Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser problems [Solved]


  • This topic is locked This topic is locked

#1
Slammer3

Slammer3

    Member

  • Member
  • PipPip
  • 14 posts
My computer has started going really slow and the browser I use keeps not responding and crashing, if someone could help that would be cool

thanks

OTL logfile created on: 05/12/2012 14:11:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 44.01% Memory free
6.20 Gb Paging File | 4.25 Gb Available in Paging File | 68.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 181.52 Gb Free Space | 62.96% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.82% Space Free | Partition Type: NTFS

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/05 14:10:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2012/11/26 21:48:37 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/11/20 06:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/31 11:30:36 | 000,659,672 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/30 22:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/10/23 15:35:40 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/09/29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/31 00:52:22 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/08/31 00:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/08/31 00:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2012/08/16 11:02:00 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/26 21:48:36 | 014,586,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/11/20 06:17:34 | 002,400,224 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/11/14 19:31:49 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\f6525d01b5cfcafeea3997aafc54d5d1\System.Runtime.Remoting.ni.dll
MOD - [2012/11/14 19:31:39 | 015,399,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\6d236c1eaf9edb919ffaf043d9fa8ad7\Kies.Theme.ni.dll
MOD - [2012/11/14 19:31:37 | 000,608,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\bd1a814f94869396f6d7aea02eb1f663\DevicePodcast.ni.dll
MOD - [2012/11/14 19:31:36 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\418990a68ce7a8ab44e51ec72770ff67\DeviceVideo.ni.dll
MOD - [2012/11/14 19:31:35 | 000,367,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\f5b96500b282fade535d4ca2bd9c2be9\DevicePhoto.ni.dll
MOD - [2012/11/14 19:31:35 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\8788e13aea5e29cbde1ffc33fa808f63\DeviceMusic.ni.dll
MOD - [2012/11/14 19:31:34 | 000,461,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\7dcc3651e029ee8c6378b090fc2a3ecd\VideoManager.ni.dll
MOD - [2012/11/14 19:31:33 | 002,778,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\884bd0d4d9710af8a8971e8a48c0b79f\PodcastService.ni.dll
MOD - [2012/11/14 19:31:32 | 001,143,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\4d35b8edd89e1608e40590b51f843bac\Podcaster.ni.dll
MOD - [2012/11/14 19:31:30 | 000,607,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\c3b7ca50050eb90c34dc31d78c015cb4\PhotoManager.ni.dll
MOD - [2012/11/14 19:31:16 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\44102e5350518c74b21625b1b6a0bd38\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2012/11/14 19:31:14 | 005,678,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\f38c7e5abcc8eceb62f7730d7f5edc93\DeviceHost.ni.dll
MOD - [2012/11/14 19:31:05 | 001,843,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\b11ee1ef57568ddc7a4111d4065b6ed1\Phonebook.ni.dll
MOD - [2012/11/14 19:30:59 | 001,007,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\78656724a6060d5137d30fa004444665\CPKTMusicPlugin.ni.dll
MOD - [2012/11/14 19:30:58 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\6819485232a5ecab4d9a34a905cffa94\MusicManager.ni.dll
MOD - [2012/11/14 19:30:54 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\18de04c1267afc503dec6ca840543b89\BATPlugin.ni.dll
MOD - [2012/11/14 19:30:54 | 000,320,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\d180288fdc586fe976a7ad406009dd89\EBookManager.ni.dll
MOD - [2012/11/14 19:30:53 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\afbc078f00e47bc609d5e467431e46b9\AllShareController.ni.dll
MOD - [2012/11/14 19:30:50 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\5b76c59f932a04a6acdffb6aed3f6f37\Kies.Common.StoreManager.ni.dll
MOD - [2012/11/14 19:30:49 | 000,507,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\a1f982432014db710af9cc28ed3ba95c\Kies.Common.MediaDB.ni.dll
MOD - [2012/11/14 19:30:49 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\29c5db2380d390afc22448a5c468b5fa\ASF_cSharpAPI.ni.dll
MOD - [2012/11/14 19:30:48 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\2c1f73c9ef9488b84071d60656a1748e\Kies.Common.AllShare.ni.dll
MOD - [2012/11/14 19:30:47 | 000,278,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\104a2968a216d8fd18e90181cea50bd3\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2012/11/14 19:30:46 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4592779ebd1a9ac87189bafd7a88c311\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2012/11/14 19:30:45 | 000,565,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\356c658d3cecd350e2709bbdefba4dda\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2012/11/14 19:30:45 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\3267a515b2d13f73355077209972bcd8\Interop.DevFileServiceLib.ni.dll
MOD - [2012/11/14 19:30:44 | 000,566,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b8c21330fb913b4e081670abfaa88f8f\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2012/11/14 19:30:42 | 000,902,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\fc3269988a7aecf28fa3e9f6fd3e7378\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2012/11/14 19:30:42 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\34a971e8243908118250babc1840c990\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2012/11/14 19:30:41 | 001,025,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e7e68e10745712b72a562b63dc4b362d\Kies.Common.DeviceService.ni.dll
MOD - [2012/11/14 19:30:37 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7584733b0bfcbe669ea38a81b914a83a\System.Management.ni.dll
MOD - [2012/11/14 19:30:36 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\0c0283e4f6bbc64686a5c0010555e13b\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2012/11/14 19:30:35 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\0611e3b49b51403a06e7068532e8f225\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2012/11/14 19:30:35 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\e99de6d3c53e90efbd718fa5c7fef157\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2012/11/14 19:30:35 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\c79796eca396d62b8b1c57318418e103\Interop.PRPLAYERCORELib.ni.dll
MOD - [2012/11/14 19:30:33 | 002,188,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\6bd8ae2477d810a70726e892e4a85226\Kies.Common.Multimedia.ni.dll
MOD - [2012/11/14 19:30:30 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\a3853f94718a42445e69b2718dc8b9dd\Kies.Common.MainUI.ni.dll
MOD - [2012/11/14 19:30:29 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\c6d0e91a31dd1638c057fe74e7573078\CabLib.ni.dll
MOD - [2012/11/14 19:30:29 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\b0bcf0be53bd15b3215d9834542cb8f3\Kies.Common.DBManager.ni.dll
MOD - [2012/11/14 19:30:28 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0df5a62eccd20e09f9ca2270bedc8240\ICSharpCode.SharpZipLib.ni.dll
MOD - [2012/11/14 19:30:28 | 000,201,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\4ba4dff563183998d07f4a419add0f94\Kies.Common.Util.ni.dll
MOD - [2012/11/14 19:30:27 | 001,437,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\9274e1114d3665421ccc92fe928c241a\Kies.Locale.ni.dll
MOD - [2012/11/14 19:30:27 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\fb239cd9d76c4a053930d938d47567fe\Kies.MVVM.ni.dll
MOD - [2012/11/14 19:30:27 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\65ef9172c6850d65736f9fd642147b94\Interop.DeviceSearchLib.ni.dll
MOD - [2012/11/14 19:30:26 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\c666a972642032c82a77d5bee1e06d6d\Kies.UI.ni.dll
MOD - [2012/11/14 19:30:24 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\b30966f9d0bd49ab0a002b3c04eeb1fe\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2012/11/14 19:30:23 | 001,185,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\1c6d98abe89db45fc82564c41b09167f\Kies.Interface.ni.dll
MOD - [2012/11/14 19:30:12 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\96b48b5a8f540eb1a0d4fac6441a5409\System.ServiceProcess.ni.dll
MOD - [2012/11/14 19:30:01 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b799d9ef9fda37c87235fa88712f0c0e\System.Runtime.Remoting.ni.dll
MOD - [2012/11/14 19:29:53 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\739c5209c3538b3457c2f8f9ad196cbb\System.Xaml.ni.dll
MOD - [2012/11/14 19:29:51 | 001,673,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\844197601c818727faf45faa3324007b\Kies.ni.exe
MOD - [2012/11/14 18:55:31 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\960b6130c64f21d8f5d8d3eb183ae660\PresentationFramework.ni.dll
MOD - [2012/11/14 18:55:17 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6053166746abce42f4c4432e0ec54fc7\PresentationCore.ni.dll
MOD - [2012/11/14 18:55:08 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\947466e2a04c48c43a8b255eb236ba71\WindowsBase.ni.dll
MOD - [2012/11/14 18:55:08 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4a2b56d6031270f0fcf7388e4d787333\PresentationFramework.Aero.ni.dll
MOD - [2012/11/14 18:51:23 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e46c644e0ef0456434b32f3e91b56424\System.Xml.ni.dll
MOD - [2012/11/14 18:51:17 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\86f1e41236b3d404d65db53bd0374d1e\System.Configuration.ni.dll
MOD - [2012/11/14 18:51:13 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9d1f9ff307e93bb9929b2b11661623cb\System.Core.ni.dll
MOD - [2012/11/14 18:51:02 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ff1ceec110e2983a75c2c21f50274ac2\System.Windows.Forms.ni.dll
MOD - [2012/11/14 18:50:41 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\20ce3ca371acfbe996c6a21b5469992d\System.Drawing.ni.dll
MOD - [2012/11/14 18:50:39 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\aaf8a137263c899815f0acff07eb1562\System.ni.dll
MOD - [2012/11/14 18:50:28 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\031abbfbd476fdc0c392160b67f2c662\mscorlib.ni.dll
MOD - [2012/11/10 05:07:13 | 000,115,137 | ---- | M] () -- C:\Users\Chris\AppData\Local\temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
MOD - [2012/08/31 00:52:22 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/10/04 09:22:36 | 003,820,208 | ---- | M] () -- C:\Program Files\ffdshow\libavcodec.dll
MOD - [2008/10/04 09:22:36 | 002,494,464 | ---- | M] () -- C:\Program Files\ffdshow\ffdshow.ax
MOD - [2008/10/04 09:22:36 | 000,508,052 | ---- | M] () -- C:\Program Files\ffdshow\libmplayer.dll
MOD - [2008/10/04 09:22:36 | 000,041,472 | ---- | M] () -- C:\Program Files\ffdshow\ff_liba52.dll


========== Services (SafeList) ==========

SRV - [2012/11/26 21:48:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/20 06:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/30 22:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/10/23 15:35:40 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\gttap1.sys -- (gttap1)
DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 22:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 22:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 22:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 22:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/30 22:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/09/29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/31 10:42:48 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/07/31 10:42:48 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/07/13 10:47:41 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2009/12/10 20:48:26 | 000,043,520 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2009/04/10 21:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/01/21 02:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 07:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 C5 13 BF E4 C7 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.2
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..keyword.URL: "http://uk.search.yah...h?fr=mcafee&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/11/08 01:21:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/16 11:02:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/16 11:02:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/03 20:08:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/23 11:50:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/03 04:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2012/12/04 13:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqjp7xl3.default\extensions
[2012/12/04 13:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqjp7xl3.default\extensions\staged
[2012/11/23 14:57:47 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqjp7xl3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/11/23 12:16:13 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqjp7xl3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/04 13:02:09 | 000,531,070 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqjp7xl3.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/11/23 11:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/05 01:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012/12/05 01:08:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/11/03 20:08:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/11/08 01:21:48 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/11/20 06:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/20 06:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/29 10:01:32 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/11/20 06:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: ScriptNo = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.2_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/10 05:00:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/05 14:10:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/12/05 14:05:01 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Chris\Desktop\dds.com
[2012/11/14 18:39:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/14 18:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/14 18:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/11/14 18:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/11/10 05:03:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2012/11/10 04:58:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/28 14:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/12/05 14:10:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/12/05 14:05:05 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Chris\Desktop\dds.com
[2012/12/05 12:21:45 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/05 12:21:45 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/04 13:47:43 | 000,020,992 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/02 18:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/01 12:27:56 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/01 12:27:56 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/01 12:21:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/01 12:21:41 | 3209,875,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/23 11:50:30 | 000,000,870 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/23 11:50:30 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/14 19:03:45 | 000,001,754 | ---- | M] () -- C:\Users\Chris\Desktop\Update Checker.lnk
[2012/11/14 19:00:53 | 003,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/14 18:36:48 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/10 15:06:16 | 007,577,588 | ---- | M] () -- C:\Users\Chris\Documents\llllllllllllllllllllllllllllllllllll.pdf
[2012/11/10 05:00:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/08 01:18:27 | 003,768,125 | ---- | M] () -- C:\Users\Chris\Documents\ggggggggggof.pdf

========== Files Created - No Company Name ==========

[2012/11/26 21:48:38 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/14 18:36:48 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/10 15:06:16 | 007,577,588 | ---- | C] () -- C:\Users\Chris\Documents\llllllllllllllllllllllllllllllllllll.pdf
[2012/11/08 01:18:27 | 003,768,125 | ---- | C] () -- C:\Users\Chris\Documents\ggggggggggof.pdf
[2012/07/16 14:09:21 | 000,711,240 | ---- | C] () -- C:\Windows\is-L5DGO.exe
[2012/06/03 08:55:32 | 000,020,992 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/04/11 10:10:35 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/18 20:07:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/13 08:10:03 | 000,678,003 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2012/01/13 08:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2012/01/13 07:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/12/28 14:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/12/28 14:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/02/04 13:50:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/04 13:50:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/04 13:19:09 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1472.dll
[2011/02/04 12:24:09 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/30 07:47:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/18 20:07:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leawo
[2012/03/19 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2012/10/14 13:52:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera
[2012/09/12 13:33:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2012/04/10 19:13:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\StreamTorrent
[2012/06/15 23:21:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
[2012/03/18 20:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tiger-k
[2012/07/20 22:59:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
[2012/04/17 09:29:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Wondershare

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
Slammer3

Slammer3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
is rogue killer okay, mcafee site advisor says it is dangerous to download


Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Adobe Reader XI
Mozilla Firefox (17.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
-----------------------------------------------------------------
# AdwCleaner v2.011 - Logfile created 12/07/2012 at 14:26:35
# Updated 02/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Chris - DELL-530
# Boot Mode : Normal
# Running from : C:\Users\Chris\Desktop\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqjp7xl3.default\extensions\staged

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0 (en-US)

Profile name : default
File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqjp7xl3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.10.1652.0

File : C:\Users\Chris\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1140 octets] - [19/10/2012 16:11:13]
AdwCleaner[R2].txt - [1225 octets] - [27/10/2012 13:43:12]
AdwCleaner[R3].txt - [1345 octets] - [01/11/2012 21:31:37]
AdwCleaner[R4].txt - [1465 octets] - [08/11/2012 01:18:59]
AdwCleaner[S1].txt - [1202 octets] - [19/10/2012 16:11:31]
AdwCleaner[S2].txt - [1285 octets] - [27/10/2012 13:43:33]
AdwCleaner[S3].txt - [1405 octets] - [01/11/2012 21:31:50]
AdwCleaner[S4].txt - [1525 octets] - [08/11/2012 01:19:32]
AdwCleaner[S5].txt - [1564 octets] - [07/12/2012 14:26:35]

########## EOF - C:\AdwCleaner[S5].txt - [1624 octets] ##########


------

RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Remove -- Date : 12/07/2012 14:34:16

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] 75cea1566f37ed5202eeca8f75d9ee40
[BSP] f9ca80c0c038cea0eeca3eb48d6e0ec9 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 295243 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12072012_02d1434.txt >>
RKreport[1]_S_12072012_02d1434.txt ; RKreport[2]_D_12072012_02d1434.txt
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
Slammer3

Slammer3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I disabled anti virus but when it rebooted it came back on its own, do i need to run combofix again?
comp seems okay

ComboFix 12-12-04.01 - Chris 07/12/2012 20:31:14.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1646 [GMT 0:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre7\bin\ssv.dll
c:\users\Chris\AppData\Local\temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
c:\users\Chris\AppData\Local\Temp\ppcrlui_3368_2
.
.
((((((((((((((((((((((((( Files Created from 2012-11-07 to 2012-12-07 )))))))))))))))))))))))))))))))
.
.
2012-12-07 20:36 . 2012-12-07 20:39 -------- d-----w- c:\users\Chris\AppData\Local\temp
2012-12-07 20:36 . 2012-12-07 20:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-07 20:36 . 2012-12-07 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-26 21:48 . 2012-11-26 21:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-26 21:48 . 2012-11-26 21:48 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 18:44 . 2012-10-08 08:37 140960 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-11-14 18:44 . 2012-10-08 07:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 18:36 . 2012-11-14 18:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-11-14 18:36 . 2012-11-14 18:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-11-14 18:36 . 2012-11-14 18:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-11-14 18:36 . 2012-11-14 18:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-11-14 18:36 . 2012-11-14 18:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-11-14 18:36 . 2012-11-14 18:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-11-14 18:36 . 2012-11-14 18:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-11-14 18:36 . 2012-11-14 18:36 -------- d-----w- c:\program files\QuickTime
2012-11-14 18:36 . 2012-11-14 18:36 -------- d-----w- c:\programdata\Apple Computer
2012-11-14 03:10 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 03:10 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2012-09-23 23:35 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-09-23 23:33 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-30 22:51 . 2012-09-23 23:33 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-09-23 23:33 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-09-23 23:33 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-09-23 23:33 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-09-23 23:35 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-09-23 23:34 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-30 22:51 . 2012-09-23 23:33 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2012-04-17 11:53 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-09-23 23:33 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-22 22:57 . 2012-10-22 22:57 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-22 22:57 . 2011-12-26 22:04 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-22 22:57 . 2011-12-26 22:00 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-29 18:54 . 2011-12-26 22:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 13:28 . 2012-10-10 12:04 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-05 01:08 . 2012-12-05 01:08 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-31 964024]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-08-16 296096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 21:48]
.
.
------- Supplementary Scan -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqjp7xl3.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-07 20:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\AVAST Software\Avast\afwServ.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\progra~1\mcafee\SITEAD~1\mcsacore.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-12-07 20:43:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-07 20:43
.
Pre-Run: 196,817,788,928 bytes free
Post-Run: 197,196,414,976 bytes free
.
- - End Of File - - CE8E93CBB611C02092AA9DD7AB6C06F2
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#7
Slammer3

Slammer3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
says rootkit found?


10:56:01.0702 1532 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:56:01.0921 1532 ============================================================
10:56:01.0921 1532 Current date / time: 2012/12/08 10:56:01.0921
10:56:01.0921 1532 SystemInfo:
10:56:01.0921 1532
10:56:01.0921 1532 OS Version: 6.0.6002 ServicePack: 2.0
10:56:01.0921 1532 Product type: Workstation
10:56:01.0921 1532 ComputerName: DELL-530
10:56:01.0921 1532 UserName: Chris
10:56:01.0921 1532 Windows directory: C:\Windows
10:56:01.0921 1532 System windows directory: C:\Windows
10:56:01.0921 1532 Processor architecture: Intel x86
10:56:01.0921 1532 Number of processors: 2
10:56:01.0921 1532 Page size: 0x1000
10:56:01.0921 1532 Boot type: Normal boot
10:56:01.0921 1532 ============================================================
10:56:03.0075 1532 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:56:03.0075 1532 ============================================================
10:56:03.0075 1532 \Device\Harddisk0\DR0:
10:56:03.0075 1532 MBR partitions:
10:56:03.0075 1532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x240A5800
10:56:03.0075 1532 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000
10:56:03.0075 1532 ============================================================
10:56:03.0106 1532 C: <-> \Device\Harddisk0\DR0\Partition1
10:56:03.0137 1532 D: <-> \Device\Harddisk0\DR0\Partition2
10:56:03.0137 1532 ============================================================
10:56:03.0137 1532 Initialize success
10:56:03.0137 1532 ============================================================
10:56:04.0276 0996 ============================================================
10:56:04.0276 0996 Scan started
10:56:04.0276 0996 Mode: Manual;
10:56:04.0276 0996 ============================================================
10:56:05.0337 0996 ================ Scan system memory ========================
10:56:05.0337 0996 System memory - ok
10:56:05.0337 0996 ================ Scan services =============================
10:56:05.0446 0996 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
10:56:05.0462 0996 ACPI - ok
10:56:05.0555 0996 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:56:05.0555 0996 AdobeARMservice - ok
10:56:05.0633 0996 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:56:05.0633 0996 AdobeFlashPlayerUpdateSvc - ok
10:56:05.0680 0996 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:56:05.0680 0996 adp94xx - ok
10:56:05.0696 0996 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:56:05.0696 0996 adpahci - ok
10:56:05.0711 0996 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:56:05.0711 0996 adpu160m - ok
10:56:05.0727 0996 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:56:05.0727 0996 adpu320 - ok
10:56:05.0789 0996 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:56:05.0789 0996 AeLookupSvc - ok
10:56:05.0821 0996 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
10:56:05.0821 0996 AFD - ok
10:56:05.0867 0996 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:56:05.0867 0996 agp440 - ok
10:56:05.0883 0996 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:56:05.0883 0996 aic78xx - ok
10:56:05.0899 0996 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
10:56:05.0899 0996 ALG - ok
10:56:05.0914 0996 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
10:56:05.0914 0996 aliide - ok
10:56:05.0930 0996 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:56:05.0930 0996 amdagp - ok
10:56:05.0930 0996 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
10:56:05.0930 0996 amdide - ok
10:56:05.0945 0996 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
10:56:05.0945 0996 AmdK7 - ok
10:56:05.0961 0996 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:56:05.0961 0996 AmdK8 - ok
10:56:05.0992 0996 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
10:56:05.0992 0996 Appinfo - ok
10:56:06.0101 0996 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:56:06.0101 0996 Apple Mobile Device - ok
10:56:06.0148 0996 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
10:56:06.0148 0996 arc - ok
10:56:06.0195 0996 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:56:06.0195 0996 arcsas - ok
10:56:06.0257 0996 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
10:56:06.0257 0996 aswFsBlk - ok
10:56:06.0335 0996 [ CCAFDA4AB7F3738142B3BA7DA311FFB0 ] aswFW C:\Windows\system32\drivers\aswFW.sys
10:56:06.0335 0996 aswFW - ok
10:56:06.0367 0996 [ E2FEE0486D68BF85355D3EDA1A24FF68 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
10:56:06.0367 0996 aswKbd - ok
10:56:06.0413 0996 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
10:56:06.0413 0996 aswMonFlt - ok
10:56:06.0429 0996 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys
10:56:06.0429 0996 aswNdis - ok
10:56:06.0460 0996 [ DCF8B68A3A6217F87CA7FA95F535B47E ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys
10:56:06.0460 0996 aswNdis2 - ok
10:56:06.0476 0996 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
10:56:06.0476 0996 AswRdr - ok
10:56:06.0523 0996 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
10:56:06.0554 0996 aswSnx - ok
10:56:06.0585 0996 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
10:56:06.0585 0996 aswSP - ok
10:56:06.0601 0996 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
10:56:06.0601 0996 aswTdi - ok
10:56:06.0616 0996 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:56:06.0616 0996 AsyncMac - ok
10:56:06.0632 0996 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
10:56:06.0632 0996 atapi - ok
10:56:06.0679 0996 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:56:06.0694 0996 AudioEndpointBuilder - ok
10:56:06.0710 0996 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:56:06.0710 0996 Audiosrv - ok
10:56:06.0757 0996 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:56:06.0757 0996 avast! Antivirus - ok
10:56:06.0772 0996 [ BC0E07A768A0A14C48E3CE1875F2C377 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
10:56:06.0788 0996 avast! Firewall - ok
10:56:06.0835 0996 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
10:56:06.0835 0996 Beep - ok
10:56:06.0866 0996 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
10:56:06.0881 0996 BFE - ok
10:56:06.0928 0996 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
10:56:06.0928 0996 BITS - ok
10:56:06.0944 0996 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:56:06.0959 0996 blbdrive - ok
10:56:06.0975 0996 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:56:06.0975 0996 bowser - ok
10:56:06.0991 0996 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:56:06.0991 0996 BrFiltLo - ok
10:56:07.0006 0996 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:56:07.0006 0996 BrFiltUp - ok
10:56:07.0022 0996 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
10:56:07.0022 0996 Browser - ok
10:56:07.0069 0996 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
10:56:07.0069 0996 Brserid - ok
10:56:07.0069 0996 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:56:07.0069 0996 BrSerWdm - ok
10:56:07.0084 0996 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:56:07.0084 0996 BrUsbMdm - ok
10:56:07.0100 0996 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:56:07.0100 0996 BrUsbSer - ok
10:56:07.0115 0996 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:56:07.0115 0996 BTHMODEM - ok
10:56:07.0147 0996 catchme - ok
10:56:07.0147 0996 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:56:07.0162 0996 cdfs - ok
10:56:07.0178 0996 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:56:07.0178 0996 cdrom - ok
10:56:07.0209 0996 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
10:56:07.0209 0996 CertPropSvc - ok
10:56:07.0240 0996 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
10:56:07.0240 0996 circlass - ok
10:56:07.0256 0996 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
10:56:07.0256 0996 CLFS - ok
10:56:07.0303 0996 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:56:07.0303 0996 clr_optimization_v2.0.50727_32 - ok
10:56:07.0365 0996 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:56:07.0365 0996 clr_optimization_v4.0.30319_32 - ok
10:56:07.0381 0996 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:56:07.0381 0996 cmdide - ok
10:56:07.0381 0996 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:56:07.0396 0996 Compbatt - ok
10:56:07.0396 0996 COMSysApp - ok
10:56:07.0396 0996 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:56:07.0396 0996 crcdisk - ok
10:56:07.0412 0996 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
10:56:07.0412 0996 Crusoe - ok
10:56:07.0459 0996 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:56:07.0474 0996 CryptSvc - ok
10:56:07.0537 0996 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:56:07.0552 0996 DcomLaunch - ok
10:56:07.0568 0996 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:56:07.0568 0996 DfsC - ok
10:56:07.0630 0996 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
10:56:07.0661 0996 DFSR - ok
10:56:07.0708 0996 [ 7BEF2E2159EDB03105BC7A8BABE04726 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
10:56:07.0708 0996 dg_ssudbus - ok
10:56:07.0739 0996 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:56:07.0739 0996 Dhcp - ok
10:56:07.0739 0996 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
10:56:07.0739 0996 disk - ok
10:56:07.0771 0996 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:56:07.0771 0996 Dnscache - ok
10:56:07.0817 0996 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:56:07.0817 0996 dot3svc - ok
10:56:07.0833 0996 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
10:56:07.0833 0996 DPS - ok
10:56:07.0864 0996 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:56:07.0880 0996 drmkaud - ok
10:56:07.0911 0996 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:56:07.0911 0996 DXGKrnl - ok
10:56:07.0958 0996 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
10:56:07.0958 0996 e1express - ok
10:56:07.0973 0996 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
10:56:07.0973 0996 E1G60 - ok
10:56:07.0973 0996 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
10:56:07.0989 0996 EapHost - ok
10:56:08.0020 0996 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
10:56:08.0036 0996 Ecache - ok
10:56:08.0067 0996 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:56:08.0067 0996 ehRecvr - ok
10:56:08.0083 0996 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
10:56:08.0083 0996 ehSched - ok
10:56:08.0098 0996 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
10:56:08.0098 0996 ehstart - ok
10:56:08.0114 0996 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:56:08.0114 0996 elxstor - ok
10:56:08.0129 0996 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:56:08.0129 0996 EMDMgmt - ok
10:56:08.0176 0996 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:56:08.0176 0996 ErrDev - ok
10:56:08.0192 0996 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
10:56:08.0192 0996 EventSystem - ok
10:56:08.0239 0996 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
10:56:08.0239 0996 exfat - ok
10:56:08.0254 0996 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:56:08.0254 0996 fastfat - ok
10:56:08.0270 0996 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:56:08.0270 0996 fdc - ok
10:56:08.0285 0996 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
10:56:08.0301 0996 fdPHost - ok
10:56:08.0332 0996 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
10:56:08.0348 0996 FDResPub - ok
10:56:08.0395 0996 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:56:08.0395 0996 FileInfo - ok
10:56:08.0410 0996 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:56:08.0410 0996 Filetrace - ok
10:56:08.0426 0996 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:56:08.0426 0996 flpydisk - ok
10:56:08.0441 0996 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:56:08.0441 0996 FltMgr - ok
10:56:08.0551 0996 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
10:56:08.0566 0996 FontCache - ok
10:56:08.0660 0996 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:56:08.0691 0996 FontCache3.0.0.0 - ok
10:56:08.0722 0996 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:56:08.0722 0996 Fs_Rec - ok
10:56:08.0738 0996 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:56:08.0738 0996 gagp30kx - ok
10:56:08.0753 0996 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
10:56:08.0769 0996 gpsvc - ok
10:56:08.0769 0996 gttap1 - ok
10:56:08.0831 0996 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:56:08.0831 0996 HdAudAddService - ok
10:56:08.0863 0996 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:56:08.0863 0996 HDAudBus - ok
10:56:08.0878 0996 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:56:08.0878 0996 HidBth - ok
10:56:08.0894 0996 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
10:56:08.0894 0996 HidIr - ok
10:56:08.0909 0996 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
10:56:08.0909 0996 hidserv - ok
10:56:08.0941 0996 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:56:08.0941 0996 HidUsb - ok
10:56:08.0956 0996 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:56:08.0972 0996 hkmsvc - ok
10:56:08.0987 0996 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:56:08.0987 0996 HpCISSs - ok
10:56:09.0003 0996 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:56:09.0019 0996 HTTP - ok
10:56:09.0034 0996 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:56:09.0034 0996 i2omp - ok
10:56:09.0097 0996 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:56:09.0097 0996 i8042prt - ok
10:56:09.0112 0996 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:56:09.0112 0996 iaStorV - ok
10:56:09.0175 0996 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:56:09.0206 0996 idsvc - ok
10:56:09.0284 0996 [ 63C56DAC467EF814B60FF2AA2286C917 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
10:56:09.0299 0996 igfx - ok
10:56:09.0315 0996 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:56:09.0315 0996 iirsp - ok
10:56:09.0331 0996 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
10:56:09.0331 0996 IKEEXT - ok
10:56:09.0346 0996 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
10:56:09.0346 0996 intelide - ok
10:56:09.0377 0996 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:56:09.0377 0996 intelppm - ok
10:56:09.0377 0996 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:56:09.0393 0996 IPBusEnum - ok
10:56:09.0393 0996 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:56:09.0409 0996 IpFilterDriver - ok
10:56:09.0424 0996 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:56:09.0424 0996 iphlpsvc - ok
10:56:09.0424 0996 IpInIp - ok
10:56:09.0440 0996 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:56:09.0487 0996 IPMIDRV - ok
10:56:09.0502 0996 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:56:09.0518 0996 IPNAT - ok
10:56:09.0533 0996 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:56:09.0549 0996 IRENUM - ok
10:56:09.0549 0996 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:56:09.0549 0996 isapnp - ok
10:56:09.0596 0996 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:56:09.0596 0996 iScsiPrt - ok
10:56:09.0611 0996 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:56:09.0611 0996 iteatapi - ok
10:56:09.0658 0996 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:56:09.0658 0996 iteraid - ok
10:56:09.0674 0996 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:56:09.0674 0996 kbdclass - ok
10:56:09.0689 0996 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:56:09.0689 0996 kbdhid - ok
10:56:09.0705 0996 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
10:56:09.0705 0996 KeyIso - ok
10:56:09.0752 0996 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:56:09.0814 0996 KSecDD - ok
10:56:09.0877 0996 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:56:09.0892 0996 KtmRm - ok
10:56:09.0908 0996 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
10:56:09.0923 0996 LanmanServer - ok
10:56:09.0939 0996 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:56:09.0939 0996 LanmanWorkstation - ok
10:56:09.0955 0996 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:56:09.0986 0996 lltdio - ok
10:56:10.0017 0996 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:56:10.0017 0996 lltdsvc - ok
10:56:10.0033 0996 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:56:10.0033 0996 lmhosts - ok
10:56:10.0048 0996 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:56:10.0048 0996 LSI_FC - ok
10:56:10.0048 0996 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:56:10.0048 0996 LSI_SAS - ok
10:56:10.0064 0996 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:56:10.0064 0996 LSI_SCSI - ok
10:56:10.0079 0996 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
10:56:10.0095 0996 luafv - ok
10:56:10.0157 0996 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:56:10.0173 0996 MBAMProtector - ok
10:56:10.0235 0996 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:56:10.0235 0996 MBAMScheduler - ok
10:56:10.0267 0996 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:56:10.0282 0996 MBAMService - ok
10:56:10.0360 0996 [ 2241BA95626E55BE848A455273DDB018 ] McAfee SiteAdvisor Service c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
10:56:10.0360 0996 McAfee SiteAdvisor Service - ok
10:56:10.0376 0996 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:56:10.0376 0996 Mcx2Svc - ok
10:56:10.0407 0996 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
10:56:10.0423 0996 megasas - ok
10:56:10.0469 0996 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
10:56:10.0469 0996 MegaSR - ok
10:56:10.0485 0996 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
10:56:10.0485 0996 MMCSS - ok
10:56:10.0501 0996 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
10:56:10.0501 0996 Modem - ok
10:56:10.0501 0996 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:56:10.0501 0996 monitor - ok
10:56:10.0516 0996 [ E07AFAF733D3004F5DC64AA3A47700B1 ] MOSUMAC C:\Windows\system32\DRIVERS\MOSUMAC.SYS
10:56:10.0516 0996 MOSUMAC - ok
10:56:10.0532 0996 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:56:10.0532 0996 mouclass - ok
10:56:10.0532 0996 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:56:10.0547 0996 mouhid - ok
10:56:10.0547 0996 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:56:10.0547 0996 MountMgr - ok
10:56:10.0610 0996 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:56:10.0610 0996 MozillaMaintenance - ok
10:56:10.0657 0996 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
10:56:10.0657 0996 mpio - ok
10:56:10.0672 0996 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:56:10.0672 0996 mpsdrv - ok
10:56:10.0719 0996 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
10:56:10.0719 0996 MpsSvc - ok
10:56:10.0735 0996 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:56:10.0735 0996 Mraid35x - ok
10:56:10.0735 0996 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:56:10.0750 0996 MRxDAV - ok
10:56:10.0766 0996 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:56:10.0766 0996 mrxsmb - ok
10:56:10.0781 0996 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:56:10.0781 0996 mrxsmb10 - ok
10:56:10.0797 0996 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:56:10.0797 0996 mrxsmb20 - ok
10:56:10.0813 0996 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
10:56:10.0813 0996 msahci - ok
10:56:10.0813 0996 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:56:10.0813 0996 msdsm - ok
10:56:10.0828 0996 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
10:56:10.0828 0996 MSDTC - ok
10:56:10.0875 0996 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:56:10.0875 0996 Msfs - ok
10:56:10.0922 0996 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:56:10.0922 0996 msisadrv - ok
10:56:10.0937 0996 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:56:10.0953 0996 MSiSCSI - ok
10:56:10.0969 0996 msiserver - ok
10:56:11.0031 0996 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:56:11.0031 0996 MSKSSRV - ok
10:56:11.0047 0996 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:56:11.0078 0996 MSPCLOCK - ok
10:56:11.0078 0996 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:56:11.0078 0996 MSPQM - ok
10:56:11.0093 0996 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:56:11.0109 0996 MsRPC - ok
10:56:11.0125 0996 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:56:11.0125 0996 mssmbios - ok
10:56:11.0125 0996 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:56:11.0125 0996 MSTEE - ok
10:56:11.0140 0996 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
10:56:11.0140 0996 Mup - ok
10:56:11.0171 0996 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
10:56:11.0171 0996 napagent - ok
10:56:11.0218 0996 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:56:11.0234 0996 NativeWifiP - ok
10:56:11.0281 0996 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:56:11.0296 0996 NDIS - ok
10:56:11.0296 0996 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:56:11.0312 0996 NdisTapi - ok
10:56:11.0312 0996 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:56:11.0312 0996 Ndisuio - ok
10:56:11.0327 0996 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:56:11.0327 0996 NdisWan - ok
10:56:11.0343 0996 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:56:11.0343 0996 NDProxy - ok
10:56:11.0343 0996 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:56:11.0359 0996 NetBIOS - ok
10:56:11.0374 0996 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:56:11.0374 0996 netbt - ok
10:56:11.0390 0996 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
10:56:11.0390 0996 Netlogon - ok
10:56:11.0405 0996 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
10:56:11.0405 0996 Netman - ok
10:56:11.0437 0996 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
10:56:11.0437 0996 netprofm - ok
10:56:11.0468 0996 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:56:11.0468 0996 NetTcpPortSharing - ok
10:56:11.0483 0996 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:56:11.0483 0996 nfrd960 - ok
10:56:11.0515 0996 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:56:11.0515 0996 NlaSvc - ok
10:56:11.0515 0996 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:56:11.0515 0996 Npfs - ok
10:56:11.0530 0996 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
10:56:11.0530 0996 nsi - ok
10:56:11.0546 0996 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:56:11.0546 0996 nsiproxy - ok
10:56:11.0577 0996 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:56:11.0593 0996 Ntfs - ok
10:56:11.0608 0996 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
10:56:11.0608 0996 ntrigdigi - ok
10:56:11.0624 0996 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
10:56:11.0624 0996 Null - ok
10:56:11.0639 0996 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:56:11.0639 0996 nvraid - ok
10:56:11.0655 0996 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:56:11.0655 0996 nvstor - ok
10:56:11.0671 0996 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:56:11.0671 0996 nv_agp - ok
10:56:11.0671 0996 NwlnkFlt - ok
10:56:11.0686 0996 NwlnkFwd - ok
10:56:11.0717 0996 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:56:11.0717 0996 ohci1394 - ok
10:56:11.0780 0996 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:56:11.0780 0996 ose - ok
10:56:11.0811 0996 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:56:11.0827 0996 p2pimsvc - ok
10:56:11.0842 0996 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
10:56:11.0842 0996 p2psvc - ok
10:56:11.0858 0996 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:56:11.0858 0996 Parport - ok
10:56:11.0889 0996 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:56:11.0889 0996 partmgr - ok
10:56:11.0936 0996 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
10:56:11.0936 0996 Parvdm - ok
10:56:11.0936 0996 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
10:56:11.0951 0996 PcaSvc - ok
10:56:11.0967 0996 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
10:56:11.0967 0996 pci - ok
10:56:12.0014 0996 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
10:56:12.0014 0996 pciide - ok
10:56:12.0029 0996 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:56:12.0029 0996 pcmcia - ok
10:56:12.0092 0996 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
10:56:12.0092 0996 pcouffin - ok
10:56:12.0154 0996 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:56:12.0170 0996 PEAUTH - ok
10:56:12.0217 0996 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
10:56:12.0232 0996 pla - ok
10:56:12.0248 0996 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:56:12.0248 0996 PlugPlay - ok
10:56:12.0263 0996 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:56:12.0279 0996 PNRPAutoReg - ok
10:56:12.0295 0996 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:56:12.0310 0996 PNRPsvc - ok
10:56:12.0326 0996 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:56:12.0341 0996 PolicyAgent - ok
10:56:12.0357 0996 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:56:12.0357 0996 PptpMiniport - ok
10:56:12.0357 0996 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
10:56:12.0357 0996 Processor - ok
10:56:12.0373 0996 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
10:56:12.0373 0996 ProfSvc - ok
10:56:12.0388 0996 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
10:56:12.0388 0996 ProtectedStorage - ok
10:56:12.0404 0996 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:56:12.0404 0996 PSched - ok
10:56:12.0466 0996 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:56:12.0466 0996 ql2300 - ok
10:56:12.0482 0996 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:56:12.0482 0996 ql40xx - ok
10:56:12.0497 0996 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
10:56:12.0497 0996 QWAVE - ok
10:56:12.0513 0996 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:56:12.0529 0996 QWAVEdrv - ok
10:56:12.0529 0996 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:56:12.0529 0996 RasAcd - ok
10:56:12.0529 0996 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
10:56:12.0544 0996 RasAuto - ok
10:56:12.0544 0996 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:56:12.0544 0996 Rasl2tp - ok
10:56:12.0560 0996 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
10:56:12.0560 0996 RasMan - ok
10:56:12.0560 0996 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:56:12.0560 0996 RasPppoe - ok
10:56:12.0575 0996 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:56:12.0575 0996 RasSstp - ok
10:56:12.0591 0996 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:56:12.0591 0996 rdbss - ok
10:56:12.0591 0996 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:56:12.0607 0996 RDPCDD - ok
10:56:12.0622 0996 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:56:12.0622 0996 rdpdr - ok
10:56:12.0622 0996 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:56:12.0622 0996 RDPENCDD - ok
10:56:12.0653 0996 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:56:12.0653 0996 RDPWD - ok
10:56:12.0700 0996 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:56:12.0700 0996 RemoteAccess - ok
10:56:12.0716 0996 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:56:12.0716 0996 RemoteRegistry - ok
10:56:12.0731 0996 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
10:56:12.0731 0996 RpcLocator - ok
10:56:12.0747 0996 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\System32\rpcss.dll
10:56:12.0763 0996 RpcSs - ok
10:56:12.0763 0996 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:56:12.0778 0996 rspndr - ok
10:56:12.0825 0996 [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
10:56:12.0825 0996 RTL8169 - ok
10:56:12.0841 0996 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
10:56:12.0841 0996 SamSs - ok
10:56:12.0856 0996 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:56:12.0856 0996 sbp2port - ok
10:56:12.0872 0996 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:56:12.0887 0996 SCardSvr - ok
10:56:12.0919 0996 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
10:56:12.0919 0996 Schedule - ok
10:56:12.0934 0996 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:56:12.0934 0996 SCPolicySvc - ok
10:56:12.0934 0996 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:56:12.0950 0996 SDRSVC - ok
10:56:12.0965 0996 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:56:12.0965 0996 secdrv - ok
10:56:12.0965 0996 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
10:56:12.0981 0996 seclogon - ok
10:56:12.0981 0996 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
10:56:12.0981 0996 SENS - ok
10:56:12.0997 0996 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:56:12.0997 0996 Serenum - ok
10:56:13.0012 0996 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:56:13.0012 0996 Serial - ok
10:56:13.0028 0996 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:56:13.0028 0996 sermouse - ok
10:56:13.0043 0996 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
10:56:13.0043 0996 SessionEnv - ok
10:56:13.0043 0996 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:56:13.0043 0996 sffdisk - ok
10:56:13.0059 0996 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:56:13.0059 0996 sffp_mmc - ok
10:56:13.0075 0996 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:56:13.0075 0996 sffp_sd - ok
10:56:13.0090 0996 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:56:13.0090 0996 sfloppy - ok
10:56:13.0106 0996 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:56:13.0121 0996 SharedAccess - ok
10:56:13.0121 0996 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:56:13.0137 0996 ShellHWDetection - ok
10:56:13.0153 0996 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:56:13.0153 0996 sisagp - ok
10:56:13.0153 0996 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:56:13.0153 0996 SiSRaid2 - ok
10:56:13.0184 0996 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:56:13.0184 0996 SiSRaid4 - ok
10:56:13.0246 0996 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
10:56:13.0293 0996 slsvc - ok
10:56:13.0340 0996 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:56:13.0355 0996 SLUINotify - ok
10:56:13.0371 0996 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:56:13.0371 0996 Smb - ok
10:56:13.0387 0996 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:56:13.0387 0996 SNMPTRAP - ok
10:56:13.0402 0996 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
10:56:13.0402 0996 spldr - ok
10:56:13.0418 0996 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
10:56:13.0418 0996 Spooler - ok
10:56:13.0433 0996 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:56:13.0449 0996 srv - ok
10:56:13.0465 0996 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:56:13.0480 0996 srv2 - ok
10:56:13.0496 0996 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:56:13.0496 0996 srvnet - ok
10:56:13.0511 0996 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:56:13.0511 0996 SSDPSRV - ok
10:56:13.0574 0996 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:56:13.0574 0996 SstpSvc - ok
10:56:13.0605 0996 [ BCB4E273147AFCAFDFC0DA59AF9E6E25 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
10:56:13.0605 0996 ssudmdm - ok
10:56:13.0621 0996 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
10:56:13.0636 0996 stisvc - ok
10:56:13.0652 0996 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:56:13.0652 0996 swenum - ok
10:56:13.0667 0996 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
10:56:13.0683 0996 swprv - ok
10:56:13.0699 0996 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:56:13.0699 0996 Symc8xx - ok
10:56:13.0714 0996 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:56:13.0730 0996 Sym_hi - ok
10:56:13.0745 0996 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:56:13.0761 0996 Sym_u3 - ok
10:56:13.0823 0996 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
10:56:13.0823 0996 SysMain - ok
10:56:13.0855 0996 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:56:13.0886 0996 TabletInputService - ok
10:56:13.0901 0996 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:56:13.0901 0996 TapiSrv - ok
10:56:13.0917 0996 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
10:56:13.0933 0996 TBS - ok
10:56:13.0964 0996 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:56:13.0964 0996 Tcpip - ok
10:56:13.0995 0996 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:56:14.0011 0996 Tcpip6 - ok
10:56:14.0026 0996 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:56:14.0026 0996 tcpipreg - ok
10:56:14.0042 0996 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:56:14.0042 0996 TDPIPE - ok
10:56:14.0057 0996 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:56:14.0057 0996 TDTCP - ok
10:56:14.0073 0996 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:56:14.0073 0996 tdx - ok
10:56:14.0089 0996 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:56:14.0120 0996 TermDD - ok
10:56:14.0135 0996 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
10:56:14.0135 0996 TermService - ok
10:56:14.0151 0996 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
10:56:14.0151 0996 Themes - ok
10:56:14.0167 0996 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
10:56:14.0182 0996 THREADORDER - ok
10:56:14.0182 0996 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
10:56:14.0198 0996 TrkWks - ok
10:56:14.0245 0996 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:56:14.0245 0996 TrustedInstaller - ok
10:56:14.0260 0996 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:56:14.0260 0996 tssecsrv - ok
10:56:14.0276 0996 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:56:14.0276 0996 tunmp - ok
10:56:14.0291 0996 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:56:14.0291 0996 tunnel - ok
10:56:14.0307 0996 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:56:14.0307 0996 uagp35 - ok
10:56:14.0323 0996 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:56:14.0323 0996 udfs - ok
10:56:14.0338 0996 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:56:14.0338 0996 UI0Detect - ok
10:56:14.0354 0996 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:56:14.0354 0996 uliagpkx - ok
10:56:14.0369 0996 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:56:14.0369 0996 uliahci - ok
10:56:14.0385 0996 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:56:14.0385 0996 UlSata - ok
10:56:14.0401 0996 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:56:14.0401 0996 ulsata2 - ok
10:56:14.0416 0996 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:56:14.0416 0996 umbus - ok
10:56:14.0432 0996 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
10:56:14.0432 0996 upnphost - ok
10:56:14.0447 0996 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
10:56:14.0447 0996 usbccgp - ok
10:56:14.0463 0996 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:56:14.0463 0996 usbcir - ok
10:56:14.0510 0996 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:56:14.0510 0996 usbehci - ok
10:56:14.0525 0996 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:56:14.0541 0996 usbhub - ok
10:56:14.0557 0996 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:56:14.0557 0996 usbohci - ok
10:56:14.0557 0996 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:56:14.0557 0996 usbprint - ok
10:56:14.0572 0996 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:56:14.0572 0996 USBSTOR - ok
10:56:14.0588 0996 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:56:14.0588 0996 usbuhci - ok
10:56:14.0603 0996 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
10:56:14.0603 0996 UxSms - ok
10:56:14.0635 0996 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
10:56:14.0635 0996 vds - ok
10:56:14.0650 0996 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:56:14.0650 0996 vga - ok
10:56:14.0666 0996 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
10:56:14.0666 0996 VgaSave - ok
10:56:14.0681 0996 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:56:14.0681 0996 viaagp - ok
10:56:14.0713 0996 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:56:14.0713 0996 ViaC7 - ok
10:56:14.0713 0996 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
10:56:14.0728 0996 viaide - ok
10:56:14.0744 0996 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:56:14.0744 0996 volmgr - ok
10:56:14.0759 0996 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:56:14.0775 0996 volmgrx - ok
10:56:14.0775 0996 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:56:14.0791 0996 volsnap - ok
10:56:14.0806 0996 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:56:14.0822 0996 vsmraid - ok
10:56:14.0837 0996 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
10:56:14.0837 0996 VSS - ok
10:56:14.0853 0996 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
10:56:14.0869 0996 W32Time - ok
10:56:14.0869 0996 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:56:14.0884 0996 WacomPen - ok
10:56:14.0884 0996 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:56:14.0884 0996 Wanarp - ok
10:56:14.0884 0996 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:56:14.0900 0996 Wanarpv6 - ok
10:56:14.0900 0996 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:56:14.0915 0996 wcncsvc - ok
10:56:14.0915 0996 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:56:14.0931 0996 WcsPlugInService - ok
10:56:14.0931 0996 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
10:56:14.0931 0996 Wd - ok
10:56:14.0947 0996 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:56:14.0962 0996 Wdf01000 - ok
10:56:14.0962 0996 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:56:14.0962 0996 WdiServiceHost - ok
10:56:14.0978 0996 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:56:14.0978 0996 WdiSystemHost - ok
10:56:14.0978 0996 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
10:56:14.0993 0996 WebClient - ok
10:56:14.0993 0996 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:56:15.0009 0996 Wecsvc - ok
10:56:15.0009 0996 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:56:15.0025 0996 wercplsupport - ok
10:56:15.0025 0996 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
10:56:15.0025 0996 WerSvc - ok
10:56:15.0056 0996 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:56:15.0071 0996 WinDefend - ok
10:56:15.0071 0996 WinHttpAutoProxySvc - ok
10:56:15.0103 0996 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:56:15.0118 0996 Winmgmt - ok
10:56:15.0149 0996 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
10:56:15.0181 0996 WinRM - ok
10:56:15.0227 0996 [ 676F4B665BDD8053EAA53AC1695B8074 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
10:56:15.0227 0996 WinUSB - ok
10:56:15.0243 0996 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:56:15.0259 0996 Wlansvc - ok
10:56:15.0337 0996 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:56:15.0383 0996 wlidsvc - ok
10:56:15.0399 0996 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:56:15.0415 0996 WmiAcpi - ok
10:56:15.0415 0996 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:56:15.0415 0996 wmiApSrv - ok
10:56:15.0461 0996 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:56:15.0477 0996 WMPNetworkSvc - ok
10:56:15.0493 0996 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:56:15.0508 0996 WPCSvc - ok
10:56:15.0508 0996 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:56:15.0508 0996 WPDBusEnum - ok
10:56:15.0539 0996 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
10:56:15.0539 0996 WpdUsb - ok
10:56:15.0602 0996 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:56:15.0617 0996 WPFFontCache_v0400 - ok
10:56:15.0617 0996 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:56:15.0617 0996 ws2ifsl - ok
10:56:15.0633 0996 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
10:56:15.0633 0996 wscsvc - ok
10:56:15.0633 0996 WSearch - ok
10:56:15.0711 0996 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
10:56:15.0727 0996 wuauserv - ok
10:56:15.0742 0996 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:56:15.0742 0996 WUDFRd - ok
10:56:15.0758 0996 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:56:15.0758 0996 wudfsvc - ok
10:56:15.0773 0996 ================ Scan global ===============================
10:56:15.0789 0996 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
10:56:15.0805 0996 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
10:56:15.0836 0996 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
10:56:15.0851 0996 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
10:56:15.0867 0996 [Global] - ok
10:56:15.0867 0996 ================ Scan MBR ==================================
10:56:15.0867 0996 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:56:16.0039 0996 \Device\Harddisk0\DR0 - ok
10:56:16.0039 0996 ================ Scan VBR ==================================
10:56:16.0039 0996 [ 3DFD8F055873D9238E5377622DA9FB66 ] \Device\Harddisk0\DR0\Partition1
10:56:16.0039 0996 \Device\Harddisk0\DR0\Partition1 - ok
10:56:16.0070 0996 [ C16041381DB22404C8FC65DDE425FB44 ] \Device\Harddisk0\DR0\Partition2
10:56:16.0070 0996 \Device\Harddisk0\DR0\Partition2 - ok
10:56:16.0070 0996 ============================================================
10:56:16.0070 0996 Scan finished
10:56:16.0070 0996 ============================================================
10:56:16.0085 1756 Detected object count: 0
10:56:16.0085 1756 Actual detected object count: 0


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-08 10:57:37
-----------------------------
10:57:37.570 OS Version: Windows 6.0.6002 Service Pack 2
10:57:37.570 Number of processors: 2 586 0xF0B
10:57:37.586 ComputerName: DELL-530 UserName: Chris
10:57:43.842 Initialize success
10:57:44.653 AVAST engine defs: 12120701
10:57:47.071 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:57:47.086 Disk 0 Vendor: ST3320613AS DE11 Size: 305245MB BusType: 3
10:57:47.102 Disk 0 MBR read successfully
10:57:47.102 Disk 0 MBR scan
10:57:47.102 Disk 0 Windows VISTA default MBR code
10:57:47.118 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 295243 MB offset 2048
10:57:47.149 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 604659712
10:57:47.149 Disk 0 scanning sectors +625139712
10:57:47.211 Disk 0 scanning C:\Windows\system32\drivers
10:58:00.643 Service scanning
10:58:12.546 Modules scanning
10:58:15.198 Disk 0 trace - called modules:
10:58:15.213 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
10:58:15.712 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85405620]
10:58:15.712 3 CLASSPNP.SYS[8afa78b3] -> nt!IofCallDriver -> [0x8538a388]
10:58:15.712 5 acpi.sys[82e926bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d89b98]
10:58:16.555 AVAST engine scan C:\Windows
10:58:17.506 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
10:58:18.848 AVAST engine scan C:\Windows\system32
11:00:25.147 AVAST engine scan C:\Windows\system32\drivers
11:00:34.648 AVAST engine scan C:\Users\Chris
11:03:52.472 AVAST engine scan C:\ProgramData
11:05:04.356 Scan finished successfully
14:32:02.536 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
14:32:02.536 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#9
Slammer3

Slammer3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
what do I do about the rootkit that was found?
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
I think that is a false positive as that is part of combofix
  • 0

Advertisements


#11
Slammer3

Slammer3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 12-12-04.01 - Chris 08/12/2012 21:27:47.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1742 [GMT 0:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris\AppData\Local\temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 21:32 . 2012-12-08 21:34 -------- d-----w- c:\users\Chris\AppData\Local\temp
2012-12-08 21:32 . 2012-12-08 21:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-08 21:32 . 2012-12-08 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-26 21:48 . 2012-11-26 21:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-26 21:48 . 2012-11-26 21:48 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 18:44 . 2012-10-08 08:37 140960 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-11-14 18:44 . 2012-10-08 07:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 18:36 . 2012-11-14 18:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-11-14 18:36 . 2012-11-14 18:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-11-14 18:36 . 2012-11-14 18:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-11-14 18:36 . 2012-11-14 18:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-11-14 18:36 . 2012-11-14 18:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-11-14 18:36 . 2012-11-14 18:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-11-14 18:36 . 2012-11-14 18:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-11-14 18:36 . 2012-11-14 18:36 -------- d-----w- c:\program files\QuickTime
2012-11-14 18:36 . 2012-11-14 18:36 -------- d-----w- c:\programdata\Apple Computer
2012-11-14 03:10 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 03:10 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2012-09-23 23:35 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-09-23 23:33 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-30 22:51 . 2012-09-23 23:33 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-09-23 23:33 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-09-23 23:33 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-09-23 23:33 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-09-23 23:35 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-09-23 23:34 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-30 22:51 . 2012-09-23 23:33 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2012-04-17 11:53 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-09-23 23:33 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-22 22:57 . 2012-10-22 22:57 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-22 22:57 . 2011-12-26 22:04 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-22 22:57 . 2011-12-26 22:00 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-29 18:54 . 2011-12-26 22:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 13:28 . 2012-10-10 12:04 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-05 01:08 . 2012-12-05 01:08 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-31 964024]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-08-16 296096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 21:48]
.
.
------- Supplementary Scan -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqjp7xl3.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-08 21:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\AVAST Software\Avast\afwServ.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\progra~1\mcafee\SITEAD~1\mcsacore.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-12-08 21:37:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-08 21:37
ComboFix2.txt 2012-12-07 20:43
.
Pre-Run: 197,161,553,920 bytes free
Post-Run: 197,099,610,112 bytes free
.
- - End Of File - - F56E5B8D0B77525089BF24D3174668FE
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Slammer3

I would like to know How are things running at this time


gringo
  • 0

#13
Slammer3

Slammer3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
it seems okay
I remember being told a few months ago to run aswmbr and nothing showed no infection, is there any way of finding out for real if its a rootkit? I just scanned again and its still there which worries me
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


I think we are finished with combofix for now so go ahead and just delete


besides being worried about that one file how is the computer doing?



gringo
  • 0

#15
Slammer3

Slammer3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
it seems okay
I deleted combofix and then ran aswmbr but still found the rootkit as before

Edited by Slammer3, 08 December 2012 - 05:13 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP