Jump to content

Infected with SmitFraud-C.generic

DesertLion

By DesertLion
in Resolved Malware Removal Logs

 Share

Recommended Posts

DesertLion

DesertLion

Posted
Posted

Hi, when someone has a moment, I am needing some expert assistance to deal with this issue. Spybot located it, but does not seem to be able to completely remove it - as it comes back after a restart. I have disconnected the infected PC from the internet and am working from a laptop. Per the sticky topic at the head of the forum, I have pasted the dds output below. My appologies in advance if I overlooked a step or instruction for posting issues. Thank you for your time.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455

Run by Joe at 9:13:52 on 2012-12-02

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12278.10210 [GMT -6:00]

.

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe

C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Calendarscope\csde.exe

C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe

C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ips\ipsbho.dll

BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll

TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll

TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [Calendarscope] "C:\Program Files (x86)\Calendarscope\csde.exe"

uRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe

uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe

uRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify

uRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{A6CC02DE-205E-408F-AC2A-557803A57E90} : DHCPNameServer = 192.168.1.1

SSODL: WebCheck - <orphaned>

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1402000.013\symds64.sys [2012-10-20 493216]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1402000.013\symefa64.sys [2012-10-20 1133216]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]

R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1402000.013\ccsetx64.sys [2012-10-20 168096]

R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-10-29 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.2\Definitions\IPSDefs\20121130.001\IDSviA64.sys [2012-11-30 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1402000.013\ironx64.sys [2012-10-20 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1402000.013\symnets.sys [2012-10-20 432800]

R2 DAZContentManagementService;DAZ Content Management Service;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2012-9-8 22528]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-1 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-1 676936]

R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-3-22 25824]

R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccsvchst.exe [2012-10-20 143928]

R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-10-29 143928]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-15 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-1 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-16 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-15 1255736]

S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]

.

=============== Created Last 30 ================

.

2012-12-02 14:44:16 20480 ----a-w- C:\Windows\svchost.exe

2012-12-02 04:45:42 -------- d-----w- C:\Users\Joe\AppData\Roaming\Malwarebytes

2012-12-02 04:45:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-02 04:45:30 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-02 04:45:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-02 04:10:43 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-12-02 04:08:35 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-12-02 04:08:35 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-12-02 04:08:23 -------- d-----w- C:\ProgramData\PC Tools

2012-12-02 04:08:22 -------- d-----w- C:\Users\Joe\AppData\Roaming\TestApp

2012-11-19 23:07:28 -------- d-----w- C:\ProgramData\OptiTex

2012-11-17 23:29:56 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-11-17 23:29:41 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-11-17 23:29:41 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-11-17 23:29:41 6200680 ----a-w- C:\Windows\System32\nvcpl.dll

2012-11-17 23:29:41 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-11-17 23:29:41 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-11-17 23:29:41 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-11-14 12:10:44 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-14 12:10:44 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-14 12:10:44 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-14 12:10:44 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-14 12:05:54 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-14 12:05:54 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-14 12:05:54 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-14 12:05:54 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-14 12:05:53 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-14 12:05:53 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-14 12:05:53 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-14 12:02:22 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-11-14 12:02:22 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-11-14 12:02:22 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll

2012-11-14 12:02:22 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-11-14 12:02:22 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-11-14 12:02:22 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-11-14 12:02:22 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-11-14 12:02:22 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-11-14 12:02:22 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-11-14 12:02:22 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-11-14 12:02:22 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-11-14 12:02:22 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-11-14 11:56:36 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-11-14 11:56:36 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-11-14 11:53:17 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-11-14 11:53:17 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-11-14 11:53:17 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-11-14 11:53:17 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-11-14 11:53:16 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-06 23:33:02 -------- d-----w- C:\Windows\[systemFolder]

2012-11-06 01:56:53 -------- d-----w- C:\Users\Joe\AppData\Roaming\CocotronLibrary

.

==================== Find3M ====================

.

2012-11-19 14:06:57 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-19 14:06:57 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-11 03:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll

2012-10-11 03:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll

2012-10-11 03:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll

2012-10-11 03:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll

2012-10-11 03:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll

2012-10-11 03:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll

2012-10-11 03:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys

2012-10-11 03:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll

2012-10-09 01:00:02 776864 ----a-w- C:\Windows\System32\drivers\NAVx64\1402000.013\srtsp64.sys

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-04 01:40:35 1133216 ----a-w- C:\Windows\System32\drivers\NAVx64\1402000.013\symefa64.sys

2012-10-04 01:40:20 493216 ----a-w- C:\Windows\System32\drivers\NAVx64\1402000.013\symds64.sys

2012-10-04 01:19:14 168096 ----a-w- C:\Windows\System32\drivers\NAVx64\1402000.013\ccsetx64.sys

2012-10-04 01:19:14 168096 ----a-r- C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys

2012-10-02 19:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-09-08 03:27:07 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-09-07 02:05:14 432800 ----a-w- C:\Windows\System32\drivers\NAVx64\1402000.013\symnets.sys

2012-09-07 01:48:08 224416 ----a-w- C:\Windows\System32\drivers\NAVx64\1402000.013\ironx64.sys

.

============= FINISH: 9:14:14.85 ===============

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 8/15/2012 8:47:12 PM

System Uptime: 12/2/2012 8:42:46 AM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P6T

Processor: Intel® Core i7 CPU 960 @ 3.20GHz | LGA1366 | 3201/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 931 GiB total, 847.567 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 298 GiB total, 90.369 GiB free.

F: is FIXED (NTFS) - 932 GiB total, 711.069 GiB free.

G: is Removable

H: is Removable

I: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP32: 9/4/2012 5:59:17 PM - Windows Update

RP33: 9/12/2012 5:16:23 AM - Windows Update

RP34: 9/22/2012 8:33:03 AM - Windows Update

RP35: 9/26/2012 7:12:18 AM - Windows Update

RP36: 10/4/2012 7:42:28 PM - Scheduled Checkpoint

RP37: 10/6/2012 11:34:52 AM - Installed Comic Life

RP38: 10/6/2012 2:44:50 PM - Windows Update

RP39: 10/7/2012 8:32:26 AM - Windows Update

RP40: 10/8/2012 6:00:28 AM - Windows Update

RP41: 10/10/2012 5:58:16 AM - Windows Update

RP42: 10/17/2012 8:00:04 PM - Scheduled Checkpoint

RP43: 10/25/2012 6:48:59 AM - Scheduled Checkpoint

RP44: 11/1/2012 8:27:28 PM - Scheduled Checkpoint

RP45: 11/5/2012 7:55:49 PM - Installed Comic Life 2

RP46: 11/6/2012 5:32:33 PM - Installed Memeo LifeAgent Explorer Extension

RP47: 11/14/2012 6:05:09 AM - Windows Update

RP48: 11/17/2012 5:28:02 PM - Windows Update

RP49: 11/25/2012 8:54:13 PM - Scheduled Checkpoint

RP50: 11/28/2012 6:04:15 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

AIM for Windows

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Calendarscope

Canon MX880 series MP Drivers

CCleaner

Comic Life

Comic Life 2

Cool & Quiet

DAZ Content Management Service

DAZ Studio 4.5 (64bit)

Dynamic Clothing Control DS4 (64bit)

GIMP 2.8.2

iTunes

Java 7 Update 7 (64-bit)

Malwarebytes Anti-Malware version 1.65.1.1000

Memeo Backup Premium

Memeo LifeAgent Explorer Extension

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Norton AntiVirus

Norton Identity Safe

NVIDIA 3D Vision Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Graphics Driver 306.97

NVIDIA Install Application

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.10.8

NVIDIA Update Components

Real Alternative 1.50

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Spybot - Search & Destroy

TiVo Desktop 2.8.3

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 2.0.0

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

12/1/2012 5:54:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/1/2012 5:54:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/1/2012 5:54:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/1/2012 5:54:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/1/2012 5:54:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO BHDrvx64 ccSet_NAV ccSet_NST discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6

12/1/2012 3:29:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800b8afbb0, 0x0000000000000000, 0x000000007ef98000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120112-29109-01.

12/1/2012 2:57:37 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

12/1/2012 2:57:37 PM, Error: Schannel [36874] - An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

12/1/2012 10:15:28 PM, Error: PCTCore [280] -

12/1/2012 10:10:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

11/30/2012 9:31:01 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

.

==== End Of File ===========================

Link to post
Share on other sites
  • Staff
CatByte

CatByte

Posted
  • Staff
Posted

Please run the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Link to post
Share on other sites
DesertLion

DesertLion

Posted
  • Author
Posted

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-12-02 09:51:39

-----------------------------

09:51:39.533 OS Version: Windows x64 6.1.7601 Service Pack 1

09:51:39.533 Number of processors: 8 586 0x1A05

09:51:39.533 ComputerName: JOE-PC UserName: Joe

09:51:41.311 Initialize success

09:51:49.862 AVAST engine download error: 0

09:52:02.248 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3

09:52:02.264 Disk 0 Vendor: ST31000528AS CC37 Size: 953869MB BusType: 3

09:52:02.264 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-5

09:52:02.264 Disk 1 Vendor: ST3320620AS 3.AAE Size: 305245MB BusType: 3

09:52:02.264 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T1L0-7

09:52:02.264 Disk 2 Vendor: Hitachi_HDS721010CLA332 JP4OA25C Size: 953869MB BusType: 3

09:52:02.264 Device \Driver\atapi -> MajorFunction fffffa800b89a5e8

09:52:02.264 Disk 0 MBR read successfully

09:52:02.264 Disk 0 MBR scan

09:52:02.264 Disk 0 Windows 7 default MBR code

09:52:02.279 Disk 0 MBR hidden

09:52:02.279 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

09:52:02.295 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848

09:52:02.310 Disk 0 scanning C:\Windows\system32\drivers

09:52:07.989 Service scanning

09:52:18.082 Modules scanning

09:52:18.082 Disk 0 trace - called modules:

09:52:18.082 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800b89a5e8]<<

09:52:18.082 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800adfd790]

09:52:18.082 3 CLASSPNP.SYS[fffff88001b8d43f] -> nt!IofCallDriver -> [0xfffffa800abba520]

09:52:18.082 5 ACPI.sys[fffff88000d4c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800abbf060]

09:52:18.098 \Driver\atapi[0xfffffa8009d75e70] -> IRP_MJ_CREATE -> 0xfffffa800b89a5e8

09:52:18.098 Scan finished successfully

09:52:33.058 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"

09:52:33.058 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"

MBR.zip

Link to post
Share on other sites
  • Staff
CatByte

CatByte

Posted
  • Staff
Posted

Please run the following

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites
DesertLion

DesertLion

Posted
  • Author
Posted

Hi again. I was unable to disable all of the norton services as they were grayed out in my services menu. Rather than fight through that, I've temporarily uninstalled Norton Antivirus so that I could run ComboFix.

ComboFix 12-12-01.02 - Joe 12/02/2012 10:35:35.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12278.10313 [GMT -6:00]

Running from: c:\users\Joe\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Joe\AppData\Local\TempDIR

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))

.

.

2012-12-02 16:38 . 2012-12-02 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-02 04:45 . 2012-12-02 04:45 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes

2012-12-02 04:45 . 2012-12-02 04:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-02 04:45 . 2012-12-02 04:45 -------- d-----w- c:\programdata\Malwarebytes

2012-12-02 04:45 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-02 04:10 . 2012-12-02 04:10 -------- d-----w- c:\program files (x86)\PC Tools

2012-12-02 04:08 . 2012-12-02 04:51 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-12-02 04:08 . 2012-11-01 21:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-12-02 04:08 . 2012-12-02 04:44 -------- d-----w- c:\programdata\PC Tools

2012-12-02 04:08 . 2012-12-02 04:08 -------- d-----w- c:\users\Joe\AppData\Roaming\TestApp

2012-11-19 23:07 . 2012-11-19 23:07 -------- d-----w- c:\programdata\OptiTex

2012-11-17 23:29 . 2012-11-17 23:30 -------- d-----w- c:\users\UpdatusUser

2012-11-17 23:29 . 2012-11-17 23:30 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2012-11-17 23:29 . 2012-12-02 14:43 -------- d-----w- c:\programdata\NVIDIA

2012-11-17 23:29 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-11-17 23:29 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-11-17 23:29 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-11-17 23:29 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-11-17 23:29 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-11-17 23:29 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-11-14 12:10 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 12:10 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 12:10 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-14 12:10 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-14 12:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-14 12:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-14 12:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-14 12:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-14 12:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-14 12:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-14 12:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-14 12:02 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-11-14 12:02 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-11-14 12:02 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-11-14 12:02 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-11-14 12:02 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll

2012-11-14 12:02 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-11-14 12:02 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-11-14 12:02 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-11-14 12:02 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-11-14 12:02 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-11-14 12:02 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-11-14 12:02 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll

2012-11-14 11:56 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-14 11:56 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-14 11:53 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-11-14 11:53 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-11-14 11:53 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-11-14 11:53 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-11-14 11:53 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 23:33 . 2012-11-06 23:33 -------- d-----w- c:\windows\[systemFolder]

2012-11-06 01:56 . 2012-11-06 01:56 -------- d-----w- c:\users\Joe\AppData\Roaming\CocotronLibrary

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-19 14:06 . 2012-08-16 01:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-19 14:06 . 2012-08-16 01:46 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-14 12:06 . 2012-08-16 00:03 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-16 08:38 . 2012-11-28 11:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 11:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 11:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-11 03:23 . 2012-10-11 03:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-10-11 03:23 . 2012-10-11 03:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-10-11 03:23 . 2012-10-11 03:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-10-11 03:23 . 2012-10-11 03:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-10-11 03:23 . 2012-10-11 03:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-10-11 03:23 . 2012-10-11 03:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-10-11 03:23 . 2012-10-11 03:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll

2012-10-11 03:23 . 2012-10-11 03:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll

2012-10-11 03:23 . 2012-10-11 03:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-10-11 03:23 . 2012-10-11 03:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll

2012-10-11 03:23 . 2012-10-11 03:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-10-11 03:23 . 2012-10-11 03:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-10-11 03:23 . 2012-10-11 03:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-10-11 03:22 . 2012-10-11 03:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-10-11 03:22 . 2012-10-11 03:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll

2012-10-11 03:22 . 2012-02-10 03:43 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-10-11 03:22 . 2012-10-11 03:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-10-11 03:22 . 2012-10-11 03:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll

2012-10-11 03:22 . 2012-10-11 03:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-10-11 03:22 . 2012-10-11 03:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-10-11 03:22 . 2012-10-11 03:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-10-02 19:15 . 2012-10-02 19:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-09-14 19:19 . 2012-10-10 10:08 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 10:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Calendarscope"="c:\program files (x86)\Calendarscope\csde.exe" [2012-09-17 2848696]

"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]

"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]

"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]

"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Memeo Backup Premium"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2012-04-14 131072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S4 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ASWMBR

*Deregistered* - aswMBR

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-19 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2012-08-16 22:31]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: comiclife.com

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{A13C2648-91D4-4BF3-BC6D-0079707C4389} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-02 10:40:19

ComboFix-quarantined-files.txt 2012-12-02 16:40

.

Pre-Run: 908,337,442,816 bytes free

Post-Run: 908,470,022,144 bytes free

.

- - End Of File - - 35FE22B65D62B1408DE6ECDAF29463D2

Link to post
Share on other sites
  • Staff
CatByte

CatByte

Posted
  • Staff
Posted

Please run the following:

Please download TDSSKiller.zip

  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now

    [*]Copy and paste the log in your next reply

    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

NEXT

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.

Link to post
Share on other sites
DesertLion

DesertLion

Posted
  • Author
Posted

TDSS Killer...

17:13:33.0524 3636 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

17:13:33.0524 3636 ============================================================

17:13:33.0524 3636 Current date / time: 2012/12/02 17:13:33.0524

17:13:33.0524 3636 SystemInfo:

17:13:33.0524 3636

17:13:33.0524 3636 OS Version: 6.1.7601 ServicePack: 1.0

17:13:33.0524 3636 Product type: Workstation

17:13:33.0524 3636 ComputerName: JOE-PC

17:13:33.0524 3636 UserName: Joe

17:13:33.0524 3636 Windows directory: C:\Windows

17:13:33.0524 3636 System windows directory: C:\Windows

17:13:33.0524 3636 Running under WOW64

17:13:33.0524 3636 Processor architecture: Intel x64

17:13:33.0524 3636 Number of processors: 8

17:13:33.0524 3636 Page size: 0x1000

17:13:33.0524 3636 Boot type: Normal boot

17:13:33.0524 3636 ============================================================

17:13:34.0304 3636 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:13:34.0304 3636 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:13:34.0319 3636 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:13:34.0335 3636 ============================================================

17:13:34.0335 3636 \Device\Harddisk2\DR2:

17:13:34.0335 3636 MBR partitions:

17:13:34.0335 3636 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

17:13:34.0335 3636 \Device\Harddisk0\DR0:

17:13:34.0335 3636 MBR partitions:

17:13:34.0335 3636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

17:13:34.0335 3636 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800

17:13:34.0335 3636 \Device\Harddisk1\DR1:

17:13:34.0350 3636 MBR partitions:

17:13:34.0350 3636 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1

17:13:34.0350 3636 ============================================================

17:13:34.0397 3636 C: <-> \Device\Harddisk0\DR0\Partition2

17:13:34.0444 3636 E: <-> \Device\Harddisk1\DR1\Partition1

17:13:34.0460 3636 F: <-> \Device\Harddisk2\DR2\Partition1

17:13:34.0460 3636 ============================================================

17:13:34.0460 3636 Initialize success

17:13:34.0460 3636 ============================================================

17:13:51.0729 3840 ============================================================

17:13:51.0729 3840 Scan started

17:13:51.0729 3840 Mode: Manual; TDLFS;

17:13:51.0729 3840 ============================================================

17:13:52.0150 3840 ================ Scan system memory ========================

17:13:52.0150 3840 System memory - ok

17:13:52.0150 3840 ================ Scan services =============================

17:13:52.0244 3840 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

17:13:52.0244 3840 1394ohci - ok

17:13:52.0259 3840 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

17:13:52.0259 3840 ACPI - ok

17:13:52.0259 3840 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

17:13:52.0259 3840 AcpiPmi - ok

17:13:52.0322 3840 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

17:13:52.0322 3840 AdobeARMservice - ok

17:13:52.0337 3840 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

17:13:52.0353 3840 adp94xx - ok

17:13:52.0368 3840 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

17:13:52.0368 3840 adpahci - ok

17:13:52.0368 3840 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

17:13:52.0368 3840 adpu320 - ok

17:13:52.0400 3840 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

17:13:52.0400 3840 AeLookupSvc - ok

17:13:52.0431 3840 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

17:13:52.0446 3840 AFD - ok

17:13:52.0446 3840 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

17:13:52.0446 3840 agp440 - ok

17:13:52.0462 3840 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

17:13:52.0462 3840 ALG - ok

17:13:52.0478 3840 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

17:13:52.0478 3840 aliide - ok

17:13:52.0493 3840 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

17:13:52.0493 3840 amdide - ok

17:13:52.0509 3840 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

17:13:52.0509 3840 AmdK8 - ok

17:13:52.0524 3840 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

17:13:52.0524 3840 AmdPPM - ok

17:13:52.0524 3840 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

17:13:52.0524 3840 amdsata - ok

17:13:52.0540 3840 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

17:13:52.0540 3840 amdsbs - ok

17:13:52.0556 3840 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

17:13:52.0556 3840 amdxata - ok

17:13:52.0571 3840 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

17:13:52.0571 3840 AppID - ok

17:13:52.0587 3840 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

17:13:52.0587 3840 AppIDSvc - ok

17:13:52.0618 3840 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

17:13:52.0618 3840 Appinfo - ok

17:13:52.0680 3840 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:13:52.0680 3840 Apple Mobile Device - ok

17:13:52.0712 3840 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

17:13:52.0712 3840 AppMgmt - ok

17:13:52.0727 3840 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

17:13:52.0727 3840 arc - ok

17:13:52.0727 3840 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

17:13:52.0727 3840 arcsas - ok

17:13:52.0774 3840 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys

17:13:52.0774 3840 AsIO - ok

17:13:52.0805 3840 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys

17:13:52.0805 3840 AsUpIO - ok

17:13:52.0821 3840 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

17:13:52.0821 3840 AsyncMac - ok

17:13:52.0821 3840 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

17:13:52.0821 3840 atapi - ok

17:13:52.0836 3840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

17:13:52.0852 3840 AudioEndpointBuilder - ok

17:13:52.0852 3840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

17:13:52.0852 3840 AudioSrv - ok

17:13:52.0868 3840 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

17:13:52.0883 3840 AxInstSV - ok

17:13:52.0899 3840 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

17:13:52.0899 3840 b06bdrv - ok

17:13:52.0914 3840 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

17:13:52.0914 3840 b57nd60a - ok

17:13:52.0946 3840 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

17:13:52.0946 3840 BDESVC - ok

17:13:52.0946 3840 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

17:13:52.0946 3840 Beep - ok

17:13:52.0977 3840 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

17:13:52.0992 3840 BFE - ok

17:13:53.0008 3840 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

17:13:53.0024 3840 BITS - ok

17:13:53.0024 3840 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

17:13:53.0039 3840 blbdrive - ok

17:13:53.0070 3840 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

17:13:53.0086 3840 Bonjour Service - ok

17:13:53.0102 3840 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

17:13:53.0102 3840 bowser - ok

17:13:53.0117 3840 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:13:53.0117 3840 BrFiltLo - ok

17:13:53.0117 3840 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:13:53.0117 3840 BrFiltUp - ok

17:13:53.0133 3840 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

17:13:53.0133 3840 BridgeMP - ok

17:13:53.0148 3840 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

17:13:53.0148 3840 Browser - ok

17:13:53.0164 3840 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

17:13:53.0164 3840 Brserid - ok

17:13:53.0180 3840 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

17:13:53.0180 3840 BrSerWdm - ok

17:13:53.0180 3840 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

17:13:53.0180 3840 BrUsbMdm - ok

17:13:53.0195 3840 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

17:13:53.0195 3840 BrUsbSer - ok

17:13:53.0211 3840 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

17:13:53.0211 3840 BTHMODEM - ok

17:13:53.0226 3840 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

17:13:53.0226 3840 bthserv - ok

17:13:53.0242 3840 catchme - ok

17:13:53.0258 3840 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

17:13:53.0258 3840 cdfs - ok

17:13:53.0289 3840 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

17:13:53.0289 3840 cdrom - ok

17:13:53.0320 3840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

17:13:53.0320 3840 CertPropSvc - ok

17:13:53.0336 3840 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

17:13:53.0336 3840 circlass - ok

17:13:53.0351 3840 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

17:13:53.0367 3840 CLFS - ok

17:13:53.0398 3840 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:13:53.0398 3840 clr_optimization_v2.0.50727_32 - ok

17:13:53.0429 3840 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:13:53.0429 3840 clr_optimization_v2.0.50727_64 - ok

17:13:53.0460 3840 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:13:53.0460 3840 clr_optimization_v4.0.30319_32 - ok

17:13:53.0492 3840 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:13:53.0492 3840 clr_optimization_v4.0.30319_64 - ok

17:13:53.0507 3840 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

17:13:53.0507 3840 CmBatt - ok

17:13:53.0507 3840 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

17:13:53.0507 3840 cmdide - ok

17:13:53.0538 3840 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

17:13:53.0538 3840 CNG - ok

17:13:53.0554 3840 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

17:13:53.0554 3840 Compbatt - ok

17:13:53.0570 3840 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

17:13:53.0570 3840 CompositeBus - ok

17:13:53.0585 3840 COMSysApp - ok

17:13:53.0601 3840 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

17:13:53.0601 3840 crcdisk - ok

17:13:53.0616 3840 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

17:13:53.0616 3840 CryptSvc - ok

17:13:53.0648 3840 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

17:13:53.0648 3840 CSC - ok

17:13:53.0663 3840 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

17:13:53.0679 3840 CscService - ok

17:13:53.0726 3840 [ 958EF96991ABCCFDAC0953C4A24081DC ] DAZContentManagementService C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe

17:13:53.0726 3840 DAZContentManagementService - ok

17:13:53.0757 3840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

17:13:53.0772 3840 DcomLaunch - ok

17:13:53.0788 3840 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

17:13:53.0788 3840 defragsvc - ok

17:13:53.0819 3840 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

17:13:53.0819 3840 DfsC - ok

17:13:53.0850 3840 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

17:13:53.0850 3840 Dhcp - ok

17:13:53.0866 3840 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

17:13:53.0866 3840 discache - ok

17:13:53.0882 3840 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

17:13:53.0882 3840 Disk - ok

17:13:53.0897 3840 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

17:13:53.0897 3840 Dnscache - ok

17:13:53.0928 3840 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

17:13:53.0928 3840 dot3svc - ok

17:13:53.0944 3840 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

17:13:53.0944 3840 DPS - ok

17:13:53.0960 3840 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

17:13:53.0960 3840 drmkaud - ok

17:13:53.0991 3840 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

17:13:53.0991 3840 DXGKrnl - ok

17:13:54.0022 3840 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

17:13:54.0022 3840 EapHost - ok

17:13:54.0069 3840 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

17:13:54.0116 3840 ebdrv - ok

17:13:54.0131 3840 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

17:13:54.0131 3840 EFS - ok

17:13:54.0162 3840 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

17:13:54.0162 3840 ehRecvr - ok

17:13:54.0178 3840 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

17:13:54.0178 3840 ehSched - ok

17:13:54.0194 3840 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

17:13:54.0194 3840 elxstor - ok

17:13:54.0225 3840 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

17:13:54.0225 3840 ErrDev - ok

17:13:54.0240 3840 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

17:13:54.0240 3840 EventSystem - ok

17:13:54.0256 3840 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

17:13:54.0256 3840 exfat - ok

17:13:54.0256 3840 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

17:13:54.0272 3840 fastfat - ok

17:13:54.0303 3840 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

17:13:54.0303 3840 Fax - ok

17:13:54.0318 3840 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

17:13:54.0318 3840 fdc - ok

17:13:54.0334 3840 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

17:13:54.0334 3840 fdPHost - ok

17:13:54.0334 3840 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

17:13:54.0334 3840 FDResPub - ok

17:13:54.0350 3840 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

17:13:54.0350 3840 FileInfo - ok

17:13:54.0350 3840 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

17:13:54.0365 3840 Filetrace - ok

17:13:54.0365 3840 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

17:13:54.0365 3840 flpydisk - ok

17:13:54.0381 3840 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

17:13:54.0381 3840 FltMgr - ok

17:13:54.0412 3840 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

17:13:54.0428 3840 FontCache - ok

17:13:54.0443 3840 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:13:54.0443 3840 FontCache3.0.0.0 - ok

17:13:54.0459 3840 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

17:13:54.0459 3840 FsDepends - ok

17:13:54.0474 3840 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

17:13:54.0474 3840 Fs_Rec - ok

17:13:54.0506 3840 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

17:13:54.0506 3840 fvevol - ok

17:13:54.0506 3840 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

17:13:54.0521 3840 gagp30kx - ok

17:13:54.0537 3840 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:13:54.0537 3840 GEARAspiWDM - ok

17:13:54.0568 3840 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

17:13:54.0568 3840 gpsvc - ok

17:13:54.0584 3840 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

17:13:54.0584 3840 hcw85cir - ok

17:13:54.0615 3840 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

17:13:54.0630 3840 HdAudAddService - ok

17:13:54.0646 3840 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

17:13:54.0646 3840 HDAudBus - ok

17:13:54.0646 3840 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

17:13:54.0646 3840 HidBatt - ok

17:13:54.0662 3840 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

17:13:54.0662 3840 HidBth - ok

17:13:54.0662 3840 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

17:13:54.0662 3840 HidIr - ok

17:13:54.0677 3840 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

17:13:54.0677 3840 hidserv - ok

17:13:54.0724 3840 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

17:13:54.0724 3840 HidUsb - ok

17:13:54.0755 3840 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

17:13:54.0755 3840 hkmsvc - ok

17:13:54.0755 3840 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

17:13:54.0755 3840 HomeGroupListener - ok

17:13:54.0771 3840 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

17:13:54.0771 3840 HomeGroupProvider - ok

17:13:54.0786 3840 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

17:13:54.0786 3840 HpSAMD - ok

17:13:54.0833 3840 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

17:13:54.0833 3840 HTTP - ok

17:13:54.0849 3840 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

17:13:54.0849 3840 hwpolicy - ok

17:13:54.0864 3840 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

17:13:54.0880 3840 i8042prt - ok

17:13:54.0896 3840 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

17:13:54.0896 3840 iaStorV - ok

17:13:54.0927 3840 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:13:54.0942 3840 idsvc - ok

17:13:54.0942 3840 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

17:13:54.0942 3840 iirsp - ok

17:13:54.0974 3840 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

17:13:54.0974 3840 IKEEXT - ok

17:13:55.0052 3840 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

17:13:55.0067 3840 IntcAzAudAddService - ok

17:13:55.0083 3840 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

17:13:55.0083 3840 intelide - ok

17:13:55.0098 3840 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

17:13:55.0098 3840 intelppm - ok

17:13:55.0114 3840 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

17:13:55.0114 3840 IPBusEnum - ok

17:13:55.0130 3840 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:13:55.0130 3840 IpFilterDriver - ok

17:13:55.0161 3840 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

17:13:55.0161 3840 iphlpsvc - ok

17:13:55.0161 3840 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

17:13:55.0161 3840 IPMIDRV - ok

17:13:55.0176 3840 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

17:13:55.0176 3840 IPNAT - ok

17:13:55.0223 3840 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

17:13:55.0223 3840 iPod Service - ok

17:13:55.0239 3840 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

17:13:55.0239 3840 IRENUM - ok

17:13:55.0239 3840 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

17:13:55.0239 3840 isapnp - ok

17:13:55.0270 3840 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

17:13:55.0270 3840 iScsiPrt - ok

17:13:55.0286 3840 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

17:13:55.0286 3840 kbdclass - ok

17:13:55.0301 3840 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

17:13:55.0301 3840 kbdhid - ok

17:13:55.0317 3840 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

17:13:55.0317 3840 KeyIso - ok

17:13:55.0332 3840 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

17:13:55.0332 3840 KSecDD - ok

17:13:55.0332 3840 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

17:13:55.0348 3840 KSecPkg - ok

17:13:55.0348 3840 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

17:13:55.0348 3840 ksthunk - ok

17:13:55.0364 3840 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

17:13:55.0379 3840 KtmRm - ok

17:13:55.0395 3840 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

17:13:55.0395 3840 LanmanServer - ok

17:13:55.0426 3840 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

17:13:55.0426 3840 LanmanWorkstation - ok

17:13:55.0442 3840 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

17:13:55.0442 3840 lltdio - ok

17:13:55.0457 3840 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

17:13:55.0457 3840 lltdsvc - ok

17:13:55.0473 3840 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

17:13:55.0473 3840 lmhosts - ok

17:13:55.0504 3840 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

17:13:55.0504 3840 LSI_FC - ok

17:13:55.0520 3840 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

17:13:55.0520 3840 LSI_SAS - ok

17:13:55.0520 3840 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:13:55.0520 3840 LSI_SAS2 - ok

17:13:55.0535 3840 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:13:55.0535 3840 LSI_SCSI - ok

17:13:55.0551 3840 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

17:13:55.0551 3840 luafv - ok

17:13:55.0566 3840 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

17:13:55.0566 3840 MBAMProtector - ok

17:13:55.0629 3840 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

17:13:55.0629 3840 MBAMScheduler - ok

17:13:55.0660 3840 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

17:13:55.0660 3840 MBAMService - ok

17:13:55.0676 3840 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

17:13:55.0676 3840 Mcx2Svc - ok

17:13:55.0691 3840 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

17:13:55.0691 3840 megasas - ok

17:13:55.0707 3840 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

17:13:55.0707 3840 MegaSR - ok

17:13:55.0769 3840 [ D0067EAA04400314A1E95D70020F7403 ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe

17:13:55.0769 3840 MemeoBackgroundService - ok

17:13:55.0769 3840 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

17:13:55.0769 3840 MMCSS - ok

17:13:55.0785 3840 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

17:13:55.0785 3840 Modem - ok

17:13:55.0800 3840 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

17:13:55.0800 3840 monitor - ok

17:13:55.0800 3840 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

17:13:55.0800 3840 mouclass - ok

17:13:55.0832 3840 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

17:13:55.0832 3840 mouhid - ok

17:13:55.0863 3840 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

17:13:55.0863 3840 mountmgr - ok

17:13:55.0878 3840 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

17:13:55.0878 3840 mpio - ok

17:13:55.0894 3840 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

17:13:55.0894 3840 mpsdrv - ok

17:13:55.0910 3840 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

17:13:55.0925 3840 MpsSvc - ok

17:13:55.0941 3840 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

17:13:55.0956 3840 MRxDAV - ok

17:13:55.0972 3840 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

17:13:55.0972 3840 mrxsmb - ok

17:13:55.0988 3840 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:13:55.0988 3840 mrxsmb10 - ok

17:13:56.0003 3840 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:13:56.0003 3840 mrxsmb20 - ok

17:13:56.0019 3840 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

17:13:56.0019 3840 msahci - ok

17:13:56.0034 3840 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

17:13:56.0034 3840 msdsm - ok

17:13:56.0050 3840 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

17:13:56.0050 3840 MSDTC - ok

17:13:56.0050 3840 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

17:13:56.0050 3840 Msfs - ok

17:13:56.0066 3840 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

17:13:56.0066 3840 mshidkmdf - ok

17:13:56.0081 3840 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

17:13:56.0081 3840 msisadrv - ok

17:13:56.0097 3840 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

17:13:56.0097 3840 MSiSCSI - ok

17:13:56.0097 3840 msiserver - ok

17:13:56.0112 3840 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

17:13:56.0112 3840 MSKSSRV - ok

17:13:56.0112 3840 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

17:13:56.0112 3840 MSPCLOCK - ok

17:13:56.0128 3840 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

17:13:56.0128 3840 MSPQM - ok

17:13:56.0159 3840 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

17:13:56.0159 3840 MsRPC - ok

17:13:56.0159 3840 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

17:13:56.0159 3840 mssmbios - ok

17:13:56.0175 3840 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

17:13:56.0175 3840 MSTEE - ok

17:13:56.0175 3840 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

17:13:56.0190 3840 MTConfig - ok

17:13:56.0206 3840 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys

17:13:56.0206 3840 MTsensor - ok

17:13:56.0222 3840 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

17:13:56.0222 3840 Mup - ok

17:13:56.0253 3840 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

17:13:56.0253 3840 napagent - ok

17:13:56.0268 3840 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

17:13:56.0268 3840 NativeWifiP - ok

17:13:56.0315 3840 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

17:13:56.0315 3840 NDIS - ok

17:13:56.0331 3840 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

17:13:56.0331 3840 NdisCap - ok

17:13:56.0346 3840 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

17:13:56.0346 3840 NdisTapi - ok

17:13:56.0378 3840 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

17:13:56.0378 3840 Ndisuio - ok

17:13:56.0393 3840 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

17:13:56.0393 3840 NdisWan - ok

17:13:56.0409 3840 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

17:13:56.0409 3840 NDProxy - ok

17:13:56.0409 3840 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

17:13:56.0424 3840 NetBIOS - ok

17:13:56.0440 3840 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

17:13:56.0440 3840 NetBT - ok

17:13:56.0456 3840 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

17:13:56.0456 3840 Netlogon - ok

17:13:56.0487 3840 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

17:13:56.0487 3840 Netman - ok

17:13:56.0502 3840 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

17:13:56.0502 3840 netprofm - ok

17:13:56.0518 3840 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:13:56.0518 3840 NetTcpPortSharing - ok

17:13:56.0534 3840 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

17:13:56.0534 3840 nfrd960 - ok

17:13:56.0549 3840 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

17:13:56.0549 3840 NlaSvc - ok

17:13:56.0565 3840 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

17:13:56.0565 3840 Npfs - ok

17:13:56.0565 3840 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

17:13:56.0565 3840 nsi - ok

17:13:56.0580 3840 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

17:13:56.0580 3840 nsiproxy - ok

17:13:56.0612 3840 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

17:13:56.0643 3840 Ntfs - ok

17:13:56.0658 3840 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

17:13:56.0658 3840 Null - ok

17:13:56.0674 3840 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys

17:13:56.0674 3840 NVENETFD - ok

17:13:56.0846 3840 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:13:56.0892 3840 nvlddmkm - ok

17:13:56.0939 3840 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

17:13:56.0939 3840 nvraid - ok

17:13:56.0955 3840 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

17:13:56.0955 3840 nvstor - ok

17:13:57.0002 3840 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe

17:13:57.0017 3840 nvsvc - ok

17:13:57.0048 3840 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

17:13:57.0048 3840 nvUpdatusService - ok

17:13:57.0064 3840 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

17:13:57.0064 3840 nv_agp - ok

17:13:57.0126 3840 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

17:13:57.0126 3840 odserv - ok

17:13:57.0142 3840 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

17:13:57.0142 3840 ohci1394 - ok

17:13:57.0173 3840 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:13:57.0173 3840 ose - ok

17:13:57.0204 3840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

17:13:57.0204 3840 p2pimsvc - ok

17:13:57.0220 3840 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

17:13:57.0236 3840 p2psvc - ok

17:13:57.0251 3840 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

17:13:57.0251 3840 Parport - ok

17:13:57.0267 3840 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

17:13:57.0282 3840 partmgr - ok

17:13:57.0282 3840 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

17:13:57.0298 3840 PcaSvc - ok

17:13:57.0298 3840 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

17:13:57.0298 3840 pci - ok

17:13:57.0314 3840 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

17:13:57.0314 3840 pciide - ok

17:13:57.0314 3840 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

17:13:57.0329 3840 pcmcia - ok

17:13:57.0329 3840 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

17:13:57.0329 3840 pcw - ok

17:13:57.0345 3840 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

17:13:57.0345 3840 PEAUTH - ok

17:13:57.0392 3840 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

17:13:57.0423 3840 PeerDistSvc - ok

17:13:57.0454 3840 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

17:13:57.0454 3840 PerfHost - ok

17:13:57.0501 3840 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

17:13:57.0516 3840 pla - ok

17:13:57.0548 3840 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

17:13:57.0548 3840 PlugPlay - ok

17:13:57.0563 3840 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

17:13:57.0563 3840 PNRPAutoReg - ok

17:13:57.0579 3840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

17:13:57.0579 3840 PNRPsvc - ok

17:13:57.0610 3840 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

17:13:57.0610 3840 PolicyAgent - ok

17:13:57.0626 3840 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

17:13:57.0626 3840 Power - ok

17:13:57.0641 3840 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

17:13:57.0641 3840 PptpMiniport - ok

17:13:57.0657 3840 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

17:13:57.0657 3840 Processor - ok

17:13:57.0688 3840 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

17:13:57.0688 3840 ProfSvc - ok

17:13:57.0704 3840 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

17:13:57.0704 3840 ProtectedStorage - ok

17:13:57.0719 3840 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

17:13:57.0719 3840 Psched - ok

17:13:57.0735 3840 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

17:13:57.0766 3840 ql2300 - ok

17:13:57.0766 3840 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

17:13:57.0766 3840 ql40xx - ok

17:13:57.0797 3840 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

17:13:57.0797 3840 QWAVE - ok

17:13:57.0813 3840 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

17:13:57.0813 3840 QWAVEdrv - ok

17:13:57.0828 3840 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

17:13:57.0828 3840 RasAcd - ok

17:13:57.0844 3840 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

17:13:57.0844 3840 RasAgileVpn - ok

17:13:57.0844 3840 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

17:13:57.0844 3840 RasAuto - ok

17:13:57.0875 3840 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

17:13:57.0875 3840 Rasl2tp - ok

17:13:57.0891 3840 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

17:13:57.0891 3840 RasMan - ok

17:13:57.0906 3840 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

17:13:57.0906 3840 RasPppoe - ok

17:13:57.0906 3840 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

17:13:57.0906 3840 RasSstp - ok

17:13:57.0938 3840 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

17:13:57.0938 3840 rdbss - ok

17:13:57.0953 3840 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

17:13:57.0953 3840 rdpbus - ok

17:13:57.0969 3840 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

17:13:57.0969 3840 RDPCDD - ok

17:13:57.0984 3840 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

17:13:57.0984 3840 RDPDR - ok

17:13:58.0000 3840 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

17:13:58.0000 3840 RDPENCDD - ok

17:13:58.0016 3840 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

17:13:58.0016 3840 RDPREFMP - ok

17:13:58.0031 3840 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

17:13:58.0031 3840 RDPWD - ok

17:13:58.0047 3840 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

17:13:58.0047 3840 rdyboost - ok

17:13:58.0078 3840 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

17:13:58.0078 3840 RemoteAccess - ok

17:13:58.0078 3840 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

17:13:58.0094 3840 RemoteRegistry - ok

17:13:58.0109 3840 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

17:13:58.0109 3840 RpcEptMapper - ok

17:13:58.0125 3840 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

17:13:58.0140 3840 RpcLocator - ok

17:13:58.0156 3840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

17:13:58.0156 3840 RpcSs - ok

17:13:58.0156 3840 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

17:13:58.0172 3840 rspndr - ok

17:13:58.0187 3840 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

17:13:58.0187 3840 RTL8167 - ok

17:13:58.0203 3840 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

17:13:58.0203 3840 s3cap - ok

17:13:58.0218 3840 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

17:13:58.0218 3840 SamSs - ok

17:13:58.0234 3840 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

17:13:58.0234 3840 sbp2port - ok

17:13:58.0281 3840 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

17:13:58.0281 3840 SBSDWSCService - ok

17:13:58.0296 3840 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

17:13:58.0296 3840 SCardSvr - ok

17:13:58.0312 3840 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

17:13:58.0328 3840 scfilter - ok

17:13:58.0343 3840 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

17:13:58.0359 3840 Schedule - ok

17:13:58.0374 3840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

17:13:58.0374 3840 SCPolicySvc - ok

17:13:58.0406 3840 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

17:13:58.0406 3840 SDRSVC - ok

17:13:58.0421 3840 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

17:13:58.0421 3840 secdrv - ok

17:13:58.0437 3840 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

17:13:58.0437 3840 seclogon - ok

17:13:58.0452 3840 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

17:13:58.0452 3840 SENS - ok

17:13:58.0468 3840 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

17:13:58.0468 3840 SensrSvc - ok

17:13:58.0484 3840 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

17:13:58.0484 3840 Serenum - ok

17:13:58.0484 3840 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

17:13:58.0484 3840 Serial - ok

17:13:58.0499 3840 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

17:13:58.0499 3840 sermouse - ok

17:13:58.0530 3840 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

17:13:58.0530 3840 SessionEnv - ok

17:13:58.0546 3840 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

17:13:58.0546 3840 sffdisk - ok

17:13:58.0546 3840 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

17:13:58.0562 3840 sffp_mmc - ok

17:13:58.0562 3840 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

17:13:58.0562 3840 sffp_sd - ok

17:13:58.0577 3840 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

17:13:58.0577 3840 sfloppy - ok

17:13:58.0593 3840 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

17:13:58.0593 3840 SharedAccess - ok

17:13:58.0608 3840 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

17:13:58.0608 3840 ShellHWDetection - ok

17:13:58.0624 3840 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:13:58.0624 3840 SiSRaid2 - ok

17:13:58.0640 3840 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

17:13:58.0640 3840 SiSRaid4 - ok

17:13:58.0655 3840 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

17:13:58.0655 3840 Smb - ok

17:13:58.0686 3840 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

17:13:58.0686 3840 SNMPTRAP - ok

17:13:58.0686 3840 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

17:13:58.0686 3840 spldr - ok

17:13:58.0718 3840 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

17:13:58.0718 3840 Spooler - ok

17:13:58.0764 3840 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

17:13:58.0796 3840 sppsvc - ok

17:13:58.0827 3840 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

17:13:58.0827 3840 sppuinotify - ok

17:13:58.0842 3840 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

17:13:58.0842 3840 srv - ok

17:13:58.0858 3840 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

17:13:58.0874 3840 srv2 - ok

17:13:58.0874 3840 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

17:13:58.0889 3840 srvnet - ok

17:13:58.0905 3840 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

17:13:58.0905 3840 SSDPSRV - ok

17:13:58.0920 3840 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

17:13:58.0920 3840 SstpSvc - ok

17:13:58.0967 3840 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

17:13:58.0967 3840 Stereo Service - ok

17:13:58.0983 3840 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

17:13:58.0983 3840 stexstor - ok

17:13:58.0998 3840 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

17:13:58.0998 3840 stisvc - ok

17:13:59.0014 3840 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

17:13:59.0014 3840 storflt - ok

17:13:59.0045 3840 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll

17:13:59.0045 3840 StorSvc - ok

17:13:59.0061 3840 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

17:13:59.0061 3840 storvsc - ok

17:13:59.0076 3840 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

17:13:59.0076 3840 swenum - ok

17:13:59.0092 3840 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

17:13:59.0092 3840 swprv - ok

17:13:59.0139 3840 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

17:13:59.0170 3840 SysMain - ok

17:13:59.0170 3840 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

17:13:59.0170 3840 TabletInputService - ok

17:13:59.0186 3840 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

17:13:59.0201 3840 TapiSrv - ok

17:13:59.0217 3840 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

17:13:59.0217 3840 TBS - ok

17:13:59.0248 3840 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

17:13:59.0264 3840 Tcpip - ok

17:13:59.0295 3840 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

17:13:59.0295 3840 TCPIP6 - ok

17:13:59.0310 3840 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

17:13:59.0310 3840 tcpipreg - ok

17:13:59.0326 3840 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

17:13:59.0326 3840 TDPIPE - ok

17:13:59.0342 3840 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

17:13:59.0342 3840 TDTCP - ok

17:13:59.0357 3840 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

17:13:59.0357 3840 tdx - ok

17:13:59.0373 3840 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

17:13:59.0373 3840 TermDD - ok

17:13:59.0388 3840 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

17:13:59.0404 3840 TermService - ok

17:13:59.0420 3840 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

17:13:59.0420 3840 Themes - ok

17:13:59.0420 3840 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

17:13:59.0420 3840 THREADORDER - ok

17:13:59.0482 3840 [ 4DE3FAEE834E9EF5151A71866F6DB55D ] TivoBeacon2 C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe

17:13:59.0498 3840 TivoBeacon2 - ok

17:13:59.0513 3840 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

17:13:59.0513 3840 TrkWks - ok

17:13:59.0544 3840 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

17:13:59.0544 3840 TrustedInstaller - ok

17:13:59.0560 3840 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

17:13:59.0560 3840 tssecsrv - ok

17:13:59.0591 3840 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

17:13:59.0591 3840 TsUsbFlt - ok

17:13:59.0607 3840 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

17:13:59.0622 3840 tunnel - ok

17:13:59.0622 3840 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

17:13:59.0622 3840 uagp35 - ok

17:13:59.0638 3840 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

17:13:59.0654 3840 udfs - ok

17:13:59.0669 3840 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

17:13:59.0669 3840 UI0Detect - ok

17:13:59.0685 3840 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

17:13:59.0685 3840 uliagpkx - ok

17:13:59.0700 3840 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

17:13:59.0700 3840 umbus - ok

17:13:59.0716 3840 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

17:13:59.0716 3840 UmPass - ok

17:13:59.0732 3840 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

17:13:59.0732 3840 UmRdpService - ok

17:13:59.0747 3840 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

17:13:59.0747 3840 upnphost - ok

17:13:59.0763 3840 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

17:13:59.0778 3840 USBAAPL64 - ok

17:13:59.0778 3840 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

17:13:59.0778 3840 usbccgp - ok

17:13:59.0810 3840 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

17:13:59.0810 3840 usbcir - ok

17:13:59.0810 3840 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

17:13:59.0810 3840 usbehci - ok

17:13:59.0841 3840 [ 68BAD03835873D4BBBDE95CBB135A395 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys

17:13:59.0841 3840 UsbFltr - ok

17:13:59.0856 3840 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

17:13:59.0856 3840 usbhub - ok

17:13:59.0856 3840 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

17:13:59.0856 3840 usbohci - ok

17:13:59.0872 3840 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

17:13:59.0872 3840 usbprint - ok

17:13:59.0888 3840 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:13:59.0888 3840 USBSTOR - ok

17:13:59.0888 3840 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

17:13:59.0888 3840 usbuhci - ok

17:13:59.0903 3840 USTOR2K - ok

17:13:59.0919 3840 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

17:13:59.0919 3840 UxSms - ok

17:13:59.0919 3840 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

17:13:59.0919 3840 VaultSvc - ok

17:13:59.0950 3840 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

17:13:59.0950 3840 vdrvroot - ok

17:13:59.0981 3840 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

17:13:59.0997 3840 vds - ok

17:13:59.0997 3840 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

17:14:00.0012 3840 vga - ok

17:14:00.0012 3840 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

17:14:00.0012 3840 VgaSave - ok

17:14:00.0044 3840 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

17:14:00.0044 3840 vhdmp - ok

17:14:00.0059 3840 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

17:14:00.0059 3840 viaide - ok

17:14:00.0075 3840 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

17:14:00.0075 3840 vmbus - ok

17:14:00.0075 3840 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

17:14:00.0090 3840 VMBusHID - ok

17:14:00.0106 3840 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

17:14:00.0106 3840 volmgr - ok

17:14:00.0137 3840 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

17:14:00.0137 3840 volmgrx - ok

17:14:00.0153 3840 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

17:14:00.0153 3840 volsnap - ok

17:14:00.0168 3840 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

17:14:00.0168 3840 vsmraid - ok

17:14:00.0200 3840 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

17:14:00.0231 3840 VSS - ok

17:14:00.0231 3840 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

17:14:00.0231 3840 vwifibus - ok

17:14:00.0278 3840 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

17:14:00.0278 3840 W32Time - ok

17:14:00.0278 3840 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

17:14:00.0293 3840 WacomPen - ok

17:14:00.0309 3840 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

17:14:00.0309 3840 WANARP - ok

17:14:00.0309 3840 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

17:14:00.0309 3840 Wanarpv6 - ok

17:14:00.0340 3840 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

17:14:00.0371 3840 WatAdminSvc - ok

17:14:00.0402 3840 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

17:14:00.0434 3840 wbengine - ok

17:14:00.0449 3840 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

17:14:00.0449 3840 WbioSrvc - ok

17:14:00.0480 3840 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

17:14:00.0480 3840 wcncsvc - ok

17:14:00.0480 3840 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

17:14:00.0480 3840 WcsPlugInService - ok

17:14:00.0496 3840 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

17:14:00.0496 3840 Wd - ok

17:14:00.0527 3840 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

17:14:00.0543 3840 Wdf01000 - ok

17:14:00.0543 3840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

17:14:00.0558 3840 WdiServiceHost - ok

17:14:00.0558 3840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

17:14:00.0558 3840 WdiSystemHost - ok

17:14:00.0574 3840 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

17:14:00.0574 3840 WebClient - ok

17:14:00.0590 3840 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

17:14:00.0590 3840 Wecsvc - ok

17:14:00.0605 3840 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

17:14:00.0605 3840 wercplsupport - ok

17:14:00.0621 3840 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

17:14:00.0621 3840 WerSvc - ok

17:14:00.0636 3840 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

17:14:00.0636 3840 WfpLwf - ok

17:14:00.0652 3840 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

17:14:00.0652 3840 WIMMount - ok

17:14:00.0652 3840 WinDefend - ok

17:14:00.0668 3840 WinHttpAutoProxySvc - ok

17:14:00.0699 3840 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

17:14:00.0699 3840 Winmgmt - ok

17:14:00.0746 3840 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

17:14:00.0761 3840 WinRM - ok

17:14:00.0792 3840 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

17:14:00.0808 3840 Wlansvc - ok

17:14:00.0839 3840 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

17:14:00.0839 3840 WmiAcpi - ok

17:14:00.0870 3840 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

17:14:00.0870 3840 wmiApSrv - ok

17:14:00.0886 3840 WMPNetworkSvc - ok

17:14:00.0902 3840 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

17:14:00.0902 3840 WPCSvc - ok

17:14:00.0933 3840 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

17:14:00.0933 3840 WPDBusEnum - ok

17:14:00.0948 3840 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

17:14:00.0948 3840 ws2ifsl - ok

17:14:00.0964 3840 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

17:14:00.0964 3840 wscsvc - ok

17:14:00.0980 3840 WSearch - ok

17:14:01.0026 3840 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

17:14:01.0042 3840 wuauserv - ok

17:14:01.0058 3840 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

17:14:01.0058 3840 WudfPf - ok

17:14:01.0073 3840 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

17:14:01.0073 3840 WUDFRd - ok

17:14:01.0104 3840 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

17:14:01.0104 3840 wudfsvc - ok

17:14:01.0120 3840 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

17:14:01.0120 3840 WwanSvc - ok

17:14:01.0120 3840 ================ Scan global ===============================

17:14:01.0136 3840 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

17:14:01.0167 3840 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

17:14:01.0182 3840 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

17:14:01.0198 3840 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

17:14:01.0214 3840 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

17:14:01.0214 3840 [Global] - ok

17:14:01.0214 3840 ================ Scan MBR ==================================

17:14:01.0214 3840 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2

17:14:01.0307 3840 \Device\Harddisk2\DR2 - ok

17:14:01.0323 3840 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

17:14:01.0323 3840 Suspicious mbr (Forged): \Device\Harddisk0\DR0

17:14:01.0370 3840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

17:14:01.0370 3840 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

17:14:01.0432 3840 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:14:01.0432 3840 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:14:01.0432 3840 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1

17:14:01.0635 3840 \Device\Harddisk1\DR1 - ok

17:14:01.0635 3840 ================ Scan VBR ==================================

17:14:01.0635 3840 [ B1FE8DBABFD3A74283B7D3E455C52A3D ] \Device\Harddisk2\DR2\Partition1

17:14:01.0635 3840 \Device\Harddisk2\DR2\Partition1 - ok

17:14:01.0635 3840 [ 16EFC8C64E0CF222BA05584B82E62A82 ] \Device\Harddisk0\DR0\Partition1

17:14:01.0635 3840 \Device\Harddisk0\DR0\Partition1 - ok

17:14:01.0635 3840 [ 94D9420588193CF908B782161F6A7BFC ] \Device\Harddisk0\DR0\Partition2

17:14:01.0635 3840 \Device\Harddisk0\DR0\Partition2 - ok

17:14:01.0635 3840 [ E69EB3FEE1D4493D8900E2FF4CE2E6A8 ] \Device\Harddisk1\DR1\Partition1

17:14:01.0635 3840 \Device\Harddisk1\DR1\Partition1 - ok

17:14:01.0635 3840 ============================================================

17:14:01.0635 3840 Scan finished

17:14:01.0635 3840 ============================================================

17:14:01.0650 3424 Detected object count: 2

17:14:01.0650 3424 Actual detected object count: 2

17:14:36.0829 3424 \Device\Harddisk0\DR0\# - copied to quarantine

17:14:36.0829 3424 \Device\Harddisk0\DR0 - copied to quarantine

17:14:36.0875 3424 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

17:14:36.0875 3424 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

17:14:36.0875 3424 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

17:14:36.0922 3424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

17:14:36.0922 3424 \Device\Harddisk0\DR0 - ok

17:14:42.0523 3424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

17:14:42.0523 3424 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:14:42.0523 3424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

17:15:16.0843 3820 Deinitialize success

17:16:44.0622 2536 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

17:16:44.0732 2536 ============================================================

17:16:44.0732 2536 Current date / time: 2012/12/02 17:16:44.0732

17:16:44.0732 2536 SystemInfo:

17:16:44.0732 2536

17:16:44.0732 2536 OS Version: 6.1.7601 ServicePack: 1.0

17:16:44.0732 2536 Product type: Workstation

17:16:44.0732 2536 ComputerName: JOE-PC

17:16:44.0732 2536 UserName: Joe

17:16:44.0732 2536 Windows directory: C:\Windows

17:16:44.0732 2536 System windows directory: C:\Windows

17:16:44.0732 2536 Running under WOW64

17:16:44.0732 2536 Processor architecture: Intel x64

17:16:44.0732 2536 Number of processors: 8

17:16:44.0732 2536 Page size: 0x1000

17:16:44.0732 2536 Boot type: Normal boot

17:16:44.0732 2536 ============================================================

17:16:45.0621 2536 BG loaded

17:16:45.0917 2536 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:16:45.0917 2536 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:16:45.0933 2536 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:16:45.0948 2536 ============================================================

17:16:45.0948 2536 \Device\Harddisk2\DR2:

17:16:45.0948 2536 MBR partitions:

17:16:45.0948 2536 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

17:16:45.0948 2536 \Device\Harddisk0\DR0:

17:16:45.0948 2536 MBR partitions:

17:16:45.0948 2536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

17:16:45.0948 2536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800

17:16:45.0948 2536 \Device\Harddisk1\DR1:

17:16:45.0948 2536 MBR partitions:

17:16:45.0948 2536 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1

17:16:45.0948 2536 ============================================================

17:16:45.0995 2536 C: <-> \Device\Harddisk0\DR0\Partition2

17:16:46.0026 2536 E: <-> \Device\Harddisk1\DR1\Partition1

17:16:46.0026 2536 F: <-> \Device\Harddisk2\DR2\Partition1

17:16:46.0026 2536 ============================================================

17:16:46.0026 2536 Initialize success

17:16:46.0026 2536 ============================================================

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.12.02.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Joe :: JOE-PC [administrator]

12/2/2012 5:26:16 PM

mbar-log-2012-12-02 (17-26-16).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 27175

Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.12.02.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Joe :: JOE-PC [administrator]

12/2/2012 5:34:45 PM

mbar-log-2012-12-02 (17-34-45).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 27164

Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites
  • Staff
CatByte

CatByte

Posted
  • Staff
Posted

Please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites
DesertLion

DesertLion

Posted
  • Author
Posted

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.7.4 (12.02.2012:1)

OS: Windows 7 Professional x64

Ran by Joe on Sun 12/02/2012 at 19:21:39.91

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escort.dll"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escortapp.dll"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escorteng.dll"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escortlbr.dll"

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4}

~~~ Files

Successfully deleted: [File] "C:\Users\Joe\appdata\local\funmoods-speeddial.crx"

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Joe\appdata\locallow\minibar"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 12/02/2012 at 19:23:53.91

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.011 - Logfile created 12/02/2012 at 19:27:00

# Updated 02/12/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Joe - JOE-PC

# Boot Mode : Normal

# Running from : C:\Users\Joe\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [2578 octets] - [02/12/2012 19:27:00]

########## EOF - C:\AdwCleaner[s1].txt - [2638 octets] ##########

ESET Results...

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm

C:\TDSSKiller_Quarantine\02.12.2012_17.13.33\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan

C:\TDSSKiller_Quarantine\02.12.2012_17.13.33\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan

C:\TDSSKiller_Quarantine\02.12.2012_17.13.33\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.QM trojan

C:\TDSSKiller_Quarantine\02.12.2012_17.13.33\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan

C:\TDSSKiller_Quarantine\02.12.2012_17.13.33\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan

C:\TDSSKiller_Quarantine\02.12.2012_17.13.33\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm

C:\Users\Joe\AppData\Local\AOL\AIM\update\install.exe Win32/OpenCandy application

F:\Users\Joe\Documents\Installers\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application

F:\Users\Joe\Documents\Installers\WormsArmageddon-dm.exe a variant of Win32/Adware.Trymedia.A application

Link to post
Share on other sites
  • Staff
CatByte

CatByte

Posted
  • Staff
Posted

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')


File::
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip 
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip 
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip 
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip 
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip 
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip 
C:\Users\Joe\AppData\Local\AOL\AIM\update\install.exe 
F:\Users\Joe\Documents\Installers\vlcmediaplayer-setup.exe 
F:\Users\Joe\Documents\Installers\WormsArmageddon-dm.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Please advise how the computer is running and if there are any outstanding issues

Link to post
Share on other sites
DesertLion

DesertLion

Posted
  • Author
Posted

I am in the process of running various malware/virus scans now. I will let you know tomorrow if anything else pops up. Thanks for all of your help Catbyte. I may yet be persuaded that cats are better than dogs.

ComboFix 12-12-01.02 - Joe 12/03/2012 18:33:35.2.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8182.6595 [GMT -6:00]

Running from: c:\users\Joe\Desktop\ComboFix.exe

Command switches used :: c:\users\Joe\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"

"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"

"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"

"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"

"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"

"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"

"c:\users\Joe\AppData\Local\AOL\AIM\update\install.exe"

"f:\users\Joe\Documents\Installers\vlcmediaplayer-setup.exe"

"f:\users\Joe\Documents\Installers\WormsArmageddon-dm.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip

c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip

c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip

c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip

c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip

c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip

c:\users\Joe\AppData\Local\AOL\AIM\update\install.exe

f:\users\Joe\Documents\Installers\vlcmediaplayer-setup.exe

f:\users\Joe\Documents\Installers\WormsArmageddon-dm.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 )))))))))))))))))))))))))))))))

.

.

2012-12-04 00:36 . 2012-12-04 00:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-04 00:23 . 2012-12-04 00:23 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9912CB4-54D9-4ACC-BB50-85CC8C111901}\offreg.dll

2012-12-03 01:35 . 2012-11-19 07:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9912CB4-54D9-4ACC-BB50-85CC8C111901}\mpengine.dll

2012-12-03 01:21 . 2012-12-03 01:21 -------- d-----w- c:\windows\ERUNT

2012-12-03 01:21 . 2012-12-03 01:21 -------- d-----w- C:\JRT

2012-12-02 23:14 . 2012-12-02 23:14 -------- d-----w- C:\TDSSKiller_Quarantine

2012-12-02 04:45 . 2012-12-02 04:45 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes

2012-12-02 04:45 . 2012-12-02 04:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-02 04:45 . 2012-12-02 04:45 -------- d-----w- c:\programdata\Malwarebytes

2012-12-02 04:45 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-02 04:10 . 2012-12-02 04:10 -------- d-----w- c:\program files (x86)\PC Tools

2012-12-02 04:08 . 2012-12-02 04:51 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-12-02 04:08 . 2012-11-01 21:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-12-02 04:08 . 2012-12-02 04:44 -------- d-----w- c:\programdata\PC Tools

2012-12-02 04:08 . 2012-12-02 04:08 -------- d-----w- c:\users\Joe\AppData\Roaming\TestApp

2012-11-19 23:07 . 2012-11-19 23:07 -------- d-----w- c:\programdata\OptiTex

2012-11-17 23:29 . 2012-11-17 23:30 -------- d-----w- c:\users\UpdatusUser

2012-11-17 23:29 . 2012-11-17 23:30 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2012-11-17 23:29 . 2012-12-04 00:12 -------- d-----w- c:\programdata\NVIDIA

2012-11-17 23:29 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-11-17 23:29 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-11-17 23:29 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-11-17 23:29 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-11-17 23:29 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-11-17 23:29 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-11-14 12:10 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 12:10 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 12:10 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-14 12:10 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-14 12:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-14 12:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-14 12:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-14 12:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-14 12:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-14 12:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-14 12:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-14 12:02 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-11-14 12:02 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-11-14 12:02 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-11-14 12:02 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-11-14 12:02 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll

2012-11-14 12:02 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-11-14 12:02 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-11-14 12:02 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-11-14 12:02 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-11-14 12:02 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-11-14 12:02 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-11-14 12:02 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll

2012-11-14 11:56 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-14 11:56 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-14 11:53 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-11-14 11:53 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-11-14 11:53 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-11-14 11:53 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-11-14 11:53 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 23:33 . 2012-11-06 23:33 -------- d-----w- c:\windows\[systemFolder]

2012-11-06 01:56 . 2012-11-06 01:56 -------- d-----w- c:\users\Joe\AppData\Roaming\CocotronLibrary

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-19 14:06 . 2012-08-16 01:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-19 14:06 . 2012-08-16 01:46 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-14 12:06 . 2012-08-16 00:03 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-16 08:38 . 2012-11-28 11:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 11:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 11:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-11 03:23 . 2012-10-11 03:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-10-11 03:23 . 2012-10-11 03:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-10-11 03:23 . 2012-10-11 03:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-10-11 03:23 . 2012-10-11 03:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-10-11 03:23 . 2012-10-11 03:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-10-11 03:23 . 2012-10-11 03:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-10-11 03:23 . 2012-10-11 03:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll

2012-10-11 03:23 . 2012-10-11 03:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll

2012-10-11 03:23 . 2012-10-11 03:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-10-11 03:23 . 2012-10-11 03:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll

2012-10-11 03:23 . 2012-10-11 03:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-10-11 03:23 . 2012-10-11 03:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-10-11 03:23 . 2012-10-11 03:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-10-11 03:22 . 2012-10-11 03:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-10-11 03:22 . 2012-10-11 03:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll

2012-10-11 03:22 . 2012-02-10 03:43 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-10-11 03:22 . 2012-10-11 03:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-10-11 03:22 . 2012-10-11 03:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll

2012-10-11 03:22 . 2012-10-11 03:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-10-11 03:22 . 2012-10-11 03:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-10-11 03:22 . 2012-10-11 03:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-10-02 19:15 . 2012-10-02 19:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-09-14 19:19 . 2012-10-10 10:08 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 10:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Calendarscope"="c:\program files (x86)\Calendarscope\csde.exe" [2012-09-17 2848696]

"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]

"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]

"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]

"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Memeo Backup Premium"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2012-04-14 131072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

R3 USTOR2K;USB Mass Storage Windows Driver;c:\windows\system32\DRIVERS\ustor2k.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-16 1255736]

R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-03-22 25824]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-19 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2012-08-16 22:31]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: comiclife.com

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-18182204.sys

WebBrowser-{A13C2648-91D4-4BF3-BC6D-0079707C4389} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-03 18:37:16

ComboFix-quarantined-files.txt 2012-12-04 00:37

.

Pre-Run: 913,705,095,168 bytes free

Post-Run: 913,320,488,960 bytes free

.

- - End Of File - - 90565DE443915274D1CF697C2A87EE33

Link to post
Share on other sites
  • Staff
CatByte

CatByte

Posted
  • Staff
Posted

please update Adobe Reader and Java, then let me know if there are any outstanding issues

Visit ADOBE and download the latest version of Acrobat Reader (version XI)

Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

javaicon.jpgYour Java is out of date.

Java™ 7 Update 7can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.

An update should begin; > follow the prompts.

Link to post
Share on other sites
  • Staff
CatByte

CatByte

Posted
  • Staff
Posted

We just have some housekeeping to do now,

Please do the following:

You can delete the DDS, TDSSKiller, JRT and aswMBR logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]Download TFC to your desktop

    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an addon available for both Firefox and IE

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    [*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

    [*]Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.