:07 - 00915368 _____ (Oracle Corporation) C:\Users\Rosanna\Downloads\jxpiinstall(1).exe
2014-01-06 09:05 - 2014-01-06 09:05 - 00915368 _____ (Oracle Corporation) C:\Users\Rosanna\Downloads\jxpiinstall.exe
2014-01-05 18:06 - 2014-01-05 18:06 - 00000000 ____D C:\Users\Rosanna\Desktop\virus stuff
2014-01-05 16:57 - 2014-01-14 19:37 - 00000000 ____D C:\FRST
2014-01-05 16:39 - 2014-01-13 20:28 - 00000044 _____ C:\Users\Rosanna\Desktop\passwords.txt
2014-01-04 19:51 - 2014-01-04 20:01 - 00000000 ____D C:\AdwCleaner
2014-01-03 21:04 - 2014-01-03 21:04 - 00000000 ____D C:\Users\Rosanna\Desktop\rkill
2014-01-03 19:31 - 2014-01-06 09:16 - 00000000 ____D C:\ProgramData\Oracle
2014-01-03 19:31 - 2014-01-03 20:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-03 19:30 - 2014-01-03 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-03 19:30 - 2014-01-03 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-03 19:30 - 2014-01-03 19:30 - 00000000 ____D C:\Program Files\Java
2014-01-03 19:29 - 2014-01-03 19:29 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Macromedia
2014-01-03 17:30 - 2014-01-03 20:47 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-03 16:43 - 2014-01-03 16:43 - 00011024 _____ C:\Users\Rosanna\Documents\cc_20140103_164315.reg
2014-01-03 10:07 - 2014-01-03 10:29 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Mozilla
2014-01-03 10:07 - 2014-01-03 10:29 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Mozilla
2014-01-03 10:06 - 2014-01-03 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-02 21:06 - 2014-01-02 21:09 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-02 21:04 - 2014-01-03 15:43 - 00000000 ____D C:\Users\Rosanna\Desktop\malwarebytes root kit scanner
2014-01-02 12:43 - 2014-01-02 12:43 - 00037376 _____ C:\Windows\system32\weknu.drw
2014-01-02 12:29 - 2014-01-02 12:29 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Xilisoft
2014-01-02 12:26 - 2014-01-02 21:53 - 00000000 ____D C:\ProgramData\Xilisoft
2014-01-02 12:26 - 2014-01-02 12:26 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2014-01-02 12:23 - 2014-01-13 19:36 - 00000079 _____ C:\Windows\system32\awmxy.fqj
2014-01-02 12:21 - 2014-01-02 12:43 - 00000097 _____ C:\Windows\system32\doyqswk.can
2014-01-02 12:21 - 2014-01-02 12:21 - 00000064 _____ C:\Windows\system32\rhblb.baj
2014-01-02 12:07 - 2014-01-02 12:07 - 00219314 ____S C:\Windows\system32\rivq.nsf
2014-01-02 11:59 - 2014-01-02 11:59 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Boilsoft
2014-01-02 11:59 - 2014-01-02 11:59 - 00000000 ____D C:\Program Files (x86)\Boilsoft
2014-01-02 11:17 - 2014-01-08 20:05 - 00004608 _____ C:\Users\Rosanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-01 20:26 - 2014-01-01 20:26 - 00000000 ____D C:\Users\Rosanna\Desktop\bacjup rosanna usb stick
2013-12-30 17:55 - 2013-12-30 17:55 - 00275120 _____ C:\Windows\Minidump\123013-28922-01.dmp
2013-12-29 12:17 - 2013-12-29 12:17 - 00275120 _____ C:\Windows\Minidump\122913-30700-01.dmp
2013-12-20 16:42 - 2013-12-20 16:42 - 00002406 _____ C:\Users\Rosanna\Desktop\Complex 9.0.1.lnk
2013-12-18 12:30 - 2013-12-20 16:34 - 00000000 ____D C:\Users\Rosanna\Desktop\homeworld 2 mods
2013-12-17 21:46 - 2013-12-30 17:55 - 384970222 _____ C:\Windows\MEMORY.DMP
2013-12-17 21:46 - 2013-12-17 21:46 - 00275120 _____ C:\Windows\Minidump\121713-22635-01.dmp

==================== One Month Modified Files and Folders =======

2014-01-14 19:40 - 2011-11-12 10:37 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\tixati
2014-01-14 19:39 - 2014-01-09 17:51 - 00030043 _____ C:\Users\Rosanna\Desktop\FRST.txt
2014-01-14 19:39 - 2013-06-19 16:49 - 01242681 _____ C:\Windows\WindowsUpdate.log
2014-01-14 19:37 - 2014-01-14 19:37 - 00000000 ____D C:\Users\Rosanna\Desktop\FRST-OlderVersion
2014-01-14 19:37 - 2014-01-09 17:47 - 02076160 _____ (Farbar) C:\Users\Rosanna\Desktop\FRST64.exe
2014-01-14 19:37 - 2014-01-05 16:57 - 00000000 ____D C:\FRST
2014-01-14 19:35 - 2013-11-28 12:05 - 00000384 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Rosanna.job
2014-01-14 19:35 - 2013-07-07 12:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-14 19:35 - 2013-06-19 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 19:34 - 2013-12-11 21:02 - 00007616 _____ C:\Windows\setupact.log
2014-01-13 21:04 - 2013-07-07 12:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-13 20:29 - 2009-07-13 21:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-13 20:29 - 2009-07-13 21:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-13 20:28 - 2014-01-05 16:39 - 00000044 _____ C:\Users\Rosanna\Desktop\passwords.txt
2014-01-13 20:21 - 2014-01-13 19:18 - 00001544 _____ C:\Windows\PFRO.log
2014-01-13 20:07 - 2014-01-13 20:07 - 00017207 _____ C:\ComboFix.txt
2014-01-13 20:07 - 2014-01-13 19:52 - 00000000 ____D C:\ComboFix
2014-01-13 20:07 - 2014-01-12 18:34 - 00000000 ____D C:\Qoobox
2014-01-13 20:02 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2014-01-13 19:36 - 2014-01-02 12:23 - 00000079 _____ C:\Windows\system32\awmxy.fqj
2014-01-13 19:32 - 2009-07-13 22:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-12 20:11 - 2014-01-12 20:00 - 00017334 _____ C:\Users\Rosanna\Desktop\combo.txt
2014-01-12 19:57 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Default
2014-01-12 19:52 - 2014-01-12 18:32 - 00000000 ____D C:\Windows\erdnt
2014-01-12 17:09 - 2014-01-12 17:09 - 05164834 ____R (Swearware) C:\Users\Rosanna\Desktop\ComboFix.exe
2014-01-10 21:38 - 2013-07-28 08:21 - 00000000 ____D C:\Users\Rosanna\Desktop\good examples punto house stuff
2014-01-09 06:46 - 2012-02-24 21:38 - 00454656 ___SH C:\Users\Rosanna\Desktop\Thumbs.db
2014-01-08 20:07 - 2013-08-31 09:12 - 00000000 ____D C:\Program Files (x86)\Blaze Media Pro
2014-01-08 20:05 - 2014-01-02 11:17 - 00004608 _____ C:\Users\Rosanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-08 20:05 - 2013-08-30 21:07 - 00000116 _____ C:\Windows\NeroDigital.ini
2014-01-08 18:23 - 2013-12-12 20:42 - 00000042 _____ C:\Users\Rosanna\Desktop\downlod.txt
2014-01-06 09:35 - 2014-01-06 09:14 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\mIRC
2014-01-06 09:16 - 2014-01-03 19:31 - 00000000 ____D C:\ProgramData\Oracle
2014-01-06 09:15 - 2014-01-06 09:14 - 00000000 ____D C:\Program Files (x86)\mIRC
2014-01-06 09:14 - 2014-01-06 09:16 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-06 09:14 - 2014-01-06 09:15 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-06 09:14 - 2014-01-06 09:15 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-06 09:14 - 2014-01-06 09:15 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-06 09:13 - 2014-01-06 09:13 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-06 09:12 - 2014-01-06 09:12 - 01944960 _____ (mIRC Co. Ltd.) C:\Users\Rosanna\Desktop\mirc732.exe
2014-01-06 09:08 - 2014-01-06 09:08 - 00000000 ____D C:\ProgramData\McAfee
2014-01-06 09:07 - 2014-01-06 09:07 - 00915368 _____ (Oracle Corporation) C:\Users\Rosanna\Downloads\jxpiinstall(1).exe
2014-01-06 09:05 - 2014-01-06 09:05 - 00915368 _____ (Oracle Corporation) C:\Users\Rosanna\Downloads\jxpiinstall.exe
2014-01-05 18:06 - 2014-01-05 18:06 - 00000000 ____D C:\Users\Rosanna\Desktop\virus stuff
2014-01-04 20:01 - 2014-01-04 19:51 - 00000000 ____D C:\AdwCleaner
2014-01-03 21:04 - 2014-01-03 21:04 - 00000000 ____D C:\Users\Rosanna\Desktop\rkill
2014-01-03 20:47 - 2014-01-03 17:30 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-03 20:02 - 2014-01-03 19:31 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-03 19:30 - 2014-01-03 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-03 19:30 - 2014-01-03 19:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-03 19:30 - 2014-01-03 19:30 - 00000000 ____D C:\Program Files\Java
2014-01-03 19:29 - 2014-01-03 19:29 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Macromedia
2014-01-03 19:26 - 2014-01-03 10:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-03 17:53 - 2011-10-11 10:40 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Adobe
2014-01-03 17:51 - 2013-02-22 19:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-03 17:51 - 2011-10-11 12:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-03 16:43 - 2014-01-03 16:43 - 00011024 _____ C:\Users\Rosanna\Documents\cc_20140103_164315.reg
2014-01-03 16:34 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Offline Web Pages
2014-01-03 15:43 - 2014-01-02 21:04 - 00000000 ____D C:\Users\Rosanna\Desktop\malwarebytes root kit scanner
2014-01-03 10:29 - 2014-01-03 10:07 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Mozilla
2014-01-03 10:29 - 2014-01-03 10:07 - 00000000 ____D C:\Users\Rosanna\AppData\Local\Mozilla
2014-01-02 21:53 - 2014-01-02 12:26 - 00000000 ____D C:\ProgramData\Xilisoft
2014-01-02 21:53 - 2013-07-14 20:52 - 00000000 ____D C:\Program Files (x86)\Port Explorer
2014-01-02 21:53 - 2011-10-16 19:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 21:53 - 2011-10-16 19:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-02 21:52 - 2011-11-06 06:40 - 00000000 ____D C:\Windows\Minidump
2014-01-02 21:52 - 2011-10-10 16:33 - 00000000 ____D C:\Users\Rosanna
2014-01-02 21:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2014-01-02 21:09 - 2014-01-02 21:06 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-02 19:48 - 2009-07-13 19:34 - 00450660 ____R C:\Windows\system32\Drivers\etc\hosts.20140108-173817.backup
2014-01-02 12:43 - 2014-01-02 12:43 - 00037376 _____ C:\Windows\system32\weknu.drw
2014-01-02 12:43 - 2014-01-02 12:21 - 00000097 _____ C:\Windows\system32\doyqswk.can
2014-01-02 12:29 - 2014-01-02 12:29 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Xilisoft
2014-01-02 12:26 - 2014-01-02 12:26 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2014-01-02 12:21 - 2014-01-02 12:21 - 00000064 _____ C:\Windows\system32\rhblb.baj
2014-01-02 12:07 - 2014-01-02 12:07 - 00219314 ____S C:\Windows\system32\rivq.nsf
2014-01-02 11:59 - 2014-01-02 11:59 - 00000000 ____D C:\Users\Rosanna\AppData\Roaming\Boilsoft
2014-01-02 11:59 - 2014-01-02 11:59 - 00000000 ____D C:\Program Files (x86)\Boilsoft
2014-01-01 20:26 - 2014-01-01 20:26 - 00000000 ____D C:\Users\Rosanna\Desktop\bacjup rosanna usb stick
2013-12-30 17:55 - 2013-12-30 17:55 - 00275120 _____ C:\Windows\Minidump\123013-28922-01.dmp
2013-12-30 17:55 - 2013-12-17 21:46 - 384970222 _____ C:\Windows\MEMORY.DMP
2013-12-29 12:17 - 2013-12-29 12:17 - 00275120 _____ C:\Windows\Minidump\122913-30700-01.dmp
2013-12-23 23:24 - 2013-11-28 12:05 - 00002980 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Rosanna
2013-12-23 23:24 - 2013-11-28 12:05 - 00000378 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Rosanna.job
2013-12-23 23:08 - 2013-11-28 12:05 - 00002976 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Rosanna
2013-12-23 23:08 - 2013-11-28 12:05 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Rosanna.job
2013-12-20 16:42 - 2013-12-20 16:42 - 00002406 _____ C:\Users\Rosanna\Desktop\Complex 9.0.1.lnk
2013-12-20 16:34 - 2013-12-18 12:30 - 00000000 ____D C:\Users\Rosanna\Desktop\homeworld 2 mods
2013-12-20 16:24 - 2013-05-27 14:13 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2013-12-18 12:43 - 2013-05-25 19:10 - 00002428 _____ C:\Users\Rosanna\Desktop\R.E.A.R.M..lnk
2013-12-18 12:43 - 2013-05-25 19:10 - 00002352 _____ C:\Users\Public\Desktop\R.A.D.A.R..lnk
2013-12-17 21:46 - 2013-12-17 21:46 - 00275120 _____ C:\Windows\Minidump\121713-22635-01.dmp
2013-12-15 12:40 - 2013-08-16 11:54 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 12:38 - 2011-10-11 11:57 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {dc119553-f3a7-11e0-ae3f-fbfa51cdfc03}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {dc119555-f3a7-11e0-ae3f-fbfa51cdfc03}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {dc119553-f3a7-11e0-ae3f-fbfa51cdfc03}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {dc119555-f3a7-11e0-ae3f-fbfa51cdfc03}
device                  ramdisk=[C:]\Recovery\dc119555-f3a7-11e0-ae3f-fbfa51cdfc03\Winre.wim,{dc119556-f3a7-11e0-ae3f-fbfa51cdfc03}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\dc119555-f3a7-11e0-ae3f-fbfa51cdfc03\Winre.wim,{dc119556-f3a7-11e0-ae3f-fbfa51cdfc03}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {dc119553-f3a7-11e0-ae3f-fbfa51cdfc03}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {dc119556-f3a7-11e0-ae3f-fbfa51cdfc03}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\dc119555-f3a7-11e0-ae3f-fbfa51cdfc03\boot.sdi

 

LastRegBack: 2013-12-29 12:48

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users