Can't install adaware!

CeciliaB · November 20, 2011

C:\Users\derek\AppData\Roaming\Mozilla\Firefox\Profiles\iysioyqt.default\extensions\{8faa99f2-0cd0-4b79-a717-cab1d1a50ba5}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
That is the extension XUL Cache, which seems to be installed September 9th. Did you install it on purpose? Do you know from where you downloaded it?

Is it possible to press the "Fix" button in aswMBR?

Would it be a problem to write a standard MBR to the hard disk?
Do you have a Windows 7 installation DVD?

itsjinx · November 20, 2011

[quote name='CeciliaB' timestamp='1321782207' post='130647']
C:\Users\derek\AppData\Roaming\Mozilla\Firefox\Profiles\iysioyqt.default\extensions\{8faa99f2-0cd0-4b79-a717-cab1d1a50ba5}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
That is the extension XUL Cache, which seems to be installed September 9th. Did you install it on purpose? Do you know from where you downloaded it?

Is it possible to press the "Fix" button in aswMBR?

Would it be a problem to write a standard MBR to the hard disk?
Do you have a Windows 7 installation DVD?
[/quote]

I dont know what XUL cache is, so I can't say if I installed it on purpose or not... could this be the virus?

There was no Fix button to click in aswMBR i dont think. Should I scan again and try "fix"?

Do you think the MBR has anything to do with the virus? I dont see how that could be the virus because most MBR viruses cause problems when booting up I thought, not problems with google search?

Yes I have a windows 7 installation DVD, but it always gives error when I try to "repair Windows". Should I try again?

itsjinx · November 20, 2011

Also, if I run MBRCheck.exe and click Y for options, it gives me option to "restore the MBR of a physical disk with a standard boot code". Should I try that? Is there any risks of doing that?

CeciliaB · November 20, 2011

[quote]I dont know what XUL cache is, so I can't say if I installed it on purpose or not... could this be the virus?[/quote]At least it seems to be bad since a lot of antivirus programs thinks it is bad: http://www.virustotal.com/file-scan/report.html?id=328681595b72dfd335a094847717612c6c2125ebef9199e3ef6f546627a0e037-1276263127
I suggest that you uninstall it. I am sorry that I missed it when I have read your logs. According to Google search it might cause redirects in Firefox. But it should not cause redirects in IE.

[quote]Also, if I run MBRCheck.exe and click Y for options, it gives me option to "restore the MBR of a physical disk with a standard boot code". Should I try that? Is there any risks of doing that?[/quote]That usually means that you no longer can start an installation of Windows by pressing a button while BIOS is running or other special functions reached from BIOS that your computer manufacturer has created.

[quote]Yes I have a windows 7 installation DVD, but it always gives error when I try to "repair Windows". Should I try again?[/quote]It is probably not enough to repair Windows, since that would not change MBR.

itsjinx · November 21, 2011

How do I uninstall XUL cache? I deleted that whole folder "{8faa99f2-0cd0-4b79-a717-cab1d1a50ba5}" after firefox was closed. is that good enough?

CeciliaB · November 21, 2011

Do you find XOL Cache among installed add-ons in Firefox?
But deleting the folder should be enough.

itsjinx · November 21, 2011

[quote name='CeciliaB' timestamp='1321898566' post='130663']
Do you find XOL Cache among installed add-ons in Firefox?
But deleting the folder should be enough.
[/quote]

No there never was anything like that... I checked all addon dates and none of them are september 9th.

Anyway, I deleted it and restarted my computer and the problem still exists on both firefox and IE... Every link I click from google redirects me to an ads website

itsjinx · November 21, 2011

I noticed something interesting... Like I said before, everytime I click on a link from google, there is about a 1 second "pause" and the screen is white... I noticed that the HTML code on that actual screen looked like this on the last redirect:

<html><body><form id="mfrm" name="myform" action="http://www.elegantclothingonline.com" method="post"><input type="hidden" name="url" value="http://doramounski.com/go.php?id=6b486c4b1382e879fb43bc59de8bdb60&aid=569&said=direc40&lastpage=BxsbH1VAQBgYGEEIAAAIAwpBDAACQBwKDh0MB1AcDAMGCgEbUh8cFkIODUkHA1IKAUkcBhsKUkkcABodDApSBx9JHlIfBx9EAg4XRAoXCgwaGwYAAUQbBgIKSQ0bAShSPAoOHQwH"></form><script type="text/javascript">document.forms["myform"].submit();</script></body></html>

But yet the "URL" that I am viewing the "source" code from to get that code is the google result that I'm trying to visit. What i mean is that while the screen is white for 1 second, the URL it shows in the TITLE of the browser is the website that I'm TRYING to visit, so its almost as if this code is always 'injected' into the page quickly.

CeciliaB · November 21, 2011

[quote name='itsjinx' timestamp='1321899219' post='130664']

No there never was anything like that... I checked all addon dates and none of them are september 9th.

Anyway, I deleted it and restarted my computer and the problem still exists on both firefox and IE... Every link I click from google redirects me to an ads website

[/quote]
I suspected that. I think the only solution is to rewrite MBR.

itsjinx · November 21, 2011

[quote name='CeciliaB' timestamp='1321901200' post='130666']
I suspected that. I think the only solution is to rewrite MBR.
[/quote]

how do I rewrite MBR?

And can you explain any risk involved? I dont understand what you mean about what I will "lose" if I rewrite MBR....?

CeciliaB · November 21, 2011

Is your Windows pre-installed by the computer manufacturer or have you installed Windows yourself using the Windows 7 DVD?
Do you have a simple straight-forward installation with one partition containing Windows or do you have a more complex installation with for example two different operating systems?

itsjinx · November 22, 2011

My computer came with my version of Windows...

I have whatever the basic installation is. I have never modified partitions or two operating systems. Just the OEM installation of windows 7..

CeciliaB · November 22, 2011

How would you reinstall Windows if it will be necessary in the future?
If you do that with the Windows 7 DVD, you should be able to overwrite MBR.

Please, be sure you have backups of all important files before continuing, in case anything goes wrong it might be necessary to reinstall Windows.
Here is a description of how to fix MBR: http://www.ehow.com/how_6949601_fix-mbr-windows-7.html

Please, run aswMBR and post its log when MBR has been fixed.

itsjinx · November 27, 2011

I did the MBR commands and everything and then scanned aswMBR again. here is log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-26 22:29:43
-----------------------------
22:29:43.141 OS Version: Windows x64 6.1.7600
22:29:43.141 Number of processors: 8 586 0x1E05
22:29:43.141 ComputerName: DEREK-VAIO UserName: derek
22:29:48.882 Initialize success
22:30:59.792 AVAST engine defs: 11112601
22:33:57.961 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:33:57.961 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
22:33:57.961 Disk 0 MBR read successfully
22:33:57.961 Disk 0 MBR scan
22:33:57.977 Disk 0 unknown MBR code
22:33:57.977 Disk 0 MBR hidden
22:33:57.993 Service scanning
22:34:02.096 Modules scanning
22:34:02.096 Disk 0 trace - called modules:
22:34:02.111 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8007bfc334]<<
22:34:02.111 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007be9060]
22:34:02.127 3 CLASSPNP.SYS[fffff880015d143f] -> nt!IofCallDriver -> [0xfffffa800747e480]
22:34:02.127 5 ACPI.sys[fffff88000fa4781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007483050]
22:34:02.142 \Driver\iaStor[0xfffffa8007460570] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8007bfc334
22:34:06.729 AVAST engine scan C:\Windows
22:34:12.048 AVAST engine scan C:\Windows\system32
22:36:25.522 AVAST engine scan C:\Windows\system32\drivers
22:36:37.534 AVAST engine scan C:\Users\derek
01:01:21.374 AVAST engine scan C:\ProgramData
01:19:20.537 Scan finished successfully
14:22:54.044 Disk 0 MBR has been saved successfully to "C:\Users\derek\Desktop\MBR.dat"
14:22:54.060 The log file has been saved successfully to "C:\Users\derek\Desktop\aswMBR.txt"

CeciliaB · November 27, 2011

Still that UNKNOWN. Please delete TDSSKiller and ComboFix since those are old versions now. Download and run new versions of them. I repeat the instructions for the programs:

1.
Save TDSSKiller on the Desktop: [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip]http://support.kaspersky.com/downloads/utils/tdsskiller.zip[/url]

Right-click and select [b]Extract all[/b]. Remember the location of the extracted file.
Turn off all programs.
Run the program TDSSKiller.exe which is the file you extracted.

Click on [b]Start Scan[/b].

If any threats are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip. [/b]Do NOT select Quarantine or Delete.
The computer might need a restart.

Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.

2.
Please, follow the instructions on http://www.bleepingcomputer.com/combofix/how-to-use-combofix for installing and running ComboFix.
Paste the content of the log into your answer.

itsjinx · November 28, 2011

Okay here are new logs:

TDSKiller LOG:
21:25:00.0371 3424 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
21:25:00.0669 3424 ============================================================
21:25:00.0669 3424 Current date / time: 2011/11/27 21:25:00.0669
21:25:00.0669 3424 SystemInfo:
21:25:00.0669 3424
21:25:00.0669 3424 OS Version: 6.1.7600 ServicePack: 0.0
21:25:00.0669 3424 Product type: Workstation
21:25:00.0669 3424 ComputerName: DEREK-VAIO
21:25:00.0669 3424 UserName: derek
21:25:00.0669 3424 Windows directory: C:\Windows
21:25:00.0669 3424 System windows directory: C:\Windows
21:25:00.0669 3424 Running under WOW64
21:25:00.0669 3424 Processor architecture: Intel x64
21:25:00.0669 3424 Number of processors: 8
21:25:00.0669 3424 Page size: 0x1000
21:25:00.0669 3424 Boot type: Normal boot
21:25:00.0669 3424 ============================================================
21:25:01.0028 3424 Initialize success
21:25:05.0675 5748 ============================================================
21:25:05.0676 5748 Scan started
21:25:05.0676 5748 Mode: Manual;
21:25:05.0676 5748 ============================================================
21:25:07.0054 5748 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
21:25:07.0062 5748 1394ohci - ok
21:25:07.0197 5748 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
21:25:07.0208 5748 ACPI - ok
21:25:07.0318 5748 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
21:25:07.0322 5748 AcpiPmi - ok
21:25:07.0415 5748 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:25:07.0424 5748 adp94xx - ok
21:25:07.0549 5748 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:25:07.0556 5748 adpahci - ok
21:25:07.0647 5748 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:25:07.0654 5748 adpu320 - ok
21:25:07.0781 5748 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
21:25:07.0786 5748 AFD - ok
21:25:07.0882 5748 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:25:07.0887 5748 agp440 - ok
21:25:07.0962 5748 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:25:07.0966 5748 aliide - ok
21:25:07.0998 5748 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:25:08.0002 5748 amdide - ok
21:25:08.0025 5748 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:25:08.0030 5748 AmdK8 - ok
21:25:08.0063 5748 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:25:08.0068 5748 AmdPPM - ok
21:25:08.0097 5748 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:25:08.0102 5748 amdsata - ok
21:25:08.0145 5748 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:25:08.0151 5748 amdsbs - ok
21:25:08.0180 5748 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:25:08.0184 5748 amdxata - ok
21:25:08.0303 5748 ApfiltrService (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\drivers\Apfiltr.sys
21:25:08.0312 5748 ApfiltrService - ok
21:25:08.0424 5748 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:25:08.0429 5748 AppID - ok
21:25:08.0543 5748 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:25:08.0549 5748 arc - ok
21:25:08.0589 5748 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:25:08.0595 5748 arcsas - ok
21:25:08.0669 5748 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
21:25:08.0671 5748 ArcSoftKsUFilter - ok
21:25:08.0718 5748 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:25:08.0722 5748 AsyncMac - ok
21:25:08.0744 5748 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:25:08.0748 5748 atapi - ok
21:25:08.0816 5748 athr (08baaa2432e81031a6c3b11ad5a67e2b) C:\Windows\system32\DRIVERS\athrx.sys
21:25:08.0829 5748 athr - ok
21:25:08.0936 5748 avc3 (d74652996dfcd53d8a2fa1c6e45e39cf) C:\Windows\system32\DRIVERS\avc3.sys
21:25:08.0940 5748 avc3 - ok
21:25:09.0062 5748 avchv (9bb5c4987545c77c27a7e5471f635f88) C:\Windows\system32\DRIVERS\avchv.sys
21:25:09.0066 5748 avchv - ok
21:25:09.0204 5748 avckf (8e33e9175ae2f6cee4e77fc40d4c8f40) C:\Windows\system32\DRIVERS\avckf.sys
21:25:09.0209 5748 avckf - ok
21:25:09.0331 5748 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:25:09.0340 5748 b06bdrv - ok
21:25:09.0442 5748 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:25:09.0450 5748 b57nd60a - ok
21:25:09.0593 5748 BdfNdisf (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
21:25:09.0599 5748 BdfNdisf - ok
21:25:09.0709 5748 bdfsfltr (66116e0a4da8407ff7f2aaace52b8b54) C:\Windows\system32\DRIVERS\bdfsfltr.sys
21:25:09.0714 5748 bdfsfltr - ok
21:25:09.0825 5748 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
21:25:09.0828 5748 bdfwfpf - ok
21:25:09.0948 5748 bdsandbox (afda933f10d5b536b8713f119eba6912) C:\Windows\system32\drivers\bdsandbox.sys
21:25:09.0951 5748 bdsandbox - ok
21:25:10.0001 5748 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
21:25:10.0004 5748 BDVEDISK - ok
21:25:10.0047 5748 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:25:10.0050 5748 Beep - ok
21:25:10.0103 5748 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:25:10.0107 5748 blbdrive - ok
21:25:10.0176 5748 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:25:10.0179 5748 bowser - ok
21:25:10.0215 5748 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:25:10.0218 5748 BrFiltLo - ok
21:25:10.0265 5748 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:25:10.0267 5748 BrFiltUp - ok
21:25:10.0324 5748 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:25:10.0334 5748 Brserid - ok
21:25:10.0388 5748 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:25:10.0392 5748 BrSerWdm - ok
21:25:10.0428 5748 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:25:10.0431 5748 BrUsbMdm - ok
21:25:10.0455 5748 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:25:10.0458 5748 BrUsbSer - ok
21:25:10.0502 5748 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
21:25:10.0504 5748 BthEnum - ok
21:25:10.0546 5748 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:25:10.0552 5748 BTHMODEM - ok
21:25:10.0619 5748 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:25:10.0622 5748 BthPan - ok
21:25:10.0664 5748 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
21:25:10.0668 5748 BTHPORT - ok
21:25:10.0717 5748 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
21:25:10.0720 5748 BTHUSB - ok
21:25:10.0746 5748 btwampfl - ok
21:25:10.0764 5748 btwaudio - ok
21:25:10.0774 5748 btwavdt - ok
21:25:10.0784 5748 btwl2cap - ok
21:25:10.0794 5748 btwrchid - ok
21:25:10.0812 5748 catchme - ok
21:25:10.0845 5748 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:25:10.0850 5748 cdfs - ok
21:25:10.0891 5748 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:25:10.0894 5748 cdrom - ok
21:25:10.0918 5748 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:25:10.0922 5748 circlass - ok
21:25:11.0001 5748 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:25:11.0005 5748 CLFS - ok
21:25:11.0036 5748 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:25:11.0040 5748 CmBatt - ok
21:25:11.0071 5748 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:25:11.0075 5748 cmdide - ok
21:25:11.0131 5748 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:25:11.0140 5748 CNG - ok
21:25:11.0214 5748 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:25:11.0219 5748 Compbatt - ok
21:25:11.0252 5748 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
21:25:11.0256 5748 CompositeBus - ok
21:25:11.0289 5748 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:25:11.0293 5748 crcdisk - ok
21:25:11.0340 5748 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
21:25:11.0342 5748 DfsC - ok
21:25:11.0372 5748 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:25:11.0373 5748 discache - ok
21:25:11.0388 5748 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:25:11.0394 5748 Disk - ok
21:25:11.0422 5748 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:25:11.0424 5748 drmkaud - ok
21:25:11.0467 5748 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:25:11.0483 5748 DXGKrnl - ok
21:25:11.0565 5748 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:25:11.0600 5748 ebdrv - ok
21:25:11.0716 5748 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:25:11.0725 5748 elxstor - ok
21:25:11.0756 5748 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:25:11.0759 5748 ErrDev - ok
21:25:11.0790 5748 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:25:11.0796 5748 exfat - ok
21:25:11.0850 5748 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:25:11.0856 5748 fastfat - ok
21:25:11.0906 5748 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:25:11.0910 5748 fdc - ok
21:25:11.0962 5748 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:25:11.0968 5748 FileInfo - ok
21:25:11.0987 5748 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:25:11.0990 5748 Filetrace - ok
21:25:12.0011 5748 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:25:12.0014 5748 flpydisk - ok
21:25:12.0036 5748 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:25:12.0040 5748 FltMgr - ok
21:25:12.0067 5748 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:25:12.0072 5748 FsDepends - ok
21:25:12.0120 5748 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:25:12.0123 5748 Fs_Rec - ok
21:25:12.0165 5748 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:25:12.0168 5748 fvevol - ok
21:25:12.0214 5748 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:25:12.0219 5748 gagp30kx - ok
21:25:12.0254 5748 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:25:12.0256 5748 GEARAspiWDM - ok
21:25:12.0294 5748 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:25:12.0297 5748 hcw85cir - ok
21:25:12.0326 5748 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:25:12.0335 5748 HdAudAddService - ok
21:25:12.0359 5748 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
21:25:12.0364 5748 HDAudBus - ok
21:25:12.0386 5748 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:25:12.0390 5748 HidBatt - ok
21:25:12.0414 5748 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:25:12.0419 5748 HidBth - ok
21:25:12.0443 5748 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:25:12.0447 5748 HidIr - ok
21:25:12.0484 5748 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:25:12.0486 5748 HidUsb - ok
21:25:12.0529 5748 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
21:25:12.0534 5748 HpSAMD - ok
21:25:12.0587 5748 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:25:12.0590 5748 HTTP - ok
21:25:12.0611 5748 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:25:12.0612 5748 hwpolicy - ok
21:25:12.0635 5748 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:25:12.0640 5748 i8042prt - ok
21:25:12.0685 5748 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
21:25:12.0687 5748 iaStor - ok
21:25:12.0757 5748 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:25:12.0766 5748 iaStorV - ok
21:25:12.0788 5748 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:25:12.0792 5748 iirsp - ok
21:25:12.0831 5748 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\drivers\Impcd.sys
21:25:12.0837 5748 Impcd - ok
21:25:12.0920 5748 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
21:25:12.0932 5748 IntcAzAudAddService - ok
21:25:13.0007 5748 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:25:13.0010 5748 intelide - ok
21:25:13.0035 5748 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
21:25:13.0040 5748 intelppm - ok
21:25:13.0098 5748 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:25:13.0103 5748 IpFilterDriver - ok
21:25:13.0138 5748 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
21:25:13.0143 5748 IPMIDRV - ok
21:25:13.0164 5748 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:25:13.0169 5748 IPNAT - ok
21:25:13.0221 5748 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:25:13.0225 5748 IRENUM - ok
21:25:13.0260 5748 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:25:13.0263 5748 isapnp - ok
21:25:13.0290 5748 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
21:25:13.0297 5748 iScsiPrt - ok
21:25:13.0316 5748 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:25:13.0319 5748 kbdclass - ok
21:25:13.0376 5748 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:25:13.0379 5748 kbdhid - ok
21:25:13.0425 5748 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:25:13.0431 5748 KSecDD - ok
21:25:13.0467 5748 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:25:13.0474 5748 KSecPkg - ok
21:25:13.0508 5748 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:25:13.0512 5748 ksthunk - ok
21:25:13.0570 5748 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:25:13.0572 5748 lltdio - ok
21:25:13.0720 5748 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
21:25:13.0721 5748 LMIInfo - ok
21:25:13.0735 5748 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
21:25:13.0737 5748 lmimirr - ok
21:25:13.0747 5748 LMIRfsClientNP - ok
21:25:13.0797 5748 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
21:25:13.0803 5748 LMIRfsDriver - ok
21:25:13.0839 5748 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:25:13.0845 5748 LSI_FC - ok
21:25:13.0880 5748 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:25:13.0885 5748 LSI_SAS - ok
21:25:13.0922 5748 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:25:13.0926 5748 LSI_SAS2 - ok
21:25:13.0965 5748 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:25:13.0970 5748 LSI_SCSI - ok
21:25:14.0052 5748 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:25:14.0058 5748 luafv - ok
21:25:14.0085 5748 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:25:14.0089 5748 megasas - ok
21:25:14.0114 5748 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:25:14.0122 5748 MegaSR - ok
21:25:14.0161 5748 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:25:14.0165 5748 Modem - ok
21:25:14.0200 5748 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:25:14.0202 5748 monitor - ok
21:25:14.0249 5748 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:25:14.0252 5748 mouclass - ok
21:25:14.0298 5748 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:25:14.0300 5748 mouhid - ok
21:25:14.0323 5748 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:25:14.0325 5748 mountmgr - ok
21:25:14.0355 5748 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
21:25:14.0361 5748 mpio - ok
21:25:14.0404 5748 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:25:14.0406 5748 mpsdrv - ok
21:25:14.0431 5748 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:25:14.0436 5748 MRxDAV - ok
21:25:14.0486 5748 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:25:14.0490 5748 mrxsmb - ok
21:25:14.0544 5748 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:25:14.0548 5748 mrxsmb10 - ok
21:25:14.0565 5748 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:25:14.0568 5748 mrxsmb20 - ok
21:25:14.0593 5748 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
21:25:14.0597 5748 msahci - ok
21:25:14.0630 5748 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
21:25:14.0635 5748 msdsm - ok
21:25:14.0702 5748 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:25:14.0705 5748 Msfs - ok
21:25:14.0729 5748 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:25:14.0731 5748 mshidkmdf - ok
21:25:14.0783 5748 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:25:14.0787 5748 msisadrv - ok
21:25:14.0811 5748 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:25:14.0814 5748 MSKSSRV - ok
21:25:14.0861 5748 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:25:14.0864 5748 MSPCLOCK - ok
21:25:14.0896 5748 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:25:14.0899 5748 MSPQM - ok
21:25:14.0933 5748 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:25:14.0941 5748 MsRPC - ok
21:25:14.0979 5748 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:25:14.0983 5748 mssmbios - ok
21:25:15.0013 5748 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:25:15.0015 5748 MSTEE - ok
21:25:15.0046 5748 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:25:15.0049 5748 MTConfig - ok
21:25:15.0090 5748 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:25:15.0095 5748 Mup - ok
21:25:15.0150 5748 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:25:15.0154 5748 NativeWifiP - ok
21:25:15.0192 5748 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:25:15.0200 5748 NDIS - ok
21:25:15.0220 5748 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:25:15.0223 5748 NdisCap - ok
21:25:15.0241 5748 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:25:15.0243 5748 NdisTapi - ok
21:25:15.0259 5748 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:25:15.0261 5748 Ndisuio - ok
21:25:15.0285 5748 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:25:15.0288 5748 NdisWan - ok
21:25:15.0324 5748 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:25:15.0328 5748 NDProxy - ok
21:25:15.0352 5748 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:25:15.0354 5748 NetBIOS - ok
21:25:15.0418 5748 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:25:15.0420 5748 NetBT - ok
21:25:15.0487 5748 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:25:15.0492 5748 nfrd960 - ok
21:25:15.0521 5748 NMgamingmsFltr (fbca3fd51604147770eb4fb53d6144a8) C:\Windows\system32\drivers\NMgamingms.sys
21:25:15.0523 5748 NMgamingmsFltr - ok
21:25:15.0570 5748 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:25:15.0573 5748 Npfs - ok
21:25:15.0594 5748 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:25:15.0595 5748 nsiproxy - ok
21:25:15.0661 5748 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:25:15.0684 5748 Ntfs - ok
21:25:15.0803 5748 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:25:15.0806 5748 Null - ok
21:25:15.0859 5748 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
21:25:15.0862 5748 NVHDA - ok
21:25:16.0075 5748 nvlddmkm (db2bee926e7dfc59896a2d6800eb13f7) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:25:16.0123 5748 nvlddmkm - ok
21:25:16.0211 5748 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:25:16.0218 5748 nvraid - ok
21:25:16.0273 5748 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:25:16.0279 5748 nvstor - ok
21:25:16.0318 5748 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:25:16.0325 5748 nv_agp - ok
21:25:16.0360 5748 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:25:16.0364 5748 ohci1394 - ok
21:25:16.0408 5748 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:25:16.0413 5748 Parport - ok
21:25:16.0462 5748 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:25:16.0467 5748 partmgr - ok
21:25:16.0510 5748 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
21:25:16.0516 5748 pci - ok
21:25:16.0555 5748 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:25:16.0558 5748 pciide - ok
21:25:16.0596 5748 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:25:16.0604 5748 pcmcia - ok
21:25:16.0613 5748 PCTINDIS5X64 - ok
21:25:16.0665 5748 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:25:16.0670 5748 pcw - ok
21:25:16.0697 5748 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:25:16.0702 5748 PEAUTH - ok
21:25:16.0772 5748 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:25:16.0775 5748 PptpMiniport - ok
21:25:16.0802 5748 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:25:16.0807 5748 Processor - ok
21:25:16.0848 5748 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:25:16.0849 5748 Psched - ok
21:25:16.0902 5748 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:25:16.0907 5748 PxHlpa64 - ok
21:25:16.0968 5748 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:25:16.0985 5748 ql2300 - ok
21:25:17.0019 5748 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:25:17.0024 5748 ql40xx - ok
21:25:17.0067 5748 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:25:17.0071 5748 QWAVEdrv - ok
21:25:17.0096 5748 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:25:17.0100 5748 RasAcd - ok
21:25:17.0162 5748 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:25:17.0164 5748 RasAgileVpn - ok
21:25:17.0191 5748 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:25:17.0194 5748 Rasl2tp - ok
21:25:17.0217 5748 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:25:17.0220 5748 RasPppoe - ok
21:25:17.0241 5748 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:25:17.0244 5748 RasSstp - ok
21:25:17.0293 5748 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:25:17.0297 5748 rdbss - ok
21:25:17.0319 5748 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:25:17.0322 5748 rdpbus - ok
21:25:17.0360 5748 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:25:17.0361 5748 RDPCDD - ok
21:25:17.0383 5748 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:25:17.0384 5748 RDPENCDD - ok
21:25:17.0406 5748 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:25:17.0406 5748 RDPREFMP - ok
21:25:17.0432 5748 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:25:17.0438 5748 RDPWD - ok
21:25:17.0482 5748 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:25:17.0490 5748 rdyboost - ok
21:25:17.0544 5748 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
21:25:17.0548 5748 regi - ok
21:25:17.0611 5748 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:25:17.0614 5748 RFCOMM - ok
21:25:17.0651 5748 rimspci (6ded176a14770339f1415cfdbcc9e07f) C:\Windows\system32\drivers\rimssne64.sys
21:25:17.0656 5748 rimspci - ok
21:25:17.0696 5748 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
21:25:17.0700 5748 RimVSerPort - ok
21:25:17.0734 5748 risdpcie (2eea929b8c4b6241bc945a3b173d9f71) C:\Windows\system32\DRIVERS\risdpe64.sys
21:25:17.0738 5748 risdpcie - ok
21:25:17.0773 5748 risdsnpe (ddf5f666c2a5b3729e8bea01fb999cc0) C:\Windows\system32\drivers\risdsne64.sys
21:25:17.0777 5748 risdsnpe - ok
21:25:17.0805 5748 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
21:25:17.0808 5748 ROOTMODEM - ok
21:25:17.0851 5748 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:25:17.0854 5748 rspndr - ok
21:25:17.0919 5748 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
21:25:17.0925 5748 sbp2port - ok
21:25:17.0948 5748 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:25:17.0951 5748 scfilter - ok
21:25:17.0991 5748 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys
21:25:17.0996 5748 sdbus - ok
21:25:18.0042 5748 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:25:18.0045 5748 secdrv - ok
21:25:18.0076 5748 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:25:18.0080 5748 Serenum - ok
21:25:18.0107 5748 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:25:18.0112 5748 Serial - ok
21:25:18.0147 5748 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:25:18.0150 5748 sermouse - ok
21:25:18.0216 5748 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
21:25:18.0219 5748 SFEP - ok
21:25:18.0243 5748 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:25:18.0246 5748 sffdisk - ok
21:25:18.0283 5748 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:25:18.0286 5748 sffp_mmc - ok
21:25:18.0307 5748 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
21:25:18.0310 5748 sffp_sd - ok
21:25:18.0339 5748 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:25:18.0342 5748 sfloppy - ok
21:25:18.0397 5748 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
21:25:18.0403 5748 Sftfs - ok
21:25:18.0445 5748 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:25:18.0449 5748 Sftplay - ok
21:25:18.0470 5748 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:25:18.0472 5748 Sftredir - ok
21:25:18.0524 5748 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:25:18.0527 5748 Sftvol - ok
21:25:18.0609 5748 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:25:18.0613 5748 SiSRaid2 - ok
21:25:18.0648 5748 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:25:18.0653 5748 SiSRaid4 - ok
21:25:18.0687 5748 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:25:18.0693 5748 Smb - ok
21:25:18.0730 5748 smbusp (3b47f81c3c3b4742221a5391ef8d499d) C:\Windows\system32\DRIVERS\intelsmb.sys
21:25:18.0732 5748 smbusp - ok
21:25:18.0815 5748 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:25:18.0819 5748 spldr - ok
21:25:18.0906 5748 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
21:25:18.0910 5748 srv - ok
21:25:18.0960 5748 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
21:25:18.0964 5748 srv2 - ok
21:25:19.0010 5748 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
21:25:19.0014 5748 srvnet - ok
21:25:19.0061 5748 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:25:19.0064 5748 stexstor - ok
21:25:19.0125 5748 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
21:25:19.0127 5748 StillCam - ok
21:25:19.0184 5748 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:25:19.0187 5748 swenum - ok
21:25:19.0256 5748 swmsflt (851681f7d3200e2a646c5ee4d4e9883d) C:\Windows\System32\drivers\swmsflt.sys
21:25:19.0264 5748 swmsflt - ok
21:25:19.0303 5748 SWNC8U56 (c2ad3936249199c9d8187dcdea17ac25) C:\Windows\system32\DRIVERS\swnc8u56.sys
21:25:19.0308 5748 SWNC8U56 - ok
21:25:19.0355 5748 SWUMX56 (cc97ec73094cf0f47cd89aafba6d26f1) C:\Windows\system32\DRIVERS\swumx56.sys
21:25:19.0360 5748 SWUMX56 - ok
21:25:19.0378 5748 szkg5 - ok
21:25:19.0477 5748 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
21:25:19.0521 5748 Tcpip - ok
21:25:19.0602 5748 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
21:25:19.0611 5748 TCPIP6 - ok
21:25:19.0667 5748 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:25:19.0669 5748 tcpipreg - ok
21:25:19.0699 5748 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:25:19.0702 5748 TDPIPE - ok
21:25:19.0721 5748 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:25:19.0725 5748 TDTCP - ok
21:25:19.0772 5748 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:25:19.0775 5748 tdx - ok
21:25:19.0828 5748 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
21:25:19.0834 5748 TermDD - ok
21:25:19.0927 5748 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
21:25:19.0932 5748 trufos - ok
21:25:20.0106 5748 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:25:20.0110 5748 tssecsrv - ok
21:25:20.0161 5748 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:25:20.0165 5748 tunnel - ok
21:25:20.0207 5748 TVICHW32 (1a006963644c7fde5be60036f3a43e68) C:\Windows\system32\DRIVERS\TVICHW32.SYS
21:25:20.0211 5748 TVICHW32 - ok
21:25:20.0268 5748 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:25:20.0284 5748 uagp35 - ok
21:25:20.0395 5748 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
21:25:20.0412 5748 udfs - ok
21:25:20.0457 5748 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:25:20.0462 5748 uliagpkx - ok
21:25:20.0500 5748 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:25:20.0504 5748 umbus - ok
21:25:20.0556 5748 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:25:20.0560 5748 UmPass - ok
21:25:20.0616 5748 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:25:20.0620 5748 USBAAPL64 - ok
21:25:20.0657 5748 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:25:20.0660 5748 usbccgp - ok
21:25:20.0735 5748 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:25:20.0741 5748 usbcir - ok
21:25:20.0795 5748 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
21:25:20.0799 5748 usbehci - ok
21:25:20.0827 5748 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:25:20.0831 5748 usbhub - ok
21:25:20.0882 5748 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:25:20.0885 5748 usbohci - ok
21:25:20.0928 5748 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
21:25:20.0931 5748 usbprint - ok
21:25:20.0987 5748 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:25:20.0992 5748 USBSTOR - ok
21:25:21.0030 5748 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
21:25:21.0033 5748 usbuhci - ok
21:25:21.0064 5748 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
21:25:21.0069 5748 usbvideo - ok
21:25:21.0199 5748 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:25:21.0204 5748 vdrvroot - ok
21:25:21.0239 5748 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:25:21.0242 5748 vga - ok
21:25:21.0263 5748 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:25:21.0266 5748 VgaSave - ok
21:25:21.0299 5748 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
21:25:21.0307 5748 vhdmp - ok
21:25:21.0340 5748 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:25:21.0343 5748 viaide - ok
21:25:21.0370 5748 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
21:25:21.0376 5748 volmgr - ok
21:25:21.0406 5748 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:25:21.0410 5748 volmgrx - ok
21:25:21.0450 5748 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
21:25:21.0459 5748 volsnap - ok
21:25:21.0483 5748 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:25:21.0489 5748 vsmraid - ok
21:25:21.0540 5748 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:25:21.0543 5748 vwifibus - ok
21:25:21.0584 5748 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:25:21.0587 5748 vwififlt - ok
21:25:21.0736 5748 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:25:21.0739 5748 vwifimp - ok
21:25:21.0867 5748 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:25:21.0871 5748 WacomPen - ok
21:25:21.0901 5748 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:25:21.0905 5748 WANARP - ok
21:25:21.0913 5748 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:25:21.0914 5748 Wanarpv6 - ok
21:25:21.0974 5748 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:25:21.0978 5748 Wd - ok
21:25:22.0023 5748 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:25:22.0036 5748 Wdf01000 - ok
21:25:22.0088 5748 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:25:22.0091 5748 WfpLwf - ok
21:25:22.0127 5748 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:25:22.0131 5748 WIMMount - ok
21:25:22.0200 5748 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:25:22.0203 5748 WinUsb - ok
21:25:22.0279 5748 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:25:22.0293 5748 WmiAcpi - ok
21:25:22.0367 5748 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:25:22.0371 5748 ws2ifsl - ok
21:25:22.0503 5748 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:25:22.0507 5748 WudfPf - ok
21:25:22.0542 5748 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:25:22.0548 5748 WUDFRd - ok
21:25:22.0610 5748 yukonw7 (6affd75c6807b3dd3ab018e27b88ef95) C:\Windows\system32\DRIVERS\yk62x64.sys
21:25:22.0619 5748 yukonw7 - ok
21:25:22.0681 5748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:25:22.0933 5748 \Device\Harddisk0\DR0 - ok
21:25:22.0935 5748 Boot (0x1200) (ca1e0484e3abdd2c416ddfe2962c1845) \Device\Harddisk0\DR0\Partition0
21:25:22.0936 5748 \Device\Harddisk0\DR0\Partition0 - ok
21:25:22.0952 5748 Boot (0x1200) (d4b3b9b4d7e609a14c583c8d47894237) \Device\Harddisk0\DR0\Partition1
21:25:22.0953 5748 \Device\Harddisk0\DR0\Partition1 - ok
21:25:22.0953 5748 ============================================================
21:25:22.0953 5748 Scan finished
21:25:22.0953 5748 ============================================================
21:25:22.0964 1148 Detected object count: 0
21:25:22.0964 1148 Actual detected object count: 0

itsjinx · November 28, 2011

COMBO FIX LOG:
ComboFix 11-11-27.02 - derek 11/27/2011 21:28:15.7.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8174.5738 [GMT -5:00]
Running from: c:\users\derek\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 02:38 . 2011-11-28 02:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-28 02:38 . 2011-11-28 02:38 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-11-28 02:38 . 2011-11-28 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 03:59 . 2011-11-27 03:59 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-27 03:59 . 2011-11-27 03:59 -------- d-----w- c:\programdata\Hitman Pro
2011-11-23 02:53 . 2011-11-23 02:53 -------- d-----w- c:\windows\system32\Macromed
2011-11-19 22:37 . 2011-11-19 22:37 -------- d-----w- c:\program files (x86)\ESET
2011-11-18 04:08 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-18 04:08 . 2011-11-18 17:11 -------- d-----w- c:\programdata\AVAST Software
2011-11-18 04:08 . 2011-11-18 04:08 -------- d-----w- c:\program files\AVAST Software
2011-11-16 22:27 . 2011-11-16 22:27 -------- d-----w- c:\users\derek\AppData\Local\TechSmith
2011-11-16 22:25 . 2011-11-16 22:25 -------- d-----w- c:\windows\SysWow64\QuickTime
2011-11-16 22:25 . 2011-11-16 22:25 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2011-11-16 22:25 . 2011-11-16 22:25 -------- d-----w- c:\programdata\TechSmith
2011-11-16 22:25 . 2011-11-16 22:25 -------- d-----w- c:\program files (x86)\TechSmith
2011-11-15 22:20 . 2011-11-16 03:51 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-11-15 22:20 . 2011-11-15 22:20 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2011-11-15 17:54 . 2011-11-15 17:54 675416 ----a-w- c:\windows\system32\drivers\avc3.sys
2011-11-09 22:35 . 2011-11-09 22:35 -------- d-----w- c:\users\derek\AppData\Roaming\Malwarebytes
2011-11-09 22:35 . 2011-11-09 22:35 -------- d-----w- c:\programdata\Malwarebytes
2011-11-09 22:35 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-09 22:12 . 2011-11-09 22:37 -------- d-----w- c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP
2011-11-09 22:12 . 2011-11-09 22:12 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-11-08 04:14 . 2011-11-08 04:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\BitDefender
2011-11-08 00:05 . 2011-11-08 00:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\QuickScan
2011-11-07 23:45 . 2011-11-09 22:28 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-11-07 23:45 . 2011-11-09 22:28 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-11-07 23:45 . 2011-11-09 22:28 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-11-07 23:45 . 2011-11-09 22:28 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-11-07 23:45 . 2011-11-09 22:28 1989592 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-11-07 23:45 . 2011-11-09 22:28 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-11-07 00:21 . 2010-09-01 21:59 835656 ----a-w- c:\windows\SysWow64\WINCTL5.OCX
2011-11-07 00:21 . 2009-04-14 16:50 495689 ----a-w- c:\windows\SysWow64\WINUTIL6.DLL
2011-11-07 00:21 . 2006-03-31 20:36 393216 ----a-w- c:\windows\SysWow64\WINLCTL5.DLL
2011-11-07 00:21 . 2003-09-23 06:00 608448 ----a-w- c:\windows\SysWow64\COMCTL32.OCX
2011-11-07 00:21 . 2008-06-02 15:38 212240 ----a-w- c:\windows\SysWow64\Richtx32.ocx
2011-11-06 23:06 . 2011-11-07 00:07 -------- d-----w- c:\users\derek\AppData\Roaming\FreeFixer
2011-11-06 23:06 . 2011-11-06 23:06 -------- d-----w- c:\users\derek\AppData\Local\FreeFixer
2011-11-06 23:06 . 2011-11-06 23:06 -------- d-----w- c:\program files\FreeFixer
2011-11-04 23:09 . 2011-11-04 23:09 -------- d-----w- c:\users\derek\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2011-11-04 23:09 . 2011-11-04 23:09 -------- d-----w- c:\program files (x86)\Market Samurai
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 02:53 . 2011-05-17 00:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-22 12:32 . 2011-03-01 22:45 90192 ----a-w- c:\windows\system32\drivers\bdfndisf6.sys
2011-10-07 23:58 . 2011-05-03 00:05 34688 ----a-w- c:\windows\system32\LMIport.dll
2011-10-07 23:58 . 2011-05-03 00:05 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-07 23:58 . 2011-05-03 00:04 80768 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-01 20:49 . 2011-10-01 20:49 0 ----a-w- c:\windows\SysWow64\sho9564.tmp
2011-09-30 22:40 . 2011-09-30 22:40 0 ----a-w- c:\windows\SysWow64\sho78B0.tmp
2011-09-29 21:09 . 2011-09-29 21:09 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2011-09-16 23:25 . 2011-09-16 23:25 0 ----a-w- c:\windows\SysWow64\sho8A99.tmp
2011-09-09 19:25 . 2011-09-09 19:25 0 ----a-w- c:\windows\SysWow64\shoB3C6.tmp
2011-09-01 16:15 . 2011-09-01 16:15 553280 ----a-w- c:\windows\system32\drivers\avckf.sys
2011-08-31 22:43 . 2011-08-31 22:43 0 ----a-w- c:\windows\SysWow64\shoC64B.tmp
.
.
((((((((((((((((((((((((((((( [email protected]_01.55.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-11-10 22:20 . 2011-11-10 22:20 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-11-27 23:20 . 2011-11-27 23:20 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2011-11-27 23:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-10 22:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-27 23:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-10 22:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-27 23:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-10 22:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-25 22:01 . 2011-11-27 23:26 63842 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-27 23:26 34948 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-03 02:44 . 2011-11-28 02:39 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-03 02:44 . 2011-11-10 22:20 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-11 21:52 . 2011-11-28 02:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-10 22:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-28 02:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-13 23:19 . 2011-11-11 01:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-13 23:19 . 2011-11-27 19:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-13 23:19 . 2011-11-11 01:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-13 23:19 . 2011-11-27 19:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-13 23:19 . 2011-11-27 19:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-13 23:19 . 2011-11-11 01:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-12 23:17 . 2011-11-10 22:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-12 23:17 . 2011-11-28 02:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-12 23:17 . 2011-11-28 02:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-12 23:17 . 2011-11-10 22:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-21 23:51 . 2011-11-18 05:04 5676 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-07-12 23:20 . 2011-11-27 23:26 6886 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1620454023-599415270-3658004543-1004_UserData.bin
+ 2010-07-19 20:34 . 2010-07-19 20:34 625664 c:\windows\SysWOW64\tsccvid64.dll
+ 2010-07-19 20:33 . 2010-07-19 20:33 594944 c:\windows\SysWOW64\tsccvid.dll
+ 2011-11-23 02:53 . 2011-11-23 02:53 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-11-23 02:53 . 2011-11-23 02:53 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2010-07-13 22:34 . 2011-11-27 22:48 420206 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-11-27 03:27 283016 c:\windows\system32\perfc009.dat
+ 2011-11-23 02:53 . 2011-11-23 02:53 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
+ 2011-11-23 02:53 . 2011-11-23 02:53 376480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll
+ 2010-10-19 22:36 . 2011-11-18 04:52 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-10-19 22:36 . 2010-10-18 23:46 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-11-10 22:16 306360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-27 23:20 306360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-16 22:25 . 2011-11-16 22:25 680448 c:\windows\Installer\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}\IconEF5C48881.exe
+ 2001-09-06 02:00 . 2001-09-06 02:00 1700352 c:\windows\SysWOW64\gdiplus.dll
+ 2009-07-14 02:36 . 2011-11-27 03:27 1121076 c:\windows\system32\perfh009.dat
+ 2010-07-13 17:27 . 2011-11-27 23:20 1932232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1620454023-599415270-3658004543-1004-12288.dat
- 2010-07-13 17:27 . 2011-11-10 22:16 1932232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1620454023-599415270-3658004543-1004-12288.dat
+ 2011-11-03 17:08 . 2011-11-03 17:08 15544320 c:\windows\Installer\16b463.msi
+ 2011-11-16 22:09 . 2011-11-16 22:09 195687424 c:\windows\Installer\a186c80.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-10-21 01:03 991888 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-10-21 01:03 991888 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-10-21 01:03 991888 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ControlCenter3"=c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
.
R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
R2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-12-23 168448]
R3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\DRIVERS\swnc8u56.sys [x]
R3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\DRIVERS\swumx56.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-15 466736]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R4 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2011-09-13 74336]
R4 SMPDiskOptimizer;SMPDiskOptimizer;c:\program files (x86)\System Optimizer\SMPDefragSrv64.exe [2010-10-19 275456]
R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400]
R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768]
R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 302448]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320]
R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-20 115568]
R4 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-09 1223024]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-22 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-22 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-10-07 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2011-11-15 62512]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 22251439
*Deregistered* - 22251439
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2009-07-14 01:14 301568 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-10-21 00:56 1256592 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-10-21 00:56 1256592 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-10-21 00:56 1256592 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2011-09-13 16:23 260760 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2011-09-13 16:23 260760 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2011-09-13 16:23 260760 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2011-09-13 16:23 260760 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.1.1 64.233.217.5 64.233.217.2
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\derek\AppData\Roaming\Mozilla\Firefox\Profiles\ocwvh1o7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com
FF - prefs.js: browser.search.selectedEngine - Search The Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2447568~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB947821~31bf3856ad364e35~amd64~~6.1.8.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-27 21:55:37
ComboFix-quarantined-files.txt 2011-11-28 02:55
ComboFix2.txt 2011-11-19 04:16
ComboFix3.txt 2011-11-17 23:53
ComboFix4.txt 2011-11-14 23:48
ComboFix5.txt 2011-11-28 02:25
.
Pre-Run: 487,060,541,440 bytes free
Post-Run: 486,926,700,544 bytes free
.
- - End Of File - - 1C0F373EB5E6849D04E59731ED33AAD1

CeciliaB · November 28, 2011

Unfortunately not many more things to try.

Save AVP by Kaspersky on your desktop.
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

Restart the computer into Safe Mode.
Start AVP, read and follow the instructions.
Select the tab that says 'Automatic scan'.
Be sure that the following items are checked:

# Hidden Startup Objects
# System Memory
# Disk Boot Sectors.
# My Computer.
# Also any other drives (Removable that you may have)

Do not change the other settings.

Click on 'Scan'.

The program will usually quarantine any objects found, but if some are left untouched then click 'Neutralize all'.
If the program says they cannot be neutralized then choose to delete them instead.
When finished, click on the reports button and save it where you will find it, for example on the desktop with the name AVP_report.
Restart the computer.

Paste only the part of the report that is under the header 'Detected'.

itsjinx · November 30, 2011

THAT FIXED IT! HERE IS THE VIRUS:

11/30/2011 12:48:47 AM Deleted Trojans Exploit.Java.CVE-2010-4452.a High Exact C:\Documents and Settings\derek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\daf7b1-52c9ff55

Now everything is working correctly and also my google instant search is working which before didn't work at all!

Please help me remove combofix and any other programs that I need to remove!

CeciliaB · November 30, 2011

Very good!

Time for final clean-up.

[u]1. Removal of all system restore points since they might be infected.[/u]
XP:
Create a new system restore point:
[b]Start - Programs - Accessories - System Tools - System Restore[/b]
Choose [b]Create a Restore Point[/b] and then click [b]Next[/b]. Give the R.P. a name, then click [b]Create[/b].

Remove all old restore points by running Disk Cleanup.
[b]Start - Run[/b] and type: [b]Cleanmgr[/b]
Click [b]Ok[/b]. Disk Cleanup will scan your files for several minutes, then open.
Select the [b]More Options [/b]tab, and then click the [b]Clean up[/b] button under System Restore.
Click [b]Ok [/b]and then [b]Yes [/b]twice.

Vista and Windows 7:
Create a new system restore point by following [url="http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/"]http://www.howtogeek...system-restore/[/url]
Remove all old restore points by following [url="http://bertk.mvps.org/html/diskcleanupv.html"]http://bertk.mvps.or...skcleanupv.html[/url] (Vista) or [url="http://www.sevenforums.com/tutorials/818-disk-cleanup-open-use.html"]http://www.sevenforu...p-open-use.html[/url] (Windows 7).

[u]2. Removal of tools[/u]
[u]a. [/u]Press Windows-key + R
Copy and paste this line:
ComboFix /Uninstall

Note the space before /
Click on OK.

[u]b. [/u]Close all programs.
Start OTL program.
Click the [b]CleanUp[/b]! button.
Select [b]Yes[/b] when asked "Begin cleanup process".
If you are asked to reboot, select [b]Yes[/b].
If any logs remain on the computer you can remove them.
Any tools left?

[u]3. Improve the security in the computer[/u]
It is very important to keep Windows and all programs updated. To help you with that you can use the program [url="http://secunia.com/vulnerability_scanning/personal/"]Secunia Personal Software Inspector (PSI)[/url]. In your computer I have seen an old Java version with many vulnerabilities that makes it easy to infect the computer. The file that AVP discovered exploited one of these vulnerabilities.

Read what Blade81 writes in the post [url="http://www.lavasoftsupport.com/index.php?showtopic=30610&view=findpost&p=124337"]http://www.lavasofts...ndpost&p=124337[/url] from the header "Make your Internet Explorer more secure" and downwards.

Is it possible for you to install Ad-Aware now or do you still get the same error message?
That error message usually is due to other problems than an infected computer.

itsjinx · December 1, 2011

thanks!

I still can't install adaware. I think there is something that I need to fix like windows installer .MSI ?

CeciliaB · December 2, 2011

You are welcome

I suspected that since "An error occurred during the installation of assembly "Microsoft VC90.CRT.version ..." usually indicates a Windows problem. I have posted some pages with suggestion here:
[url="http://www.lavasoftsupport.com/index.php?/topic/31392-ad-aware-9-fails-to-install/page__view__findpost__p__127958"]http://www.lavasofts...post__p__127958[/url]

CeciliaB · January 1, 2012

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !

Welcome to adaware forum

Can't install adaware!

Recommended Posts

CeciliaB 478

Share this post

Link to post

Share on other sites

itsjinx 0

Share this post

Link to post

Share on other sites

itsjinx 0

Share this post

Link to post

Share on other sites

CeciliaB 478

Share this post

Link to post

Share on other sites

itsjinx 0

Share this post

Link to post

Share on other sites

CeciliaB 478

Share this post

Link to post

Share on other sites

itsjinx 0

Share this post

Link to post

Share on other sites

itsjinx 0

Share this post

Link to post

Share on other sites

CeciliaB 478

Share this post

Link to post

Share on other sites

itsjinx 0

Share this post

Link to post

Share on other sites

CeciliaB 478

Share this post

Link to post

Share on other sites

itsjinx 0

Share this post

Link to post

Share on other sites

CeciliaB 478

Share this post

Link to post

Share on other sites

itsjinx 0

Share this post

Link to post

Share on other sites

CeciliaB 478

Share this post

Link to post

Share on other sites

itsjinx 0

Share this post

Link to post

Share on other sites

itsjinx 0

Share this post

Link to post

Share on other sites

CeciliaB 478

Share this post

Link to post

Share on other sites

itsjinx 0

Share this post

Link to post

Share on other sites

CeciliaB 478