Jump to content

Website keeps popping up (greenoise.altervisa.com)


Zingaro
 Share

Recommended Posts

Dear antivirus knights:

This is a minor problem - actually I've rerouted the site to 127.0.0.1 in my hosts file and created a small "window.close()" javascript so the site closes everytime it's invoked (every 10 minutes or so)... but I still can't figure out what bloody service/process is calling the site to show up in the first place.

I ran avast virus scanner and Malwarebytes full search, nothing was found.

As instructed, here are DDS.txt and Attach.txt.

I eagerly await your instructions/suggestions, and hope this is an easy one!

Thank you,

Marc

dds.txt

attach.txt

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

<p>Ok sure,</p>

<p> </p>

<div>Here are the logs you've asked for, in order.  Would you mind confirming which app "fixed" it?  Was it roguekiller as I suspected?</div>

<div> </div>

<div> Results of screen317's Security Check version 0.99.54  </div>

<div> Windows 7 Service Pack 1 x64 (UAC is disabled!)  </div>

<div> Internet Explorer 9  </div>

<div>``````````````Antivirus/Firewall Check:`````````````` </div>

<div> Windows Firewall Enabled!  </div>

<div>avast! Antivirus   </div>

<div> Antivirus up to date!   </div>

<div>`````````Anti-malware/Other Utilities Check:````````` </div>

<div> Malwarebytes Anti-Malware version 1.65.1.1000  </div>

<div> JavaFX 2.1.1    </div>

<div> Java 6 Update 24  </div>

<div> Java 6 Update 32  </div>

<div> Java 7 Update 7  </div>

<div> Java version out of Date! </div>

<div> Adobe Flash Player 11.4.402.287  </div>

<div> Mozilla Firefox (16.0.2) </div>

<div> Google Chrome 21.0.1180.79  </div>

<div> Google Chrome 21.0.1180.89  </div>

<div> Google Chrome 22.0.1229.79  </div>

<div> Google Chrome 22.0.1229.92  </div>

<div> Google Chrome 22.0.1229.94  </div>

<div> Google Chrome 23.0.1271.64  </div>

<div>````````Process Check: objlist.exe by Laurent````````  </div>

<div> Malwarebytes Anti-Malware mbamservice.exe  </div>

<div> Malwarebytes Anti-Malware mbamgui.exe  </div>

<div> Malwarebytes' Anti-Malware mbamscheduler.exe   </div>

<div> AVAST Software Avast AvastUI.exe  </div>

<div> AVAST Software Avast AvastSvc.exe  </div>

<div>`````````````````System Health check````````````````` </div>

<div> Total Fragmentation on Drive C: 5% </div>

<div>````````````````````End of Log`````````````````````` </div>

<div> </div>

<div> </div>

<div> </div>

<div># AdwCleaner v2.008 - Logfile created 11/18/2012 at 04:17:57</div>

<div># Updated 17/11/2012 by Xplode</div>

<div># Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)</div>

<div># User : Zingaro - ZINGARO-PC</div>

<div># Boot Mode : Normal</div>

<div># Running from : A:\Downloads\adwcleaner.exe</div>

<div># Option [Delete]</div>

<div> </div>

<div> </div>

<div>***** [services] *****</div>

<div> </div>

<div> </div>

<div>***** [Files / Folders] *****</div>

<div> </div>

<div>File Deleted : C:\Users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\hzkqaex5.default\searchplugins\Conduit.xml</div>

<div>Folder Deleted : C:\Program Files (x86)\Conduit</div>

<div>Folder Deleted : C:\Users\Zingaro\AppData\Local\Conduit</div>

<div>Folder Deleted : C:\Users\Zingaro\AppData\Local\TempDir</div>

<div>Folder Deleted : C:\Users\Zingaro\AppData\LocalLow\Conduit</div>

<div>Folder Deleted : C:\Users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\hzkqaex5.default\ConduitCommon</div>

<div> </div>

<div>***** [Registry] *****</div>

<div> </div>

<div>Key Deleted : HKCU\Software\Ask&Record</div>

<div>Key Deleted : HKCU\Software\Conduit</div>

<div>Key Deleted : HKCU\Software\Softonic</div>

<div>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3019965</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}</div>

<div>Key Deleted : HKLM\Software\Conduit</div>

<div>Key Deleted : HKLM\Software\Freeze.com</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}</div>

<div> </div>

<div>***** [internet Browsers] *****</div>

<div> </div>

<div>-\\ Internet Explorer v9.0.8112.16421</div>

<div> </div>

<div>[OK] Registry is clean.</div>

<div> </div>

<div>-\\ Mozilla Firefox v16.0.2 (en-US)</div>

<div> </div>

<div>Profile name : default </div>

<div>File : C:\Users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\hzkqaex5.default\prefs.js</div>

<div> </div>

<div>Deleted : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=[...]</div>

<div>Deleted : user_pref("CT1060933.SearchEngineBeforeUnload", "Freecorder Customized Web Search");</div>

<div>Deleted : user_pref("CT1060933.ValidationData_Toolbar", 0);</div>

<div>Deleted : user_pref("CT3019965..clientLogIsEnabled", false);</div>

<div>Deleted : user_pref("CT3019965..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]</div>

<div>Deleted : user_pref("CT3019965..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]</div>

<div>Deleted : user_pref("CT3019965.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);</div>

<div>Deleted : user_pref("CT3019965.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");</div>

<div>Deleted : user_pref("CT3019965.CTID", "CT3019965");</div>

<div>Deleted : user_pref("CT3019965.CurrentServerDate", "21-2-2012");</div>

<div>Deleted : user_pref("CT3019965.DSInstall", false);</div>

<div>Deleted : user_pref("CT3019965.DialogsAlignMode", "LTR");</div>

<div>Deleted : user_pref("CT3019965.DialogsGetterLastCheckTime", "Tue Feb 21 2012 14:01:36 GMT+0100");</div>

<div>Deleted : user_pref("CT3019965.DownloadReferralCookieData", "");</div>

<div>Deleted : user_pref("CT3019965.FirstServerDate", "21-2-2012");</div>

<div>Deleted : user_pref("CT3019965.FirstTime", true);</div>

<div>Deleted : user_pref("CT3019965.FirstTimeFF3", true);</div>

<div>Deleted : user_pref("CT3019965.FixPageNotFoundErrors", true);</div>

<div>Deleted : user_pref("CT3019965.GroupingServerCheckInterval", 1440);</div>

<div>Deleted : user_pref("CT3019965.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");</div>

<div>Deleted : user_pref("CT3019965.HPInstall", false);</div>

<div>Deleted : user_pref("CT3019965.HasUserGlobalKeys", true);</div>

<div>Deleted : user_pref("CT3019965.Initialize", true);</div>

<div>Deleted : user_pref("CT3019965.InitializeCommonPrefs", true);</div>

<div>Deleted : user_pref("CT3019965.InstallationAndCookieDataSentCount", 1);</div>

<div>Deleted : user_pref("CT3019965.InstallationType", "UnknownIntegration");</div>

<div>Deleted : user_pref("CT3019965.InstalledDate", "Tue Feb 21 2012 14:01:36 GMT+0100");</div>

<div>Deleted : user_pref("CT3019965.InvalidateCache", false);</div>

<div>Deleted : user_pref("CT3019965.IsGrouping", false);</div>

<div>Deleted : user_pref("CT3019965.IsInitSetupIni", true);</div>

<div>Deleted : user_pref("CT3019965.IsMulticommunity", false);</div>

<div>Deleted : user_pref("CT3019965.IsOpenThankYouPage", false);</div>

<div>Deleted : user_pref("CT3019965.IsOpenUninstallPage", false);</div>

<div>Deleted : user_pref("CT3019965.LanguagePackLastCheckTime", "Tue Feb 21 2012 14:01:38 GMT+0100");</div>

<div>Deleted : user_pref("CT3019965.LanguagePackReloadIntervalMM", 1440);</div>

<div>Deleted : user_pref("CT3019965.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]</div>

<div>Deleted : user_pref("CT3019965.LastLogin_3.9.0.3", "Tue Feb 21 2012 14:01:38 GMT+0100");</div>

<div>Deleted : user_pref("CT3019965.LatestVersion", "3.9.0.3");</div>

<div>Deleted : user_pref("CT3019965.Locale", "en");</div>

<div>Deleted : user_pref("CT3019965.MCDetectTooltipHeight", "83");</div>

<div>Deleted : user_pref("CT3019965.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");</div>

<div>Deleted : user_pref("CT3019965.MCDetectTooltipWidth", "295");</div>

<div>Deleted : user_pref("CT3019965.MyStuffEnabledAtInstallation", true);</div>

<div>Deleted : user_pref("CT3019965.OriginalFirstVersion", "3.9.0.3");</div>

<div>Deleted : user_pref("CT3019965.RadioIsPodcast", false);</div>

<div>Deleted : user_pref("CT3019965.RadioLastCheckTime", "Tue Feb 21 2012 14:01:39 GMT+0100");</div>

<div>Deleted : user_pref("CT3019965.RadioLastUpdateIPServer", "3");</div>

<div>Deleted : user_pref("CT3019965.RadioLastUpdateServer", "129553465309070000");</div>

<div>Deleted : user_pref("CT3019965.RadioMediaID", "21917990");</div>

<div>Deleted : user_pref("CT3019965.RadioMediaType", "Media Player");</div>

<div>Deleted : user_pref("CT3019965.RadioMenuSelectedID", "EBRadioMenu_CT301996521917990");</div>

<div>Deleted : user_pref("CT3019965.RadioShrinkedFromSetup", false);</div>

<div>Deleted : user_pref("CT3019965.RadioStationName", "California%20Rock%20-%20Rock");</div>

<div>Deleted : user_pref("CT3019965.RadioStationURL", "hxxp://www.feedlive.net/california.asx");</div>

<div>Deleted : user_pref("CT3019965.SearchCaption", "Free Media Recorder Customized Web Search");</div>

<div>Deleted : user_pref("CT3019965.SearchFromAddressBarIsInit", true);</div>

<div>Deleted : user_pref("CT3019965.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...]</div>

<div>Deleted : user_pref("CT3019965.SearchInNewTabEnabled", true);</div>

<div>Deleted : user_pref("CT3019965.SearchInNewTabIntervalMM", 1440);</div>

<div>Deleted : user_pref("CT3019965.SearchInNewTabLastCheckTime", "Tue Feb 21 2012 14:01:39 GMT+0100");</div>

<div>Deleted : user_pref("CT3019965.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]</div>

<div>Deleted : user_pref("CT3019965.SendProtectorDataViaLogin", true);</div>

<div>Deleted : user_pref("CT3019965.ServiceMapLastCheckTime", "Tue Feb 21 2012 14:00:45 GMT+0100");</div>

<div>Deleted : user_pref("CT3019965.SettingsLastCheckTime", "Tue Feb 21 2012 14:00:46 GMT+0100");</div>

<div>Deleted : user_pref("CT3019965.SettingsLastUpdate", "1326723880");</div>

<div>Deleted : user_pref("CT3019965.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3019965&SearchSource=13");</div>

<div>Deleted : user_pref("CT3019965.ThirdPartyComponentsInterval", 504);</div>

<div>Deleted : user_pref("CT3019965.ThirdPartyComponentsLastCheck", "Tue Feb 21 2012 14:00:45 GMT+0100");</div>

<div>Deleted : user_pref("CT3019965.ThirdPartyComponentsLastUpdate", "1312887586");</div>

<div>Deleted : user_pref("CT3019965.ToolbarShrinkedFromSetup", false);</div>

<div>Deleted : user_pref("CT3019965.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3019965");</div>

<div>Deleted : user_pref("CT3019965.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]</div>

<div>Deleted : user_pref("CT3019965.UserID", "UN99461317577814585");</div>

<div>Deleted : user_pref("CT3019965.ValidationData_Toolbar", 2);</div>

<div>Deleted : user_pref("CT3019965.alertChannelId", "1411551");</div>

<div>Deleted : user_pref("CT3019965.appApproved.129550210578713658", true);</div>

<div>Deleted : user_pref("CT3019965.backendstorage.hxxp://cdn_freemediarecorder_com/toolbar.downloadtype", "6264");</div>

<div>Deleted : user_pref("CT3019965.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]</div>

<div>Deleted : user_pref("CT3019965.globalFirstTimeInfoLastCheckTime", "Tue Feb 21 2012 14:01:36 GMT+0100");</div>

<div>Deleted : user_pref("CT3019965.homepageProtectorEnableByLogin", true);</div>

<div>Deleted : user_pref("CT3019965.initDone", true);</div>

<div>Deleted : user_pref("CT3019965.isAppTrackingManagerOn", true);</div>

<div>Deleted : user_pref("CT3019965.isFirstRadioInstallation", false);</div>

<div>Deleted : user_pref("CT3019965.myStuffEnabled", true);</div>

<div>Deleted : user_pref("CT3019965.myStuffPublihserMinWidth", 400);</div>

<div>Deleted : user_pref("CT3019965.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]</div>

<div>Deleted : user_pref("CT3019965.myStuffServiceIntervalMM", 1440);</div>

<div>Deleted : user_pref("CT3019965.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]</div>

<div>Deleted : user_pref("CT3019965.revertSettingsEnabled", true);</div>

<div>Deleted : user_pref("CT3019965.searchProtectorDialogDelayInSec", 10);</div>

<div>Deleted : user_pref("CT3019965.searchProtectorEnableByLogin", true);</div>

<div>Deleted : user_pref("CT3019965.testingCtid", "");</div>

<div>Deleted : user_pref("CT3019965.toolbarAppMetaDataLastCheckTime", "Tue Feb 21 2012 14:01:36 GMT+0100");</div>

<div>Deleted : user_pref("CT3019965.toolbarContextMenuLastCheckTime", "Tue Feb 21 2012 14:01:38 GMT+0100");</div>

<div>Deleted : user_pref("CT3019965.usagesFlag", 2);</div>

<div>Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1060933&Search[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Freecorder Customized Web Search");</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3019965/CT3019965[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1411551/1407207/AT", "\"0\"[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/AT", "\"0\"");</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3019965", [...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3019965",[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]</div>

<div>Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Zingaro\\AppData\\Roaming\\Mozilla\[...]</div>

<div>Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");</div>

<div>Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.freemediarecorder.com/toolbar/video.html"[...]</div>

<div>Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://freecorder.com/fc6/gadget/video.html", "833x2[...]</div>

<div>Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");</div>

<div>Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3019965");</div>

<div>Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3019965");</div>

<div>Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3019965");</div>

<div>Deleted : user_pref("CommunityToolbar.globalUserId", "7763a81b-e744-4d3f-877d-ef80f0a296c2");</div>

<div>Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);</div>

<div>Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);</div>

<div>Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3019965");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Feb 21 2012 13:50:0[...]</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Feb 21 2012 14:01:37 GMT+010[...]</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.locale", "en");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Feb 21 2012 13:49:58 GMT+0100");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.userId", "681d2f37-ee21-4b30-aa12-86e0a518e71a");</div>

<div>Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");</div>

<div>Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]</div>

<div>Deleted : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search");</div>

<div>Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&Sea[...]</div>

<div> </div>

<div>-\\ Google Chrome v23.0.1271.64</div>

<div> </div>

<div>File : C:\Users\Zingaro\AppData\Local\Google\Chrome\User Data\Default\Preferences</div>

<div> </div>

<div>[OK] File is clean.</div>

<div> </div>

<div>*************************</div>

<div> </div>

<div>AdwCleaner[R1].txt - [15994 octets] - [18/11/2012 04:16:36]</div>

<div>AdwCleaner[s1].txt - [16129 octets] - [18/11/2012 04:17:57]</div>

<div> </div>

<div>########## EOF - C:\AdwCleaner[s1].txt - [16190 octets] ##########</div>

<div> </div>

<div> </div>

<div> </div>

<div>RogueKiller V8.3.0 [Nov 17 2012] by Tigzy</div>

<div>mail: tigzyRK<at>gmail<dot>com</div>

<div>Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/</div>

<div>Website: http://tigzy.geekstogo.com/roguekiller.php</div>

<div>Blog: http://tigzyrk.blogspot.com</div>

<div> </div>

<div>Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version</div>

<div>Started in : Normal mode</div>

<div>User : Zingaro [Admin rights]</div>

<div>Mode : Remove -- Date : 11/18/2012 04:26:42</div>

<div> </div>

<div>¤¤¤ Bad processes : 0 ¤¤¤</div>

<div> </div>

<div>¤¤¤ Registry Entries : 5 ¤¤¤</div>

<div>[sTARTUP][sUSP PATH] securityfix.exe @Zingaro : C:\Users\Zingaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\securityfix.exe -> DELETED</div>

<div>[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)</div>

<div>[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)</div>

<div>[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)</div>

<div>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</div>

<div> </div>

<div>¤¤¤ Particular Files / Folders: ¤¤¤</div>

<div> </div>

<div>¤¤¤ Driver : [NOT LOADED] ¤¤¤</div>

<div> </div>

<div>¤¤¤ HOSTS File: ¤¤¤</div>

<div>--> C:\Windows\system32\drivers\etc\hosts</div>

<div> </div>

<div>0.0.0.0       localhost </div>

<div>127.0.0.1 www.greenoise.altervisa.com</div>

<div> </div>

<div>¤¤¤ MBR Check: ¤¤¤</div>

<div> </div>

<div>+++++ PhysicalDrive0: ST9320421ASG ATA Device +++++</div>

<div>--- User ---</div>

<div>[MBR] 5686910f4c6546009854e1531587cee3</div>

<div>[bSP] 3507d5d683fc3bd400f597e2dd1dcafe : Linux MBR Code</div>

<div>Partition table:</div>

<div>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo</div>

<div>1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 80000 Mo</div>

<div>2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 164050942 | Size: 225142 Mo</div>

<div>User = LL1 ... OK!</div>

<div>User = LL2 ... OK!</div>

<div> </div>

<div>Finished : << RKreport[2]_D_11182012_02d0426.txt >></div>

<div>RKreport[1]_S_11182012_02d0426.txt ; RKreport[2]_D_11182012_02d0426.txt</div>

Link to post
Share on other sites

  • Staff

Hello

It is hard to read there is allot of extra coding in the reply but I would give my money on adwcleaner

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

Hi Gringo,

Sorry about my last post -- no idea why it did that, it looked fine before I posted it.

I appreciate your help so far. After 5 days, I can fairly confidently confirm this problem has disappeared.

I didn't reply because I run a lot of programs so it's not easy for me to reboot unless I absolutely have to. I finally managed some time to do that today and run ComboFix.

However, I noticed that an old problem, unrelated to this one, is back: my computer won't create System Restore points. This happened after I re-enabled UAC.

chris helped me with this issue last July. http://forums.malwarebytes.org/index.php?showtopic=88903

Shall I start a new thread?

Thanks again,

Marc

Here, as you requested, the ComboFix log:

ComboFix 12-11-22.02 - Zingaro 22/11/2012 11:27:55.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4025.2678 [GMT 1:00]

Running from: a:\downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

a:\documents\Readiris.DUS

c:\programdata\ZeoBIT

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))

.

.

2012-11-22 10:40 . 2012-11-22 10:40 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2012-11-22 10:40 . 2012-11-22 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-20 07:57 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-17 23:18 . 2012-11-18 00:00 -------- d-----w- c:\users\Zingaro\AppData\Local\SDL

2012-11-17 21:46 . 2012-11-17 21:46 -------- d-----w- c:\programdata\SDL International

2012-11-17 21:46 . 2012-11-17 21:52 -------- d-----w- c:\program files (x86)\Common Files\SDL

2012-11-17 21:45 . 2012-11-17 23:47 -------- d-----w- c:\users\Zingaro\AppData\Roaming\SDL

2012-11-17 21:45 . 2012-11-17 21:57 -------- d-----w- c:\program files (x86)\SDL

2012-11-17 21:43 . 2012-11-17 21:43 -------- d-----w- c:\program files (x86)\Microsoft WSE

2012-11-17 21:43 . 2012-11-17 21:43 -------- d-----w- c:\program files (x86)\Open XML SDK

2012-11-17 21:38 . 2012-11-17 21:58 -------- d-----w- c:\programdata\SDL

2012-11-17 00:46 . 2012-11-17 00:46 -------- d-----w- c:\users\Zingaro\AppData\Roaming\Malwarebytes

2012-11-17 00:45 . 2012-11-17 00:45 -------- d-----w- c:\programdata\Malwarebytes

2012-11-17 00:45 . 2012-11-17 00:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-17 00:45 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-16 23:45 . 2012-11-16 23:45 -------- d-----w- c:\program files (x86)\Macro Scheduler 11

2012-11-16 23:45 . 2012-11-16 23:45 -------- d-----w- c:\windows\Macro Scheduler Pro

2012-11-16 18:09 . 2012-11-16 18:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio .NET 2003

2012-11-16 18:02 . 2012-11-16 18:02 -------- d-----w- C:\oracle

2012-11-16 18:01 . 2012-11-16 18:03 -------- d-----w- c:\program files (x86)\Oracle

2012-11-16 16:26 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-11-16 16:26 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-11-16 16:26 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-11-16 16:26 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-11-16 16:26 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-11-16 16:26 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-11-16 16:26 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-11-16 16:26 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2012-11-16 16:26 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-11-16 16:26 . 2012-11-16 16:26 -------- d-----w- c:\programdata\AVAST Software

2012-11-16 16:26 . 2012-11-16 16:26 -------- d-----w- c:\program files\AVAST Software

2012-11-16 16:18 . 2012-11-16 16:18 -------- d-----w- C:\Memopal

2012-11-16 15:52 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 15:52 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 15:52 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 15:52 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 15:40 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-16 15:40 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-16 15:40 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-16 15:40 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-16 15:40 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-16 15:40 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-16 15:40 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-16 12:28 . 2012-11-16 12:28 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared

2012-11-16 12:28 . 2012-11-16 12:28 -------- d-----w- c:\program files (x86)\TechSmith

2012-11-07 08:50 . 2012-11-07 08:50 -------- d-----w- c:\users\Zingaro\AppData\Roaming\U3

2012-11-05 16:35 . 2012-11-05 16:39 -------- d-----w- C:\RIZDRIVE BACKUP SATURN

2012-10-24 12:43 . 2012-10-24 12:43 -------- d-----w- c:\users\Zingaro\AppData\Local\My Games

2012-10-24 12:37 . 2012-10-24 12:37 -------- d-----w- c:\programdata\REVOLT

2012-10-24 12:18 . 2012-10-24 12:18 -------- d-----w- c:\program files (x86)\Games

2012-10-24 12:14 . 2012-10-24 12:14 -------- d-----w- c:\programdata\AIT

2012-10-24 12:14 . 2009-04-03 12:19 589824 ----a-w- c:\windows\SysWow64\ac7menu.dll

2012-10-24 12:14 . 2009-04-03 12:19 168448 ----a-w- c:\windows\SysWow64\extarch.dll

2012-10-24 12:14 . 2009-04-03 12:19 40960 ----a-w- c:\windows\SysWow64\ac7grid.dll

2012-10-24 12:14 . 2008-11-05 10:50 30720 ----a-w- c:\windows\SysWow64\AM6tract.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-16 15:41 . 2011-10-08 14:30 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-20 20:19 . 2012-10-20 20:19 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

2012-10-19 10:52 . 2012-10-19 10:44 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll

2012-10-17 00:31 . 2012-10-17 21:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0598184C-2124-4B7F-B0CB-7F4AC5DDFB35}\mpengine.dll

2012-10-16 08:52 . 2012-04-09 16:53 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-16 08:52 . 2011-10-08 14:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-15 10:35 . 2012-10-15 10:12 1778 ----a-w- c:\windows\xren.vbs

2012-09-21 08:05 . 2012-05-12 07:26 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-21 08:05 . 2011-10-16 18:02 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-14 19:19 . 2012-10-10 08:20 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 08:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 08:21 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-10 08:21 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 08:21 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 08:21 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-24 18:05 . 2012-10-10 08:21 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 08:21 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalBackedUp]

@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"

[HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}]

2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalError]

@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"

[HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}]

2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalPartiallyBackedUp]

@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"

[HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}]

2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalToBackup]

@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"

[HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}]

2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2012-01-19 933640]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-14 1190920]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

c:\users\Zingaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

3CX Phone.lnk - c:\program files (x86)\3CXPhone\3CXPhone.exe [2011-8-31 532480]

Dropbox.lnk - c:\users\Zingaro\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

Super Finder XT.lnk - c:\program files (x86)\FSL\SuperFinder\SuperFinder.exe [2011-12-13 2447360]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Macro Scheduler.lnk - c:\program files (x86)\Macro Scheduler 11\msched.exe [2009-2-16 5618424]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R2 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 ALSysIO;ALSysIO;c:\users\Zingaro\AppData\Local\Temp\ALSysIO64.sys [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

R3 MacroExpertDirectIo;MacroExpertDirectIo;c:\program files (x86)\grasssoft\mouse recorder\MacroExpertIo.sys [2008-07-04 5120]

R3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\DRIVERS\MAudioMobilePre.sys [2009-09-02 187912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R4 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2012-01-28 20549]

R4 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]

R4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-03-21 341312]

R4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ORCL [x]

R4 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\program files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe [2011-10-21 209920]

R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-10 91864]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016]

S2 Kilgray: memoQ update permissions manager. 979430.;Kilgray: memoQ update permissions manager. 979430.;c:\program files (x86)\Kilgray\memoQ40\AUClient.exe [2011-11-08 696320]

S2 Kilgray: memoQ update permissions manager. 9841208.;Kilgray: memoQ update permissions manager. 9841208.;c:\program files (x86)\Kilgray\memoQ60\AUClient.exe [2012-08-27 696320]

S2 Macro Expert;Macro Expert;c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe [2009-03-13 206336]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 Memopal Crawler;Memopal Crawler;c:\program files\Memopal\MemopalCrawler.exe [2011-11-25 2852120]

S2 MSSQL$ACROSS;SQL Server (ACROSS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe [2012-08-17 135168]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928]

S2 OracleServiceORCL;OracleServiceORCL;c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE ORCL [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3742645115-2715197863-2469513334-1000Core.job

- c:\users\Zingaro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 11:03]

.

2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3742645115-2715197863-2469513334-1000UA.job

- c:\users\Zingaro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 11:03]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalBackedUp]

@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"

[HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}]

2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalError]

@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"

[HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}]

2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalPartiallyBackedUp]

@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"

[HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}]

2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalToBackup]

@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"

[HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}]

2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://webmail.inghams.co.uk/exchange/

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.178.1 192.168.0.1

FF - ProfilePath - c:\users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\fevpbl4o.default-1353331753403\

FF - ExtSQL: 2012-10-25 13:18; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF - ExtSQL: 2012-11-17 22:41; {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - ExtSQL: 2012-11-20 02:00; support@lastpass.com; c:\users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\fevpbl4o.default-1353331753403\extensions\support@lastpass.com

.

.

------- File Associations -------

.

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)

URLSearchHooks-{e5b66461-19eb-4da5-bbf7-df2d266d975b} - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 979430.]

"ImagePath"="c:\program files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 9841208.]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb10g_home1TNSListener]

"ImagePath"="c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR "

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{80BB9C2F-5C80-E3D9-871A-5DA5CA022777}*]

"bbickfogjdkmchldmjfnockpbfcmgcgnpepf"=hex:6b,61,66,6c,6c,67,70,6e,6b,64,70,68,

64,6b,69,6a,6c,69,6c,6e,6a,65,00,76

"abcceinjklhmbbjhddjhbjodaajeinhiac"=hex:6b,61,66,6c,6c,67,70,6e,6b,64,70,68,

64,6b,69,6a,6c,69,6c,6e,6a,65,00,76

.

[HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):21,99,a5,fc,cd,d0,6a,f7,c2,a8,63,1d,9b,cf,0b,08,b0,79,67,c5,6c,

a3,a7,8a,b6,0e,e8,e6,26,76,b3,12,80,6d,cb,f0,2f,7f,4e,80,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000_Classes\Wow6432Node\CLSID\{eb19a459-8a6e-4452-ab02-afcd790715fc}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000140

"Therad"=dword:00000025

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,6f,b5,7b,f9,cc,35,25,c5,2e,a7,92,fe,df,6c,4e,ad,d9,53,64,cd,75,52,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:70,fd,43,68,bf,59,dc,18,a9,2b,94,57,3c,25,4e,9b,42,4e,20,62,81,

51,65,6d,32,57,3c,50,36,cb,8e,0f,1b,06,14,a8,87,41,bb,4c,ab,e4,4b,53,c7,1a,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:70,fd,43,68,bf,59,dc,18,a9,2b,94,57,3c,25,4e,9b,42,4e,20,62,81,

51,65,6d,32,57,3c,50,36,cb,8e,0f,c3,38,f0,d7,44,82,fc,08,ab,e4,4b,53,c7,1a,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-22 11:44:10

ComboFix-quarantined-files.txt 2012-11-22 10:44

.

Pre-Run: 3,343,519,744 bytes free

Post-Run: 5,908,033,536 bytes free

.

- - End Of File - - FBA5CD2EB1B9ECC02AC233A6CF58538E

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

Hola gringo,

I think it was a false alarm -- I simply didn't have any Restore Points created. I tried creating two manually and they are showing.

Not sure if you still wanted me to run the rootkit programs but I decided to. It seems to me the logs are ok. I'm running Daemon Tools (sptd.sys) which flagged both programs, but I'm still pretty sure I'm clean.

I await your confirmation.

19:11:02.0381 7460 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

19:11:02.0646 7460 ============================================================

19:11:02.0646 7460 Current date / time: 2012/11/22 19:11:02.0646

19:11:02.0646 7460 SystemInfo:

19:11:02.0646 7460

19:11:02.0646 7460 OS Version: 6.1.7601 ServicePack: 1.0

19:11:02.0646 7460 Product type: Workstation

19:11:02.0646 7460 ComputerName: ZINGARO-PC

19:11:02.0647 7460 UserName: Zingaro

19:11:02.0647 7460 Windows directory: C:\Windows

19:11:02.0647 7460 System windows directory: C:\Windows

19:11:02.0647 7460 Running under WOW64

19:11:02.0647 7460 Processor architecture: Intel x64

19:11:02.0647 7460 Number of processors: 2

19:11:02.0647 7460 Page size: 0x1000

19:11:02.0647 7460 Boot type: Normal boot

19:11:02.0647 7460 ============================================================

19:11:04.0885 7460 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:11:04.0895 7460 ============================================================

19:11:04.0895 7460 \Device\Harddisk0\DR0:

19:11:04.0895 7460 MBR partitions:

19:11:04.0895 7460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

19:11:04.0895 7460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x9C40033

19:11:04.0945 7460 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC384000, BlocksNum 0x188CE000

19:11:04.0945 7460 ============================================================

19:11:05.0037 7460 C: <-> \Device\Harddisk0\DR0\Partition2

19:11:05.0076 7460 A: <-> \Device\Harddisk0\DR0\Partition3

19:11:05.0139 7460 ============================================================

19:11:05.0139 7460 Initialize success

19:11:05.0139 7460 ============================================================

19:11:08.0150 3408 ============================================================

19:11:08.0150 3408 Scan started

19:11:08.0150 3408 Mode: Manual;

19:11:08.0150 3408 ============================================================

19:11:12.0698 3408 ================ Scan system memory ========================

19:11:12.0698 3408 System memory - ok

19:11:12.0708 3408 ================ Scan services =============================

19:11:12.0919 3408 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

19:11:12.0928 3408 1394ohci - ok

19:11:12.0980 3408 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

19:11:12.0999 3408 ACPI - ok

19:11:13.0017 3408 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

19:11:13.0019 3408 AcpiPmi - ok

19:11:13.0218 3408 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:11:13.0222 3408 AdobeARMservice - ok

19:11:13.0404 3408 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

19:11:13.0425 3408 adp94xx - ok

19:11:13.0444 3408 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

19:11:13.0469 3408 adpahci - ok

19:11:13.0487 3408 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

19:11:13.0492 3408 adpu320 - ok

19:11:13.0537 3408 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

19:11:13.0540 3408 AeLookupSvc - ok

19:11:13.0596 3408 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

19:11:13.0605 3408 AFD - ok

19:11:13.0700 3408 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys

19:11:13.0735 3408 AgereSoftModem - ok

19:11:13.0769 3408 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

19:11:13.0771 3408 agp440 - ok

19:11:13.0820 3408 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

19:11:13.0820 3408 ALG - ok

19:11:13.0851 3408 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

19:11:13.0852 3408 aliide - ok

19:11:13.0972 3408 ALSysIO - ok

19:11:14.0003 3408 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

19:11:14.0005 3408 amdide - ok

19:11:14.0037 3408 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

19:11:14.0040 3408 AmdK8 - ok

19:11:14.0056 3408 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

19:11:14.0059 3408 AmdPPM - ok

19:11:14.0107 3408 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

19:11:14.0111 3408 amdsata - ok

19:11:14.0157 3408 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

19:11:14.0162 3408 amdsbs - ok

19:11:14.0192 3408 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

19:11:14.0195 3408 amdxata - ok

19:11:14.0242 3408 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys

19:11:14.0246 3408 androidusb - ok

19:11:14.0342 3408 [ EB4E26AD3A0E681C2FAABBACB0691A34 ] Apache2.2 C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe

19:11:14.0346 3408 Apache2.2 - ok

19:11:14.0428 3408 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll

19:11:14.0479 3408 AppHostSvc - ok

19:11:14.0556 3408 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

19:11:14.0569 3408 AppID - ok

19:11:14.0621 3408 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

19:11:14.0627 3408 AppIDSvc - ok

19:11:14.0756 3408 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

19:11:14.0766 3408 Appinfo - ok

19:11:15.0080 3408 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

19:11:15.0080 3408 Apple Mobile Device - ok

19:11:15.0120 3408 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

19:11:15.0130 3408 AppMgmt - ok

19:11:15.0160 3408 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

19:11:15.0170 3408 arc - ok

19:11:15.0190 3408 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

19:11:15.0228 3408 arcsas - ok

19:11:15.0412 3408 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

19:11:15.0424 3408 aspnet_state - ok

19:11:15.0484 3408 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys

19:11:15.0484 3408 aswFsBlk - ok

19:11:15.0646 3408 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys

19:11:15.0648 3408 aswMonFlt - ok

19:11:15.0678 3408 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys

19:11:15.0678 3408 aswRdr - ok

19:11:15.0749 3408 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys

19:11:15.0775 3408 aswSnx - ok

19:11:15.0820 3408 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys

19:11:15.0834 3408 aswSP - ok

19:11:15.0902 3408 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys

19:11:15.0902 3408 aswTdi - ok

19:11:15.0932 3408 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

19:11:15.0932 3408 AsyncMac - ok

19:11:15.0952 3408 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

19:11:15.0952 3408 atapi - ok

19:11:16.0032 3408 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys

19:11:16.0067 3408 athr - ok

19:11:16.0124 3408 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

19:11:16.0154 3408 AudioEndpointBuilder - ok

19:11:16.0194 3408 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

19:11:16.0194 3408 AudioSrv - ok

19:11:16.0296 3408 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

19:11:16.0306 3408 avast! Antivirus - ok

19:11:16.0346 3408 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

19:11:16.0346 3408 AxInstSV - ok

19:11:16.0387 3408 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

19:11:16.0387 3408 b06bdrv - ok

19:11:16.0407 3408 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

19:11:16.0417 3408 b57nd60a - ok

19:11:16.0440 3408 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

19:11:16.0443 3408 BDESVC - ok

19:11:16.0465 3408 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

19:11:16.0468 3408 Beep - ok

19:11:16.0509 3408 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

19:11:16.0529 3408 BFE - ok

19:11:16.0579 3408 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

19:11:16.0631 3408 BITS - ok

19:11:16.0681 3408 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

19:11:16.0681 3408 blbdrive - ok

19:11:16.0753 3408 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

19:11:16.0763 3408 Bonjour Service - ok

19:11:16.0809 3408 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

19:11:16.0812 3408 bowser - ok

19:11:16.0839 3408 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

19:11:16.0840 3408 BrFiltLo - ok

19:11:16.0860 3408 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

19:11:16.0861 3408 BrFiltUp - ok

19:11:16.0895 3408 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

19:11:16.0895 3408 BridgeMP - ok

19:11:16.0935 3408 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

19:11:16.0935 3408 Browser - ok

19:11:16.0965 3408 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

19:11:16.0965 3408 Brserid - ok

19:11:16.0984 3408 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

19:11:16.0986 3408 BrSerWdm - ok

19:11:17.0007 3408 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

19:11:17.0010 3408 BrUsbMdm - ok

19:11:17.0019 3408 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

19:11:17.0021 3408 BrUsbSer - ok

19:11:17.0064 3408 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

19:11:17.0066 3408 BthEnum - ok

19:11:17.0077 3408 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

19:11:17.0077 3408 BTHMODEM - ok

19:11:17.0117 3408 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

19:11:17.0121 3408 BthPan - ok

19:11:17.0169 3408 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

19:11:17.0199 3408 BTHPORT - ok

19:11:17.0252 3408 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

19:11:17.0258 3408 bthserv - ok

19:11:17.0351 3408 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

19:11:17.0351 3408 BTHUSB - ok

19:11:17.0421 3408 catchme - ok

19:11:17.0441 3408 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

19:11:17.0454 3408 cdfs - ok

19:11:17.0488 3408 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

19:11:17.0492 3408 cdrom - ok

19:11:17.0533 3408 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

19:11:17.0543 3408 CertPropSvc - ok

19:11:17.0576 3408 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

19:11:17.0578 3408 circlass - ok

19:11:17.0611 3408 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

19:11:17.0618 3408 CLFS - ok

19:11:17.0665 3408 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:11:17.0665 3408 clr_optimization_v2.0.50727_32 - ok

19:11:17.0775 3408 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:11:17.0785 3408 clr_optimization_v2.0.50727_64 - ok

19:11:17.0866 3408 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:11:17.0867 3408 clr_optimization_v4.0.30319_32 - ok

19:11:17.0887 3408 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:11:17.0897 3408 clr_optimization_v4.0.30319_64 - ok

19:11:17.0927 3408 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

19:11:17.0927 3408 CmBatt - ok

19:11:17.0947 3408 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

19:11:17.0947 3408 cmdide - ok

19:11:17.0999 3408 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

19:11:18.0013 3408 CNG - ok

19:11:18.0035 3408 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

19:11:18.0038 3408 Compbatt - ok

19:11:18.0059 3408 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

19:11:18.0059 3408 CompositeBus - ok

19:11:18.0079 3408 COMSysApp - ok

19:11:18.0099 3408 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

19:11:18.0099 3408 crcdisk - ok

19:11:18.0151 3408 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

19:11:18.0151 3408 CryptSvc - ok

19:11:18.0191 3408 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

19:11:18.0201 3408 CSC - ok

19:11:18.0221 3408 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

19:11:18.0258 3408 CscService - ok

19:11:18.0303 3408 [ BF62FF663AE55E4ED99DE76881C2C0F1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys

19:11:18.0313 3408 ctxusbm - ok

19:11:18.0363 3408 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

19:11:18.0373 3408 dc3d - ok

19:11:18.0425 3408 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

19:11:18.0448 3408 DcomLaunch - ok

19:11:18.0485 3408 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

19:11:18.0505 3408 defragsvc - ok

19:11:18.0545 3408 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

19:11:18.0555 3408 DfsC - ok

19:11:18.0600 3408 dgderdrv - ok

19:11:18.0641 3408 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

19:11:18.0647 3408 Dhcp - ok

19:11:18.0677 3408 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

19:11:18.0687 3408 discache - ok

19:11:18.0729 3408 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

19:11:18.0729 3408 Disk - ok

19:11:18.0864 3408 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys

19:11:18.0868 3408 DKbFltr - ok

19:11:18.0891 3408 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys

19:11:18.0891 3408 dmvsc - ok

19:11:18.0931 3408 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

19:11:18.0941 3408 Dnscache - ok

19:11:18.0978 3408 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

19:11:18.0985 3408 dot3svc - ok

19:11:19.0030 3408 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys

19:11:19.0034 3408 dot4 - ok

19:11:19.0053 3408 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

19:11:19.0053 3408 Dot4Print - ok

19:11:19.0083 3408 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

19:11:19.0093 3408 dot4usb - ok

19:11:19.0116 3408 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

19:11:19.0122 3408 DPS - ok

19:11:19.0145 3408 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

19:11:19.0155 3408 drmkaud - ok

19:11:19.0195 3408 [ EDF7343ACAAB182C082F26EA97706E83 ] DsiWMIService C:\Program Files\Launch Manager\dsiwmis.exe

19:11:19.0205 3408 DsiWMIService - ok

19:11:19.0263 3408 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

19:11:19.0287 3408 DXGKrnl - ok

19:11:19.0337 3408 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

19:11:19.0347 3408 EapHost - ok

19:11:19.0509 3408 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

19:11:19.0571 3408 ebdrv - ok

19:11:19.0623 3408 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

19:11:19.0633 3408 EFS - ok

19:11:19.0673 3408 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

19:11:19.0699 3408 ehRecvr - ok

19:11:19.0713 3408 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

19:11:19.0716 3408 ehSched - ok

19:11:19.0835 3408 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

19:11:19.0863 3408 elxstor - ok

19:11:19.0887 3408 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

19:11:19.0897 3408 ErrDev - ok

19:11:19.0947 3408 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

19:11:19.0975 3408 EventSystem - ok

19:11:20.0010 3408 ew_hwusbdev - ok

19:11:20.0039 3408 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

19:11:20.0044 3408 exfat - ok

19:11:20.0079 3408 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

19:11:20.0079 3408 fastfat - ok

19:11:20.0131 3408 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

19:11:20.0161 3408 Fax - ok

19:11:20.0201 3408 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

19:11:20.0212 3408 fdc - ok

19:11:20.0263 3408 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

19:11:20.0263 3408 fdPHost - ok

19:11:20.0283 3408 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

19:11:20.0293 3408 FDResPub - ok

19:11:20.0324 3408 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

19:11:20.0325 3408 FileInfo - ok

19:11:20.0345 3408 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

19:11:20.0345 3408 Filetrace - ok

19:11:20.0365 3408 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

19:11:20.0365 3408 flpydisk - ok

19:11:20.0395 3408 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

19:11:20.0395 3408 FltMgr - ok

19:11:20.0455 3408 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

19:11:20.0488 3408 FontCache - ok

19:11:20.0557 3408 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:11:20.0557 3408 FontCache3.0.0.0 - ok

19:11:20.0597 3408 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

19:11:20.0597 3408 FsDepends - ok

19:11:20.0659 3408 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

19:11:20.0661 3408 Fs_Rec - ok

19:11:20.0699 3408 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

19:11:20.0709 3408 fvevol - ok

19:11:20.0729 3408 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

19:11:20.0743 3408 gagp30kx - ok

19:11:20.0781 3408 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:11:20.0781 3408 GEARAspiWDM - ok

19:11:20.0811 3408 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

19:11:20.0845 3408 gpsvc - ok

19:11:20.0913 3408 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

19:11:20.0923 3408 gusvc - ok

19:11:20.0943 3408 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

19:11:20.0943 3408 hcw85cir - ok

19:11:20.0991 3408 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

19:11:21.0013 3408 HdAudAddService - ok

19:11:21.0055 3408 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

19:11:21.0055 3408 HDAudBus - ok

19:11:21.0075 3408 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

19:11:21.0075 3408 HidBatt - ok

19:11:21.0098 3408 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

19:11:21.0101 3408 HidBth - ok

19:11:21.0126 3408 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

19:11:21.0131 3408 HidIr - ok

19:11:21.0157 3408 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

19:11:21.0157 3408 hidserv - ok

19:11:21.0192 3408 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

19:11:21.0195 3408 HidUsb - ok

19:11:21.0232 3408 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

19:11:21.0237 3408 hkmsvc - ok

19:11:21.0270 3408 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

19:11:21.0277 3408 HomeGroupListener - ok

19:11:21.0369 3408 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

19:11:21.0389 3408 HomeGroupProvider - ok

19:11:21.0409 3408 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

19:11:21.0409 3408 HpSAMD - ok

19:11:21.0447 3408 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

19:11:21.0477 3408 HTTP - ok

19:11:21.0509 3408 huawei_cdcacm - ok

19:11:21.0511 3408 huawei_enumerator - ok

19:11:21.0558 3408 hwdatacard - ok

19:11:21.0588 3408 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

19:11:21.0592 3408 hwpolicy - ok

19:11:21.0644 3408 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

19:11:21.0648 3408 i8042prt - ok

19:11:21.0703 3408 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

19:11:21.0713 3408 iaStorV - ok

19:11:21.0783 3408 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

19:11:21.0793 3408 IDriverT - ok

19:11:21.0849 3408 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:11:21.0885 3408 idsvc - ok

19:11:22.0065 3408 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

19:11:22.0187 3408 igfx - ok

19:11:22.0225 3408 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

19:11:22.0233 3408 iirsp - ok

19:11:22.0289 3408 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

19:11:22.0329 3408 IKEEXT - ok

19:11:22.0382 3408 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

19:11:22.0385 3408 intelide - ok

19:11:22.0487 3408 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

19:11:22.0489 3408 intelppm - ok

19:11:22.0523 3408 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

19:11:22.0523 3408 IPBusEnum - ok

19:11:22.0553 3408 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:11:22.0563 3408 IpFilterDriver - ok

19:11:22.0608 3408 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

19:11:22.0619 3408 iphlpsvc - ok

19:11:22.0655 3408 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

19:11:22.0659 3408 IPMIDRV - ok

19:11:22.0675 3408 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

19:11:22.0675 3408 IPNAT - ok

19:11:22.0807 3408 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

19:11:22.0842 3408 iPod Service - ok

19:11:22.0883 3408 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

19:11:22.0886 3408 IRENUM - ok

19:11:22.0939 3408 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

19:11:22.0939 3408 isapnp - ok

19:11:22.0984 3408 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

19:11:22.0993 3408 iScsiPrt - ok

19:11:23.0028 3408 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys

19:11:23.0036 3408 k57nd60a - ok

19:11:23.0065 3408 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

19:11:23.0068 3408 kbdclass - ok

19:11:23.0095 3408 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

19:11:23.0098 3408 kbdhid - ok

19:11:23.0111 3408 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

19:11:23.0121 3408 KeyIso - ok

19:11:23.0283 3408 Kilgray: memoQ update permissions manager. 2595325. - ok

19:11:23.0335 3408 Kilgray: memoQ update permissions manager. 340979. - ok

19:11:23.0355 3408 Kilgray: memoQ update permissions manager. 979430. - ok

19:11:23.0401 3408 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

19:11:23.0405 3408 KSecDD - ok

19:11:23.0427 3408 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

19:11:23.0427 3408 KSecPkg - ok

19:11:23.0447 3408 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

19:11:23.0447 3408 ksthunk - ok

19:11:23.0487 3408 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

19:11:23.0504 3408 KtmRm - ok

19:11:23.0548 3408 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

19:11:23.0557 3408 LanmanServer - ok

19:11:23.0575 3408 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

19:11:23.0583 3408 LanmanWorkstation - ok

19:11:23.0630 3408 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

19:11:23.0633 3408 lltdio - ok

19:11:23.0671 3408 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

19:11:23.0679 3408 lltdsvc - ok

19:11:23.0699 3408 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

19:11:23.0699 3408 lmhosts - ok

19:11:23.0741 3408 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

19:11:23.0744 3408 LSI_FC - ok

19:11:23.0768 3408 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

19:11:23.0771 3408 LSI_SAS - ok

19:11:23.0813 3408 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

19:11:23.0816 3408 LSI_SAS2 - ok

19:11:23.0840 3408 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

19:11:23.0845 3408 LSI_SCSI - ok

19:11:23.0869 3408 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

19:11:23.0872 3408 luafv - ok

19:11:23.0921 3408 [ A13AC35BCDA983ACB8EF6FF025830508 ] Macro Expert c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe

19:11:23.0921 3408 Macro Expert - ok

19:11:23.0941 3408 [ 83BE0A161C995BCC42362311243905AA ] MacroExpertDirectIo c:\program files (x86)\grasssoft\mouse recorder\MacroExpertIo.sys

19:11:23.0941 3408 MacroExpertDirectIo - ok

19:11:24.0022 3408 [ 87BF49F946C465C95A9ECCB9E97240E0 ] MAUSBMOBILEPRE C:\Windows\system32\DRIVERS\MAudioMobilePre.sys

19:11:24.0023 3408 MAUSBMOBILEPRE - ok

19:11:24.0078 3408 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

19:11:24.0083 3408 MBAMProtector - ok

19:11:24.0135 3408 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

19:11:24.0145 3408 MBAMScheduler - ok

19:11:24.0188 3408 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

19:11:24.0200 3408 MBAMService - ok

19:11:24.0227 3408 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

19:11:24.0232 3408 Mcx2Svc - ok

19:11:24.0247 3408 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

19:11:24.0247 3408 megasas - ok

19:11:24.0267 3408 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

19:11:24.0281 3408 MegaSR - ok

19:11:24.0419 3408 [ AA017F00565A6DFAB7194E43EBA77312 ] Memopal Crawler C:\Program Files\Memopal\MemopalCrawler.exe

19:11:24.0479 3408 Memopal Crawler - ok

19:11:24.0514 3408 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

19:11:24.0519 3408 MMCSS - ok

19:11:24.0541 3408 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

19:11:24.0541 3408 Modem - ok

19:11:24.0613 3408 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

19:11:24.0613 3408 monitor - ok

19:11:24.0663 3408 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

19:11:24.0663 3408 mouclass - ok

19:11:24.0693 3408 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

19:11:24.0693 3408 mouhid - ok

19:11:24.0723 3408 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

19:11:24.0723 3408 mountmgr - ok

19:11:24.0823 3408 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

19:11:24.0829 3408 MozillaMaintenance - ok

19:11:24.0861 3408 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

19:11:24.0865 3408 mpio - ok

19:11:24.0901 3408 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

19:11:24.0904 3408 mpsdrv - ok

19:11:24.0945 3408 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

19:11:24.0975 3408 MpsSvc - ok

19:11:25.0017 3408 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

19:11:25.0017 3408 MRxDAV - ok

19:11:25.0057 3408 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

19:11:25.0067 3408 mrxsmb - ok

19:11:25.0109 3408 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:11:25.0118 3408 mrxsmb10 - ok

19:11:25.0159 3408 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:11:25.0159 3408 mrxsmb20 - ok

19:11:25.0189 3408 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

19:11:25.0189 3408 msahci - ok

19:11:25.0229 3408 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

19:11:25.0229 3408 msdsm - ok

19:11:25.0281 3408 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

19:11:25.0281 3408 MSDTC - ok

19:11:25.0338 3408 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

19:11:25.0344 3408 Msfs - ok

19:11:25.0363 3408 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

19:11:25.0363 3408 mshidkmdf - ok

19:11:25.0383 3408 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

19:11:25.0383 3408 msisadrv - ok

19:11:25.0422 3408 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

19:11:25.0430 3408 MSiSCSI - ok

19:11:25.0435 3408 msiserver - ok

19:11:25.0465 3408 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

19:11:25.0465 3408 MSKSSRV - ok

19:11:25.0475 3408 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

19:11:25.0485 3408 MSPCLOCK - ok

19:11:25.0500 3408 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

19:11:25.0502 3408 MSPQM - ok

19:11:25.0527 3408 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

19:11:25.0533 3408 MsRPC - ok

19:11:25.0572 3408 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

19:11:25.0574 3408 mssmbios - ok

19:11:25.0647 3408 MSSQL$ACROSS - ok

19:11:25.0709 3408 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe

19:11:25.0719 3408 MSSQLServerADHelper - ok

19:11:25.0749 3408 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

19:11:25.0749 3408 MSTEE - ok

19:11:25.0759 3408 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

19:11:25.0759 3408 MTConfig - ok

19:11:25.0779 3408 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

19:11:25.0779 3408 Mup - ok

19:11:25.0831 3408 MySQL55 - ok

19:11:25.0913 3408 [ 086DA58F38AB4C690D594D223F6C4BC4 ] NalServ C:\Windows\SysWOW64\nalserv.exe

19:11:25.0923 3408 NalServ - ok

19:11:25.0953 3408 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

19:11:25.0973 3408 napagent - ok

19:11:26.0016 3408 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

19:11:26.0026 3408 NativeWifiP - ok

19:11:26.0165 3408 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

19:11:26.0205 3408 NDIS - ok

19:11:26.0257 3408 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

19:11:26.0260 3408 NdisCap - ok

19:11:26.0347 3408 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

19:11:26.0357 3408 NdisTapi - ok

19:11:26.0447 3408 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

19:11:26.0447 3408 Ndisuio - ok

19:11:26.0487 3408 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

19:11:26.0487 3408 NdisWan - ok

19:11:26.0529 3408 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

19:11:26.0532 3408 NDProxy - ok

19:11:26.0589 3408 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys

19:11:26.0592 3408 Netaapl - ok

19:11:26.0599 3408 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

19:11:26.0609 3408 NetBIOS - ok

19:11:26.0629 3408 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

19:11:26.0640 3408 NetBT - ok

19:11:26.0661 3408 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

19:11:26.0665 3408 Netlogon - ok

19:11:26.0711 3408 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

19:11:26.0731 3408 Netman - ok

19:11:26.0811 3408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:11:26.0821 3408 NetMsmqActivator - ok

19:11:26.0851 3408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:11:26.0851 3408 NetPipeActivator - ok

19:11:26.0880 3408 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

19:11:26.0903 3408 netprofm - ok

19:11:26.0913 3408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:11:26.0915 3408 NetTcpActivator - ok

19:11:26.0926 3408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:11:26.0929 3408 NetTcpPortSharing - ok

19:11:26.0953 3408 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

19:11:26.0956 3408 nfrd960 - ok

19:11:27.0083 3408 [ BEEBF29E6F01D2810313B0FD89EC933B ] NitroDriverReadSpool C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe

19:11:27.0103 3408 NitroDriverReadSpool - ok

19:11:27.0173 3408 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

19:11:27.0183 3408 NlaSvc - ok

19:11:27.0213 3408 [ 23688F610A5A16DD8B4D93D2F7BD44F6 ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE

19:11:27.0253 3408 nlsX86cc - ok

19:11:27.0305 3408 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys

19:11:27.0305 3408 NPF - ok

19:11:27.0325 3408 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

19:11:27.0325 3408 Npfs - ok

19:11:27.0367 3408 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

19:11:27.0372 3408 nsi - ok

19:11:27.0407 3408 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

19:11:27.0407 3408 nsiproxy - ok

19:11:27.0479 3408 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

19:11:27.0532 3408 Ntfs - ok

19:11:27.0581 3408 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

19:11:27.0587 3408 Null - ok

19:11:27.0649 3408 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

19:11:27.0652 3408 nvraid - ok

19:11:27.0724 3408 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

19:11:27.0734 3408 nvstor - ok

19:11:27.0774 3408 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

19:11:27.0774 3408 nv_agp - ok

19:11:27.0976 3408 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:11:27.0996 3408 odserv - ok

19:11:28.0016 3408 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

19:11:28.0019 3408 ohci1394 - ok

19:11:28.0340 3408 [ C869AF1D8CA9DF8BD2591C87F738F22A ] OracleDBConsoleorcl C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe

19:11:28.0350 3408 OracleDBConsoleorcl - ok

19:11:28.0360 3408 OracleJobSchedulerORCL - ok

19:11:28.0407 3408 [ DDF3E95F80DCD49D44AB6B88D55D5C60 ] OracleOraDb10g_home1iSQL*Plus C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe

19:11:28.0410 3408 OracleOraDb10g_home1iSQL*Plus - ok

19:11:28.0442 3408 OracleOraDb10g_home1TNSListener - ok

19:11:28.0462 3408 OracleServiceORCL - ok

19:11:28.0502 3408 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:11:28.0514 3408 ose - ok

19:11:28.0664 3408 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

19:11:28.0766 3408 osppsvc - ok

19:11:28.0818 3408 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

19:11:28.0848 3408 p2pimsvc - ok

19:11:28.0878 3408 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

19:11:28.0894 3408 p2psvc - ok

19:11:28.0929 3408 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

19:11:28.0932 3408 Parport - ok

19:11:28.0981 3408 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

19:11:28.0985 3408 partmgr - ok

19:11:29.0013 3408 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

19:11:29.0022 3408 PcaSvc - ok

19:11:29.0048 3408 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

19:11:29.0053 3408 pci - ok

19:11:29.0081 3408 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

19:11:29.0092 3408 pciide - ok

19:11:29.0112 3408 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

19:11:29.0122 3408 pcmcia - ok

19:11:29.0142 3408 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

19:11:29.0142 3408 pcw - ok

19:11:29.0176 3408 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

19:11:29.0204 3408 PEAUTH - ok

19:11:29.0380 3408 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

19:11:29.0406 3408 PeerDistSvc - ok

19:11:29.0446 3408 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

19:11:29.0462 3408 PerfHost - ok

19:11:29.0595 3408 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

19:11:29.0658 3408 pla - ok

19:11:29.0718 3408 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

19:11:29.0748 3408 PlugPlay - ok

19:11:29.0768 3408 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

19:11:29.0778 3408 PNRPAutoReg - ok

19:11:29.0807 3408 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

19:11:29.0813 3408 PNRPsvc - ok

19:11:29.0846 3408 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

19:11:29.0848 3408 Point64 - ok

19:11:29.0883 3408 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

19:11:29.0905 3408 PolicyAgent - ok

19:11:29.0930 3408 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

19:11:29.0940 3408 Power - ok

19:11:29.0976 3408 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

19:11:29.0980 3408 PptpMiniport - ok

19:11:30.0002 3408 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

19:11:30.0005 3408 Processor - ok

19:11:30.0052 3408 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

19:11:30.0062 3408 ProfSvc - ok

19:11:30.0092 3408 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

19:11:30.0092 3408 ProtectedStorage - ok

19:11:30.0164 3408 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

19:11:30.0164 3408 Psched - ok

19:11:30.0204 3408 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

19:11:30.0214 3408 PxHlpa64 - ok

19:11:30.0264 3408 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

19:11:30.0294 3408 ql2300 - ok

19:11:30.0314 3408 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

19:11:30.0324 3408 ql40xx - ok

19:11:30.0353 3408 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

19:11:30.0356 3408 QWAVE - ok

19:11:30.0376 3408 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

19:11:30.0376 3408 QWAVEdrv - ok

19:11:30.0414 3408 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

19:11:30.0417 3408 RasAcd - ok

19:11:30.0454 3408 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

19:11:30.0457 3408 RasAgileVpn - ok

19:11:30.0477 3408 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

19:11:30.0484 3408 RasAuto - ok

19:11:30.0499 3408 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

19:11:30.0504 3408 Rasl2tp - ok

19:11:30.0550 3408 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

19:11:30.0569 3408 RasMan - ok

19:11:30.0629 3408 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

19:11:30.0632 3408 RasPppoe - ok

19:11:30.0664 3408 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

19:11:30.0667 3408 RasSstp - ok

19:11:30.0690 3408 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

19:11:30.0699 3408 rdbss - ok

19:11:30.0715 3408 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

19:11:30.0718 3408 rdpbus - ok

19:11:30.0730 3408 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

19:11:30.0733 3408 RDPCDD - ok

19:11:30.0781 3408 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

19:11:30.0786 3408 RDPDR - ok

19:11:30.0828 3408 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

19:11:30.0828 3408 RDPENCDD - ok

19:11:30.0878 3408 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

19:11:30.0878 3408 RDPREFMP - ok

19:11:30.0946 3408 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

19:11:30.0949 3408 RdpVideoMiniport - ok

19:11:30.0997 3408 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

19:11:31.0003 3408 RDPWD - ok

19:11:31.0033 3408 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

19:11:31.0039 3408 rdyboost - ok

19:11:31.0050 3408 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

19:11:31.0060 3408 RemoteAccess - ok

19:11:31.0086 3408 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

19:11:31.0094 3408 RemoteRegistry - ok

19:11:31.0132 3408 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

19:11:31.0142 3408 RFCOMM - ok

19:11:31.0182 3408 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

19:11:31.0182 3408 RimUsb - ok

19:11:31.0264 3408 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

19:11:31.0274 3408 RimVSerPort - ok

19:11:31.0294 3408 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

19:11:31.0304 3408 ROOTMODEM - ok

19:11:31.0404 3408 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe

19:11:31.0414 3408 rpcapd - ok

19:11:31.0444 3408 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

19:11:31.0454 3408 RpcEptMapper - ok

19:11:31.0514 3408 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

19:11:31.0514 3408 RpcLocator - ok

19:11:31.0544 3408 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

19:11:31.0544 3408 RpcSs - ok

19:11:31.0593 3408 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

19:11:31.0597 3408 rspndr - ok

19:11:31.0621 3408 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

19:11:31.0624 3408 s3cap - ok

19:11:31.0642 3408 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

19:11:31.0645 3408 SamSs - ok

19:11:31.0687 3408 [ 742112CE7ABB11DC17A561B4291BE9C6 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys

19:11:31.0692 3408 SbieDrv - ok

19:11:31.0722 3408 [ 2419ED7E333B2BC2F81E50A6F5923FC6 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe

19:11:31.0726 3408 SbieSvc - ok

19:11:31.0768 3408 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

19:11:31.0772 3408 sbp2port - ok

19:11:31.0796 3408 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

19:11:31.0806 3408 SCardSvr - ok

19:11:31.0828 3408 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

19:11:31.0832 3408 scfilter - ok

19:11:31.0868 3408 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

19:11:31.0898 3408 Schedule - ok

19:11:32.0018 3408 [ CB7166B04F774E2E2705E561E48FE023 ] SCPDFReadSpool C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe

19:11:32.0025 3408 SCPDFReadSpool - ok

19:11:32.0061 3408 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

19:11:32.0063 3408 SCPolicySvc - ok

19:11:32.0090 3408 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

19:11:32.0100 3408 SDRSVC - ok

19:11:32.0140 3408 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

19:11:32.0140 3408 secdrv - ok

19:11:32.0160 3408 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

19:11:32.0160 3408 seclogon - ok

19:11:32.0222 3408 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

19:11:32.0222 3408 SENS - ok

19:11:32.0232 3408 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

19:11:32.0242 3408 SensrSvc - ok

19:11:32.0262 3408 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

19:11:32.0262 3408 Serenum - ok

19:11:32.0287 3408 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

19:11:32.0290 3408 Serial - ok

19:11:32.0311 3408 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

19:11:32.0313 3408 sermouse - ok

19:11:32.0354 3408 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

19:11:32.0354 3408 SessionEnv - ok

19:11:32.0395 3408 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

19:11:32.0398 3408 sffdisk - ok

19:11:32.0415 3408 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

19:11:32.0418 3408 sffp_mmc - ok

19:11:32.0427 3408 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

19:11:32.0430 3408 sffp_sd - ok

19:11:32.0443 3408 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

19:11:32.0445 3408 sfloppy - ok

19:11:32.0501 3408 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

19:11:32.0536 3408 SharedAccess - ok

19:11:32.0634 3408 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

19:11:32.0650 3408 ShellHWDetection - ok

19:11:32.0660 3408 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

19:11:32.0670 3408 SiSRaid2 - ok

19:11:32.0680 3408 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

19:11:32.0691 3408 SiSRaid4 - ok

19:11:32.0748 3408 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

19:11:32.0753 3408 SkypeUpdate - ok

19:11:32.0840 3408 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

19:11:32.0861 3408 Smb - ok

19:11:32.0937 3408 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

19:11:32.0943 3408 SNMPTRAP - ok

19:11:32.0961 3408 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

19:11:32.0964 3408 spldr - ok

19:11:33.0003 3408 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

19:11:33.0020 3408 Spooler - ok

19:11:33.0102 3408 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

19:11:33.0184 3408 sppsvc - ok

19:11:33.0214 3408 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

19:11:33.0236 3408 sppuinotify - ok

19:11:33.0336 3408 [ D519AD2DE7968CD2B47FEA807C5B29B2 ] sptd C:\Windows\System32\Drivers\sptd.sys

19:11:33.0336 3408 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: D519AD2DE7968CD2B47FEA807C5B29B2

19:11:33.0336 3408 sptd ( LockedFile.Multi.Generic ) - warning

19:11:33.0336 3408 sptd - detected LockedFile.Multi.Generic (1)

19:11:33.0488 3408 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

19:11:33.0488 3408 SQLBrowser - ok

19:11:33.0580 3408 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

19:11:33.0586 3408 SQLWriter - ok

19:11:33.0655 3408 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

19:11:33.0664 3408 srv - ok

19:11:33.0700 3408 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

19:11:33.0712 3408 srv2 - ok

19:11:33.0750 3408 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

19:11:33.0756 3408 srvnet - ok

19:11:33.0802 3408 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys

19:11:33.0812 3408 ssadbus - ok

19:11:33.0832 3408 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys

19:11:33.0832 3408 ssadmdfl - ok

19:11:33.0852 3408 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys

19:11:33.0862 3408 ssadmdm - ok

19:11:33.0894 3408 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

19:11:33.0894 3408 SSDPSRV - ok

19:11:33.0934 3408 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

19:11:33.0941 3408 SstpSvc - ok

19:11:33.0964 3408 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

19:11:33.0968 3408 stexstor - ok

19:11:34.0013 3408 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

19:11:34.0044 3408 stisvc - ok

19:11:34.0074 3408 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

19:11:34.0077 3408 storflt - ok

19:11:34.0096 3408 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

19:11:34.0096 3408 storvsc - ok

19:11:34.0116 3408 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

19:11:34.0116 3408 swenum - ok

19:11:34.0206 3408 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

19:11:34.0216 3408 SwitchBoard - ok

19:11:34.0262 3408 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

19:11:34.0270 3408 swprv - ok

19:11:34.0302 3408 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys

19:11:34.0305 3408 Synth3dVsc - ok

19:11:34.0333 3408 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

19:11:34.0338 3408 SynTP - ok

19:11:34.0388 3408 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

19:11:34.0428 3408 SysMain - ok

19:11:34.0458 3408 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

19:11:34.0458 3408 TabletInputService - ok

19:11:34.0492 3408 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

19:11:34.0512 3408 TapiSrv - ok

19:11:34.0552 3408 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

19:11:34.0568 3408 TBS - ok

19:11:34.0632 3408 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

19:11:34.0684 3408 Tcpip - ok

19:11:34.0776 3408 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

19:11:34.0800 3408 TCPIP6 - ok

19:11:34.0836 3408 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

19:11:34.0839 3408 tcpipreg - ok

19:11:34.0868 3408 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

19:11:34.0868 3408 TDPIPE - ok

19:11:34.0908 3408 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

19:11:34.0908 3408 TDTCP - ok

19:11:34.0928 3408 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

19:11:34.0928 3408 tdx - ok

19:11:35.0058 3408 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

19:11:35.0120 3408 TeamViewer7 - ok

19:11:35.0166 3408 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

19:11:35.0169 3408 TermDD - ok

19:11:35.0194 3408 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys

19:11:35.0222 3408 terminpt - ok

19:11:35.0392 3408 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

19:11:35.0412 3408 TermService - ok

19:11:35.0432 3408 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

19:11:35.0432 3408 Themes - ok

19:11:35.0460 3408 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

19:11:35.0464 3408 THREADORDER - ok

19:11:35.0491 3408 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

19:11:35.0497 3408 TrkWks - ok

19:11:35.0534 3408 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

19:11:35.0544 3408 TrustedInstaller - ok

19:11:35.0580 3408 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

19:11:35.0583 3408 tssecsrv - ok

19:11:35.0608 3408 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

19:11:35.0611 3408 TsUsbFlt - ok

19:11:35.0632 3408 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

19:11:35.0636 3408 TsUsbGD - ok

19:11:35.0658 3408 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys

19:11:35.0662 3408 tsusbhub - ok

19:11:35.0695 3408 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

19:11:35.0698 3408 tunnel - ok

19:11:35.0717 3408 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

19:11:35.0720 3408 uagp35 - ok

19:11:35.0747 3408 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

19:11:35.0755 3408 udfs - ok

19:11:35.0800 3408 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

19:11:35.0806 3408 UI0Detect - ok

19:11:35.0846 3408 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

19:11:35.0846 3408 uliagpkx - ok

19:11:35.0866 3408 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

19:11:35.0876 3408 umbus - ok

19:11:35.0886 3408 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

19:11:35.0886 3408 UmPass - ok

19:11:35.0911 3408 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

19:11:35.0920 3408 UmRdpService - ok

19:11:35.0948 3408 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

19:11:35.0973 3408 upnphost - ok

19:11:36.0017 3408 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

19:11:36.0021 3408 USBAAPL64 - ok

19:11:36.0076 3408 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

19:11:36.0080 3408 usbaudio - ok

19:11:36.0128 3408 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

19:11:36.0138 3408 usbccgp - ok

19:11:36.0188 3408 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

19:11:36.0188 3408 usbcir - ok

19:11:36.0228 3408 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

19:11:36.0228 3408 usbehci - ok

19:11:36.0280 3408 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

19:11:36.0290 3408 usbhub - ok

19:11:36.0300 3408 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

19:11:36.0310 3408 usbohci - ok

19:11:36.0334 3408 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

19:11:36.0352 3408 usbprint - ok

19:11:36.0392 3408 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

19:11:36.0392 3408 usbscan - ok

19:11:36.0432 3408 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:11:36.0432 3408 USBSTOR - ok

19:11:36.0452 3408 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

19:11:36.0452 3408 usbuhci - ok

19:11:36.0472 3408 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

19:11:36.0487 3408 usbvideo - ok

19:11:36.0524 3408 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys

19:11:36.0524 3408 usb_rndisx - ok

19:11:36.0554 3408 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

19:11:36.0564 3408 UxSms - ok

19:11:36.0590 3408 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

19:11:36.0594 3408 VaultSvc - ok

19:11:36.0633 3408 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

19:11:36.0643 3408 vdrvroot - ok

19:11:36.0686 3408 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

19:11:36.0706 3408 vds - ok

19:11:36.0736 3408 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

19:11:36.0746 3408 vga - ok

19:11:36.0778 3408 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

19:11:36.0778 3408 VgaSave - ok

19:11:36.0798 3408 VGPU - ok

19:11:36.0839 3408 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

19:11:36.0844 3408 vhdmp - ok

19:11:36.0870 3408 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

19:11:36.0870 3408 viaide - ok

19:11:36.0910 3408 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

19:11:36.0910 3408 vmbus - ok

19:11:36.0930 3408 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

19:11:36.0930 3408 VMBusHID - ok

19:11:36.0940 3408 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

19:11:36.0950 3408 volmgr - ok

19:11:36.0981 3408 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

19:11:36.0991 3408 volmgrx - ok

19:11:37.0022 3408 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

19:11:37.0029 3408 volsnap - ok

19:11:37.0056 3408 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

19:11:37.0062 3408 vsmraid - ok

19:11:37.0172 3408 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

19:11:37.0182 3408 VSS - ok

19:11:37.0223 3408 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

19:11:37.0231 3408 vwifibus - ok

19:11:37.0274 3408 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

19:11:37.0274 3408 vwififlt - ok

19:11:37.0314 3408 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

19:11:37.0324 3408 vwifimp - ok

19:11:37.0354 3408 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

19:11:37.0374 3408 W32Time - ok

19:11:37.0444 3408 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll

19:11:37.0454 3408 W3SVC - ok

19:11:37.0464 3408 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

19:11:37.0464 3408 WacomPen - ok

19:11:37.0500 3408 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

19:11:37.0505 3408 WANARP - ok

19:11:37.0515 3408 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

19:11:37.0517 3408 Wanarpv6 - ok

19:11:37.0536 3408 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll

19:11:37.0540 3408 WAS - ok

19:11:37.0585 3408 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

19:11:37.0601 3408 wbengine - ok

19:11:37.0651 3408 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

19:11:37.0656 3408 WbioSrvc - ok

19:11:37.0700 3408 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

19:11:37.0758 3408 wcncsvc - ok

19:11:37.0830 3408 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

19:11:37.0840 3408 WcsPlugInService - ok

19:11:37.0870 3408 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

19:11:37.0870 3408 Wd - ok

19:11:37.0922 3408 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

19:11:37.0952 3408 Wdf01000 - ok

19:11:37.0990 3408 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

19:11:37.0997 3408 WdiServiceHost - ok

19:11:38.0037 3408 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

19:11:38.0043 3408 WdiSystemHost - ok

19:11:38.0063 3408 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

19:11:38.0073 3408 WebClient - ok

19:11:38.0094 3408 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

19:11:38.0108 3408 Wecsvc - ok

19:11:38.0130 3408 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

19:11:38.0137 3408 wercplsupport - ok

19:11:38.0164 3408 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

19:11:38.0174 3408 WerSvc - ok

19:11:38.0214 3408 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

19:11:38.0224 3408 WfpLwf - ok

19:11:38.0256 3408 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

19:11:38.0259 3408 WIMMount - ok

19:11:38.0276 3408 WinDefend - ok

19:11:38.0329 3408 WinHttpAutoProxySvc - ok

19:11:38.0377 3408 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

19:11:38.0382 3408 Winmgmt - ok

19:11:38.0468 3408 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

19:11:38.0510 3408 WinRM - ok

19:11:38.0613 3408 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

19:11:38.0616 3408 WinUsb - ok

19:11:38.0655 3408 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

19:11:38.0681 3408 Wlansvc - ok

19:11:38.0762 3408 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

19:11:38.0762 3408 wlcrasvc - ok

19:11:38.0874 3408 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:11:38.0924 3408 wlidsvc - ok

19:11:38.0980 3408 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

19:11:38.0982 3408 WmiAcpi - ok

19:11:39.0036 3408 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

19:11:39.0041 3408 wmiApSrv - ok

19:11:39.0074 3408 WMPNetworkSvc - ok

19:11:39.0095 3408 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

19:11:39.0101 3408 WPCSvc - ok

19:11:39.0123 3408 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

19:11:39.0131 3408 WPDBusEnum - ok

19:11:39.0148 3408 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

19:11:39.0151 3408 ws2ifsl - ok

19:11:39.0170 3408 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

19:11:39.0178 3408 wscsvc - ok

19:11:39.0188 3408 WSearch - ok

19:11:39.0286 3408 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

19:11:39.0346 3408 wuauserv - ok

19:11:39.0408 3408 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

19:11:39.0478 3408 WudfPf - ok

19:11:39.0518 3408 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

19:11:39.0518 3408 WUDFRd - ok

19:11:39.0564 3408 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

19:11:39.0572 3408 wudfsvc - ok

19:11:39.0597 3408 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

19:11:39.0607 3408 WwanSvc - ok

19:11:39.0691 3408 ================ Scan global ===============================

19:11:39.0711 3408 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

19:11:39.0755 3408 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

19:11:39.0772 3408 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

19:11:39.0830 3408 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

19:11:39.0882 3408 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

19:11:39.0902 3408 [Global] - ok

19:11:39.0902 3408 ================ Scan MBR ==================================

19:11:39.0912 3408 [ 8E734BD7AA1D4F7E9AF58DF495F6CF9E ] \Device\Harddisk0\DR0

19:11:39.0992 3408 \Device\Harddisk0\DR0 - ok

19:11:39.0996 3408 ================ Scan VBR ==================================

19:11:40.0006 3408 [ B503E589A32D80A0DD6EAF807DFDB8A1 ] \Device\Harddisk0\DR0\Partition1

19:11:40.0008 3408 \Device\Harddisk0\DR0\Partition1 - ok

19:11:40.0020 3408 [ 0413212A10E90186F0593B5000B38309 ] \Device\Harddisk0\DR0\Partition2

19:11:40.0023 3408 \Device\Harddisk0\DR0\Partition2 - ok

19:11:40.0046 3408 [ 056695688656D284A15371AF353DA51C ] \Device\Harddisk0\DR0\Partition3

19:11:40.0049 3408 \Device\Harddisk0\DR0\Partition3 - ok

19:11:40.0050 3408 ============================================================

19:11:40.0050 3408 Scan finished

19:11:40.0050 3408 ============================================================

19:11:40.0086 7536 Detected object count: 1

19:11:40.0086 7536 Actual detected object count: 1

19:12:48.0095 7536 sptd ( LockedFile.Multi.Generic ) - skipped by user

19:12:48.0095 7536 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-11-22 19:13:34

-----------------------------

19:13:34.753 OS Version: Windows x64 6.1.7601 Service Pack 1

19:13:34.753 Number of processors: 2 586 0x170A

19:13:34.754 ComputerName: ZINGARO-PC UserName: Zingaro

19:13:37.040 Initialize success

19:13:38.385 AVAST engine defs: 12112200

19:14:10.936 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

19:14:10.941 Disk 0 Vendor: ST9320421ASG SD13 Size: 305245MB BusType: 11

19:14:11.033 Disk 0 MBR read successfully

19:14:11.043 Disk 0 MBR scan

19:14:11.043 Disk 0 unknown MBR code

19:14:11.053 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

19:14:11.073 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 80000 MB offset 208845

19:14:11.073 Disk 0 Partition - 00 05 Extended 225142 MB offset 164050942

19:14:11.093 Disk 0 Partition 3 00 83 Linux 20000 MB offset 164050944

19:14:11.103 Disk 0 Partition - 00 05 Extended 4025 MB offset 616898560

19:14:11.163 Disk 0 scanning C:\Windows\system32\drivers

19:14:26.890 Service scanning

19:14:49.349 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

19:14:56.911 Modules scanning

19:14:56.931 Disk 0 trace - called modules:

19:14:56.951 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8003ca72c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

19:14:56.960 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c5c0d0]

19:14:56.970 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046f5060]

19:14:56.979 \Driver\atapi[0xfffffa80046a8da0] -> IRP_MJ_CREATE -> 0xfffffa8003ca72c0

19:14:57.524 AVAST engine scan C:\Windows

19:15:00.402 AVAST engine scan C:\Windows\system32

19:18:42.751 AVAST engine scan C:\Windows\system32\drivers

19:18:56.849 AVAST engine scan C:\Users\Zingaro

19:19:56.741 Disk 0 MBR has been saved successfully to "A:\Desktop\MBR.dat"

19:19:56.902 The log file has been saved successfully to "A:\Desktop\aswMBR.txt"

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

Hi Gringo,

Computer still running fine.

I can't quite figure out if System Restore is working properly or not. I could only see one Restore Point from yesterday, but I suspect it's because I didn't allow it enough Disk Usage. I've now increased to 2% (1.56 GB) and it looks like it's keeping them.

ComboFix mentions it's attempting to create a Restore Point -- should I be able to see one?

If so, I'll try running it again.

But that's about as much as I'm willing to troubleshoot this problem -- since the computer still runs fine. I think it's time I upgrade to a new system anyways. Have you played with Windows 8 yet?

Here's the log you asked for:

ComboFix 12-11-22.03 - Zingaro 23/11/2012 9:42.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4025.1945 [GMT 1:00]

Running from: a:\desktop\ComboFix.exe

Command switches used :: a:\desktop\cfscript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

/wow section - STAGE 23

R6025

- pure virtual function call

Access is denied.

.

.

((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))

.

.

2012-11-23 09:06 . 2012-11-23 09:06 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2012-11-23 09:06 . 2012-11-23 09:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-22 15:31 . 2012-11-22 15:31 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-11-22 15:31 . 2012-11-22 15:31 -------- d-----r- c:\program files (x86)\Skype

2012-11-22 15:14 . 2012-11-22 19:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0598184C-2124-4B7F-B0CB-7F4AC5DDFB35}\offreg.dll

2012-11-22 13:04 . 2012-11-22 13:04 -------- d-----w- c:\program files (x86)\MindFusion Limited

2012-11-22 12:47 . 2012-11-22 18:09 -------- d-----w- c:\users\Zingaro\AppData\Roaming\FileZilla

2012-11-22 12:47 . 2012-11-22 17:59 -------- d-----w- c:\program files (x86)\FileZilla-3.6.0.1

2012-11-20 07:57 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-17 23:18 . 2012-11-18 00:00 -------- d-----w- c:\users\Zingaro\AppData\Local\SDL

2012-11-17 21:46 . 2012-11-17 21:46 -------- d-----w- c:\programdata\SDL International

2012-11-17 21:46 . 2012-11-17 21:52 -------- d-----w- c:\program files (x86)\Common Files\SDL

2012-11-17 21:45 . 2012-11-17 23:47 -------- d-----w- c:\users\Zingaro\AppData\Roaming\SDL

2012-11-17 21:45 . 2012-11-17 21:57 -------- d-----w- c:\program files (x86)\SDL

2012-11-17 21:43 . 2012-11-17 21:43 -------- d-----w- c:\program files (x86)\Microsoft WSE

2012-11-17 21:43 . 2012-11-17 21:43 -------- d-----w- c:\program files (x86)\Open XML SDK

2012-11-17 21:38 . 2012-11-17 21:58 -------- d-----w- c:\programdata\SDL

2012-11-17 00:46 . 2012-11-17 00:46 -------- d-----w- c:\users\Zingaro\AppData\Roaming\Malwarebytes

2012-11-17 00:45 . 2012-11-17 00:45 -------- d-----w- c:\programdata\Malwarebytes

2012-11-17 00:45 . 2012-11-17 00:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-17 00:45 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-16 23:45 . 2012-11-16 23:45 -------- d-----w- c:\program files (x86)\Macro Scheduler 11

2012-11-16 23:45 . 2012-11-16 23:45 -------- d-----w- c:\windows\Macro Scheduler Pro

2012-11-16 18:09 . 2012-11-16 18:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio .NET 2003

2012-11-16 18:02 . 2012-11-16 18:02 -------- d-----w- C:\oracle

2012-11-16 18:01 . 2012-11-16 18:03 -------- d-----w- c:\program files (x86)\Oracle

2012-11-16 16:26 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-11-16 16:26 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-11-16 16:26 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-11-16 16:26 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-11-16 16:26 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-11-16 16:26 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-11-16 16:26 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-11-16 16:26 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2012-11-16 16:26 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-11-16 16:26 . 2012-11-16 16:26 -------- d-----w- c:\programdata\AVAST Software

2012-11-16 16:26 . 2012-11-16 16:26 -------- d-----w- c:\program files\AVAST Software

2012-11-16 16:18 . 2012-11-16 16:18 -------- d-----w- C:\Memopal

2012-11-16 15:52 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 15:52 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 15:52 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 15:52 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 15:40 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-16 15:40 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-16 15:40 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-16 15:40 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-16 15:40 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-16 15:40 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-16 15:40 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-16 12:28 . 2012-11-16 12:28 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared

2012-11-16 12:28 . 2012-11-16 12:28 -------- d-----w- c:\program files (x86)\TechSmith

2012-11-07 08:50 . 2012-11-07 08:50 -------- d-----w- c:\users\Zingaro\AppData\Roaming\U3

2012-11-05 16:35 . 2012-11-05 16:39 -------- d-----w- C:\RIZDRIVE BACKUP SATURN

2012-10-24 12:43 . 2012-10-24 12:43 -------- d-----w- c:\users\Zingaro\AppData\Local\My Games

2012-10-24 12:37 . 2012-10-24 12:37 -------- d-----w- c:\programdata\REVOLT

2012-10-24 12:18 . 2012-10-24 12:18 -------- d-----w- c:\program files (x86)\Games

2012-10-24 12:14 . 2012-10-24 12:14 -------- d-----w- c:\programdata\AIT

2012-10-24 12:14 . 2009-04-03 12:19 589824 ----a-w- c:\windows\SysWow64\ac7menu.dll

2012-10-24 12:14 . 2009-04-03 12:19 168448 ----a-w- c:\windows\SysWow64\extarch.dll

2012-10-24 12:14 . 2009-04-03 12:19 40960 ----a-w- c:\windows\SysWow64\ac7grid.dll

2012-10-24 12:14 . 2008-11-05 10:50 30720 ----a-w- c:\windows\SysWow64\AM6tract.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-16 15:41 . 2011-10-08 14:30 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-20 20:19 . 2012-10-20 20:19 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

2012-10-19 10:52 . 2012-10-19 10:44 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll

2012-10-17 00:31 . 2012-10-17 21:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0598184C-2124-4B7F-B0CB-7F4AC5DDFB35}\mpengine.dll

2012-10-16 08:52 . 2012-04-09 16:53 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-16 08:52 . 2011-10-08 14:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-15 10:35 . 2012-10-15 10:12 1778 ----a-w- c:\windows\xren.vbs

2012-09-21 08:05 . 2012-05-12 07:26 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-21 08:05 . 2011-10-16 18:02 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-14 19:19 . 2012-10-10 08:20 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 08:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 08:21 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-10 08:21 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 08:21 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 08:21 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalBackedUp]

@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"

[HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}]

2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalError]

@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"

[HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}]

2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalPartiallyBackedUp]

@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"

[HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}]

2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalToBackup]

@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"

[HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}]

2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2012-01-19 933640]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-14 1190920]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

c:\users\Zingaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

3CX Phone.lnk - c:\program files (x86)\3CXPhone\3CXPhone.exe [2011-8-31 532480]

Dropbox.lnk - c:\users\Zingaro\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

Super Finder XT.lnk - c:\program files (x86)\FSL\SuperFinder\SuperFinder.exe [2011-12-13 2447360]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Macro Scheduler.lnk - c:\program files (x86)\Macro Scheduler 11\msched.exe [2009-2-16 5618424]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R2 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 ALSysIO;ALSysIO;c:\users\Zingaro\AppData\Local\Temp\ALSysIO64.sys [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

R3 MacroExpertDirectIo;MacroExpertDirectIo;c:\program files (x86)\grasssoft\mouse recorder\MacroExpertIo.sys [2008-07-04 5120]

R3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\DRIVERS\MAudioMobilePre.sys [2009-09-02 187912]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R4 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2012-01-28 20549]

R4 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]

R4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-03-21 341312]

R4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ORCL [x]

R4 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\program files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe [2011-10-21 209920]

R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-10 91864]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016]

S2 Kilgray: memoQ update permissions manager. 2595325.;Kilgray: memoQ update permissions manager. 2595325.;c:\program files (x86)\Kilgray\memoQ62\AUClient.exe [2012-11-14 696320]

S2 Kilgray: memoQ update permissions manager. 340979.;Kilgray: memoQ update permissions manager. 340979.;c:\program files (x86)\Kilgray\memoQ60\AUClient.exe [2012-11-14 696320]

S2 Kilgray: memoQ update permissions manager. 979430.;Kilgray: memoQ update permissions manager. 979430.;c:\program files (x86)\Kilgray\memoQ40\AUClient.exe [2011-11-08 696320]

S2 Macro Expert;Macro Expert;c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe [2009-03-13 206336]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 Memopal Crawler;Memopal Crawler;c:\program files\Memopal\MemopalCrawler.exe [2011-11-25 2852120]

S2 MSSQL$ACROSS;SQL Server (ACROSS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe [2012-08-17 135168]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928]

S2 OracleServiceORCL;OracleServiceORCL;c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE ORCL [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3742645115-2715197863-2469513334-1000Core.job

- c:\users\Zingaro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 11:03]

.

2012-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3742645115-2715197863-2469513334-1000UA.job

- c:\users\Zingaro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 11:03]

.

2012-11-19 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job

- c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-04-13 10:43]

.

2012-11-22 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job

- c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-04-13 10:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalBackedUp]

@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"

[HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}]

2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalError]

@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"

[HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}]

2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalPartiallyBackedUp]

@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"

[HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}]

2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalToBackup]

@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"

[HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}]

2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://webmail.inghams.co.uk/exchange/

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.178.1 192.168.0.1

FF - ProfilePath - c:\users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\fevpbl4o.default-1353331753403\

FF - ExtSQL: 2012-10-25 13:18; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF - ExtSQL: 2012-11-17 22:41; {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - ExtSQL: 2012-11-20 02:00; support@lastpass.com; c:\users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\fevpbl4o.default-1353331753403\extensions\support@lastpass.com

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 2595325.]

"ImagePath"="c:\program files (x86)\Kilgray\memoQ62\AUClient.exe -PermissionManagerRun"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 340979.]

"ImagePath"="c:\program files (x86)\Kilgray\memoQ60\AUClient.exe -PermissionManagerRun"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 979430.]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb10g_home1TNSListener]

"ImagePath"="c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR "

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{80BB9C2F-5C80-E3D9-871A-5DA5CA022777}*]

"bbickfogjdkmchldmjfnockpbfcmgcgnpepf"=hex:6b,61,66,6c,6c,67,70,6e,6b,64,70,68,

64,6b,69,6a,6c,69,6c,6e,6a,65,00,76

"abcceinjklhmbbjhddjhbjodaajeinhiac"=hex:6b,61,66,6c,6c,67,70,6e,6b,64,70,68,

64,6b,69,6a,6c,69,6c,6e,6a,65,00,76

.

[HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):21,99,a5,fc,cd,d0,6a,f7,c2,a8,63,1d,9b,cf,0b,08,b0,79,67,c5,6c,

a3,a7,8a,b6,0e,e8,e6,26,76,b3,12,80,6d,cb,f0,2f,7f,4e,80,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000_Classes\Wow6432Node\CLSID\{eb19a459-8a6e-4452-ab02-afcd790715fc}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000140

"Therad"=dword:00000025

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,6f,b5,7b,f9,cc,35,25,c5,2e,a7,92,fe,df,6c,4e,ad,d9,53,64,cd,75,52,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:70,fd,43,68,bf,59,dc,18,a9,2b,94,57,3c,25,4e,9b,42,4e,20,62,81,

51,65,6d,32,57,3c,50,36,cb,8e,0f,1b,06,14,a8,87,41,bb,4c,ab,e4,4b,53,c7,1a,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:70,fd,43,68,bf,59,dc,18,a9,2b,94,57,3c,25,4e,9b,42,4e,20,62,81,

51,65,6d,32,57,3c,50,36,cb,8e,0f,c3,38,f0,d7,44,82,fc,08,ab,e4,4b,53,c7,1a,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-23 10:09:24

ComboFix-quarantined-files.txt 2012-11-23 09:09

ComboFix2.txt 2012-11-22 10:44

.

Pre-Run: 5,740,687,360 bytes free

Post-Run: 5,577,252,864 bytes free

.

- - End Of File - - 347B6AA7B2693C76FE7D3AF914C88665

Link to post
Share on other sites

  • Staff

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)


  • Programs to remove

  • µTorrent
    Java 7 Update 7
    Java 6 Update 32
    JavaFX 2.1.1
    jZip


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.

.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :


  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"


  • In your next post I need the following

    1. Log From MBAM
    2. report from Hijackthis
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Link to post
Share on other sites

Hi gringo,

Thanks for all your help - but this seems like a great deal of effort and time for a system that's basically running properly. Like, what's wrong with these Java updates? uTorrent and jzip are applications that I use.

To which I know you'll say, better safe than sorry, but I just don't have the time at the moment to run all these additional tools.

I just checked System Restore, and the Restore points are gone again. *sigh* :(

As soon as I'm done the project I'm working on, I'll take another look and repost.

Thanks.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.