1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Audio ads in background+ google redirect issues

Discussion in 'Virus & Other Malware Removal' started by Hobochili, Nov 29, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Hobochili

    Hobochili Thread Starter

    Joined:
    Nov 29, 2012
    Messages:
    11
    Hello! I'm attempting to fix my fathers home computer. It has been playing audio advertisements even when browser windows are closed, and google will randomly reroute search requests to advertisements. I do not know when these problems began, so I hope that doesn't hurt our efforts to solve these issues. Thanks! Here are the log files the sticky post said to include. Daemon tools was uninstalled after running hijackthis and dds, once I had read that it should be gone before running gmer.

    Thank you,
    Hobochili

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:24:23 AM, on 11/29/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16455)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Registry Mechanic\regmech.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Drale\Desktop\compcleaner\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\rmtray.exe /H
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [INCAInternet] rundll32.exe C:\Users\Drale\AppData\Local\INCAInternet\kkrjrdfg.dll,vlc_entry__1_0_0e
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe -update plugin (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe -update plugin (User 'Default user')
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {7CBE9DF6-6A02-4DD7-97D8-F8BEFC6B3E0E} - http://www.epicweapons.com/g2g/G2GVista_ps.exe
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\Windows\reset.exe (file missing)
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c935c0926567d0) (gupdate1c935c0926567d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 8659 bytes

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
    Run by Drale at 11:20:28 on 2012-11-29
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1293 [GMT -5:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Windows\system32\iashost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Registry Mechanic\regmech.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uProxyOverride = <local>;*.local;127.0.0.1:9421;
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
    BHO: ooVoo Toolbar: {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - c:\program files\oovootb\oovoodx.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: ooVoo Toolbar: {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - c:\program files\oovootb\oovoodx.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [RegistryMechanic] c:\program files\registry mechanic\rmtray.exe /H
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [INCAInternet] rundll32.exe c:\users\drale\appdata\local\incainternet\kkrjrdfg.dll,vlc_entry__1_0_0e
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_Plugin.exe -update plugin
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {7CBE9DF6-6A02-4DD7-97D8-F8BEFC6B3E0E} - hxxp://www.epicweapons.com/g2g/G2GVista_ps.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    TCP: Interfaces\{D8051E70-CDEB-409D-8CEB-2DA65541812B} : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\drale\appdata\roaming\mozilla\firefox\profiles\d2a6x7zm.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keywords=
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: !HIDDEN! 2009-12-26 23:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-13 218688]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-30 21504]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-11-19 1435568]
    R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
    R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
    S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe /s --> c:\windows\reset.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c935c0926567d0;Google Update Service (gupdate1c935c0926567d0);c:\program files\google\update\GoogleUpdate.exe [2008-10-24 133104]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [2008-12-27 611584]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-11-2 27192]
    S3 WMP110;Linksys WMP110 RangePlus Wireless PCI Adapter Service;c:\windows\system32\drivers\WMP110.sys [2011-6-26 758784]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-11-29 15:07:21 39184 ----a-w- c:\windows\system32\Partizan.exe
    2012-11-29 15:07:21 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
    2012-11-29 15:05:07 -------- d-----w- c:\programdata\RegRun
    2012-11-29 14:59:18 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-11-29 14:45:32 2 --shatr- c:\windows\winstart.bat
    2012-11-29 14:45:25 -------- d-----w- c:\program files\Greatis
    2012-11-28 23:24:54 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4d06d380-a072-44cb-82af-99c1ffb34446}\mpengine.dll
    2012-11-28 23:19:48 623616 ----a-w- c:\windows\system32\localspl.dll
    2012-11-28 23:19:44 75776 ----a-w- c:\windows\system32\synceng.dll
    2012-11-28 23:19:39 985088 ----a-w- c:\windows\system32\crypt32.dll
    2012-11-28 23:19:39 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-11-28 23:19:39 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-11-28 23:19:29 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-11-28 23:19:25 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-28 23:19:07 6812136 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
    2012-11-28 23:18:56 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-11-28 23:18:54 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-11-28 23:18:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-11-28 23:11:09 -------- d-----w- c:\users\drale\appdata\local\temp
    2012-11-28 16:26:47 -------- d-----w- c:\program files\CCleaner
    2012-11-26 07:24:31 -------- d-----w- c:\users\drale\appdata\local\Sun
    2012-11-26 05:39:01 -------- d-----w- c:\program files\ESET
    2012-11-24 18:55:21 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-11-21 05:34:52 -------- d-----w- c:\users\drale\appdata\local\INCAInternet
    2012-11-16 15:37:21 -------- d-----w- c:\users\drale\appdata\roaming\MoreTerra
    2012-11-09 02:45:41 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2012-11-09 02:45:41 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
    2012-11-09 02:45:41 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
    2012-11-09 02:45:41 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2012-11-09 02:45:40 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
    2012-11-09 02:45:37 -------- d-----w- c:\program files\Microsoft XNA
    .
    ==================== Find3M ====================
    .
    2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-31 18:13:24 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-08-31 18:13:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-08-31 18:13:23 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-31 17:56:33 279552 ----a-w- c:\windows\system32\services.exe
    .
    ============= FINISH: 11:20:48.49 ===============

    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/29/2008 11:32:20 AM
    System Uptime: 11/29/2012 10:08:13 AM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M2A-VM
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ | Socket AM2 | 1800/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 290 GiB total, 66.772 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 4.618 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Linksys WMP110 RangePlus Wireless PCI Adapter
    Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&C9A676E&0&28A4
    Manufacturer: Linksys, A Division of Cisco Systems, Inc.
    Name: Linksys WMP110 RangePlus Wireless PCI Adapter
    PNP Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&C9A676E&0&28A4
    Service: WMP110
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    AC3Filter (remove only)
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader X (10.1.4)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression 4
    Auto Macro Recorder V5.81 (Pro V5.2) Trial Version
    Bonjour
    Brawl Busters
    CCleaner
    Connect
    DAEMON Tools Lite
    Decoder
    Diskeeper 2008 Pro Premier
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    Download Updater (AOL LLC)
    EAX(tm) Unified (SHELL)
    eMusic Download Manager 4.1.3.1
    ESET Online Scanner v3
    Fallout 3 - Game of the Year Edition
    Fallout: New Vegas
    Fantapper Updater
    GIMP 2.6.11
    Google Chrome
    Google Update Helper
    Guild Wars
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iTunes
    Java 7 Update 7
    Java Auto Updater
    JavaFX 2.1.1
    JDownloader 0.9
    kuler
    League of Legends
    LiveUpdate 3.3 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 4.0
    MobileMe Control Panel
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Security Scan
    nProtect OnlineScanner
    OpenOffice.org Installer 1.0
    Pando Media Booster
    PDF Settings CS4
    Photoshop Camera Raw
    PowerISO
    ProjectWhois
    Python 2.7.1
    QuickTime
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    Registry Mechanic 8.0
    RegRun Reanimator
    Revo Uninstaller Pro 2.5.5
    Rosetta Stone Version 3
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Skype Click to Call
    Skype™ 5.10
    SPORE™
    Starcraft
    Steam
    Suite Shared Configuration CS4
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VC80CRTRedist - 8.0.50727.6195
    Ventrilo Client
    VLC media player 1.1.8
    WBFS Manager 4.0
    WinAce Archiver
    Windows Live installer
    Windows Live Messenger
    Windows Live Photo Gallery
    WinRAR 4.01 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/29/2012 9:57:50 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    11/29/2012 9:53:21 AM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s).
    11/29/2012 9:47:33 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    11/29/2012 9:47:08 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.
    11/29/2012 9:46:38 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    11/29/2012 3:01:55 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).
    11/29/2012 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
    11/29/2012 10:10:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt iuyqcek nkrnww
    11/29/2012 10:10:15 AM, Error: Service Control Manager [7000] - The Eset Trial Reset service failed to start due to the following error: The system cannot find the file specified.
    11/28/2012 6:04:01 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    11/28/2012 5:54:02 PM, Error: Service Control Manager [7034] - The Fantapper Player Update Service service terminated unexpectedly. It has done this 1 time(s).
    11/28/2012 4:39:36 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
    11/27/2012 12:04:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
    11/27/2012 11:53:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr i8042prt iuyqcek nkrnww SCDEmu spldr ssmdrv Wanarpv6
    11/27/2012 11:53:22 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/27/2012 11:52:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/27/2012 11:52:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    11/27/2012 11:52:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/27/2012 11:52:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/27/2012 11:51:56 AM, Error: EventLog [6008] - The previous system shutdown at 11:50:27 AM on 11/27/2012 was unexpected.
    11/27/2012 11:48:27 AM, Error: EventLog [6008] - The previous system shutdown at 11:46:22 AM on 11/27/2012 was unexpected.
    11/26/2012 9:43:27 PM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
    11/26/2012 9:43:16 PM, Error: Service Control Manager [7034] - The LiveUpdate Notice Service service terminated unexpectedly. It has done this 1 time(s).
    11/26/2012 9:30:55 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001A92772DC5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    11/25/2012 11:57:58 PM, Error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
    11/25/2012 11:57:29 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/25/2012 11:57:23 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/24/2012 1:55:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
    11/24/2012 1:55:31 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/24/2012 1:55:30 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    11/22/2012 8:55:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RemoteAccess service.
    .
    ==== End Of File ===========================

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-11-29 15:23:20
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320620AS rev.3.AAK
    Running: rsnxvmlb.exe; Driver: C:\Users\Drale\AppData\Local\Temp\kwloapod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FC0F000, 0x205494, 0xE8000020]
    .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA38EB300, 0x3AF78, 0xE8000020]
    .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA392E300, 0x1BCE, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] kernel32.dll!GetFileAttributesExW 76629C55 6 Bytes PUSH 0354E554; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] kernel32.dll!LockResource 76656AFF 6 Bytes PUSH 0354CEC4; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] kernel32.dll!LoadResource 76656CFB 6 Bytes PUSH 0354B834; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] kernel32.dll!SizeofResource 766581DF 6 Bytes PUSH 0354C37C; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] kernel32.dll!CreateFileW 7665B0EB 6 Bytes PUSH 0354F09C; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] kernel32.dll!GetFileAttributesW 7665D4A1 6 Bytes PUSH 0354DA0C; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] WS2_32.dll!WSASend 76A04496 6 Bytes PUSH 0354930C; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] WS2_32.dll!send 76A0659B 6 Bytes PUSH 035487C4; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtCreateFile + 6 76FF424A 4 Bytes [28, 34, 36, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtCreateFile + B 76FF424F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtMapViewOfSection + 6 76FF499A 4 Bytes [28, 37, 36, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtMapViewOfSection + B 76FF499F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenFile + 6 76FF4A2A 4 Bytes [68, 34, 36, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenFile + B 76FF4A2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcess + 6 76FF4AAA 4 Bytes [A8, 35, 36, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcess + B 76FF4AAF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessToken + 6 76FF4ABA 4 Bytes CALL 75FF80F4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessToken + B 76FF4ABF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessTokenEx + 6 76FF4ACA 4 Bytes [A8, 36, 36, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessTokenEx + B 76FF4ACF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThread + 6 76FF4B1A 4 Bytes [68, 35, 36, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThread + B 76FF4B1F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadToken + 6 76FF4B2A 4 Bytes [68, 36, 36, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadToken + B 76FF4B2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadTokenEx + 6 76FF4B3A 4 Bytes CALL 75FF8175 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadTokenEx + B 76FF4B3F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryAttributesFile + 6 76FF4BCA 4 Bytes [A8, 34, 36, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryAttributesFile + B 76FF4BCF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryFullAttributesFile + 6 76FF4C7A 4 Bytes CALL 75FF82B3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryFullAttributesFile + B 76FF4C7F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationFile + 6 76FF515A 4 Bytes [28, 35, 36, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationFile + B 76FF515F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationThread + 6 76FF51AA 4 Bytes [28, 36, 36, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationThread + B 76FF51AF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtUnmapViewOfSection + 6 76FF544A 4 Bytes [68, 37, 36, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtUnmapViewOfSection + B 76FF544F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2500] kernel32.dll!GetFileAttributesExW 76629C55 6 Bytes PUSH 0302E554; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2500] kernel32.dll!LockResource 76656AFF 6 Bytes PUSH 0302CEC4; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2500] kernel32.dll!LoadResource 76656CFB 6 Bytes PUSH 0302B834; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2500] kernel32.dll!SizeofResource 766581DF 6 Bytes PUSH 0302C37C; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2500] kernel32.dll!CreateFileW 7665B0EB 6 Bytes PUSH 0302F09C; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2500] kernel32.dll!GetFileAttributesW 7665D4A1 6 Bytes PUSH 0302DA0C; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2500] ws2_32.dll!WSASend 76A04496 6 Bytes PUSH 0302930C; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2500] ws2_32.dll!send 76A0659B 6 Bytes PUSH 030287C4; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtCreateFile + 6 76FF424A 4 Bytes [28, 88, 04, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtCreateFile + B 76FF424F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtMapViewOfSection + 6 76FF499A 4 Bytes [28, 8B, 04, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtMapViewOfSection + B 76FF499F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenFile + 6 76FF4A2A 4 Bytes [68, 88, 04, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenFile + B 76FF4A2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcess + 6 76FF4AAA 4 Bytes [A8, 89, 04, 01] {TEST AL, 0x89; ADD AL, 0x1}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcess + B 76FF4AAF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessToken + 6 76FF4ABA 4 Bytes CALL 76004F48 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessToken + B 76FF4ABF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessTokenEx + 6 76FF4ACA 4 Bytes [A8, 8A, 04, 01] {TEST AL, 0x8a; ADD AL, 0x1}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessTokenEx + B 76FF4ACF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThread + 6 76FF4B1A 4 Bytes [68, 89, 04, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThread + B 76FF4B1F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadToken + 6 76FF4B2A 4 Bytes [68, 8A, 04, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadToken + B 76FF4B2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadTokenEx + 6 76FF4B3A 4 Bytes CALL 76004FC9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadTokenEx + B 76FF4B3F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryAttributesFile + 6 76FF4BCA 4 Bytes [A8, 88, 04, 01] {TEST AL, 0x88; ADD AL, 0x1}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryAttributesFile + B 76FF4BCF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryFullAttributesFile + 6 76FF4C7A 4 Bytes CALL 76005107 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryFullAttributesFile + B 76FF4C7F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationFile + 6 76FF515A 4 Bytes [28, 89, 04, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationFile + B 76FF515F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationThread + 6 76FF51AA 4 Bytes [28, 8A, 04, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationThread + B 76FF51AF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtUnmapViewOfSection + 6 76FF544A 4 Bytes [68, 8B, 04, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtUnmapViewOfSection + B 76FF544F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtCreateFile + 6 76FF424A 4 Bytes [28, CC, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtCreateFile + B 76FF424F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtMapViewOfSection + 6 76FF499A 4 Bytes [28, CF, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtMapViewOfSection + B 76FF499F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenFile + 6 76FF4A2A 4 Bytes [68, CC, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenFile + B 76FF4A2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcess + 6 76FF4AAA 4 Bytes [A8, CD, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcess + B 76FF4AAF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcessToken + 6 76FF4ABA 4 Bytes CALL 7600398C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcessToken + B 76FF4ABF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcessTokenEx + 6 76FF4ACA 4 Bytes [A8, CE, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcessTokenEx + B 76FF4ACF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThread + 6 76FF4B1A 4 Bytes [68, CD, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThread + B 76FF4B1F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThreadToken + 6 76FF4B2A 4 Bytes [68, CE, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThreadToken + B 76FF4B2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThreadTokenEx + 6 76FF4B3A 4 Bytes CALL 76003A0D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThreadTokenEx + B 76FF4B3F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtQueryAttributesFile + 6 76FF4BCA 4 Bytes [A8, CC, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtQueryAttributesFile + B 76FF4BCF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtQueryFullAttributesFile + 6 76FF4C7A 4 Bytes CALL 76003B4B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtQueryFullAttributesFile + B 76FF4C7F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationFile + 6 76FF515A 4 Bytes [28, CD, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationFile + B 76FF515F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationThread + 6 76FF51AA 4 Bytes [28, CE, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationThread + B 76FF51AF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtUnmapViewOfSection + 6 76FF544A 4 Bytes [68, CF, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtUnmapViewOfSection + B 76FF544F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] kernel32.dll!GetFileAttributesExW 76629C55 6 Bytes PUSH 03DBE554; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] kernel32.dll!LockResource 76656AFF 6 Bytes PUSH 03DBCEC4; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] kernel32.dll!LoadResource 76656CFB 6 Bytes PUSH 03DBB834; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] kernel32.dll!SizeofResource 766581DF 6 Bytes PUSH 03DBC37C; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] kernel32.dll!CreateFileW 7665B0EB 6 Bytes PUSH 03DBF09C; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] kernel32.dll!GetFileAttributesW 7665D4A1 6 Bytes PUSH 03DBDA0C; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ws2_32.dll!WSASend 76A04496 6 Bytes PUSH 03DB930C; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ws2_32.dll!send 76A0659B 6 Bytes PUSH 03DB87C4; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtCreateFile + 6 76FF424A 4 Bytes [28, 14, FC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtCreateFile + B 76FF424F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtMapViewOfSection + 6 76FF499A 4 Bytes [28, 17, FC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtMapViewOfSection + B 76FF499F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenFile + 6 76FF4A2A 4 Bytes [68, 14, FC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenFile + B 76FF4A2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcess + 6 76FF4AAA 4 Bytes [A8, 15, FC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcess + B 76FF4AAF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessToken + 6 76FF4ABA 4 Bytes CALL 760046D4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessToken + B 76FF4ABF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessTokenEx + 6 76FF4ACA 4 Bytes [A8, 16, FC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessTokenEx + B 76FF4ACF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThread + 6 76FF4B1A 4 Bytes [68, 15, FC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThread + B 76FF4B1F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadToken + 6 76FF4B2A 4 Bytes [68, 16, FC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadToken + B 76FF4B2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadTokenEx + 6 76FF4B3A 4 Bytes CALL 76004755 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadTokenEx + B 76FF4B3F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryAttributesFile + 6 76FF4BCA 4 Bytes [A8, 14, FC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryAttributesFile + B 76FF4BCF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryFullAttributesFile + 6 76FF4C7A 4 Bytes CALL 76004893 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryFullAttributesFile + B 76FF4C7F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationFile + 6 76FF515A 4 Bytes [28, 15, FC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationFile + B 76FF515F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationThread + 6 76FF51AA 4 Bytes [28, 16, FC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationThread + B 76FF51AF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + 6 76FF544A 4 Bytes [68, 17, FC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + B 76FF544F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtCreateFile + 6 76FF424A 4 Bytes [28, 60, D5, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtCreateFile + B 76FF424F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtMapViewOfSection + 6 76FF499A 4 Bytes [28, 63, D5, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtMapViewOfSection + B 76FF499F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenFile + 6 76FF4A2A 4 Bytes [68, 60, D5, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenFile + B 76FF4A2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcess + 6 76FF4AAA 4 Bytes [A8, 61, D5, 00] {TEST AL, 0x61; AAD 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcess + B 76FF4AAF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcessToken + 6 76FF4ABA 4 Bytes CALL 76002020 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcessToken + B 76FF4ABF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcessTokenEx + 6 76FF4ACA 4 Bytes [A8, 62, D5, 00] {TEST AL, 0x62; AAD 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcessTokenEx + B 76FF4ACF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThread + 6 76FF4B1A 4 Bytes [68, 61, D5, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThread + B 76FF4B1F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThreadToken + 6 76FF4B2A 4 Bytes [68, 62, D5, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThreadToken + B 76FF4B2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThreadTokenEx + 6 76FF4B3A 4 Bytes CALL 760020A1 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThreadTokenEx + B 76FF4B3F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtQueryAttributesFile + 6 76FF4BCA 4 Bytes [A8, 60, D5, 00] {TEST AL, 0x60; AAD 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtQueryAttributesFile + B 76FF4BCF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtQueryFullAttributesFile + 6 76FF4C7A 4 Bytes CALL 760021DF C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtQueryFullAttributesFile + B 76FF4C7F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtSetInformationFile + 6 76FF515A 4 Bytes [28, 61, D5, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtSetInformationFile + B 76FF515F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtSetInformationThread + 6 76FF51AA 4 Bytes [28, 62, D5, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtSetInformationThread + B 76FF51AF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtUnmapViewOfSection + 6 76FF544A 4 Bytes [68, 63, D5, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtUnmapViewOfSection + B 76FF544F 1 Byte [E2]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3708] ntdll.dll!LdrLoadDll 76FB9378 5 Bytes JMP 5C785B00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3708] kernel32.dll!HeapSetInformation + 26 7663A8C0 7 Bytes JMP 5C78EF12 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3708] kernel32.dll!LockResource + C 76656B0B 7 Bytes JMP 5C9C7B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3708] kernel32.dll!VirtualAllocEx + 54 7665AF70 7 Bytes JMP 5C9C7B58 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3708] USER32.dll!CreateWindowExW 76F01305 6 Bytes PUSH 02C5C20C; RET
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3708] USER32.dll!GetWindowInfo 76F0428E 5 Bytes JMP 5C8EBBA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3708] GDI32.dll!SetStretchBltMode + 256 769B745C 7 Bytes JMP 5C9C7AB6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3708] WS2_32.dll!WSASend 76A04496 6 Bytes PUSH 02C5930C; RET
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3708] WS2_32.dll!send 76A0659B 6 Bytes PUSH 02C587C4; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtCreateFile + 6 76FF424A 4 Bytes [28, 08, 8C, 00] {SUB [EAX], CL; MOV WORD [EAX], ES}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtCreateFile + B 76FF424F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtMapViewOfSection + 6 76FF499A 4 Bytes [28, 0B, 8C, 00] {SUB [EBX], CL; MOV WORD [EAX], ES}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtMapViewOfSection + B 76FF499F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtOpenFile + 6 76FF4A2A 4 Bytes [68, 08, 8C, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtOpenFile + B 76FF4A2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtOpenProcess + 6 76FF4AAA 4 Bytes [A8, 09, 8C, 00] {TEST AL, 0x9; MOV WORD [EAX], ES}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtOpenProcess + B 76FF4AAF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtOpenProcessToken + 6 76FF4ABA 4 Bytes CALL 75FFD6C8 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtOpenProcessToken + B 76FF4ABF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtOpenProcessTokenEx + 6 76FF4ACA 4 Bytes [A8, 0A, 8C, 00] {TEST AL, 0xa; MOV WORD [EAX], ES}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtOpenProcessTokenEx + B 76FF4ACF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtOpenThread + 6 76FF4B1A 4 Bytes [68, 09, 8C, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtOpenThread + B 76FF4B1F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtOpenThreadToken + 6 76FF4B2A 4 Bytes [68, 0A, 8C, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtOpenThreadToken + B 76FF4B2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtOpenThreadTokenEx + 6 76FF4B3A 4 Bytes CALL 75FFD749 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtOpenThreadTokenEx + B 76FF4B3F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtQueryAttributesFile + 6 76FF4BCA 4 Bytes [A8, 08, 8C, 00] {TEST AL, 0x8; MOV WORD [EAX], ES}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtQueryAttributesFile + B 76FF4BCF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtQueryFullAttributesFile + 6 76FF4C7A 4 Bytes CALL 75FFD887 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtQueryFullAttributesFile + B 76FF4C7F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtSetInformationFile + 6 76FF515A 4 Bytes [28, 09, 8C, 00] {SUB [ECX], CL; MOV WORD [EAX], ES}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtSetInformationFile + B 76FF515F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtSetInformationThread + 6 76FF51AA 4 Bytes [28, 0A, 8C, 00] {SUB [EDX], CL; MOV WORD [EAX], ES}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtSetInformationThread + B 76FF51AF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtUnmapViewOfSection + 6 76FF544A 4 Bytes [68, 0B, 8C, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3740] ntdll.dll!NtUnmapViewOfSection + B 76FF544F 1 Byte [E2]
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4556] USER32.dll!SetMenuItemBitmaps + 71 76F114EE 7 Bytes JMP 5C8E4BB1 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1708] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00380010
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00F2BD30
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00F2B810
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00F2A970
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00F2C2B0
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 00F29930
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00F292E0
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00F29660
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00F2A7D0
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00F2AE90
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00F2AC20
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00F2AE10
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00F2B2F0
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00F2B000
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 00F2AB20
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00F2AD60
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00F2A910
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 00F2A790
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 00F2BD50
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00F297E0
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00F2BA70
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00F2B990
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00F2B950
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00F2A010
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00F29180
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00F2AA10
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00F29100
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00F29370
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00F27EA0
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 00F2A360
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 00F2BD20
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 00F2BFF0
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 00F2BF90
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00F2C1E0
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00F2C280
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 00F2C0B0
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00F2BCA0
    IAT C:\Program Files\Registry Mechanic\regmech.exe[2488] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00F2BC50
    IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3012] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01060010
    IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3152] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00EF0010
    IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3604] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00FE0010
    IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3624] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00D60010
    IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3740] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 008E0010

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  2. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi, my name is Mark and I will be helping you.

    IMPORTANT: Please take the time to read this first.
    For the benefit of others that are waiting for help please try to respond as fast as you can and make sure you read all of the instructions I will be giving you to follow. Time spent waiting for replies or having to repeat questions keeps other people waiting in the queue for help.

    I am in Spain at GMT+1 hour, I check my emails several times a day so will usually reply to your responses within a few hours or less unless it is night time here. During the evening here I will usually reply within minutes. Please try to do the same for a swift clean up. Some Malware needs to be dealt with quickly or it will multiply and become deeply embedded in your system and more difficult to find and remove, so quick replies will have more than one benefit.

    Keep in mind that I cannot see your PC, so please give as much detail as possible if something goes wrong or you receive any error messages.

    Malware can be unpredictable and often time consuming to remove, on rare occasions something can go awry and your system may need to have Windows re-installed. Please make sure before we start that you have copies of all your important data saved to an external hard drive or CD/DVD's. Please make sure you disconnect any external hard drives and/or Flash drives during the clean up.

    If you have run any scans that found an infection please let me know.

    DO NOT run any scans or make any changes that I have not asked you to do as this can cause misleading results and make my job much harder in trying to help you. Please also uninstall any file sharing software i.e. uTorrent, BitTorrent, etc, if you insist on keeping it do not use it until we are finished. Use of file sharing software is one of the easiest ways to get your PC infected.

    If I get no reply from you for two days I will mark the thread as Solved and move on to helping someone else. If you know you will be unable to reply for any length of time please let me know in advance.

    Please don't abandon the thread as soon as your PC starts to work normally again as there will be other important checks to make to help protect your system from re-infection. It is also important to follow the correct procedure when removing the tools used to ensure all quarantined infections are completely removed and infected Restore Points are safely deleted.

    Stick with me and we can quickly clean up your PC, if you cannot dedicate the time then a Reformat and Re-install will be your quickest option.

    _____________________________________________________________________________________

    Please uninstall uTorrent and Registry Mechanic. P2P sites are the best places to go and get your PC infected and Registry Cleaners can do more harm than good.

    You do not appear to have an Active Anti Virus installed, please download and install this: Microsoft Security Essentials

    Please run these two scans and post the logs:

    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]

    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  3. Hobochili

    Hobochili Thread Starter

    Joined:
    Nov 29, 2012
    Messages:
    11
    Hello Mark!

    Thank you for the tips. I've deleted utorrent and the registry cleaner, installed and ran Microsoft Security Essentials, and here are the posted logs you requested. You didn't ask for this but I thought that I should post it anyways, Microsoft Security Essentials found and quarantined several trojans, that I removed. Progress already!

    Thanks again,
    Hobochili


    # AdwCleaner v2.010 - Logfile created 11/30/2012 at 13:36:42
    # Updated 29/11/2012 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Drale - DRALE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Drale\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
    File Deleted : C:\Users\Drale\AppData\Roaming\Mozilla\Firefox\Profiles\d2a6x7zm.default\extensions\[email protected]
    Folder Deleted : C:\Program Files\Common Files\Software Update Utility
    Folder Deleted : C:\Users\Drale\AppData\Roaming\Inbox Toolbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BasicScan
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Client
    Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Script
    Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\Software\CToolbar
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.2 (en-US)

    Profile name : default
    File : C:\Users\Drale\AppData\Roaming\Mozilla\Firefox\Profiles\d2a6x7zm.default\prefs.js

    Deleted : user_pref("extensions.basicscan.init", true);
    Deleted : user_pref("keyword.URL", "hxxp://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keyword[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Drale\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.50] : keyword = "basicscan.com",
    Deleted [l.53] : search_url = "hxxp://www.basicscan.com/?tmp=redir_bho_bing&dist=0&prt=BscscnPB&keywords={sear[...]

    *************************

    AdwCleaner[R1].txt - [4402 octets] - [30/11/2012 13:28:31]
    AdwCleaner[R2].txt - [4462 octets] - [30/11/2012 13:35:43]
    AdwCleaner[S1].txt - [4478 octets] - [30/11/2012 13:36:42]

    ########## EOF - C:\AdwCleaner[S1].txt - [4538 octets] ##########


    -------


    RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Drale [Admin rights]
    Mode : Scan -- Date : 11/30/2012 13:46:14

    ¤¤¤ Bad processes : 3 ¤¤¤
    [SUSP PATH] RtHDVCpl.exe -- C:\Windows\RtHDVCpl.exe -> KILLED [TermProc]
    [][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Drale\AppData\Local\INCAInternet\kkrjrdfg.dll -> KILLED [TermProc]
    [][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Drale\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll -> KILLED [TermThr]

    ¤¤¤ Registry Entries : 13 ¤¤¤
    [RUN][NOTFOUND] HKCU\[...]\Run : INCAInternet (rundll32.exe C:\Users\Drale\AppData\Local\INCAInternet\kkrjrdfg.dll,vlc_entry__1_0_0e) -> FOUND
    [RUN][NOTFOUND] HKUS\S-1-5-21-1956336782-2576910614-1270657971-1000[...]\Run : INCAInternet (rundll32.exe C:\Users\Drale\AppData\Local\INCAInternet\kkrjrdfg.dll,vlc_entry__1_0_0e) -> FOUND
    [TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\Drale\AppData\Local\shamrockspringSA\bin\1.0.18.0\ShamrockSpringSA.exe" -> FOUND
    [TASK][RESIDUE] SR : C:\Windows\System32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation -> FOUND
    [TASK][RESIDUE] AutomaticBackup : C:\Windows\System32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] U : C:\Windows\Installer\{f77d2bd1-bbd2-e0a9-1224-2935bc1c0861}\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\Windows\Installer\{f77d2bd1-bbd2-e0a9-1224-2935bc1c0861}\L --> FOUND

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\Users\Default\NTUSER.DAT

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3320620AS ATA Device +++++
    --- User ---
    [MBR] f4dbb300c37f2bdb4ece22eddb278a83
    [BSP] 39c4dc52145aee0b50700f989c7cd997 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 607208805 | Size: 8754 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296488 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_11302012_02d1346.txt >>
    RKreport[1]_S_11302012_02d1346.txt
     
  4. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    You have a ZeroAccess Rootkit infection. Please run RogueKiller again, when the Pre-scan completes hit the Scan button. When that completes hit the Delete button, then when that completes hit the Report button and post the log.

    Please follow that with this:

    Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option DO NOT select delete as you may remove files needed for the system to operate.

    Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
    -- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.

    Be sure to print out and follow the instructions for performing a scan.

    • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
    • Alternatively, you can download TDSSKiller.exe and use that instead.
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.


    • When the program opens, click the Change parameters.

      [​IMG]

    • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

      [​IMG]

    • Click the Start Scan button.

      [​IMG]

    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
    • If Malicious objects are detected, they will show in the Scan results - Select action for found objects: and offer three options.

      [​IMG]

    • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

      [​IMG]

    • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed. If you choose Delete you may remove critical system files and make your PC unstable or possibly unbootable.
    • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C: ).
    • Copy and paste the contents of that file in your next reply.

    -- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".
     
  5. Hobochili

    Hobochili Thread Starter

    Joined:
    Nov 29, 2012
    Messages:
    11
    Here are the results of those two scans you asked for :)

    RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Drale [Admin rights]
    Mode : Remove -- Date : 12/01/2012 10:28:25

    ¤¤¤ Bad processes : 3 ¤¤¤
    [SUSP PATH] RtHDVCpl.exe -- C:\Windows\RtHDVCpl.exe -> KILLED [TermProc]
    [][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Drale\AppData\Local\INCAInternet\kkrjrdfg.dll -> KILLED [TermProc]
    [][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Drale\AppData\Local\INCAInternet\kkrjrdfg.dll -> UNLOADED

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\Users\Default\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3320620AS ATA Device +++++
    --- User ---
    [MBR] f4dbb300c37f2bdb4ece22eddb278a83
    [BSP] 39c4dc52145aee0b50700f989c7cd997 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 607208805 | Size: 8754 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296488 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[3]_D_12012012_02d1028.txt >>
    RKreport[1]_S_12012012_02d1023.txt ; RKreport[2]_D_12012012_02d1025.txt ; RKreport[3]_D_12012012_02d1028.txt



    10:32:09.0422 6292 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    10:32:09.0747 6292 ============================================================
    10:32:09.0748 6292 Current date / time: 2012/12/01 10:32:09.0747
    10:32:09.0748 6292 SystemInfo:
    10:32:09.0748 6292
    10:32:09.0748 6292 OS Version: 6.0.6002 ServicePack: 2.0
    10:32:09.0748 6292 Product type: Workstation
    10:32:09.0748 6292 ComputerName: DRALE-PC
    10:32:09.0748 6292 UserName: Drale
    10:32:09.0748 6292 Windows directory: C:\Windows
    10:32:09.0748 6292 System windows directory: C:\Windows
    10:32:09.0748 6292 Processor architecture: Intel x86
    10:32:09.0748 6292 Number of processors: 2
    10:32:09.0748 6292 Page size: 0x1000
    10:32:09.0748 6292 Boot type: Normal boot
    10:32:09.0748 6292 ============================================================
    10:32:10.0841 6292 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    10:32:10.0858 6292 ============================================================
    10:32:10.0858 6292 \Device\Harddisk0\DR0:
    10:32:10.0866 6292 MBR partitions:
    10:32:10.0866 6292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24314565, BlocksNum 0x111915C
    10:32:10.0866 6292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x24314526
    10:32:10.0866 6292 ============================================================
    10:32:10.0890 6292 C: <-> \Device\Harddisk0\DR0\Partition2
    10:32:10.0925 6292 D: <-> \Device\Harddisk0\DR0\Partition1
    10:32:10.0925 6292 ============================================================
    10:32:10.0925 6292 Initialize success
    10:32:10.0925 6292 ============================================================
    10:32:52.0897 6932 ============================================================
    10:32:52.0897 6932 Scan started
    10:32:52.0897 6932 Mode: Manual; SigCheck; TDLFS;
    10:32:52.0897 6932 ============================================================
    10:32:53.0147 6932 ================ Scan system memory ========================
    10:32:53.0147 6932 System memory - ok
    10:32:53.0147 6932 ================ Scan services =============================
    10:32:53.0194 6932 .EsetTrialReset - ok
    10:32:53.0381 6932 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
    10:32:53.0490 6932 ACPI - ok
    10:32:53.0521 6932 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\Windows\system32\drivers\adfs.sys
    10:32:53.0537 6932 adfs - ok
    10:32:53.0630 6932 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    10:32:53.0646 6932 AdobeARMservice - ok
    10:32:53.0708 6932 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    10:32:53.0724 6932 adp94xx - ok
    10:32:53.0755 6932 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
    10:32:53.0771 6932 adpahci - ok
    10:32:53.0786 6932 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    10:32:53.0802 6932 adpu160m - ok
    10:32:53.0818 6932 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    10:32:53.0833 6932 adpu320 - ok
    10:32:53.0896 6932 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    10:32:53.0974 6932 AeLookupSvc - ok
    10:32:54.0036 6932 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
    10:32:54.0052 6932 AFD - ok
    10:32:54.0083 6932 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
    10:32:54.0098 6932 agp440 - ok
    10:32:54.0130 6932 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    10:32:54.0145 6932 aic78xx - ok
    10:32:54.0176 6932 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
    10:32:54.0301 6932 ALG - ok
    10:32:54.0317 6932 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
    10:32:54.0332 6932 aliide - ok
    10:32:54.0348 6932 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    10:32:54.0364 6932 amdagp - ok
    10:32:54.0379 6932 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
    10:32:54.0395 6932 amdide - ok
    10:32:54.0410 6932 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    10:32:54.0598 6932 AmdK7 - ok
    10:32:54.0629 6932 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    10:32:54.0676 6932 AmdK8 - ok
    10:32:54.0722 6932 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
    10:32:54.0754 6932 Appinfo - ok
    10:32:54.0832 6932 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    10:32:54.0847 6932 Apple Mobile Device - ok
    10:32:54.0910 6932 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
    10:32:54.0925 6932 arc - ok
    10:32:54.0941 6932 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    10:32:54.0956 6932 arcsas - ok
    10:32:55.0066 6932 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    10:32:55.0081 6932 aspnet_state - ok
    10:32:55.0128 6932 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    10:32:55.0190 6932 AsyncMac - ok
    10:32:55.0237 6932 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
    10:32:55.0268 6932 atapi - ok
    10:32:55.0331 6932 [ 86FB6B8DDBCB6E025CE8A90F77AF1FF1 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
    10:32:55.0409 6932 Ati External Event Utility - ok
    10:32:55.0549 6932 [ A23EFB72057FED7128EB558866055FDF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    10:32:55.0658 6932 atikmdag - ok
    10:32:55.0722 6932 [ F9C24D25D9FF29F894995A64812B4D85 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
    10:32:55.0737 6932 atksgt - ok
    10:32:55.0784 6932 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    10:32:55.0831 6932 AudioEndpointBuilder - ok
    10:32:55.0862 6932 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
    10:32:55.0878 6932 Audiosrv - ok
    10:32:56.0003 6932 [ 0D090877562DEB9CF4BAAB0C22EB64DA ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    10:32:56.0049 6932 Automatic LiveUpdate Scheduler - ok
    10:32:56.0112 6932 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
    10:32:56.0190 6932 Beep - ok
    10:32:56.0237 6932 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
    10:32:56.0283 6932 BFE - ok
    10:32:56.0393 6932 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
    10:32:56.0502 6932 BITS - ok
    10:32:56.0502 6932 blbdrive - ok
    10:32:56.0517 6932 bohwzjpk - ok
    10:32:56.0611 6932 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    10:32:56.0642 6932 Bonjour Service - ok
    10:32:56.0689 6932 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    10:32:56.0751 6932 bowser - ok
    10:32:56.0798 6932 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    10:32:56.0814 6932 BrFiltLo - ok
    10:32:56.0876 6932 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    10:32:56.0923 6932 BrFiltUp - ok
    10:32:56.0954 6932 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
    10:32:57.0001 6932 Browser - ok
    10:32:57.0017 6932 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
    10:32:57.0079 6932 Brserid - ok
    10:32:57.0095 6932 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    10:32:57.0157 6932 BrSerWdm - ok
    10:32:57.0173 6932 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    10:32:57.0219 6932 BrUsbMdm - ok
    10:32:57.0251 6932 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    10:32:57.0313 6932 BrUsbSer - ok
    10:32:57.0329 6932 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    10:32:57.0391 6932 BTHMODEM - ok
    10:32:57.0500 6932 catchme - ok
    10:32:57.0531 6932 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    10:32:57.0609 6932 cdfs - ok
    10:32:57.0656 6932 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    10:32:57.0719 6932 cdrom - ok
    10:32:57.0765 6932 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
    10:32:57.0828 6932 CertPropSvc - ok
    10:32:57.0859 6932 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
    10:32:57.0921 6932 circlass - ok
    10:32:57.0968 6932 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
    10:32:57.0984 6932 CLFS - ok
    10:32:58.0031 6932 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:32:58.0031 6932 clr_optimization_v2.0.50727_32 - ok
    10:32:58.0140 6932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    10:32:58.0155 6932 clr_optimization_v4.0.30319_32 - ok
    10:32:58.0202 6932 CLTNetCnService - ok
    10:32:58.0249 6932 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    10:32:58.0280 6932 cmdide - ok
    10:32:58.0296 6932 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    10:32:58.0327 6932 Compbatt - ok
    10:32:58.0343 6932 COMSysApp - ok
    10:32:58.0358 6932 cpuz134 - ok
    10:32:58.0389 6932 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    10:32:58.0405 6932 crcdisk - ok
    10:32:58.0421 6932 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    10:32:58.0467 6932 Crusoe - ok
    10:32:58.0514 6932 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    10:32:58.0561 6932 CryptSvc - ok
    10:32:58.0561 6932 cvivqrnv - ok
    10:32:58.0639 6932 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
    10:32:58.0670 6932 DcomLaunch - ok
    10:32:58.0717 6932 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    10:32:58.0748 6932 DfsC - ok
    10:32:58.0857 6932 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
    10:32:58.0951 6932 DFSR - ok
    10:32:59.0013 6932 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    10:32:59.0045 6932 Dhcp - ok
    10:32:59.0076 6932 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
    10:32:59.0091 6932 disk - ok
    10:32:59.0185 6932 [ A52E0EBF719F379EFD178C402B1AD7BB ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    10:32:59.0232 6932 Diskeeper - ok
    10:32:59.0294 6932 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
    10:32:59.0325 6932 Dnscache - ok
    10:32:59.0372 6932 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
    10:32:59.0419 6932 dot3svc - ok
    10:32:59.0466 6932 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
    10:32:59.0513 6932 DPS - ok
    10:32:59.0559 6932 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    10:32:59.0575 6932 drmkaud - ok
    10:32:59.0622 6932 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    10:32:59.0653 6932 DXGKrnl - ok
    10:32:59.0700 6932 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    10:32:59.0762 6932 E1G60 - ok
    10:32:59.0793 6932 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
    10:32:59.0840 6932 EapHost - ok
    10:32:59.0887 6932 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
    10:32:59.0903 6932 Ecache - ok
    10:32:59.0965 6932 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    10:32:59.0996 6932 ehRecvr - ok
    10:33:00.0027 6932 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
    10:33:00.0074 6932 ehSched - ok
    10:33:00.0090 6932 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
    10:33:00.0137 6932 ehstart - ok
    10:33:00.0168 6932 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
    10:33:00.0183 6932 elxstor - ok
    10:33:00.0230 6932 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    10:33:00.0293 6932 EMDMgmt - ok
    10:33:00.0355 6932 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
    10:33:00.0386 6932 EventSystem - ok
    10:33:00.0433 6932 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
    10:33:00.0480 6932 exfat - ok
    10:33:00.0511 6932 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    10:33:00.0542 6932 fastfat - ok
    10:33:00.0589 6932 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    10:33:00.0636 6932 fdc - ok
    10:33:00.0667 6932 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
    10:33:00.0698 6932 fdPHost - ok
    10:33:00.0729 6932 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
    10:33:00.0793 6932 FDResPub - ok
    10:33:00.0824 6932 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    10:33:00.0840 6932 FileInfo - ok
    10:33:00.0871 6932 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    10:33:00.0918 6932 Filetrace - ok
    10:33:00.0964 6932 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    10:33:00.0996 6932 FLEXnet Licensing Service - ok
    10:33:01.0042 6932 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    10:33:01.0105 6932 flpydisk - ok
    10:33:01.0152 6932 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    10:33:01.0183 6932 FltMgr - ok
    10:33:01.0261 6932 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
    10:33:01.0354 6932 FontCache - ok
    10:33:01.0479 6932 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    10:33:01.0495 6932 FontCache3.0.0.0 - ok
    10:33:01.0542 6932 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    10:33:01.0604 6932 Fs_Rec - ok
    10:33:01.0651 6932 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    10:33:01.0666 6932 gagp30kx - ok
    10:33:01.0713 6932 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
    10:33:01.0744 6932 GEARAspiWDM - ok
    10:33:01.0807 6932 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
    10:33:01.0900 6932 gpsvc - ok
    10:33:01.0978 6932 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c935c0926567d0 C:\Program Files\Google\Update\GoogleUpdate.exe
    10:33:02.0010 6932 gupdate1c935c0926567d0 - ok
    10:33:02.0056 6932 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    10:33:02.0072 6932 gupdatem - ok
    10:33:02.0119 6932 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    10:33:02.0150 6932 hamachi - ok
    10:33:02.0275 6932 [ A7EBBF64C7610B7C67D46AE620AADBA3 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    10:33:02.0353 6932 Hamachi2Svc - ok
    10:33:02.0415 6932 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    10:33:02.0524 6932 HdAudAddService - ok
    10:33:02.0571 6932 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    10:33:02.0618 6932 HDAudBus - ok
    10:33:02.0665 6932 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
    10:33:02.0743 6932 HidBth - ok
    10:33:02.0758 6932 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
    10:33:02.0805 6932 HidIr - ok
    10:33:02.0836 6932 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
    10:33:02.0868 6932 hidserv - ok
    10:33:02.0914 6932 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    10:33:02.0930 6932 HidUsb - ok
    10:33:02.0977 6932 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
    10:33:03.0008 6932 hkmsvc - ok
    10:33:03.0055 6932 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    10:33:03.0055 6932 HpCISSs - ok
    10:33:03.0070 6932 htqxzxwx - ok
    10:33:03.0133 6932 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
    10:33:03.0180 6932 HTTP - ok
    10:33:03.0211 6932 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    10:33:03.0226 6932 i2omp - ok
    10:33:03.0273 6932 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    10:33:03.0304 6932 i8042prt - ok
    10:33:03.0351 6932 [ 8318E04A6455CED1020BCC5039B62CFA ] ialm C:\Windows\system32\DRIVERS\ialmnt5.sys
    10:33:03.0429 6932 ialm - ok
    10:33:03.0460 6932 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    10:33:03.0476 6932 iaStorV - ok
    10:33:03.0554 6932 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    10:33:03.0554 6932 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    10:33:03.0554 6932 IDriverT - detected UnsignedFile.Multi.Generic (1)
    10:33:03.0663 6932 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    10:33:03.0757 6932 idsvc - ok
    10:33:03.0772 6932 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    10:33:03.0788 6932 iirsp - ok
    10:33:03.0835 6932 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
    10:33:03.0882 6932 IKEEXT - ok
    10:33:03.0960 6932 [ 6689978C5B91FED00619B920CB349246 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    10:33:04.0022 6932 IntcAzAudAddService - ok
    10:33:04.0053 6932 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
    10:33:04.0069 6932 intelide - ok
    10:33:04.0084 6932 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    10:33:04.0147 6932 intelppm - ok
    10:33:04.0162 6932 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    10:33:04.0225 6932 IPBusEnum - ok
    10:33:04.0272 6932 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    10:33:04.0303 6932 IpFilterDriver - ok
    10:33:04.0365 6932 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    10:33:04.0412 6932 iphlpsvc - ok
    10:33:04.0428 6932 IpInIp - ok
    10:33:04.0474 6932 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    10:33:04.0537 6932 IPMIDRV - ok
    10:33:04.0584 6932 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    10:33:04.0615 6932 IPNAT - ok
    10:33:04.0662 6932 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    10:33:04.0693 6932 iPod Service - ok
    10:33:04.0740 6932 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    10:33:04.0771 6932 IRENUM - ok
    10:33:04.0786 6932 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    10:33:04.0802 6932 isapnp - ok
    10:33:04.0849 6932 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    10:33:04.0864 6932 iScsiPrt - ok
    10:33:04.0880 6932 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    10:33:04.0896 6932 iteatapi - ok
    10:33:04.0911 6932 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    10:33:04.0927 6932 iteraid - ok
    10:33:04.0942 6932 iuyqcek - ok
    10:33:04.0958 6932 jtazfiyd - ok
    10:33:05.0005 6932 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    10:33:05.0020 6932 kbdclass - ok
    10:33:05.0052 6932 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    10:33:05.0083 6932 kbdhid - ok
    10:33:05.0114 6932 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
    10:33:05.0145 6932 KeyIso - ok
    10:33:05.0161 6932 kferoemq - ok
    10:33:05.0208 6932 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    10:33:05.0239 6932 KSecDD - ok
    10:33:05.0286 6932 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
    10:33:05.0395 6932 KtmRm - ok
    10:33:05.0395 6932 kyqjabue - ok
    10:33:05.0442 6932 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
    10:33:05.0473 6932 LanmanServer - ok
    10:33:05.0520 6932 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    10:33:05.0566 6932 LanmanWorkstation - ok
    10:33:05.0598 6932 [ 8CCF9ED46D52AF1375875F74A91FFACF ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
    10:33:05.0613 6932 lirsgt - ok
    10:33:05.0738 6932 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    10:33:05.0838 6932 LiveUpdate - ok
    10:33:05.0838 6932 LiveUpdate Notice Ex - ok
    10:33:05.0916 6932 [ 2D1389E05A807D956829F44BD4B60389 ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    10:33:05.0947 6932 LiveUpdate Notice Service - ok
    10:33:05.0994 6932 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    10:33:06.0025 6932 lltdio - ok
    10:33:06.0072 6932 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    10:33:06.0118 6932 lltdsvc - ok
    10:33:06.0150 6932 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
    10:33:06.0243 6932 lmhosts - ok
    10:33:06.0290 6932 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    10:33:06.0306 6932 LSI_FC - ok
    10:33:06.0321 6932 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    10:33:06.0337 6932 LSI_SAS - ok
    10:33:06.0352 6932 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    10:33:06.0368 6932 LSI_SCSI - ok
    10:33:06.0399 6932 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
    10:33:06.0430 6932 luafv - ok
    10:33:06.0477 6932 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    10:33:06.0493 6932 Mcx2Svc - ok
    10:33:06.0524 6932 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
    10:33:06.0540 6932 megasas - ok
    10:33:06.0571 6932 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
    10:33:06.0602 6932 MMCSS - ok
    10:33:06.0633 6932 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
    10:33:06.0680 6932 Modem - ok
    10:33:06.0727 6932 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    10:33:06.0758 6932 monitor - ok
    10:33:06.0789 6932 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    10:33:06.0805 6932 mouclass - ok
    10:33:06.0820 6932 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    10:33:06.0852 6932 mouhid - ok
    10:33:06.0883 6932 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    10:33:06.0898 6932 MountMgr - ok
    10:33:06.0945 6932 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    10:33:06.0961 6932 MozillaMaintenance - ok
    10:33:07.0008 6932 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    10:33:07.0023 6932 MpFilter - ok
    10:33:07.0070 6932 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
    10:33:07.0086 6932 mpio - ok
    10:33:07.0242 6932 [ A69630D039C38018689190234F866D77 ] MpKsle5b0d30f c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9479BD74-962A-492F-95A7-5EF7BB1D67B1}\MpKsle5b0d30f.sys
    10:33:07.0257 6932 MpKsle5b0d30f - ok
    10:33:07.0304 6932 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    10:33:07.0335 6932 mpsdrv - ok
    10:33:07.0413 6932 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
    10:33:07.0460 6932 MpsSvc - ok
    10:33:07.0491 6932 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    10:33:07.0507 6932 Mraid35x - ok
    10:33:07.0554 6932 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    10:33:07.0569 6932 MRxDAV - ok
    10:33:07.0600 6932 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    10:33:07.0632 6932 mrxsmb - ok
    10:33:07.0694 6932 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    10:33:07.0725 6932 mrxsmb10 - ok
    10:33:07.0741 6932 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    10:33:07.0772 6932 mrxsmb20 - ok
    10:33:07.0788 6932 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
    10:33:07.0803 6932 msahci - ok
    10:33:07.0819 6932 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    10:33:07.0834 6932 msdsm - ok
    10:33:07.0866 6932 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
    10:33:07.0912 6932 MSDTC - ok
    10:33:07.0944 6932 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    10:33:07.0990 6932 Msfs - ok
    10:33:08.0037 6932 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    10:33:08.0053 6932 msisadrv - ok
    10:33:08.0084 6932 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    10:33:08.0115 6932 MSiSCSI - ok
    10:33:08.0131 6932 msiserver - ok
    10:33:08.0162 6932 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    10:33:08.0209 6932 MSKSSRV - ok
    10:33:08.0287 6932 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    10:33:08.0302 6932 MsMpSvc - ok
    10:33:08.0334 6932 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    10:33:08.0412 6932 MSPCLOCK - ok
    10:33:08.0427 6932 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    10:33:08.0458 6932 MSPQM - ok
    10:33:08.0505 6932 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    10:33:08.0521 6932 MsRPC - ok
    10:33:08.0568 6932 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    10:33:08.0583 6932 mssmbios - ok
    10:33:08.0614 6932 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    10:33:08.0661 6932 MSTEE - ok
    10:33:08.0708 6932 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
    10:33:08.0739 6932 MTsensor - ok
    10:33:08.0786 6932 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
    10:33:08.0817 6932 Mup - ok
    10:33:08.0864 6932 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
    10:33:08.0911 6932 napagent - ok
    10:33:08.0958 6932 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    10:33:08.0989 6932 NativeWifiP - ok
    10:33:09.0020 6932 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
    10:33:09.0051 6932 NDIS - ok
    10:33:09.0082 6932 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    10:33:09.0114 6932 NdisTapi - ok
    10:33:09.0145 6932 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    10:33:09.0176 6932 Ndisuio - ok
    10:33:09.0223 6932 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    10:33:09.0254 6932 NdisWan - ok
    10:33:09.0285 6932 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    10:33:09.0301 6932 NDProxy - ok
    10:33:09.0316 6932 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    10:33:09.0348 6932 NetBIOS - ok
    10:33:09.0394 6932 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    10:33:09.0441 6932 netbt - ok
    10:33:09.0457 6932 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
    10:33:09.0472 6932 Netlogon - ok
    10:33:09.0519 6932 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
    10:33:09.0566 6932 Netman - ok
    10:33:09.0613 6932 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
    10:33:09.0644 6932 netprofm - ok
    10:33:09.0691 6932 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    10:33:09.0706 6932 NetTcpPortSharing - ok
    10:33:09.0753 6932 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    10:33:09.0753 6932 nfrd960 - ok
    10:33:09.0800 6932 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    10:33:09.0831 6932 NisDrv - ok
    10:33:09.0862 6932 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    10:33:09.0894 6932 NisSrv - ok
    10:33:09.0909 6932 nkrnww - ok
    10:33:09.0956 6932 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
    10:33:10.0003 6932 NlaSvc - ok
    10:33:10.0003 6932 nnogxrtg - ok
    10:33:10.0050 6932 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    10:33:10.0081 6932 Npfs - ok
    10:33:10.0128 6932 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
    10:33:10.0159 6932 nsi - ok
    10:33:10.0206 6932 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    10:33:10.0237 6932 nsiproxy - ok
    10:33:10.0315 6932 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    10:33:10.0377 6932 Ntfs - ok
    10:33:10.0408 6932 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    10:33:10.0471 6932 ntrigdigi - ok
    10:33:10.0486 6932 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
    10:33:10.0518 6932 Null - ok
    10:33:10.0533 6932 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
    10:33:10.0549 6932 nvraid - ok
    10:33:10.0564 6932 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
    10:33:10.0580 6932 nvstor - ok
    10:33:10.0596 6932 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    10:33:10.0596 6932 nv_agp - ok
    10:33:10.0611 6932 NwlnkFlt - ok
    10:33:10.0611 6932 NwlnkFwd - ok
    10:33:10.0642 6932 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    10:33:10.0689 6932 ohci1394 - ok
    10:33:10.0736 6932 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    10:33:10.0783 6932 p2pimsvc - ok
    10:33:10.0814 6932 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
    10:33:10.0845 6932 p2psvc - ok
    10:33:10.0908 6932 [ 509039B85C95E6E85CB7A8E3465FB702 ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
    10:33:10.0970 6932 PAC207 - ok
    10:33:11.0032 6932 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    10:33:11.0064 6932 Parport - ok
    10:33:11.0095 6932 [ 6DDCF3F801EC15FE698F6A215CF30A1F ] Partizan C:\Windows\system32\drivers\Partizan.sys
    10:33:11.0110 6932 Partizan - ok
    10:33:11.0142 6932 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    10:33:11.0157 6932 partmgr - ok
    10:33:11.0173 6932 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    10:33:11.0220 6932 Parvdm - ok
    10:33:11.0220 6932 pbdrorqc - ok
    10:33:11.0266 6932 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
    10:33:11.0298 6932 PcaSvc - ok
    10:33:11.0344 6932 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
    10:33:11.0360 6932 pci - ok
    10:33:11.0376 6932 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
    10:33:11.0391 6932 pciide - ok
    10:33:11.0438 6932 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    10:33:11.0454 6932 pcmcia - ok
    10:33:11.0500 6932 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    10:33:11.0578 6932 PEAUTH - ok
    10:33:11.0672 6932 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
    10:33:11.0828 6932 pla - ok
    10:33:11.0890 6932 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    10:33:11.0953 6932 PlugPlay - ok
    10:33:11.0953 6932 pmxdstfn - ok
    10:33:12.0000 6932 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    10:33:12.0046 6932 PNRPAutoReg - ok
    10:33:12.0078 6932 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    10:33:12.0109 6932 PNRPsvc - ok
    10:33:12.0171 6932 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    10:33:12.0218 6932 PolicyAgent - ok
    10:33:12.0265 6932 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    10:33:12.0296 6932 PptpMiniport - ok
    10:33:12.0358 6932 [ 6135B976E16F80C1B1363BE882344785 ] PrismXL C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    10:33:12.0374 6932 PrismXL ( UnsignedFile.Multi.Generic ) - warning
    10:33:12.0374 6932 PrismXL - detected UnsignedFile.Multi.Generic (1)
    10:33:12.0421 6932 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
    10:33:12.0483 6932 Processor - ok
    10:33:12.0514 6932 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
    10:33:12.0546 6932 ProfSvc - ok
    10:33:12.0561 6932 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
    10:33:12.0577 6932 ProtectedStorage - ok
    10:33:12.0624 6932 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    10:33:12.0655 6932 PSched - ok
    10:33:12.0702 6932 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
    10:33:12.0717 6932 PxHelp20 - ok
    10:33:12.0764 6932 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    10:33:12.0811 6932 ql2300 - ok
    10:33:12.0858 6932 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    10:33:12.0873 6932 ql40xx - ok
    10:33:12.0920 6932 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
    10:33:12.0967 6932 QWAVE - ok
    10:33:13.0014 6932 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    10:33:13.0045 6932 QWAVEdrv - ok
    10:33:13.0232 6932 [ A23EFB72057FED7128EB558866055FDF ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
    10:33:13.0404 6932 R300 - ok
    10:33:13.0450 6932 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    10:33:13.0513 6932 RasAcd - ok
    10:33:13.0560 6932 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
    10:33:13.0638 6932 RasAuto - ok
    10:33:13.0684 6932 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    10:33:13.0731 6932 Rasl2tp - ok
    10:33:13.0794 6932 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
    10:33:13.0856 6932 RasMan - ok
    10:33:13.0903 6932 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    10:33:13.0934 6932 RasPppoe - ok
    10:33:13.0965 6932 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    10:33:13.0996 6932 RasSstp - ok
    10:33:14.0028 6932 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    10:33:14.0074 6932 rdbss - ok
    10:33:14.0106 6932 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    10:33:14.0137 6932 RDPCDD - ok
    10:33:14.0184 6932 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    10:33:14.0262 6932 rdpdr - ok
    10:33:14.0277 6932 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    10:33:14.0308 6932 RDPENCDD - ok
    10:33:14.0340 6932 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    10:33:14.0371 6932 RDPWD - ok
    10:33:14.0418 6932 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
    10:33:14.0464 6932 RemoteAccess - ok
    10:33:14.0496 6932 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
    10:33:14.0542 6932 RemoteRegistry - ok
    10:33:14.0574 6932 [ B9BB8E2093C1615AD6EA55AD96214354 ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
    10:33:14.0589 6932 Revoflt - ok
    10:33:14.0605 6932 rgflkwjv - ok
    10:33:14.0605 6932 RimUsb - ok
    10:33:14.0652 6932 [ D9B34325EE5DF78B8F28A3DE9F577C7D ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
    10:33:14.0667 6932 RimVSerPort - ok
    10:33:14.0683 6932 robzcsik - ok
    10:33:14.0730 6932 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    10:33:14.0761 6932 ROOTMODEM - ok
    10:33:14.0808 6932 RoxLiveShare9 - ok
    10:33:14.0839 6932 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
    10:33:14.0870 6932 RpcLocator - ok
    10:33:14.0901 6932 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
    10:33:14.0948 6932 RpcSs - ok
    10:33:14.0995 6932 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    10:33:15.0026 6932 rspndr - ok
    10:33:15.0073 6932 [ 959EF612D2CCFDB6D9E443F8E3655013 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
    10:33:15.0120 6932 RTL8023xp - ok
    10:33:15.0166 6932 [ 99B63DCA07BF3C3C1F3AA02171368882 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
    10:33:15.0213 6932 RTL8169 - ok
    10:33:15.0229 6932 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
    10:33:15.0244 6932 SamSs - ok
    10:33:15.0260 6932 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    10:33:15.0276 6932 sbp2port - ok
    10:33:15.0322 6932 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    10:33:15.0369 6932 SCardSvr - ok
    10:33:15.0400 6932 [ 3B35CE540758BBABB721E234CB5A4F3F ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
    10:33:15.0416 6932 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
    10:33:15.0416 6932 SCDEmu - detected UnsignedFile.Multi.Generic (1)
    10:33:15.0478 6932 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
    10:33:15.0541 6932 Schedule - ok
    10:33:15.0572 6932 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
    10:33:15.0603 6932 SCPolicySvc - ok
    10:33:15.0681 6932 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    10:33:15.0712 6932 SDRSVC - ok
    10:33:15.0759 6932 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    10:33:15.0806 6932 secdrv - ok
    10:33:15.0853 6932 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
    10:33:15.0900 6932 seclogon - ok
    10:33:15.0931 6932 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
    10:33:15.0962 6932 SENS - ok
    10:33:15.0993 6932 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    10:33:16.0024 6932 Serenum - ok
    10:33:16.0071 6932 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    10:33:16.0102 6932 Serial - ok
    10:33:16.0134 6932 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    10:33:16.0165 6932 sermouse - ok
    10:33:16.0212 6932 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
    10:33:16.0243 6932 SessionEnv - ok
    10:33:16.0290 6932 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    10:33:16.0336 6932 sffdisk - ok
    10:33:16.0352 6932 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    10:33:16.0414 6932 sffp_mmc - ok
    10:33:16.0430 6932 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    10:33:16.0477 6932 sffp_sd - ok
    10:33:16.0492 6932 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    10:33:16.0539 6932 sfloppy - ok
    10:33:16.0602 6932 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    10:33:16.0648 6932 SharedAccess - ok
    10:33:16.0695 6932 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    10:33:16.0726 6932 ShellHWDetection - ok
    10:33:16.0742 6932 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    10:33:16.0758 6932 sisagp - ok
    10:33:16.0789 6932 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    10:33:16.0789 6932 SiSRaid2 - ok
    10:33:16.0804 6932 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    10:33:16.0820 6932 SiSRaid4 - ok
    10:33:16.0882 6932 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    10:33:16.0882 6932 SkypeUpdate - ok
    10:33:17.0007 6932 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
    10:33:17.0148 6932 slsvc - ok
    10:33:17.0194 6932 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    10:33:17.0241 6932 SLUINotify - ok
    10:33:17.0288 6932 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    10:33:17.0319 6932 Smb - ok
    10:33:17.0382 6932 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    10:33:17.0397 6932 SNMPTRAP - ok
    10:33:17.0413 6932 sphonhnn - ok
    10:33:17.0444 6932 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
    10:33:17.0460 6932 spldr - ok
    10:33:17.0506 6932 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
    10:33:17.0553 6932 Spooler - ok
    10:33:17.0600 6932 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
    10:33:17.0647 6932 srv - ok
    10:33:17.0694 6932 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    10:33:17.0740 6932 srv2 - ok
    10:33:17.0772 6932 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    10:33:17.0787 6932 srvnet - ok
    10:33:17.0881 6932 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    10:33:17.0928 6932 SSDPSRV - ok
    10:33:17.0974 6932 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    10:33:18.0006 6932 SstpSvc - ok
    10:33:18.0021 6932 Steam Client Service - ok
    10:33:18.0099 6932 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
    10:33:18.0130 6932 stisvc - ok
    10:33:18.0193 6932 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    10:33:18.0208 6932 swenum - ok
    10:33:18.0318 6932 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
    10:33:18.0364 6932 swprv - ok
    10:33:18.0411 6932 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    10:33:18.0427 6932 Symc8xx - ok
    10:33:18.0458 6932 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    10:33:18.0474 6932 Sym_hi - ok
    10:33:18.0505 6932 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    10:33:18.0520 6932 Sym_u3 - ok
    10:33:18.0676 6932 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
    10:33:18.0770 6932 SysMain - ok
    10:33:18.0832 6932 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
    10:33:18.0879 6932 TabletInputService - ok
    10:33:18.0957 6932 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
    10:33:19.0020 6932 TapiSrv - ok
    10:33:19.0066 6932 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
    10:33:19.0144 6932 TBS - ok
    10:33:19.0300 6932 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    10:33:19.0347 6932 Tcpip - ok
    10:33:19.0394 6932 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    10:33:19.0425 6932 Tcpip6 - ok
    10:33:19.0472 6932 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    10:33:19.0503 6932 tcpipreg - ok
    10:33:19.0550 6932 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    10:33:19.0581 6932 TDPIPE - ok
    10:33:19.0612 6932 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    10:33:19.0644 6932 TDTCP - ok
    10:33:19.0690 6932 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    10:33:19.0722 6932 tdx - ok
    10:33:19.0768 6932 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    10:33:19.0784 6932 TermDD - ok
    10:33:19.0815 6932 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
    10:33:19.0846 6932 TermService - ok
    10:33:19.0878 6932 tgfdyqvx - ok
    10:33:19.0909 6932 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
    10:33:19.0924 6932 Themes - ok
    10:33:19.0940 6932 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
    10:33:19.0971 6932 THREADORDER - ok
    10:33:20.0034 6932 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
    10:33:20.0080 6932 TrkWks - ok
    10:33:20.0143 6932 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    10:33:20.0174 6932 TrustedInstaller - ok
    10:33:20.0221 6932 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    10:33:20.0283 6932 tssecsrv - ok
    10:33:20.0330 6932 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    10:33:20.0361 6932 tunmp - ok
    10:33:20.0392 6932 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    10:33:20.0424 6932 tunnel - ok
    10:33:20.0470 6932 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    10:33:20.0502 6932 uagp35 - ok
    10:33:20.0564 6932 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    10:33:20.0611 6932 udfs - ok
    10:33:20.0673 6932 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    10:33:20.0736 6932 UI0Detect - ok
    10:33:20.0798 6932 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    10:33:20.0814 6932 uliagpkx - ok
    10:33:20.0845 6932 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
    10:33:20.0876 6932 uliahci - ok
    10:33:20.0907 6932 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
    10:33:20.0923 6932 UlSata - ok
    10:33:20.0938 6932 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    10:33:20.0954 6932 ulsata2 - ok
    10:33:21.0016 6932 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    10:33:21.0048 6932 umbus - ok
    10:33:21.0126 6932 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
    10:33:21.0157 6932 upnphost - ok
    10:33:21.0204 6932 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    10:33:21.0250 6932 USBAAPL - ok
    10:33:21.0297 6932 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    10:33:21.0328 6932 usbaudio - ok
    10:33:21.0375 6932 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    10:33:21.0406 6932 usbccgp - ok
    10:33:21.0453 6932 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    10:33:21.0500 6932 usbcir - ok
    10:33:21.0547 6932 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    10:33:21.0578 6932 usbehci - ok
    10:33:21.0609 6932 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    10:33:21.0640 6932 usbhub - ok
    10:33:21.0656 6932 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    10:33:21.0687 6932 usbohci - ok
    10:33:21.0734 6932 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    10:33:21.0781 6932 usbprint - ok
    10:33:21.0796 6932 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    10:33:21.0812 6932 USBSTOR - ok
    10:33:21.0859 6932 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    10:33:21.0906 6932 usbuhci - ok
    10:33:21.0968 6932 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    10:33:22.0015 6932 usbvideo - ok
    10:33:22.0062 6932 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
    10:33:22.0093 6932 UxSms - ok
    10:33:22.0171 6932 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
    10:33:22.0233 6932 vds - ok
    10:33:22.0280 6932 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    10:33:22.0342 6932 vga - ok
    10:33:22.0389 6932 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
    10:33:22.0420 6932 VgaSave - ok
    10:33:22.0436 6932 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
    10:33:22.0452 6932 viaagp - ok
    10:33:22.0467 6932 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    10:33:22.0514 6932 ViaC7 - ok
    10:33:22.0545 6932 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
    10:33:22.0561 6932 viaide - ok
    10:33:22.0623 6932 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    10:33:22.0639 6932 volmgr - ok
    10:33:22.0764 6932 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    10:33:22.0810 6932 volmgrx - ok
    10:33:22.0904 6932 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    10:33:22.0920 6932 volsnap - ok
    10:33:22.0998 6932 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    10:33:23.0013 6932 vsmraid - ok
    10:33:23.0060 6932 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
    10:33:23.0122 6932 VSS - ok
    10:33:23.0138 6932 [ C466021D31FF6C0A6069D12299D80C0B ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
    10:33:23.0185 6932 VSTHWBS2 - ok
    10:33:23.0247 6932 [ EC36F1D542ED4252390D446BF6D4DFD0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    10:33:23.0310 6932 VST_DPV - ok
    10:33:23.0325 6932 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
    10:33:23.0372 6932 W32Time - ok
    10:33:23.0388 6932 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    10:33:23.0450 6932 WacomPen - ok
    10:33:23.0497 6932 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    10:33:23.0512 6932 Wanarp - ok
    10:33:23.0528 6932 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    10:33:23.0544 6932 Wanarpv6 - ok
    10:33:23.0590 6932 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
    10:33:23.0637 6932 wcncsvc - ok
    10:33:23.0668 6932 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    10:33:23.0715 6932 WcsPlugInService - ok
    10:33:23.0746 6932 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
    10:33:23.0762 6932 Wd - ok
    10:33:23.0871 6932 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    10:33:23.0918 6932 Wdf01000 - ok
    10:33:23.0965 6932 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    10:33:24.0012 6932 WdiServiceHost - ok
    10:33:24.0012 6932 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    10:33:24.0058 6932 WdiSystemHost - ok
    10:33:24.0074 6932 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
    10:33:24.0121 6932 WebClient - ok
    10:33:24.0168 6932 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
    10:33:24.0199 6932 Wecsvc - ok
    10:33:24.0246 6932 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    10:33:24.0277 6932 wercplsupport - ok
    10:33:24.0324 6932 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
    10:33:24.0355 6932 WerSvc - ok
    10:33:24.0448 6932 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    10:33:24.0573 6932 winachsf - ok
    10:33:24.0667 6932 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    10:33:24.0698 6932 WinDefend - ok
    10:33:24.0729 6932 WinHttpAutoProxySvc - ok
    10:33:24.0838 6932 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    10:33:24.0901 6932 Winmgmt - ok
    10:33:25.0072 6932 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
    10:33:25.0213 6932 WinRM - ok
    10:33:25.0244 6932 wkyervkp - ok
    10:33:25.0306 6932 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
    10:33:25.0400 6932 Wlansvc - ok
    10:33:25.0509 6932 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    10:33:25.0556 6932 WLSetupSvc - ok
    10:33:25.0603 6932 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    10:33:25.0696 6932 WmiAcpi - ok
    10:33:25.0759 6932 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    10:33:25.0806 6932 wmiApSrv - ok
    10:33:25.0852 6932 [ AB0E8983BEB0B036485E0E97E23B69AD ] WMP110 C:\Windows\system32\DRIVERS\WMP110.sys
    10:33:25.0930 6932 WMP110 - ok
    10:33:26.0024 6932 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    10:33:26.0071 6932 WMPNetworkSvc - ok
    10:33:26.0102 6932 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    10:33:26.0133 6932 WPCSvc - ok
    10:33:26.0164 6932 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    10:33:26.0196 6932 WPDBusEnum - ok
    10:33:26.0242 6932 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    10:33:26.0274 6932 WpdUsb - ok
    10:33:26.0414 6932 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    10:33:26.0461 6932 WPFFontCache_v0400 - ok
    10:33:26.0492 6932 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    10:33:26.0539 6932 ws2ifsl - ok
    10:33:26.0570 6932 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
    10:33:26.0617 6932 wscsvc - ok
    10:33:26.0617 6932 WSearch - ok
    10:33:26.0710 6932 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    10:33:26.0851 6932 wuauserv - ok
    10:33:26.0913 6932 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    10:33:26.0944 6932 WUDFRd - ok
    10:33:26.0960 6932 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    10:33:27.0007 6932 wudfsvc - ok
    10:33:27.0022 6932 ================ Scan global ===============================
    10:33:27.0054 6932 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
    10:33:27.0100 6932 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    10:33:27.0147 6932 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    10:33:27.0178 6932 [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
    10:33:27.0194 6932 [Global] - ok
    10:33:27.0194 6932 ================ Scan MBR ==================================
    10:33:27.0210 6932 [ D0A37B66A9B60F135B25640CB1AA1477 ] \Device\Harddisk0\DR0
    10:33:27.0600 6932 \Device\Harddisk0\DR0 - ok
    10:33:27.0600 6932 ================ Scan VBR ==================================
    10:33:27.0615 6932 [ DEFEE18957748823A2355FF4ABA95CA8 ] \Device\Harddisk0\DR0\Partition1
    10:33:27.0615 6932 \Device\Harddisk0\DR0\Partition1 - ok
    10:33:27.0631 6932 [ 3E622FB02F14E6C8F60EA1FD9B33EE25 ] \Device\Harddisk0\DR0\Partition2
    10:33:27.0631 6932 \Device\Harddisk0\DR0\Partition2 - ok
    10:33:27.0631 6932 ============================================================
    10:33:27.0631 6932 Scan finished
    10:33:27.0631 6932 ============================================================
    10:33:27.0678 7864 Detected object count: 3
    10:33:27.0678 7864 Actual detected object count: 3
    10:51:45.0669 7864 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    10:51:45.0669 7864 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:51:45.0669 7864 PrismXL ( UnsignedFile.Multi.Generic ) - skipped by user
    10:51:45.0669 7864 PrismXL ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:51:45.0684 7864 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
    10:51:45.0684 7864 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
     
  6. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    You have run an extra scan and posted the log from that, I would like to see the one that shows the deletions: RKreport[2]_D_12012012_02d1025.txt

    The TDSSKiller scan has come up clean. Please run the following scan.


    STEP 1
    NOTE: If you have already used Combofix please delete the icon from your desktop.

    • Please download DeFogger and save it to your desktop.
    • Once downloaded, double-click on the DeFogger icon to start the tool.
    • The application window will appear.
    • You should now click on the Disable button to disable your CD Emulation drivers.
    • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
    • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
    • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.



    STEP 2
    Please download ComboFix [​IMG] from one of the locations below and save it to your Desktop. <-Important!!!


    Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

    Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.

    • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
    • If ComboFix detects an older version of itself, you will be asked to update the program.
    • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
    • Follow the prompts and click on Yes to continue scanning for malware.
    • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
    • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
    • Be sure to re-enable your anti-virus and other security programs.

    -- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
    -- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
    -- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


    If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

    NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

     
  7. Hobochili

    Hobochili Thread Starter

    Joined:
    Nov 29, 2012
    Messages:
    11
    Sorry about the mix up! I've reattached the correct scan from before, and ran combofix and attached that log.

    -Hobochili

    RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Drale [Admin rights]
    Mode : Remove -- Date : 12/01/2012 10:25:39

    ¤¤¤ Bad processes : 3 ¤¤¤
    [SUSP PATH] RtHDVCpl.exe -- C:\Windows\RtHDVCpl.exe -> KILLED [TermProc]
    [][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Drale\AppData\Local\INCAInternet\kkrjrdfg.dll -> KILLED [TermProc]
    [][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Drale\AppData\Local\INCAInternet\kkrjrdfg.dll -> UNLOADED

    ¤¤¤ Registry Entries : 12 ¤¤¤
    [RUN][NOTFOUND] HKCU\[...]\Run : INCAInternet (rundll32.exe C:\Users\Drale\AppData\Local\INCAInternet\kkrjrdfg.dll,vlc_entry__1_0_0e) -> DELETED
    [TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\Drale\AppData\Local\shamrockspringSA\bin\1.0.18.0\ShamrockSpringSA.exe" -> DELETED
    [TASK][RESIDUE] SR : C:\Windows\System32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation -> DELETED
    [TASK][RESIDUE] AutomaticBackup : C:\Windows\System32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{f77d2bd1-bbd2-e0a9-1224-2935bc1c0861}\U --> REMOVED
    [Del.Parent][FILE] [email protected] : C:\Windows\Installer\{f77d2bd1-bbd2-e0a9-1224-2935bc1c0861}\L\[email protected] --> REMOVED
    [Del.Parent][FILE] 1afb2d56 : C:\Windows\Installer\{f77d2bd1-bbd2-e0a9-1224-2935bc1c0861}\L\1afb2d56 --> REMOVED
    [Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{f77d2bd1-bbd2-e0a9-1224-2935bc1c0861}\L\201d3dde --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{f77d2bd1-bbd2-e0a9-1224-2935bc1c0861}\L --> REMOVED

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\Users\Default\NTUSER.DAT

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3320620AS ATA Device +++++
    --- User ---
    [MBR] f4dbb300c37f2bdb4ece22eddb278a83
    [BSP] 39c4dc52145aee0b50700f989c7cd997 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 607208805 | Size: 8754 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296488 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_12012012_02d1025.txt >>
    RKreport[1]_S_12012012_02d1023.txt ; RKreport[2]_D_12012012_02d1025.txt


    ComboFix 12-12-01.02 - Drale 12/01/2012 18:48:18.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1647 [GMT -5:00]
    Running from: c:\users\Drale\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\AutoRun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-02 00:09 . 2012-12-02 00:09 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-12-02 00:09 . 2012-12-02 00:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-01 02:55 . 2012-12-01 02:55 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9479BD74-962A-492F-95A7-5EF7BB1D67B1}\offreg.dll
    2012-12-01 02:55 . 2012-12-01 02:55 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9479BD74-962A-492F-95A7-5EF7BB1D67B1}\MpKsle5b0d30f.sys
    2012-11-30 22:30 . 2012-11-30 22:30 -------- d-----w- c:\program files\uTorrent
    2012-11-30 22:29 . 2012-11-30 23:50 -------- d-----w- c:\users\Drale\AppData\Roaming\uTorrent
    2012-11-30 18:10 . 2012-11-30 18:10 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2A22EA6-E01E-4039-B099-D3FD5635417F}\gapaengine.dll
    2012-11-30 18:10 . 2012-11-08 15:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9479BD74-962A-492F-95A7-5EF7BB1D67B1}\mpengine.dll
    2012-11-30 18:03 . 2012-11-30 18:03 -------- d-----w- c:\program files\Microsoft Security Client
    2012-11-30 18:03 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-11-30 14:55 . 2012-11-19 06:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21B34F12-CC5A-4A71-AED8-10C9BF6FA773}\mpengine.dll
    2012-11-29 15:07 . 2012-11-29 15:07 39184 ----a-w- c:\windows\system32\Partizan.exe
    2012-11-29 15:07 . 2012-11-29 15:07 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
    2012-11-29 15:05 . 2012-11-29 15:10 -------- d-----w- c:\programdata\RegRun
    2012-11-29 14:45 . 2012-11-29 14:45 2 --shatr- c:\windows\winstart.bat
    2012-11-29 14:45 . 2012-11-29 14:45 -------- d-----w- c:\program files\Greatis
    2012-11-29 02:08 . 2012-11-29 02:08 -------- d-----w- c:\program files\Common Files\Skype
    2012-11-28 23:19 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
    2012-11-28 23:19 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
    2012-11-28 23:19 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
    2012-11-28 23:19 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-11-28 23:19 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-11-28 23:19 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-11-28 23:19 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-28 23:18 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-11-28 23:18 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-11-28 23:18 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-11-28 23:11 . 2012-12-02 00:10 -------- d-----w- c:\users\Drale\AppData\Local\temp
    2012-11-28 16:26 . 2012-11-28 16:26 -------- d-----w- c:\program files\CCleaner
    2012-11-26 07:24 . 2012-11-26 07:24 -------- d-----w- c:\users\Drale\AppData\Local\Sun
    2012-11-26 05:39 . 2012-11-26 05:39 -------- d-----w- c:\program files\ESET
    2012-11-24 18:55 . 2012-11-24 18:55 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-11-21 05:34 . 2012-12-01 00:43 -------- d-----w- c:\users\Drale\AppData\Local\INCAInternet
    2012-11-17 10:04 . 2012-11-17 10:05 -------- d-----w- c:\users\Drale\AppData\Roaming\U3
    2012-11-16 15:37 . 2012-11-16 20:00 -------- d-----w- c:\users\Drale\AppData\Roaming\MoreTerra
    2012-11-09 02:45 . 2010-02-04 15:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2012-11-09 02:45 . 2010-02-04 15:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
    2012-11-09 02:45 . 2010-02-04 15:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
    2012-11-09 02:45 . 2010-02-04 15:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2012-11-09 02:45 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
    2012-11-09 02:45 . 2012-11-09 02:45 -------- d-----w- c:\program files\Microsoft XNA
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-30 00:54 . 2010-12-13 23:27 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-27 06:21 . 2012-10-27 06:21 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
    2009-11-24 21:35 87512 ----a-w- c:\program files\oovootb\oovoodx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\oovoodx.dll" [2009-11-24 87512]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "Steam"="c:\program files\Steam\Steam.exe" [2012-08-12 1353080]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-10-29 3093624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-01-12 4321280]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe" [2011-08-19 243360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck Partizan\0autocheck 6
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^Drale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2007-10-18 16:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2008-07-07 07:34 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    2008-01-29 21:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    .
    R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 10736294
    *NewlyCreated* - 19801774
    *NewlyCreated* - 28183123
    *NewlyCreated* - MPKSLE5B0D30F
    *Deregistered* - 10736294
    *Deregistered* - 19801774
    *Deregistered* - 28183123
    *Deregistered* - TrueSight
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-10-24 10:09]
    .
    2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-10-24 10:09]
    .
    2012-12-01 c:\windows\Tasks\Norton Security Scan for Drale.job
    - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-11 15:06]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {7CBE9DF6-6A02-4DD7-97D8-F8BEFC6B3E0E} - hxxp://www.epicweapons.com/g2g/G2GVista_ps.exe
    FF - ProfilePath - c:\users\Drale\AppData\Roaming\Mozilla\Firefox\Profiles\d2a6x7zm.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - ExtSQL: !HIDDEN! 2009-12-26 23:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-12-01 19:10
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"=hex:51,66,7a,6c,4c,1d,38,12,f4,2c,e8,
    a5,6c,9d,b3,54,f6,23,a7,2a,53,86,d1,87
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{442AE524-EBA5-4B17-82F3-888D68BC999A}"=hex:51,66,7a,6c,4c,1d,38,12,4a,e6,39,
    40,97,a5,79,0e,fd,e5,cb,cd,6d,e2,dd,8e
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
    8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}"=hex:51,66,7a,6c,4c,1d,38,12,ae,93,7e,
    f9,dc,a8,a8,0e,c6,e1,dd,93,1c,37,c4,13
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:a0,e4,70,05,c4,67,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,97,43,1b,99,29,c6,4b,ab,4c,26,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,97,43,1b,99,29,c6,4b,ab,4c,26,\
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1956336782-2576910614-1270657971-1000\Software\SecuROM\License information*]
    "datasecu"=hex:70,55,2b,56,28,84,47,56,98,48,63,47,6d,1b,83,c6,cd,55,51,77,5b,
    17,80,c5,c6,ce,ea,bc,14,c0,07,11,20,0f,bc,83,a5,d8,f4,0d,42,9b,30,6e,6b,6e,\
    "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-12-01 19:12:17
    ComboFix-quarantined-files.txt 2012-12-02 00:12
    ComboFix2.txt 2012-11-29 14:59
    ComboFix3.txt 2012-11-28 23:11
    ComboFix4.txt 2009-12-26 17:25
    .
    Pre-Run: 70,397,349,888 bytes free
    Post-Run: 70,490,292,224 bytes free
    .
    - - End Of File - - DFA5EEEF9463AF856FD2C8AEF60436B9
     
  8. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Looks like we have removed all of the infection but there is one file we need to check.

    How well is the system running now?

    Looks like you may have had Norton Anti Virus installed at some point, please run this tool to clean out the remnants: Norton Uninstall Tool



    Go to one of the following online services that analyzes suspicious files:

    In the "File to Scan" (Upload or Submit) box, click the "browse" button and locate the following file:

    C:\Users\Drale\AppData\Local\INCAInternet\kkrjrdfg.dll <- this file

    Click "Open", then click the "Submit" button. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
    -- Post back with the results of the file analysis in your next reply.
    _____________________________________________________________________________________

    I'd also like to check the MBR as RogueKiller does not recognize it.

    Please download aswMBR.exe and save it to your Desktop.

    • Double click on aswMBR.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
    • You will be asked if you wish to download the latest Avast Virus Definitions, please select Yes. It may take several minutes to complete.
    • Click the Scan button to start scan.

      [​IMG]
    • On completion of the scan, click the Save log button and save it to your Desktop.
    • Do not select any Fix options at this time.
    • Copy and paste the contents of that log in your next reply.

    -- Important note: Upon the first run, aswMBR will back up the MBR and save it to the Desktop as MBR.dat. Do not delete this file unless advised.
    NOTE: Right-click on MBR.dat and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

    • Below the Message Box click on Go Advanced. Then scroll down until you see a button, Manage Attachments. Click on that and a new window opens.
    • Click on the Browse button, find the zip folder you made earlier and doubleclick on it.
    • Now click on the Upload button. Wait for the Upload to complete, it will appear just below the Browse box.
    • When done, click on the Close this window button at the bottom of the page.
    • Enter your message-text in the message box, then click on Submit Message/Reply.
     
  9. Hobochili

    Hobochili Thread Starter

    Joined:
    Nov 29, 2012
    Messages:
    11
    Norton remnants removed.

    I used Jotti's virusscan on the file C:\Users\Drale\AppData\Local\INCAInternet\kkrjrdfg.dll per your request, AVG reports 'Win32/Heur," VirusBuster reports "Suspicious!SA."

    aswMBR run and the log is included below, as well as the zipped mbr.dat

    The computer is running perfectly, as far as I can tell. I haven't run into any issues at all. :)

    I don't want to get ahead of myself, but how many of these tools that you have had me use are safe to uninstall? Should any of them be kept for future use by the computers owner? Perhaps not, as he is less computer savvy than myself, haha :)


    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-02 00:51:36
    -----------------------------
    00:51:36.365 OS Version: Windows 6.0.6002 Service Pack 2
    00:51:36.365 Number of processors: 2 586 0x6B01
    00:51:36.366 ComputerName: DRALE-PC UserName: Drale
    00:51:38.157 Initialize success
    00:53:13.645 AVAST engine defs: 12120100
    00:53:21.236 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    00:53:21.244 Disk 0 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
    00:53:21.259 Disk 0 MBR read successfully
    00:53:21.269 Disk 0 MBR scan
    00:53:21.396 Disk 0 unknown MBR code
    00:53:21.424 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 8754 MB offset 607208805
    00:53:21.447 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 296488 MB offset 63
    00:53:21.484 Disk 0 scanning sectors +625137345
    00:53:21.588 Disk 0 scanning C:\Windows\system32\drivers
    00:53:48.271 Service scanning
    00:54:05.552 Service MpKsld12518a5 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60B7FCDD-1A3D-4B38-ACE4-816D601B6240}\MpKsld12518a5.sys **LOCKED** 32
    00:54:31.173 Modules scanning
    00:54:36.384 Disk 0 trace - called modules:
    00:54:36.764 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
    00:54:36.774 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854bba10]
    00:54:36.784 3 CLASSPNP.SYS[8a5ac8b3] -> nt!IofCallDriver -> [0x852fa5d0]
    00:54:36.794 5 acpi.sys[806106bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8530eb98]
    00:54:38.183 AVAST engine scan C:\Windows
    00:54:47.129 AVAST engine scan C:\Windows\system32
    01:00:45.486 AVAST engine scan C:\Windows\system32\drivers
    01:01:13.221 AVAST engine scan C:\Users\Drale
    01:03:27.176 File: C:\Users\Drale\AppData\Local\Sun\Java\Deployment\cache\6.0\48\72b993b0-6f329b57 **INFECTED** Win32:LockScreen-OZ [Trj]
    01:19:38.353 AVAST engine scan C:\ProgramData
    01:48:52.830 Scan finished successfully
    02:05:38.507 Disk 0 MBR has been saved successfully to "C:\Users\Drale\Desktop\MBR.dat"
    02:05:38.623 The log file has been saved successfully to "C:\Users\Drale\Desktop\aswMBR.txt"
     

    Attached Files:

    • MBR.zip
      File size:
      542 bytes
      Views:
      1
  10. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    The MBR has come up clean, but the above log shows an infections in the Java cache, please follow this guide to delete all the temp files in Java, if you see a third option in the "Delete Temporary Files" window select that also.
    How to clear the Java cache

    The file you had checked only received two detections so we can assume that is a false positive.

    We will remove all the tools used when we are done, please wait for the instructions.


    Next, please run this tool and post the log.

    Download Security Check by screen317 from Here or Here.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.
     
  11. Hobochili

    Hobochili Thread Starter

    Joined:
    Nov 29, 2012
    Messages:
    11
    My computer won't allow me to clear the java cache. I select java from control panel, temporary files settings, delete files, check the boxes, hit OK, and it just sits there. The Java control panel becomes unresponsive, I gave it nearly half an hour in case it was just lagging, but Iam forced to use task manager to close it. Is this an issue you have encountered before? Also, the browser page rerouting has resurfaced, i'm getting sent to basicscan again when using mozilla firefox.


    Results of screen317's Security Check version 0.99.56
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    CCleaner
    JavaFX 2.1.1
    Java 7 Update 7
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 10.3.183.5 Flash Player out of Date!
    Adobe Reader 10.1.4 Adobe Reader out of Date!
    Mozilla Firefox 16.0.2 Firefox out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    Google Chrome 23.0.1271.95
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0 %
    ````````````````````End of Log``````````````````````
     
  12. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, quite a few items there to update, but we can deal with that later.

    Please follow this to clear the Java cache using Combofix and post the new log produced.

    Then run ADWCleaner again using the Delete button as before and post that log, also do another scan with RogueKiller and post that log.

    We are now going to run ComboFix a different way.

    Open Notepad by clicking on [​IMG] and in the Search box type: Notepad.exe and hit Enter.
    Copy and paste everything in the code box below into it.
    -- Note: Make sure Word Wrap is unchecked in Notepad by clicking on Format in the top menu.

    Code:
    KillAll::
    
    ClearJavaCache::
    
    Reboot::
    
    • Save the file as CFScript.txt by choosing Save As... in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
    • Close your browser and disconnect from the Internet.
    • Now use your mouse to drag, then drop the CFScript.txt file on top of ComboFix.exe as seen in the image below.

      [​IMG]
    • This will start ComboFix again and launch the script.
    • ComboFix may reboot your system when it finishes. This is normal.
    • A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of ComboFix.txt in your next reply.
    • Be sure to re-enable your anti-virus and other security programs after the scan is complete.
    • NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.
     
  13. Hobochili

    Hobochili Thread Starter

    Joined:
    Nov 29, 2012
    Messages:
    11
    Combofix run using the cfscript.txt, adwcleaner, and roguekiller, 3 logs posted.I do hope you realize how much I appreciate your help with all of this :)
    -Hobochili

    ComboFix 12-12-02.01 - Drale 12/02/2012 18:16:08.5.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1444 [GMT -5:00]
    Running from: c:\users\Drale\Desktop\ComboFix.exe
    Command switches used :: c:\users\Drale\Desktop\cfscript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-02 23:23 . 2012-12-02 23:26 -------- d-----w- c:\users\Drale\AppData\Local\temp
    2012-12-02 23:23 . 2012-12-02 23:23 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-12-02 23:23 . 2012-12-02 23:23 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-02 23:08 . 2012-11-08 15:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C3316B4-739D-4E95-8FFE-08609C7410E1}\mpengine.dll
    2012-12-02 00:32 . 2012-11-08 15:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-11-30 22:30 . 2012-11-30 22:30 -------- d-----w- c:\program files\uTorrent
    2012-11-30 22:29 . 2012-11-30 23:50 -------- d-----w- c:\users\Drale\AppData\Roaming\uTorrent
    2012-11-30 18:10 . 2012-11-30 18:10 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2A22EA6-E01E-4039-B099-D3FD5635417F}\gapaengine.dll
    2012-11-30 18:03 . 2012-11-30 18:03 -------- d-----w- c:\program files\Microsoft Security Client
    2012-11-30 18:03 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-11-30 14:55 . 2012-11-19 06:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21B34F12-CC5A-4A71-AED8-10C9BF6FA773}\mpengine.dll
    2012-11-29 15:07 . 2012-11-29 15:07 39184 ----a-w- c:\windows\system32\Partizan.exe
    2012-11-29 15:07 . 2012-11-29 15:07 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
    2012-11-29 15:05 . 2012-11-29 15:10 -------- d-----w- c:\programdata\RegRun
    2012-11-29 14:45 . 2012-11-29 14:45 2 --shatr- c:\windows\winstart.bat
    2012-11-29 14:45 . 2012-11-29 14:45 -------- d-----w- c:\program files\Greatis
    2012-11-29 02:08 . 2012-11-29 02:08 -------- d-----w- c:\program files\Common Files\Skype
    2012-11-28 23:19 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
    2012-11-28 23:19 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
    2012-11-28 23:19 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
    2012-11-28 23:19 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-11-28 23:19 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-11-28 23:19 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-11-28 23:19 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-28 23:18 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-11-28 23:18 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-11-28 23:18 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-11-28 16:26 . 2012-11-28 16:26 -------- d-----w- c:\program files\CCleaner
    2012-11-26 07:24 . 2012-11-26 07:24 -------- d-----w- c:\users\Drale\AppData\Local\Sun
    2012-11-26 05:39 . 2012-11-26 05:39 -------- d-----w- c:\program files\ESET
    2012-11-24 18:55 . 2012-11-24 18:55 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-11-21 05:34 . 2012-12-01 00:43 -------- d-----w- c:\users\Drale\AppData\Local\INCAInternet
    2012-11-17 10:04 . 2012-11-17 10:05 -------- d-----w- c:\users\Drale\AppData\Roaming\U3
    2012-11-16 15:37 . 2012-11-16 20:00 -------- d-----w- c:\users\Drale\AppData\Roaming\MoreTerra
    2012-11-09 02:45 . 2010-02-04 15:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2012-11-09 02:45 . 2010-02-04 15:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
    2012-11-09 02:45 . 2010-02-04 15:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
    2012-11-09 02:45 . 2010-02-04 15:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2012-11-09 02:45 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
    2012-11-09 02:45 . 2012-11-09 02:45 -------- d-----w- c:\program files\Microsoft XNA
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-30 00:54 . 2010-12-13 23:27 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-27 06:21 . 2012-10-27 06:21 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
    2009-11-24 21:35 87512 ----a-w- c:\program files\oovootb\oovoodx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\oovoodx.dll" [2009-11-24 87512]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "Steam"="c:\program files\Steam\Steam.exe" [2012-08-12 1353080]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-10-29 3093624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-01-12 4321280]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe" [2011-08-19 243360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck Partizan\0autocheck 6
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^Drale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2007-10-18 16:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2008-07-07 07:34 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    .
    R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-10-24 10:09]
    .
    2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-10-24 10:09]
    .
    2012-12-01 c:\windows\Tasks\Norton Security Scan for Drale.job
    - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-11 15:06]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
    DPF: {7CBE9DF6-6A02-4DD7-97D8-F8BEFC6B3E0E} - hxxp://www.epicweapons.com/g2g/G2GVista_ps.exe
    FF - ProfilePath - c:\users\Drale\AppData\Roaming\Mozilla\Firefox\Profiles\d2a6x7zm.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - ExtSQL: !HIDDEN! 2009-12-26 23:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-12-02 18:25
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"=hex:51,66,7a,6c,4c,1d,38,12,f4,2c,e8,
    a5,6c,9d,b3,54,f6,23,a7,2a,53,86,d1,87
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{442AE524-EBA5-4B17-82F3-888D68BC999A}"=hex:51,66,7a,6c,4c,1d,38,12,4a,e6,39,
    40,97,a5,79,0e,fd,e5,cb,cd,6d,e2,dd,8e
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
    8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}"=hex:51,66,7a,6c,4c,1d,38,12,ae,93,7e,
    f9,dc,a8,a8,0e,c6,e1,dd,93,1c,37,c4,13
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:a0,e4,70,05,c4,67,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,97,43,1b,99,29,c6,4b,ab,4c,26,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,97,43,1b,99,29,c6,4b,ab,4c,26,\
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1956336782-2576910614-1270657971-1000\Software\SecuROM\License information*]
    "datasecu"=hex:70,55,2b,56,28,84,47,56,98,48,63,47,6d,1b,83,c6,cd,55,51,77,5b,
    17,80,c5,c6,ce,ea,bc,14,c0,07,11,20,0f,bc,83,a5,d8,f4,0d,42,9b,30,6e,6b,6e,\
    "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\LogMeIn Hamachi\hamachi-2.exe
    c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    c:\windows\system32\iashost.exe
    c:\windows\RtHDVCpl.exe
    c:\windows\ehome\ehmsas.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\WerCon.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Steam\SteamService.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-12-02 18:30:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-12-02 23:30
    ComboFix2.txt 2012-12-02 23:08
    ComboFix3.txt 2012-12-02 00:12
    ComboFix4.txt 2012-11-29 14:59
    ComboFix5.txt 2012-12-02 23:14
    .
    Pre-Run: 73,827,217,408 bytes free
    Post-Run: 73,806,712,832 bytes free
    .
    - - End Of File - - 8A4AD0F4572C35174CF2AD38B1ACB2BE




    # AdwCleaner v2.011 - Logfile created 12/02/2012 at 21:06:12
    # Updated 02/12/2012 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Drale - DRALE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Drale\Downloads\adwcleaner (1).exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16455

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.2 (en-US)

    Profile name : default
    File : C:\Users\Drale\AppData\Roaming\Mozilla\Firefox\Profiles\d2a6x7zm.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.95

    File : C:\Users\Drale\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.49] : keyword = "basicscan.com",
    Deleted [l.52] : search_url = "hxxp://www.basicscan.com/?tmp=redir_bho_bing&dist=0&prt=BscscnPB&keywords={sear[...]

    *************************

    AdwCleaner[R1].txt - [4402 octets] - [30/11/2012 13:28:31]
    AdwCleaner[R2].txt - [4462 octets] - [30/11/2012 13:35:43]
    AdwCleaner[R3].txt - [1301 octets] - [02/12/2012 21:05:52]
    AdwCleaner[S1].txt - [4607 octets] - [30/11/2012 13:36:42]
    AdwCleaner[S2].txt - [1231 octets] - [02/12/2012 21:06:12]

    ########## EOF - C:\AdwCleaner[S2].txt - [1291 octets] ##########

    RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Drale [Admin rights]
    Mode : Scan -- Date : 12/02/2012 21:12:10

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] RtHDVCpl.exe -- C:\Windows\RtHDVCpl.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\Users\Default\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3320620AS ATA Device +++++
    --- User ---
    [MBR] f4dbb300c37f2bdb4ece22eddb278a83
    [BSP] 39c4dc52145aee0b50700f989c7cd997 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 607208805 | Size: 8754 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296488 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[3]_S_12022012_02d2112.txt >>
    RKreport[1]_S_12012012_02d1023.txt ; RKreport[2]_D_12012012_02d1025.txt ; RKreport[3]_S_12022012_02d2112.txt
     
  14. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    You're most welcome.

    ADWCleaner has again deleted basicscan.com how is it running now, any more redirects?
     
  15. Hobochili

    Hobochili Thread Starter

    Joined:
    Nov 29, 2012
    Messages:
    11
    yes, basicscan.com is popping up again. shall i run adwcleaner once more?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1078827

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice